Processed: found 868500 in 1.8.1+dfsg1-4

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 868500 1.8.1+dfsg1-4
Bug #868500 [src:atril] atril: CVE-2017-183
Marked as found in versions atril/1.8.1+dfsg1-4.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
868500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868500
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#865938: #865938 python-django-bootstrap-form FTBFS with Django 1.11

2017-07-15 Thread Petter Reinholdtsen 
Hi.

This issue is threatening to throw the FreedomBox packages out of testing.

Is the proposed patch ok, or do you need another approach to fix it?
-- 
Happy hacking
Petter Reinholdtsen

Bug#868500: atril: CVE-2017-1000083

2017-07-15 Thread Salvatore Bonaccorso 
Source: atril
Version: 1.16.1-2
Severity: grave
Tags: security
Justification: user security hole

Hi,

the following vulnerability was published for atril.

CVE-2017-183[0]:
Evince command injection vulnerability in CBT handler

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-183

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#866512: marked as done (SIGFPE when encoding H.264 video)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sun, 16 Jul 2017 02:50:55 +
with message-id 
and subject line Bug#866512: fixed in nageru 1.6.2-1
has caused the Debian Bug report #866512,
regarding SIGFPE when encoding H.264 video
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
866512: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866512
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: i965-va-driver
Version: 1.8.2-2
Severity: grave

Hi,

After dist-upgrading, I can no longer start nageru without a segfault:

  Thread 13 "QS_Encode" received signal SIGFPE, Arithmetic exception.
  [Switching to Thread 0x7fffbaa7e700 (LWP 8583)]
  0x7fffc0bfab37 in intel_mfc_brc_postpack_vbr (frame_bits=3696, 
  encoder_context=0x565487d0, encode_state=0x5653dff8)
  at gen6_mfc_common.c:402
  402   gen6_mfc_common.c: Ingen slik fil eller filkatalog.
  (gdb) bt
  #0  0x7fffc0bfab37 in intel_mfc_brc_postpack_vbr (frame_bits=3696, 
  encoder_context=0x565487d0, encode_state=0x5653dff8)
  at gen6_mfc_common.c:402
  #1  intel_mfc_brc_postpack (encode_state=encode_state@entry=0x5653dff8, 
  encoder_context=encoder_context@entry=0x565487d0, 
  frame_bits=frame_bits@entry=3696) at gen6_mfc_common.c:484
  #2  0x7fffc0c1586f in gen75_mfc_avc_encode_picture (
  encoder_context=, encode_state=0x5653dff8, 
  ctx=0x564f3500) at gen75_mfc.c:1707
  #3  gen75_mfc_pipeline (ctx=0x564f3500, profile=, 
  encode_state=0x5653dff8, encoder_context=)
  at gen75_mfc.c:2529
  #4  0x7fffc0c58bac in intel_encoder_end_picture (ctx=0x564f3500, 
  profile=, codec_state=0x5653dff8, 
  hw_context=0x565487d0) at i965_encoder.c:1327
  #5  0x75111dbf in vaEndPicture ()
 from /usr/lib/x86_64-linux-gnu/libva.so.1
  #6  0x555f1a4d in QuickSyncEncoderImpl::encode_frame (
  this=this@entry=0x56068c70, frame=..., 
  encoding_frame_num=encoding_frame_num@entry=2, 
  display_frame_num=display_frame_num@entry=1, 
  gop_start_display_frame_num=gop_start_display_frame_num@entry=0, 
  frame_type=frame_type@entry=1, pts=16800, dts=14000, duration=4800, 
  ycbcr_coefficients=movit::YCBCR_REC_601) at quicksync_encoder.cpp:2045

Downgrading i965-va-driver to 1.7.3-1 (the version in stable) fixes the issue.

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.8 (SMP w/4 CPU cores)
Locale: LANG=nb_NO.utf8, LC_CTYPE=nb_NO.utf8 (charmap=UTF-8), 
LANGUAGE=nb_NO.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages i965-va-driver depends on:
ii  libc6   2.24-11
ii  libdrm-intel1   2.4.81-2
ii  libdrm2 2.4.81-2
ii  libva1 [libva-driver-abi-0.40]  1.8.2-2

i965-va-driver recommends no packages.

i965-va-driver suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: nageru
Source-Version: 1.6.2-1

We believe that the bug you reported is fixed in the latest version of
nageru, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steinar H. Gunderson  (supplier of updated nageru package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 16 Jul 2017 03:36:49 +0200
Source: nageru
Binary: nageru
Architecture: source amd64
Version: 1.6.2-1
Distribution: unstable
Urgency: medium
Maintainer: Steinar H. Gunderson 
Changed-By: Steinar H. Gunderson 
Description:
 nageru - modern free software video mixer
Closes: 866512
Changes:
 nageru (1.6.2-1) unstable; urgency=medium
 .
   * New upstream release.
 * Fixes SIGFPE with newer i965-va-driver. (Closes: #866512)
 * Bump dependency on libmovit-dev, as per upstream.
Checksums-Sha1:
 c6281c16b5778880ffed66e0c1e62e

Bug#865045: marked as done (xmltv: FTBFS with Perl 5.26: t/test_filters.t failure)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 23:18:55 +
with message-id 
and subject line Bug#865045: fixed in xmltv 0.5.69-2
has caused the Debian Bug report #865045,
regarding xmltv: FTBFS with Perl 5.26: t/test_filters.t failure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xmltv
Version: 0.5.69-1
Severity: important
User: debian-p...@lists.debian.org
Usertags: perl-5.26-transition

This package fails to build with Perl 5.26 (currently in experimental.)

A full build log is available at
  
http://perl.debian.net/rebuild-logs/perl-5.26-throwaway/xmltv_0.5.69-1/xmltv_0.5.69-1_amd64-2017-05-21T07:25:36Z.build

and the server also hosts a test repository of packages binNMU'd for Perl
5.26 that can be used for testing purposes; see .

It looks like the underlying failure reason is that 
at least filter/tv_to_latex and filter/tv_to_text have

 use POSIX 'tmpnam';

which was deprecated in Perl 5.24 and removed in 5.26. Unfortunately
the deprecation warning apparently went unnoticed earlier as the build
system hides it.

  Test Summary Report
  ---
  t/test_filters.t   (Wstat: 0 Tests: 100 Failed: 10)
Failed tests:  61-70
  Files=7, Tests=162, 29 wallclock secs ( 0.04 usr  0.01 sys + 26.90 cusr  1.95 
csys = 28.90 CPU)
  Result: FAIL
 
-- 
Niko Tyni   nt...@debian.org
--- End Message ---
--- Begin Message ---
Source: xmltv
Source-Version: 0.5.69-2

We believe that the bug you reported is fixed in the latest version of
xmltv, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nick Morrott  (supplier of updated xmltv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 15 Jul 2017 23:27:36 +0100
Source: xmltv
Binary: xmltv libxmltv-perl xmltv-util xmltv-gui
Architecture: source
Version: 0.5.69-2
Distribution: unstable
Urgency: medium
Maintainer: Nick Morrott 
Changed-By: Nick Morrott 
Closes: 865045
Description: 
 libxmltv-perl - Perl libraries related to the XMLTV file format for TV listings
 xmltv  - Functionality related to the XMLTV file format for TV listings
 xmltv-gui  - Graphical user interface related to the XMLTV file format
 xmltv-util - Utilities related to the XMLTV file format for TV listings
Changes:
 xmltv (0.5.69-2) unstable; urgency=medium
 .
   * Fix "FTBFS with Perl 5.26: t/test_filters.t failure":
 add posix-tmpnam.patch which removes "use POSIX 'tmpnam'".
 Thanks to gregor hartmann for the patch.
 (Closes: #865045)
   * Declare compliance with Debian Policy 4.0.0 (no changes)
   * Make package autopkgtest-able
Checksums-Sha1: 
 e6e77878e8cc3805d2e9199ace431527d225c4c0 3226 xmltv_0.5.69-2.dsc
 90678a9a5c385bdf2ac6b35adaf55d57615eb0b4 19776 xmltv_0.5.69-2.debian.tar.xz
Checksums-Sha256: 
 faac40245466d757d16eccd586d8ed529935b79d1161fbf48e6f22d7ea15d080 3226 
xmltv_0.5.69-2.dsc
 4d0171196e5bcad7b96b7dad9698d553747e27c3da0257b901673bf51d0d15e9 19776 
xmltv_0.5.69-2.debian.tar.xz
Files: 
 ce40bc8801e4278af4d9ecd5d3741961 3226 interpreters optional xmltv_0.5.69-2.dsc
 2258bc711daa2583d295ca23efea690c 19776 interpreters optional 
xmltv_0.5.69-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAllqn1dfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qga/Yw//ZVhQ48s+FRzyIl0VQGXGBqLDG22Oa5P57FrCwixZPLptV4FwAS3uXAi3
1gLr6RPpUSPTmOA/RuY7AS6Xk/rzkNMPzYTKj40FVY2rUYBykd+5iWggVBej1r0O
aBijtz3Kjf9MRs157lucRGrwyPKq+t+kt7ekbZbJJz92Nv4tk4X3ORfnXp9s9bWK
BaIFUHzoNr0K8Nw0xaFIC1jcBGVstuNhSLlw9AjZ0slAGpAJyFjOgPguJFFMb2cN
D2wuhuXCxpw6c3A74QNSLxWepXflyMBt142DyOYawqRQfPX36YA8wYvuWmcCaJuu
3jZs9tqd+sd4S2WTr0qcexDZu/Enjy/+XWCbSXMla2pTTd48RSeDzR3Fub+rrOOD
BI/yzDEo7AQ/wzok4/EFEunIzouEmv0e7rwdURGuF1FU+46/GkiOBd7MJvqkreUb
+uWs8Htvl/FmD9EGVGza3AcbHWdn01kzsYVuMFHNdISSN5YmTkivURWhXVp99KD9
Anvm3Ey00HEkhkA/gnWxwtJS38lwtOEh+AqAhQ4r66TPEDeGissU5wgcVNzJch/r
xh

Bug#866677: Bug#765895 closed by Francois Marier (Bug#765895: fixed in rkhunter 1.4.2-6+deb9u1)

2017-07-15 Thread Christoph Anton Mitterer 
On Sat, 2017-07-15 at 22:21 +, Debian Bug Tracking System wrote:
>   * Disable remote updates to fix CVE-2017-7480 and prevent bugs like
> it in the future (closes: #765895, #866677)

It's good to see this finally done... but really sad to see, that it
required an actually exploit to be found to get that done what I've
already strongly suggested nearly THREE years agoo.O

:-(

smime.p7s
Description: S/MIME cryptographic signature

Bug#867449: marked as done (python3-plumbum: missing dependencies)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:22 +
with message-id 
and subject line Bug#867449: fixed in python-plumbum 1.6.2-1+deb9u1
has caused the Debian Bug report #867449,
regarding python3-plumbum: missing dependencies
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867449
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-plumbum
Version: 1.4.2-1
Severity: serious
Tags: patch

Due to a cut'n'paste error there are no package dependencies.

Fix:

--- debian/control.old  2017-07-06 17:05:31.0 +
+++ debian/control  2017-07-06 17:05:37.0 +
@@ -22,7 +22,7 @@
 
 Package: python3-plumbum
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: library for writing shell script-like programs in Python 3
  python-plumbum provides shell-like syntax and handy shortcuts for writing 
shell
  script one-liners in Python using shell combinators. It supports local and
--- End Message ---
--- Begin Message ---
Source: python-plumbum
Source-Version: 1.6.2-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
python-plumbum, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Philipp Huebner  (supplier of updated python-plumbum 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2017 18:29:21 +0200
Source: python-plumbum
Binary: python-plumbum python3-plumbum
Architecture: source all
Version: 1.6.2-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Philipp Huebner 
Changed-By: Philipp Huebner 
Description:
 python-plumbum - library for writing shell script-like programs in Python 2
 python3-plumbum - library for writing shell script-like programs in Python 3
Closes: 867449
Changes:
 python-plumbum (1.6.2-1+deb9u1) stretch; urgency=medium
 .
   * Fix python3 dependencies (Closes: #867449)
Checksums-Sha1:
 c692331dced3dbeffcbe0334865c7c9e003160ea 2118 python-plumbum_1.6.2-1+deb9u1.dsc
 8ee58862313fb477ff3d7839cb70aa413c494c09 2248 
python-plumbum_1.6.2-1+deb9u1.debian.tar.xz
 de6268f82e6512321fa5f7b904236121b4a6d10f 69550 
python-plumbum_1.6.2-1+deb9u1_all.deb
 f23c4e60b7ae2bbb939e77218e99905682bc8c2b 6574 
python-plumbum_1.6.2-1+deb9u1_amd64.buildinfo
 85124949d7d82f6e40e89dcd07d9f4a0080d55d9 69626 
python3-plumbum_1.6.2-1+deb9u1_all.deb
Checksums-Sha256:
 98aae443964e7e199dd1b16c744fd100d8558a9cd2ce214df5db8c43abe90234 2118 
python-plumbum_1.6.2-1+deb9u1.dsc
 63032b500cf1800b4b757dd64ba1db09b80b85d722897a86ee9808a64c82066b 2248 
python-plumbum_1.6.2-1+deb9u1.debian.tar.xz
 5c44004d2dab16880c8ef0f8ff9b50cfa320a6dfd70e0f9b96bc102c0fac3086 69550 
python-plumbum_1.6.2-1+deb9u1_all.deb
 864eb0019b836582e064f9c9dc98525b0de8367558f780a7bfab4606772ed444 6574 
python-plumbum_1.6.2-1+deb9u1_amd64.buildinfo
 7d2c901233e168aadbd5a7c9531b3070fac804087da9cb5803c61fa41e0e62fa 69626 
python3-plumbum_1.6.2-1+deb9u1_all.deb
Files:
 7979881e26e48fd9e3ec353611f27182 2118 python optional 
python-plumbum_1.6.2-1+deb9u1.dsc
 2c8493a4a1960c1cf3bf2b9aa3db503b 2248 python optional 
python-plumbum_1.6.2-1+deb9u1.debian.tar.xz
 0a8a39b6bd4018f70b0719fe65590ad9 69550 python optional 
python-plumbum_1.6.2-1+deb9u1_all.deb
 00976ef3dd6c1ea49a741d4a9ee1504a 6574 python optional 
python-plumbum_1.6.2-1+deb9u1_amd64.buildinfo
 435afda4481ed90fd6784242323eebdc 69626 python optional 
python3-plumbum_1.6.2-1+deb9u1_all.deb

-BEGIN PGP SIGNATURE-

iQJJBAEBCgAzFiEECEGLvkRyDy26xQXsunokltrkDRwFAllnqYQVHGRlYmFsYW5j
ZUBkZWJpYW4ub3JnAAoJELp6JJba5A0cx54P/A5jX1gyge4NnXAw2DCiFXgC7OmC
4rho9f3Rmbp+U1IYuMQztoOb3fZZWY94NwMIlaCAgNu7MaFlE9QFbJ1R2DSZLjaA
D1NXUGeZKKxfmTk9z5o954xlmvel94nARsHdVTcpqmfEY83ti6YD0AD3apW5GQa8
waqytP4hWnoCVdL5ik4RcUDJ12xCQN2jGZaZ+bg1y7bHDPGOHI9cEImeMsczve+t
9J44YmepcOjTwWSns9+dOrc5ljxXDWNt8LNEl7wwnEgHsPinpX5R8ES/i7aHwpFG
qEm0V+YP192hBwTnmTWidlAPd5uzAj6WNfHyDzjIAtmaRdqoSI3UALYUakpV67VV
BhHqhiE2ZjdIEq0SVhD+kPADKSBQntd4g9IxcXashshIpPz6D09cqX/lsQ8mLLIo
fA9VTPHs42bvhmCZoq3s

Bug#867309: marked as done (dgit: Use of uninitialized value $got in concatenation)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:12 +
with message-id 
and subject line Bug#867185: fixed in dgit 3.11~deb9u1
has caused the Debian Bug report #867185,
regarding dgit: Use of uninitialized value $got in concatenation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867185
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dgit
Version: 4.0
Severity: normal

Steps to reproduce:

$ dgit clone janus
canonical suite name for unstable is sid
starting new git history
downloading http://ftp.debian.org/debian//pool/main/j/janus/janus_0.2.3-1.dsc...
last upload to archive: NO git hash
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100   380  100   3800 0   2085  0 --:--:-- --:--:-- --:--:--  2087
Use of uninitialized value $got in concatenation (.) or string at /usr/bin/dgit 
line 2545.


Thanks!

cheers, josch


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dgit depends on:
ii  apt   1.4.6
ii  ca-certificates   20161130+nmu1
ii  coreutils 8.26-3
ii  curl  7.52.1-5
ii  devscripts2.17.6
ii  dpkg-dev  1.18.24
ii  dput  0.12.1
ii  git [git-core]1:2.11.0-3
ii  git-buildpackage  0.8.12.2
ii  libdpkg-perl  1.18.24
ii  libjson-perl  2.90-1
ii  liblist-moreutils-perl0.416-1+b1
ii  libperl5.24 [libdigest-sha-perl]  5.24.1-3
ii  libtext-glob-perl 0.10-1
ii  libtext-iconv-perl1.7-5+b4
ii  libwww-perl   6.15-1
ii  perl  5.24.1-3

Versions of packages dgit recommends:
ii  openssh-client [ssh-client]  1:7.4p1-10

Versions of packages dgit suggests:
ii  sbuild  0.73.0-4

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dgit
Source-Version: 3.11~deb9u1

We believe that the bug you reported is fixed in the latest version of
dgit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson  (supplier of updated dgit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 11 Jul 2017 09:28:15 +0100
Source: dgit
Binary: dgit dgit-infrastructure
Architecture: all source
Version: 3.11~deb9u1
Distribution: stretch
Urgency: high
Maintainer: Ian Jackson 
Changed-By: Ian Jackson 
Closes: 857694 858054 865863 867185 867189 867309 867434 867603 867693
Description: 
 dgit   - git interoperability with the Debian archive
 dgit-infrastructure - dgit server backend infrastructure
Changes:
 dgit (3.11~deb9u1) stretch; urgency=high
 .
   * Rebuild and upload to stretch.
 .
 dgit (3.11) unstable; urgency=high
 .
   Important bugfixes to dgit:
   * Fix rpush+buildinfo: Transfer buildinfos for signing.  Closes:#867693.
   * Cope if the archive server sends an HTTP redirect,
 by passing -L to curl.  Closes:#867185,#867309.
   * Cope with newer git which hates --local outside a tree.  Closes:#865863.
   * rpush: Honour local git config from build host working tree.
   * Tolerate compressor terminating with SIGPIPE.  Closes:#857694.
   * Honour more pre-tree git config options in our private trees sharing
 the user's object store.  In particular, core.sharedRepository.
 Prompted by #867603.
   * Clone multisuite works even without --no-rm-on-error.  Closes:#867434.
   * Work if "git init" does not c

Bug#867185: marked as done (dgit: Perl error trying to clone Gtk+)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:12 +
with message-id 
and subject line Bug#867309: fixed in dgit 3.11~deb9u1
has caused the Debian Bug report #867309,
regarding dgit: Perl error trying to clone Gtk+
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867309: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867309
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dgit
Version: 3.10
Severity: normal

The transcript below demonstrates the problem.  I get the same failure on
chiark (jessie), with a clean environment and bogus $HOME (to eliminate my
dotfiles).

[stratocaster /tmp/mdw]dgit clone gtk+3.0
canonical suite name for unstable is sid
starting new git history
downloading 
http://ftp.debian.org/debian//pool/main/g/gtk+3.0/gtk+3.0_3.22.16-1.dsc...
last upload to archive: NO git hash
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100   386  100   3860 0   8327  0 --:--:-- --:--:-- --:--:--  8391
Use of uninitialized value $got in concatenation (.) or string at /usr/bin/dgit 
line 2545.
[stratocaster /tmp/mdw rc=255]

This appears to mean that $checkhash->() failed and it was trying to report
this; I don't know what might have caused that or what I might be able to do
about it.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Foreign Architectures: amd64

Kernel: Linux 4.9.0-3-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages dgit depends on:
ii  apt   1.4.6
ii  ca-certificates   20161130+nmu1
ii  coreutils 8.26-3
ii  curl  7.52.1-5
ii  devscripts2.17.6
ii  dpkg-dev  1.18.24
ii  dput  0.12.1
ii  git [git-core]1:2.11.0-3
ii  git-buildpackage  0.8.12.2
ii  git-core  1:2.11.0-3
ii  libdigest-sha-perl5.96-1+b1
ii  libdpkg-perl  1.18.24
ii  libjson-perl  2.90-1
ii  liblist-moreutils-perl0.416-1+b1
ii  libperl5.24 [libdigest-sha-perl]  5.24.1-3
ii  libtext-glob-perl 0.10-1
ii  libtext-iconv-perl1.7-5+b4
ii  libwww-perl   6.15-1
ii  perl  5.24.1-3
ii  realpath  8.26-3

Versions of packages dgit recommends:
ii  openssh-client [ssh-client]  1:7.4p1-10

Versions of packages dgit suggests:
pn  sbuild  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dgit
Source-Version: 3.11~deb9u1

We believe that the bug you reported is fixed in the latest version of
dgit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson  (supplier of updated dgit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 11 Jul 2017 09:28:15 +0100
Source: dgit
Binary: dgit dgit-infrastructure
Architecture: all source
Version: 3.11~deb9u1
Distribution: stretch
Urgency: high
Maintainer: Ian Jackson 
Changed-By: Ian Jackson 
Closes: 857694 858054 865863 867185 867189 867309 867434 867603 867693
Description: 
 dgit   - git interoperability with the Debian archive
 dgit-infrastructure - dgit server backend infrastructure
Changes:
 dgit (3.11~deb9u1) stretch; urgency=high
 .
   * Rebuild and upload to stretch.
 .
 dgit (3.11) unstable; urgency=high
 .
   Important bugfixes to dgit:
   * Fix rpush+buildinfo: Transfer buildinfos for signing.  Closes:#867693.
   * Cope if the archive server sends an HTTP redirect,
 by passing -L to curl.  Closes:#867185,#867309.
   * Cope with newer git which hates --local outside a tree.  Closes:#865863.
   * rpush: Honour local git config from b

Bug#867581: marked as done (libgnutls30: AES256-GCM emits all-zeros ciphertext on aarch64 with hardware acceleration (upstream bug report))

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:15 +
with message-id 
and subject line Bug#867581: fixed in gnutls28 3.5.8-5+deb9u2
has caused the Debian Bug report #867581,
regarding libgnutls30: AES256-GCM emits all-zeros ciphertext on aarch64 with 
hardware acceleration (upstream bug report)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867581: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867581
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libgnutls30
Version: 3.5.8-5+deb9u1
Severity: critical
Tags: patch
Justification: breaks unrelated software

Dear Maintainer,

   * What led up to the situation?

Unrelated gnome-terminal or xfce4-terminal crashing when significant output
(e.g. running 'yes'; apparently because of the corruption of the encrypted
scrollback buffer).

Issue noticed on a Cavium ThunderX running Debian Stretch.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Patching libgnutls with
https://gitlab.com/gnutls/gnutls/commit/228b18dfbf934d8924d3305dc24d7b0162352eba
fixes the issue.

This fix is available in gnutls 3.5.13 (and testing+unstable) but not in 3.5.8
(stable). Please back-port the above patch to stable.

Upstream bug report: https://gitlab.com/gnutls/gnutls/issues/204

I marked it as 'critical' because it breaks unrelated packages, though I'm not
sure that's the appropriate severity level.

Thanks.



-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 4.9.0-3-arm64 (SMP w/48 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libgnutls30 depends on:
ii  libc62.24-11+deb9u1
ii  libgmp10 2:6.1.2+dfsg-1
ii  libhogweed4  3.3-1+b1
ii  libidn11 1.33-1
ii  libnettle6   3.3-1+b1
ii  libp11-kit0  0.23.3-2
ii  libtasn1-6   4.10-1.1
ii  zlib1g   1:1.2.8.dfsg-5

libgnutls30 recommends no packages.

Versions of packages libgnutls30 suggests:
pn  gnutls-bin  
diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c 
b/lib/accelerated/aarch64/aes-gcm-aarch64.c
index c571d02..8d2bc1d 100644
--- a/lib/accelerated/aarch64/aes-gcm-aarch64.c
+++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c
@@ -153,6 +153,27 @@ gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src, 
size_t src_size)
 }
 
 static void
+ctr32_encrypt_blocks_inplace(const unsigned char *in, unsigned char *out,
+size_t blocks, const AES_KEY *key,
+const unsigned char ivec[16])
+{
+   unsigned i;
+   uint8_t ctr[16];
+   uint8_t tmp[16];
+
+   memcpy(ctr, ivec, 16);
+
+   for (i=0;idiff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c 
b/lib/accelerated/aarch64/aes-gcm-aarch64.c
index c571d02..8d2bc1d 100644
--- a/lib/accelerated/aarch64/aes-gcm-aarch64.c
+++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c
@@ -153,6 +153,27 @@ gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src, 
size_t src_size)
 }
 
 static void
+ctr32_encrypt_blocks_inplace(const unsigned char *in, unsigned char *out,
+size_t blocks, const AES_KEY *key,
+const unsigned char ivec[16])
+{
+   unsigned i;
+   uint8_t ctr[16];
+   uint8_t tmp[16];
+
+   memcpy(ctr, ivec, 16);
+
+   for (i=0;i--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.5.8-5+deb9u2

We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler  (supplier of updated gnutls28 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 08 Jul 2017 10:29:05 +0200
Source: gnutls28
Binary: libgnutls28-dev libgnutls30 gnutls-bin gnutls-doc libgnutlsxx28 
libgnutls-openssl27 libgnutls-dane0
Architecture: source
Version: 3.5.8-5+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: De

Bug#866677: marked as done (rkhunter: CVE-2017-7480: File download via http might lead to RCE)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:23 +
with message-id 
and subject line Bug#866677: fixed in rkhunter 1.4.2-6+deb9u1
has caused the Debian Bug report #866677,
regarding rkhunter: CVE-2017-7480: File download via http might lead to RCE
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
866677: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866677
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: rkhunter
Version: 1.4.2-0.4
Severity: grave
Tags: upstream security

Hi,

the following vulnerability was published for rkhunter (somehow
releated will be at least #765895)

CVE-2017-7480[0]:
File download via http might lead to RCE

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7480
[1] http://www.openwall.com/lists/oss-security/2017/06/29/2
[2] http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG
[3] 
http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rkhunter
Source-Version: 1.4.2-6+deb9u1

We believe that the bug you reported is fixed in the latest version of
rkhunter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francois Marier  (supplier of updated rkhunter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 12 Jul 2017 03:07:17 +
Source: rkhunter
Binary: rkhunter
Architecture: source all
Version: 1.4.2-6+deb9u1
Distribution: stable
Urgency: high
Maintainer: Debian Forensics 
Changed-By: Francois Marier 
Description:
 rkhunter   - rootkit, backdoor, sniffer and exploit scanner
Closes: 765895 866677
Changes:
 rkhunter (1.4.2-6+deb9u1) stable; urgency=high
 .
   * Disable remote updates to fix CVE-2017-7480 and prevent bugs like
 it in the future (closes: #765895, #866677)
Checksums-Sha1:
 41e927f0fe49875118a6329637cfe59cf133228b 2082 rkhunter_1.4.2-6+deb9u1.dsc
 da01bc6757e14549560ad6ea46d1e93dbf5ac90f 277707 rkhunter_1.4.2.orig.tar.gz
 3aa3287916cd2b9f7c96f29210669776eecd7de1 28200 
rkhunter_1.4.2-6+deb9u1.debian.tar.xz
 f22ff045219eaa4a8005db4bc3f6aa5bdd0b77ca 237966 rkhunter_1.4.2-6+deb9u1_all.deb
 46e7bdac0a20978b575e961a85e7bbfe39932774 5524 
rkhunter_1.4.2-6+deb9u1_amd64.buildinfo
Checksums-Sha256:
 749932842111c7b4726279941bd99ab6a2abff004f7dcd6dc94909b4ae1ceef4 2082 
rkhunter_1.4.2-6+deb9u1.dsc
 789cc84a21faf669da81e648eead2e62654cfbe0b2d927119d8b1e55b22b65c3 277707 
rkhunter_1.4.2.orig.tar.gz
 8543558da2e832ec9b873c1f743b6ae0b426745df35657bbd92d18152d270d8e 28200 
rkhunter_1.4.2-6+deb9u1.debian.tar.xz
 dc6898b138e8c26e860e5a2b4270e31aeab7af325fc0a4331ea2100a8a176033 237966 
rkhunter_1.4.2-6+deb9u1_all.deb
 a31ff7c777af4d9a9aa1fd6757517cc6488c7225cb970d0bdb633260b0ba0a68 5524 
rkhunter_1.4.2-6+deb9u1_amd64.buildinfo
Files:
 62c1704884500d98298deabd965ac8ad 2082 admin optional 
rkhunter_1.4.2-6+deb9u1.dsc
 85ad366b7f3999eb2a9371e39a1a4df7 277707 admin optional 
rkhunter_1.4.2.orig.tar.gz
 81159869ce7b75ddbc7209b821f788cb 28200 admin optional 
rkhunter_1.4.2-6+deb9u1.debian.tar.xz
 c385efe1e7d620cdeb9966a561e4620f 237966 admin optional 
rkhunter_1.4.2-6+deb9u1_all.deb
 d8068f6f8d03d29b2a0f49821dfa3059 5524 admin optional 
rkhunter_1.4.2-6+deb9u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEjEcLKgsxVo4RDUMlFigfLgB8mNEFAlllkqhfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDhD
NDcwQjJBMEIzMTU2OEUxMTBENDMyNTE2MjgxRjJFMDA3Qzk4RDEACgkQFigfLgB8
mNEZig//ay7rWim392nmJqu37+s23iwxvOpRt/9Pd3iTv6h8HbFnfbpUyuP1c8nP
DMr2KGC8GZjM2MQrk/ybplh/LgdajzL1VPGb7cw/aKt0msBfBMwk8sPydEh0NBJi
csjHj7ios1tORlXuuotpgm3bCgt6L9A/HHlJC7jvqI3zd8aZRf8fQzsIDqKH3cNj
Ie5+qi16dC3E5AV9HBQvfGAKqZcYAjrZLGrVTj+PUH9el4YxBkI1Xm7j4K4jpWqB
z+fH0xARPrI+YGZDYYzEVg3rXWjq4nU/IrC1cgHI1EbBcpvX7vCaEhppu18sUTH8
5qWqK673Fvvq1G7FncSIFiKRuO2VuvH5M

Bug#867405: marked as done (python3-geolinks: missing python3 dependency)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:13 +
with message-id 
and subject line Bug#867405: fixed in geolinks 0.2.0-1+deb9u1
has caused the Debian Bug report #867405,
regarding python3-geolinks: missing python3 dependency
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867405: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867405
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-geolinks
Version: 0.2.0-1
Severity: serious
Tags: patch

Due to a cut'n'paste error the python3 dependency is missing.

Proposed fix:

--- debian/control.old  2017-07-06 13:40:31.0 +
+++ debian/control  2017-07-06 13:40:38.0 +
@@ -29,7 +29,7 @@
  
 Package: python3-geolinks
 Architecture: all
-Depends: ${python:Depends},
+Depends: ${python3:Depends},
  ${misc:Depends}
 Description: Python 3 Library for using geospatial links (catalogue 
interoperablity)
  This package is a utility library to work with geospatial links.
--- End Message ---
--- Begin Message ---
Source: geolinks
Source-Version: 0.2.0-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
geolinks, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Couwenberg  (supplier of updated geolinks package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 12 Jul 2017 11:28:48 +0200
Source: geolinks
Binary: python-geolinks python3-geolinks
Architecture: source all
Version: 0.2.0-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian GIS Project 
Changed-By: Bas Couwenberg 
Description:
 python-geolinks - Python 2 Library for using geospatial links (catalogue 
interopera
 python3-geolinks - Python 3 Library for using geospatial links (catalogue 
interopera
Closes: 867405
Changes:
 geolinks (0.2.0-1+deb9u1) stretch; urgency=medium
 .
   * Team upload.
   * Update branch in gbp.conf & Vcs-Git URL.
   * Fix dependencies for Python 3 package.
 (closes: #867405)
Checksums-Sha1:
 25c5d756b66436dbb486f31c7afc8cbf15071cb9 2141 geolinks_0.2.0-1+deb9u1.dsc
 b7f8d107cc557c02229c6057204a2ff0fbc61e96 2456 
geolinks_0.2.0-1+deb9u1.debian.tar.xz
 eeb720cdb0222da105e9bf889614c8382367e0bb 6838 
geolinks_0.2.0-1+deb9u1_amd64.buildinfo
 c02407be12b370ca5dff2126c152fc41df2afd5d 4290 
python-geolinks_0.2.0-1+deb9u1_all.deb
 57ba4af0d84a1fad4eb17b91a861619b382e6990 4360 
python3-geolinks_0.2.0-1+deb9u1_all.deb
Checksums-Sha256:
 e1203e82c00a1852a45357235cae26a33d33d0f478d354bb8ffdaf26f9c8c8b3 2141 
geolinks_0.2.0-1+deb9u1.dsc
 39b8c5c6e5a588554b2838aee41d25dfae3f6938f0a127c7700dd7f25fa6739f 2456 
geolinks_0.2.0-1+deb9u1.debian.tar.xz
 616705969d37a96a62c10fab281dfb4f8f3595c22bc74552ab62ade51c9a414e 6838 
geolinks_0.2.0-1+deb9u1_amd64.buildinfo
 9884903297820ad18279df3187fa4fad38df982dfbdcd2b361de52edac06fea4 4290 
python-geolinks_0.2.0-1+deb9u1_all.deb
 1e5c02df373b7d50dc07aaede103db0fb8bff81cc091a0531bec4685d5cb6196 4360 
python3-geolinks_0.2.0-1+deb9u1_all.deb
Files:
 d680c9147ebc81d27a3bfcac60e5cae9 2141 python optional 
geolinks_0.2.0-1+deb9u1.dsc
 99798538951a070653450f012d803a56 2456 python optional 
geolinks_0.2.0-1+deb9u1.debian.tar.xz
 94ccac610303c6782921672b6254f28c 6838 python optional 
geolinks_0.2.0-1+deb9u1_amd64.buildinfo
 4231629c68a06c606a703680d287e96a 4290 python optional 
python-geolinks_0.2.0-1+deb9u1_all.deb
 9a758c2f1f462e156023c0b297cc27ad 4360 python optional 
python3-geolinks_0.2.0-1+deb9u1_all.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAllnOu0ACgkQZ1DxCuiN
SvH3KA//TtqUWeUzL1AkRPT0atpvD0NpdIlVuaW93c7X380qEw2BtypRb/qxOvge
opZkZiP6rKuh+ie9PfuRLedQxUA/MwuufQYeJpGD/xt5ech3OaAxJzouEcbYdyv8
/WELlcrljotceQ6d7F2Xr3vfmASiiG7XhbB8oKECVmYnZXTZ3O/9yFTpSdqhfayu
QpX+/3a2z/PhKPFnfMSJ/2iGkOmGmw+E65uDuFZoShKBqdUkKHJaeMFKe31obLCF
eZDQQORtXEhfZG/+zIIuA1NZqvllpKRMveP6YNkvQld7k7zgVcy7yQ01ZQFLSZVg
+Qe46tnvnHH3dy4BNU+Bs3MeXl1dPgCzYcF/J6BaNo6fGuiFjytYPSzGxkxFrQ+M
k59jBikIeoD5v2JAMQXUp7vKweMFHo1MBrRhLf+s0Wf1hi3jWiNfV8KBGtfBXduZ
puDAw9Wr3sXdoPL+vW4JL75r72DLKgRStJTADS7aIwV+w6YFTjCMwkRvPHdu6hcC
Xy6dM3Fr

Bug#867422: marked as done (python3-colorlog: missing python3 dependency)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:21 +
with message-id 
and subject line Bug#867422: fixed in python-colorlog 2.10.0-1+deb9u1
has caused the Debian Bug report #867422,
regarding python3-colorlog: missing python3 dependency
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867422: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867422
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-colorlog
Version: 2.4.0-1
Severity: serious
Tags: patch

Due to a cut'n'paste error the python3 dependency is missing.

Fix:

--- debian/control.old  2017-07-06 15:32:46.0 +
+++ debian/control  2017-07-06 15:32:56.0 +
@@ -20,7 +20,7 @@
 
 Package: python3-colorlog
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: formatter to use with the logging module of Python 3
  python-colorlog allows colors to be placed in the format string, which is
  mostly useful when paired with a StreamHandler that is outputting to a
--- End Message ---
--- Begin Message ---
Source: python-colorlog
Source-Version: 2.10.0-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
python-colorlog, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Philipp Huebner  (supplier of updated python-colorlog 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2017 18:30:14 +0200
Source: python-colorlog
Binary: python-colorlog python3-colorlog
Architecture: source all
Version: 2.10.0-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Philipp Huebner 
Changed-By: Philipp Huebner 
Description:
 python-colorlog - formatter to use with the logging module of Python 2
 python3-colorlog - formatter to use with the logging module of Python 3
Closes: 867422
Changes:
 python-colorlog (2.10.0-1+deb9u1) stretch; urgency=medium
 .
   * Fix python3 dependencies (Closes: #867422)
Checksums-Sha1:
 2a9dfcf53729eb763c03d4b95b470ece2598734c 2153 
python-colorlog_2.10.0-1+deb9u1.dsc
 8598c0780fe71586e496c5d2b501cd5664d203f4 2204 
python-colorlog_2.10.0-1+deb9u1.debian.tar.xz
 e458708e1f340595e3ea04fcab3e36630626486a 25224 
python-colorlog_2.10.0-1+deb9u1_all.deb
 a5810a268e1717d64ae208b13748bee195fdaeb6 6598 
python-colorlog_2.10.0-1+deb9u1_amd64.buildinfo
 d50c29fa1e250f41c9a89420f0ff28607b6eed2b 25308 
python3-colorlog_2.10.0-1+deb9u1_all.deb
Checksums-Sha256:
 399ff65d51d91e734575eb1e862f2688032391ecd8a8cddbf072cd716df8 2153 
python-colorlog_2.10.0-1+deb9u1.dsc
 2f62c476bda03f2c3cd676005c9957578a9379f9f6487c3224ba0e58644e048c 2204 
python-colorlog_2.10.0-1+deb9u1.debian.tar.xz
 b3ddea6896461f40fa612cc404e704a2cbb013c0173cfbb3d80adbe062e32449 25224 
python-colorlog_2.10.0-1+deb9u1_all.deb
 c16cfe279667249e760b1d1a5097f52d171f1bfd7cc8173791aa29af191f 6598 
python-colorlog_2.10.0-1+deb9u1_amd64.buildinfo
 70a6ac38ff46824606ff996d179f1e3239e709e5faccd38e97f2c4081466f696 25308 
python3-colorlog_2.10.0-1+deb9u1_all.deb
Files:
 3f13965a81095f76915bcfe32305d64d 2153 python optional 
python-colorlog_2.10.0-1+deb9u1.dsc
 93b891bdc72172040a931ac1adb3cfca 2204 python optional 
python-colorlog_2.10.0-1+deb9u1.debian.tar.xz
 e3be5f88c6af3676a689e999e6cfb7cf 25224 python optional 
python-colorlog_2.10.0-1+deb9u1_all.deb
 fb13c997b365354924acca8f9a6243c6 6598 python optional 
python-colorlog_2.10.0-1+deb9u1_amd64.buildinfo
 c295377b33faedf2d96d2ca7cc06d449 25308 python optional 
python3-colorlog_2.10.0-1+deb9u1_all.deb

-BEGIN PGP SIGNATURE-

iQJJBAEBCgAzFiEECEGLvkRyDy26xQXsunokltrkDRwFAllnqYMVHGRlYmFsYW5j
ZUBkZWJpYW4ub3JnAAoJELp6JJba5A0c3wkP/A3Poll+AYT+oQ6Tpkf3vjbPSJRO
NNKaWn7xP7xlLdvISZtcPDP0kDV4E5ly83k048lSbJrNBRshpheiYA6CSncR3HCp
mTybjqOoh35sRBQsqoSjm9yG36oV3vTWn4V6w2r3bY5Rwy29k4exsup+eyty7Rry
biQFg/AOIjhnw4qIh/uWZZiQCa0Xz2SPz1lPmAbMekMqgX0sWr+kbcPzpQq+flhy
M74en0bxov2+QpgFGEms/kpWlXuzUgGLejEk7c45+xaTE+K8VNmEQiWSrnSDzWBf
+gkA9AEmXpKczebLLscQWm8Fw67FfIvkUPEZyrYvhfz705p52E0LcgXaFCLE5FWn
XWxEt5QlW2oJhr9gO4xbejtTS4kqVVwHUNoRNtXMRyJkB4yPBP74PeIgRmX9

Bug#867437: marked as done (python3-imaplib2: missing dependencies)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:21 +
with message-id 
and subject line Bug#867437: fixed in python-imaplib2 2.55-1+deb9u1
has caused the Debian Bug report #867437,
regarding python3-imaplib2: missing dependencies
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867437: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867437
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-imaplib2
Version: 2.55-1
Severity: serious
Tags: patch

Due to a cut'n'paste error there are no dependencies.

Fix:

--- debian/control.old  2017-07-06 16:32:14.0 +
+++ debian/control  2017-07-06 16:32:22.0 +
@@ -20,7 +20,7 @@
 
 Package: python3-imaplib2
 Architecture: all
-Depends: ${python:Depends}, ${misc:Depends}
+Depends: ${python3:Depends}, ${misc:Depends}
 Description: Threaded Python IMAP4 client (Python 3)
  Python IMAP4 rev1 mail protocol client class using threads for parallel
  operation, allowing full use of the IMAP4 concurrency features and to
--- End Message ---
--- Begin Message ---
Source: python-imaplib2
Source-Version: 2.55-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
python-imaplib2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ilias Tsitsimpis  (supplier of updated python-imaplib2 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 12 Jul 2017 11:37:15 +0300
Source: python-imaplib2
Binary: python-imaplib2 python3-imaplib2
Architecture: source all
Version: 2.55-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Ulises Vitulli 
Changed-By: Ilias Tsitsimpis 
Description:
 python-imaplib2 - Threaded Python IMAP4 client
 python3-imaplib2 - Threaded Python IMAP4 client (Python 3)
Closes: 867437
Changes:
 python-imaplib2 (2.55-1+deb9u1) stretch; urgency=medium
 .
   * Fix typo that resulted in missing dependencies for python3-imaplib2.
 Thanks to Adrian Bunk for reporting this (Closes: #867437)
Checksums-Sha1:
 234bd149580536c29ec800c6501890e53fcd24be 2044 python-imaplib2_2.55-1+deb9u1.dsc
 43b57872127840115776dd9bd1a7b495c25d0f13 4828 
python-imaplib2_2.55-1+deb9u1.debian.tar.xz
 504400adffcfa5cf93086d1d6898f9fba51ba559 29726 
python-imaplib2_2.55-1+deb9u1_all.deb
 e1dc6ecb67ba3eae45ac996e962a6117b53a59b8 6587 
python-imaplib2_2.55-1+deb9u1_amd64.buildinfo
 84b7a88a308bbe9c637c9fed672106cad7801c45 25722 
python3-imaplib2_2.55-1+deb9u1_all.deb
Checksums-Sha256:
 94503de2d711885d69067e533c3789a31a92c024eff60708ccc44558e67a465d 2044 
python-imaplib2_2.55-1+deb9u1.dsc
 7789e40eaa5c458ec3c91886c238d9f1f2b501a8281330a43715aeaf3506ec81 4828 
python-imaplib2_2.55-1+deb9u1.debian.tar.xz
 ee7331c79f088f189a49171a54f7f02b07e2dcf3d1827d698f6dd7b287530f2f 29726 
python-imaplib2_2.55-1+deb9u1_all.deb
 db33a0efbf1ee275f7c177a9bd750c2213d34b9bdf447ed692b43dcb83b04508 6587 
python-imaplib2_2.55-1+deb9u1_amd64.buildinfo
 ef630225696327881eaa27b2395989c71b4fc07386e574df03cae9a83cd43ef3 25722 
python3-imaplib2_2.55-1+deb9u1_all.deb
Files:
 185efbfbe142bc408529ff9541b95b67 2044 python optional 
python-imaplib2_2.55-1+deb9u1.dsc
 8ad884d4a4e9e7512a9d1989d998d2fa 4828 python optional 
python-imaplib2_2.55-1+deb9u1.debian.tar.xz
 124383917cdcecb3a8657fb2a278b35e 29726 python optional 
python-imaplib2_2.55-1+deb9u1_all.deb
 35ea50c2ab87db1fdf44e9bbe040c146 6587 python optional 
python-imaplib2_2.55-1+deb9u1_amd64.buildinfo
 21a65e5bb409754911cd228401310515 25722 python optional 
python3-imaplib2_2.55-1+deb9u1_all.deb

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEJ9c8pfW11+AaUTb116hngMxkQDwFAllp8OMUHGlsaWFzdHNp
QGRlYmlhbi5vcmcACgkQ16hngMxkQDzIxBAAvOnRvny47RP7izITmMncNP/cACkn
FHL4V02v7b/vH8dWGDBZNOmks6/lojEM2o9S6Yz1tagRcprb+1b1tBelxTm9ws7D
oHCqMdXTPYyFDSL1eRqSQBS3fqW2CNpi3EoZcDezQijC3VZg0+izstRucZ/rjuOb
l5aB9qBsuWZUu/Rn4lI5shTn3a9fJof+sGFAQ3RIUMI+rMzwtJV3EdvQIhVdqqNf
TSSYkalU9Vb8dg93YyBk3gjvwCnfAo90RnNK6axvoGan9k+k+V0o8PS8b8L106C+
9sxjNtt+fIf44KxCjR3CCSj96l/BDyrbvGLLYEX2o/kGpy/aLdQMxQz1EgAH12Bc
reg2r2OJQ9rfztFrtPWW+YDnPO+1QvuPdqwm6zoXHZkrLkv3BKPHpW+m1+Z41SHP
x1xn5zBYMO3

Bug#867223: marked as done (libclamunrar: CVE-2012-6706: arbitrary memory write)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:16 +
with message-id 
and subject line Bug#867223: fixed in libclamunrar 0.99-3+deb9u1
has caused the Debian Bug report #867223,
regarding libclamunrar: CVE-2012-6706: arbitrary memory write
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867223: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867223
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libclamunrar
Version: 0.99-0+deb7u1
Severity: grave
Tags: security
Justification: user security hole

CVE-2012-6706 also affects libclamunrar. See #865461 for the original bug 
report against
unrar-nonfree.

Upstream fix:
https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd

Felix
--- End Message ---
--- Begin Message ---
Source: libclamunrar
Source-Version: 0.99-3+deb9u1

We believe that the bug you reported is fixed in the latest version of
libclamunrar, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman  (supplier of updated libclamunrar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 15 Jul 2017 13:30:29 -0400
Source: libclamunrar
Binary: libclamunrar7
Architecture: source amd64
Version: 0.99-3+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: ClamAV Team 
Changed-By: Scott Kitterman 
Description:
 libclamunrar7 - anti-virus utility for Unix - unrar support
Closes: 867223
Changes:
 libclamunrar (0.99-3+deb9u1) stretch; urgency=medium
 .
   * Team upload.
 .
   [ Sebastian Andrzej Siewior ]
   * Cherry pick fix for arbitrary memory write. CVE-2012-6706
 (Closes: #867223).
Checksums-Sha1:
 860284d2e7dcbeb2117866653289a662acad38ad 2143 libclamunrar_0.99-3+deb9u1.dsc
 77954fc6970404e2c7afa85ab35417dea978875e 9136 
libclamunrar_0.99-3+deb9u1.debian.tar.xz
 1ddd09b42b7ab4c0c8d89502375e35599027a17f 67258 
libclamunrar7-dbgsym_0.99-3+deb9u1_amd64.deb
 fa33afb752fb3d3c65b0c7752d8beb5d1315a5ba 32630 
libclamunrar7_0.99-3+deb9u1_amd64.deb
 6ce3b44d366face252a9bb49f6de0cd387227f51 4980 
libclamunrar_0.99-3+deb9u1_amd64.buildinfo
Checksums-Sha256:
 00ae8b8572a4343751f3bb78fe8fc3a21f1ab7f819a0a5b19513aceccb72f268 2143 
libclamunrar_0.99-3+deb9u1.dsc
 8210c2d9f5add5d5cef0ed31666d7dc64df1e9287910c23deabc451ef40c95dc 9136 
libclamunrar_0.99-3+deb9u1.debian.tar.xz
 7902c306178939bf0231f85218276ba86845d53fc5b1bf5b3e51065f0c225b32 67258 
libclamunrar7-dbgsym_0.99-3+deb9u1_amd64.deb
 db81945abdc122f8fe6d9e414e2fd7c0ac6bc2b6a91846b6b4ad466d28a6d2cf 32630 
libclamunrar7_0.99-3+deb9u1_amd64.deb
 a6a899c834c4e89a39d19a404793a3fb2e6ecdac8c442bb11ac73b12e8904063 4980 
libclamunrar_0.99-3+deb9u1_amd64.buildinfo
Files:
 8df1ab4cda3dbf9efb5929a0ebb809b9 2143 non-free/libs extra 
libclamunrar_0.99-3+deb9u1.dsc
 93946aad4640b18775e3a1c84a8b0dc3 9136 non-free/libs extra 
libclamunrar_0.99-3+deb9u1.debian.tar.xz
 718401f8a89cd5a691faa209cf07b0d1 67258 non-free/debug extra 
libclamunrar7-dbgsym_0.99-3+deb9u1_amd64.deb
 91b7a8002ba1c4b4e9998071be056c1d 32630 non-free/libs extra 
libclamunrar7_0.99-3+deb9u1_amd64.deb
 b38ee3643cc4443ee1bf4a22da6b5741 4980 non-free/libs extra 
libclamunrar_0.99-3+deb9u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJZalSpAAoJEHjX3vua1ZrxUFoP/3dgvTbU5oumdlRrfqnH2tWF
c4OGnhmoSOOUxgG6mziJl8mnZG7s9cUOU+IM5wE2ZKzk8P+VP4OqZv5YFOVYMr6A
Eg6cYF1Twtu/mVjnkLFw/t6jiUAHv+SzMPcCxe8Psm4cvw8bo4pxrzswyxN3vD4I
PTT1T589n1hzMm244dl7HUJBzowZuCaFBA0K9gUHbo9HblEtTaj0Nmq8N0Pgbv6E
sPOfsLzPPhDMhLLzeQwQFZAFNlTx+pGI7iYaEASbOIZ7grr465DGclnbbOUA3A13
GrcNpAXcOXWyUlCA634SW2EmA0m/QMWGoopdmyWStlE/t4WtBVrfyYgEBZ2Y/mLk
UP/gKW5hFTzoM4Nd7DJxPPf4dc2/ivF4JuQ18pp0/lKmGSr7EjWNFBSdNsfWZc4Z
r/Jh4SbMYFOJxmh+mCMW23nSxdUsxOZ9hB2o0qbzA9Z+VJ/pZvtXmgxgIEvI1vpp
theMHU+F8F0NOLu1WO8a72fy/CpFoOMnBpcfLwoWwIeVT1JabiIyR41/3FkazZeF
3m68Vl8sBQPL8B5EyDA6Qw4wtDihxDN4uo201aiB8AyE2/WO9ceAJvOxerT28/1H
bEAI7UEWBoa/Au5V5BoNN6ujbp+zY5IuY58clUU+Hc+4y1/PDd/3psRiMnJKzVun
aGkZHmBcJo2/zyiFBj9S
=ZVkt
-END PGP SIGNATURE End Message ---

Bug#867309: marked as done (dgit: Use of uninitialized value $got in concatenation)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:12 +
with message-id 
and subject line Bug#867309: fixed in dgit 3.11~deb9u1
has caused the Debian Bug report #867309,
regarding dgit: Use of uninitialized value $got in concatenation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867309: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867309
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dgit
Version: 4.0
Severity: normal

Steps to reproduce:

$ dgit clone janus
canonical suite name for unstable is sid
starting new git history
downloading http://ftp.debian.org/debian//pool/main/j/janus/janus_0.2.3-1.dsc...
last upload to archive: NO git hash
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100   380  100   3800 0   2085  0 --:--:-- --:--:-- --:--:--  2087
Use of uninitialized value $got in concatenation (.) or string at /usr/bin/dgit 
line 2545.


Thanks!

cheers, josch


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dgit depends on:
ii  apt   1.4.6
ii  ca-certificates   20161130+nmu1
ii  coreutils 8.26-3
ii  curl  7.52.1-5
ii  devscripts2.17.6
ii  dpkg-dev  1.18.24
ii  dput  0.12.1
ii  git [git-core]1:2.11.0-3
ii  git-buildpackage  0.8.12.2
ii  libdpkg-perl  1.18.24
ii  libjson-perl  2.90-1
ii  liblist-moreutils-perl0.416-1+b1
ii  libperl5.24 [libdigest-sha-perl]  5.24.1-3
ii  libtext-glob-perl 0.10-1
ii  libtext-iconv-perl1.7-5+b4
ii  libwww-perl   6.15-1
ii  perl  5.24.1-3

Versions of packages dgit recommends:
ii  openssh-client [ssh-client]  1:7.4p1-10

Versions of packages dgit suggests:
ii  sbuild  0.73.0-4

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dgit
Source-Version: 3.11~deb9u1

We believe that the bug you reported is fixed in the latest version of
dgit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson  (supplier of updated dgit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 11 Jul 2017 09:28:15 +0100
Source: dgit
Binary: dgit dgit-infrastructure
Architecture: all source
Version: 3.11~deb9u1
Distribution: stretch
Urgency: high
Maintainer: Ian Jackson 
Changed-By: Ian Jackson 
Closes: 857694 858054 865863 867185 867189 867309 867434 867603 867693
Description: 
 dgit   - git interoperability with the Debian archive
 dgit-infrastructure - dgit server backend infrastructure
Changes:
 dgit (3.11~deb9u1) stretch; urgency=high
 .
   * Rebuild and upload to stretch.
 .
 dgit (3.11) unstable; urgency=high
 .
   Important bugfixes to dgit:
   * Fix rpush+buildinfo: Transfer buildinfos for signing.  Closes:#867693.
   * Cope if the archive server sends an HTTP redirect,
 by passing -L to curl.  Closes:#867185,#867309.
   * Cope with newer git which hates --local outside a tree.  Closes:#865863.
   * rpush: Honour local git config from build host working tree.
   * Tolerate compressor terminating with SIGPIPE.  Closes:#857694.
   * Honour more pre-tree git config options in our private trees sharing
 the user's object store.  In particular, core.sharedRepository.
 Prompted by #867603.
   * Clone multisuite works even without --no-rm-on-error.  Closes:#867434.
   * Work if "git init" does not c

Bug#867185: marked as done (dgit: Perl error trying to clone Gtk+)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:12 +
with message-id 
and subject line Bug#867185: fixed in dgit 3.11~deb9u1
has caused the Debian Bug report #867185,
regarding dgit: Perl error trying to clone Gtk+
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867185
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dgit
Version: 3.10
Severity: normal

The transcript below demonstrates the problem.  I get the same failure on
chiark (jessie), with a clean environment and bogus $HOME (to eliminate my
dotfiles).

[stratocaster /tmp/mdw]dgit clone gtk+3.0
canonical suite name for unstable is sid
starting new git history
downloading 
http://ftp.debian.org/debian//pool/main/g/gtk+3.0/gtk+3.0_3.22.16-1.dsc...
last upload to archive: NO git hash
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100   386  100   3860 0   8327  0 --:--:-- --:--:-- --:--:--  8391
Use of uninitialized value $got in concatenation (.) or string at /usr/bin/dgit 
line 2545.
[stratocaster /tmp/mdw rc=255]

This appears to mean that $checkhash->() failed and it was trying to report
this; I don't know what might have caused that or what I might be able to do
about it.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Foreign Architectures: amd64

Kernel: Linux 4.9.0-3-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages dgit depends on:
ii  apt   1.4.6
ii  ca-certificates   20161130+nmu1
ii  coreutils 8.26-3
ii  curl  7.52.1-5
ii  devscripts2.17.6
ii  dpkg-dev  1.18.24
ii  dput  0.12.1
ii  git [git-core]1:2.11.0-3
ii  git-buildpackage  0.8.12.2
ii  git-core  1:2.11.0-3
ii  libdigest-sha-perl5.96-1+b1
ii  libdpkg-perl  1.18.24
ii  libjson-perl  2.90-1
ii  liblist-moreutils-perl0.416-1+b1
ii  libperl5.24 [libdigest-sha-perl]  5.24.1-3
ii  libtext-glob-perl 0.10-1
ii  libtext-iconv-perl1.7-5+b4
ii  libwww-perl   6.15-1
ii  perl  5.24.1-3
ii  realpath  8.26-3

Versions of packages dgit recommends:
ii  openssh-client [ssh-client]  1:7.4p1-10

Versions of packages dgit suggests:
pn  sbuild  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dgit
Source-Version: 3.11~deb9u1

We believe that the bug you reported is fixed in the latest version of
dgit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson  (supplier of updated dgit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 11 Jul 2017 09:28:15 +0100
Source: dgit
Binary: dgit dgit-infrastructure
Architecture: all source
Version: 3.11~deb9u1
Distribution: stretch
Urgency: high
Maintainer: Ian Jackson 
Changed-By: Ian Jackson 
Closes: 857694 858054 865863 867185 867189 867309 867434 867603 867693
Description: 
 dgit   - git interoperability with the Debian archive
 dgit-infrastructure - dgit server backend infrastructure
Changes:
 dgit (3.11~deb9u1) stretch; urgency=high
 .
   * Rebuild and upload to stretch.
 .
 dgit (3.11) unstable; urgency=high
 .
   Important bugfixes to dgit:
   * Fix rpush+buildinfo: Transfer buildinfos for signing.  Closes:#867693.
   * Cope if the archive server sends an HTTP redirect,
 by passing -L to curl.  Closes:#867185,#867309.
   * Cope with newer git which hates --local outside a tree.  Closes:#865863.
   * rpush: Honour local git config from b

Bug#865863: marked as done (dgit 3.10 and earlier not compatible with git 2.12-ish)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:11 +
with message-id 
and subject line Bug#865863: fixed in dgit 3.11~deb9u1
has caused the Debian Bug report #865863,
regarding dgit 3.10 and earlier not compatible with git 2.12-ish
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865863: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865863
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: dgit
version: 3.10

dgit problem:

% dgit -D clone network-manager-strongswan sid
fatal: BUG: setup_git_env called without repository
dgit: failed command: git config -z --get-regexp --local '.*'
dgit: subprocess failed with error exit status 128

Output of "printenv | sort" is attached.


Regards
Harri
CCACHE_DIR=/var/tmp/.ccache
CCACHE_HARDLINKS=1
CCACHE_TEMPDIR=/var/tmp/.ccache
CCACHE_UMASK=0
CHROMIUM_FLAGS=--ssl-version-min=tls1 
--cipher-suite-blacklist=0xc007,0xc011,0x0005,0x0004
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-6D94iG3gEN,guid=04875397619c644082d8d560594f375b
DEBEMAIL=ha...@afaics.de
DEBFULLNAME=Harald Dunkel
DEBKEY=1F657AD782DB47FBB53BE6B50A9E2A9E66D381CB
DEBSIGN_KEYID=1F657AD782DB47FBB53BE6B50A9E2A9E66D381CB
DEB_SIGN_KEYID=1F657AD782DB47FBB53BE6B50A9E2A9E66D381CB
DISPLAY=:4
DOMAINNAME=afaics.de
EDITOR=/usr/bin/emacs
EMACS=/usr/bin/emacs
EMAIL=ha...@afaics.de
FVWM_DATADIR=/usr/share/fvwm
FVWM_MODULEDIR=/usr/lib/fvwm/2.6.7
FVWM_USERDIR=/home/harri/.fvwm
GDK_CORE_DEVICE_EVENTS=1
GPGKEY=1F657AD782DB47FBB53BE6B50A9E2A9E66D381CB
GPG_TTY=/dev/pts/5
HOME=/home/harri
HOSTDISPLAY=cecil.afaics.de:4
HUSHLOGIN=TRUE
INITRD_OK=true
KEMAIL=ha...@afaics.de
LANG=C
LC_ALL=C
LESS=-iMXRS
LESSCHARSET=iso8859
LESSCLOSE=/usr/bin/lesspipe %s %s
LESSOPEN=| /usr/bin/lesspipe %s
LOGNAME=harri
MAIL=/var/mail/harri
MAILHOST=tweety
MANPATH=/home/harri/man:/usr/share/man
OLDPWD=/home/harri
ORIGPATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
PAGER=/usr/bin/less
PATH=/home/harri/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
PILOTPORT=usb:
PRINTER=lp
PWD=/tmp
QUILT_PATCHES=debian/patches
QUILT_REFRESH_ARGS=-p ab --no-timestamps --no-index
QUOTING_STYLE=literal
RSYNC_RSH=ssh -S none -x
SHELL=/bin/bash
SHLVL=4
SIGNCHANGES=true
SSH_AGENT_PID=2135
SSH_AUTH_SOCK=/tmp/ssh-LT5dDN4iFldX/agent.2133
S_COLORS=auto
TAPE=/dev/null
TERM=xterm
USER=harri
VIRSH_DEFAULT_CONNECT_URI=qemu:///system
VISUAL=/usr/bin/emacs
WINDOWID=41943076
WINDOWPATH=2
WINEDITOR=/usr/bin/emacs
XAUTHORITY=/home/harri/.Xauthority
XDG_CACHE_HOME=/tmp/harri/.cache
XDG_CURRENT_DESKTOP=GNOME
XRSH_RSH=ssh
XTERM_LOCALE=C
XTERM_SHELL=/bin/bash
XTERM_VERSION=XTerm(330)
_=/usr/bin/printenv


signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: dgit
Source-Version: 3.11~deb9u1

We believe that the bug you reported is fixed in the latest version of
dgit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Jackson  (supplier of updated dgit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 11 Jul 2017 09:28:15 +0100
Source: dgit
Binary: dgit dgit-infrastructure
Architecture: all source
Version: 3.11~deb9u1
Distribution: stretch
Urgency: high
Maintainer: Ian Jackson 
Changed-By: Ian Jackson 
Closes: 857694 858054 865863 867185 867189 867309 867434 867603 867693
Description: 
 dgit   - git interoperability with the Debian archive
 dgit-infrastructure - dgit server backend infrastructure
Changes:
 dgit (3.11~deb9u1) stretch; urgency=high
 .
   * Rebuild and upload to stretch.
 .
 dgit (3.11) unstable; urgency=high
 .
   Important bugfixes to dgit:
   * Fix rpush+buildinfo: Transfer buildinfos for signing.  Closes:#867693.
   * Cope if the archive server sends an HTTP redirect,
 by passing -L to curl.  Closes:#867185,#867309.
   * Cope with newer git which hates --local outside a tree.  Closes:#865863.
   * rpush: Honour local git config from build host working tree.
   * Tolerate compressor terminating with SIGPIPE.  Closes:#857694.
   * Honour more pre-tree git

Bug#857694: marked as done (dgit: Died at /usr/bin/dgit line 2196.)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:11 +
with message-id 
and subject line Bug#857694: fixed in dgit 3.11~deb9u1
has caused the Debian Bug report #857694,
regarding dgit: Died at /usr/bin/dgit line 2196.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
857694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857694
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dgit
Version: 3.10
Severity: important

this dgit clone fails (the .tar.xz were there from a previously failed
call of the same dgit clone command):

mattia@warren ~/devel/debian/NMU/qt4-perl % dgit -D clone qt4-perl 
clone main body
| curl -sS https://api.ftp-master.debian.org/suites -w '%{http_code}'
=> `[{"name": "backports-new", "dakname": "backports-new", "architectures": 
["all", "source"], "components": ["main", "contrib", "non-free"], "codename": 
null, "archive": "backports-new"}, {"name": "backports-policy", "dakname": 
"backports-policy", "architectures": ["all", "amd64", "armel", "i386", "ia64", 
"kfreebsd-amd64", "kfreebsd-i386", "mips", "mipsel", "powerpc", "s390", 
"source", "sparc"], "components": ["main", "contrib", "non-free"], "codename": 
null, "archive": "backports-policy"}, {"name": "buildd-experimental", 
"dakname": "buildd-experimental", "architectures": ["all", "amd64", "arm64", 
"armel", "armhf", "hurd-i386", "i386", "kfreebsd-amd64", "kfreebsd-i386", 
"mips", "mips64el", "mipsel", "powerpc", "ppc64el", "s390x", "source"], 
"components": ["main", "contrib", "non-free"], "codename": 
"buildd-experimental", "archive": "build-queues"}, {"name": 
"buildd-jessie-backports", "dakname": "buildd-jessie-backports", 
"architectures": ["all", "amd64", "arm64", "armel", "armhf", "i386", 
"kfreebsd-amd64", "kfreebsd-i386", "mips", "mipsel", "powerpc", "ppc64el", 
"s390x"], "components": ["main", "contrib", "non-free"], "codename": null, 
"archive": "build-queues"}, {"name": "buildd-oldstable-proposed-updates", 
"dakname": "buildd-oldstable-proposed-updates", "architectures": ["all", 
"amd64", "armel", "armhf", "i386", "ia64", "kfreebsd-amd64", "kfreebsd-i386", 
"mips", "mipsel", "powerpc", "s390", "s390x", "source", "sparc"], "components": 
["main", "contrib", "non-free"], "codename": "buildd-wheezy-proposed-updates", 
"archive": "build-queues"}, {"name": "buildd-proposed-updates", "dakname": 
"buildd-proposed-updates", "architectures": ["all", "amd64", "arm64", "armel", 
"armhf", "i386", "mips", "mipsel", "powerpc", "ppc64el", "s390x", "source"], 
"components": ["main", "contrib", "non-free"], "codename": 
"buildd-jessie-proposed-updates", "archive": "build-queues"}, {"name": 
"buildd-squeeze-backports", "dakname": "buildd-squeeze-backports", 
"architectures": ["all", "amd64", "armel", "i386", "ia64", "kfreebsd-amd64", 
"kfreebsd-i386", "mips", "mipsel", "powerpc", "s390", "source", "sparc"], 
"components": ["main", "contrib", "non-free"], "codename": null, "archive": 
"build-queues"}, {"name": "buildd-squeeze-backports-sloppy", "dakname": 
"buildd-squeeze-backports-sloppy", "architectures": ["all", "amd64", "armel", 
"i386", "ia64", "kfreebsd-amd64", "kfreebsd-i386", "mips", "mipsel", "powerpc", 
"s390", "source", "sparc"], "components": ["main", "contrib", "non-free"], 
"codename": null, "archive": "build-queues"}, {"name": "buildd-squeeze-lts", 
"dakname": "buildd-squeeze-lts", "architectures": ["all", "amd64", "i386", 
"source"], "components": ["main", "contrib", "non-free"], "codename": 
"buildd-squeeze-lts", "archive": "build-queues"}, {"name": 
"buildd-stable-kfreebsd-proposed-updates", "dakname": 
"buildd-stable-kfreebsd-proposed-updates", "architectures": ["all", 
"kfreebsd-amd64", "kfreebsd-i386", "source"], "components": ["main", "contrib", 
"non-free"], "codename": "buildd-jessie-kfreebsd-proposed-updates", "archive": 
"build-queues"}, {"name": "buildd-testing-proposed-updates", "dakname": 
"buildd-testing-proposed-updates", "architectures": ["amd64", "arm64", "armel", 
"armhf", "i386", "mips", "mips64el", "mipsel", "ppc64el", "s390x"], 
"components": ["main", "contrib", "non-free"], "codename": 
"buildd-stretch-proposed-updates", "archive": "build-queues"}, {"name": 
"buildd-unstable", "dakname": "buildd-unstable", "architectures": ["all", 
"amd64", "arm64", "armel", "armhf", "hurd-i386", "i386", "kfreebsd-amd64", 
"kfreebsd-i386", "mips", "mips64el", "mipsel", "powerpc", "ppc64el", "s390x", 
"source"], "components": ["main", "contrib", "non-free"], "codename": 
"buildd-sid", "archive": "build-queues"}, {"name": "buildd-wheezy-backports", 
"dakname": "buildd-wheezy-backports", "arch

Bug#865861: marked as done (python-kde4: Qtwebkit not available breaks importing plasma module)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:20 +
with message-id 
and subject line Bug#865861: fixed in pykde4 4:4.14.3-2+deb9u1
has caused the Debian Bug report #865861,
regarding python-kde4: Qtwebkit not available breaks importing plasma module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865861
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: python-kde4
Version: 4:4.14.3-2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

   * What led up to the situation?
Importing Plasma in python scripts throws an error

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
from PyKDE4.plasma import *
fails

   * What was the outcome of this action?
Complains about missing qtwebkit module

   * What outcome did you expect instead?
Successful import so python-kde4 modules can be used.


-- System Information:
Debian Release: 9.0
  APT prefers stretch
  APT policy: (500, 'stretch')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Greetings
Leszek Lesner


-- 
ZevenOS / Neptune Team
http://www.zevenos.com / http://www.neptuneos.com
Leszek Lesner 
--- End Message ---
--- Begin Message ---
Source: pykde4
Source-Version: 4:4.14.3-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
pykde4, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman  (supplier of updated pykde4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 10 Jul 2017 14:00:50 -0400
Source: pykde4
Binary: python-kde4 python-kde4-dev python-kde4-doc python3-pykde4
Architecture: source amd64 all
Version: 4:4.14.3-2+deb9u1
Distribution: stable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Scott Kitterman 
Description:
 python-kde4 - Python bindings for the KDE Development Platform
 python-kde4-dev - UIC compiler and SIP files for PyKDE
 python-kde4-doc - documentation and examples for PyKDE
 python3-pykde4 - Python 3 bindings for the KDE Development Platform
Closes: 865861
Changes:
 pykde4 (4:4.14.3-2+deb9u1) stable; urgency=medium
 .
   * Team upload.
   * Drop bindings for plasma webview bindings: No longer functional due to
 QtWebKit being dropped from PyQt4 and obsolete (Closes: #865861)
 - Add debian/patches/no_webview_webkit.patch
 - Drop libqtwebkit-dev from build-depends
Checksums-Sha1:
 3cea5c82de46050c2d44d31a17803c7c00781d7b 2699 pykde4_4.14.3-2+deb9u1.dsc
 c879a9a1da9a6820a2651ace688ac4d3e9c7a653 22208 
pykde4_4.14.3-2+deb9u1.debian.tar.xz
 a737cbe2ae3e8c2ad6bac424b200ec72c73bca95 16250 
pykde4_4.14.3-2+deb9u1_amd64.buildinfo
 4e5168148de5423e1f5ef56aab162653ecdc1622 21389936 
python-kde4-dbgsym_4.14.3-2+deb9u1_amd64.deb
 6e8f0e899c6f800e226ab34f9427bb01249426db 271422 
python-kde4-dev_4.14.3-2+deb9u1_all.deb
 e4fc252d973e2e5ac9ab28ea5c249f90fadd6096 1834332 
python-kde4-doc_4.14.3-2+deb9u1_all.deb
 286400f64679a0c8c2110d41685d6ba2f7a671c8 2858216 
python-kde4_4.14.3-2+deb9u1_amd64.deb
 b511fb744a49cc1320bb60212db92adb4938f4b5 21546530 
python3-pykde4-dbgsym_4.14.3-2+deb9u1_amd64.deb
 0dcdcab85d643f4152e9e892f82a722c3dcec510 2859946 
python3-pykde4_4.14.3-2+deb9u1_amd64.deb
Checksums-Sha256:
 4cee91d1063c72fe223b8afb738f0dfc4aa70499bc717d8f5f30c4ec6e80c191 2699 
pykde4_4.14.3-2+deb9u1.dsc
 2b88d2d5a994b67cdeb67479f93a967039bbfdb173e5b9464be3abd51350c235 22208 
pykde4_4.14.3-2+deb9u1.debian.tar.xz
 d8566845259bc74897979c2e75251888eb78c4754f322a3786a635e8ff0d3cf6 16250 
pykde4_4.14.3-2+deb9u1_amd64.buildinfo
 835d1aba8ff79749d3e1e5cffc87b0c2f56b35fa6767ac3a986df020fd2c554b 21389936 
python-kde4-dbgsym_4.14.3-2+deb9u1_amd64.deb
 0299073e167d36c3c8bbfe6e62ade3ca6009b8b175741c7392eb6fc67489373c 271422 
python-kde4-dev_4.14.3-2+deb9u1_all.deb
 98897dbd94d536e553898d9aec89821e83df76ff5934d1fe28a2b1695132de81 1834332 
python-kde4-doc_4.14.3-2+deb9u1_all.deb
 c68757aaa9bf8192566367280f896e1223a28c81cb555f8bed452fcd63b087dd 2858216 
python-kde4_4.14.3-2+deb9u1_amd64.deb
 67973e4c985f60

Bug#865085: marked as done (avogadro: doesn't display molecules)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:10 +
with message-id 
and subject line Bug#865085: fixed in avogadro 1.2.0-1+deb9u1
has caused the Debian Bug report #865085,
regarding avogadro: doesn't display molecules
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: avogadro
Version: 1.2.0-1+b1
Severity: serious
Justification: package is useless

Dear Maintainer,

Avogadro in stretch appears to be unable to display any molecules. It only
displays the background colour fill. Picking any molecule should be enough
to reproduce this:

$ avogadro /usr/share/avogadro/fragments/alkanes/hexane.cml

or

$ avogadro

   File → Import → Fetch by chemical name → hexane

The debug view shows that avogadro has imported the right number of atoms
and bonds, but nothing is displayed no matter what settings are chosen for
the viewer.

(checked across 3 computers including one on which avogadro had never been
installed before just in case it was a local config problem. Old discussions
on the avogadro development lists around such problems frequently implicate
compositing, but I this under Xvfb and various WMs and is, in any case, a
regression since jessie.)

cheers
Stuart


-- System Information:
Debian Release: 9.0
  APT prefers proposed-updates
  APT policy: (550, 'proposed-updates'), (500, 'stable-debug'), (500, 
'stable'), (60, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages avogadro depends on:
ii  libavogadro1 1.2.0-1+b1
ii  libc62.24-11
ii  libgcc1  1:6.3.0-18
ii  libopenbabel4v5  2.3.2+dfsg-3
ii  libqt4-opengl4:4.8.7+dfsg-11
ii  libqtcore4   4:4.8.7+dfsg-11
ii  libqtgui44:4.8.7+dfsg-11
ii  libstdc++6   6.3.0-18
ii  libx11-6 2:1.6.4-3

Versions of packages avogadro recommends:
ii  avogadro-data  1.2.0-1

avogadro suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: avogadro
Source-Version: 1.2.0-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
avogadro, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Banck  (supplier of updated avogadro package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 13 Jul 2017 10:15:00 +0200
Source: avogadro
Binary: avogadro avogadro-data libavogadro1 libavogadro-dev python-avogadro
Architecture: source
Version: 1.2.0-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debichem Team 
Changed-By: Michael Banck 
Description:
 avogadro   - Molecular Graphics and Modelling System
 avogadro-data - Molecular Graphics and Modelling System (Data Files)
 libavogadro-dev - Molecular Graphics and Modelling System (development files)
 libavogadro1 - Molecular Graphics and Modelling System (library)
 python-avogadro - Molecular Graphics and Modelling System (Python module)
Closes: 865085
Changes:
 avogadro (1.2.0-1+deb9u1) stretch; urgency=medium
 .
   [ Anton Gladky ]
   * Update eigen3 patches, pull them from upstream. (Closes: #865085)
Checksums-Sha1:
 3d2991d15678097869f228ac286d40dcccf609ef 2506 avogadro_1.2.0-1+deb9u1.dsc
 705964f523e0340ae0f4719c414655d2d7514fba 22780 
avogadro_1.2.0-1+deb9u1.debian.tar.xz
 d0babbf5bb2f5f006fc4f821beff4c51145e77f4 7842 
avogadro_1.2.0-1+deb9u1_source.buildinfo
Checksums-Sha256:
 257d5536c2526865a4dc053245a2f8d4449a9d7544af7ec0ec467f8e1fcbc7ef 2506 
avogadro_1.2.0-1+deb9u1.dsc
 37ece25d0aa48b981fcb273c336b6e7f7f456ec389707bcfd49d5dfe3707783b 22780 
avogadro_1.2.0-1+deb9u1.debian.tar.xz
 d0b94452ec67d3b53b6c1ec1e12b5aea4dffba817caca714eab95cf5bda4ae6e 7842 
avogadro_1.2.0-1+deb9u1_source.buildinfo
Files:
 aff186d216b8a0a70841629d4ad831e6 2506 science optional 
avogadro_1.2.0-1+deb

Bug#863640: marked as done (retext: I install retext, try to run it, it segfault, please see output below)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 22:17:22 +
with message-id 
and subject line Bug#863640: fixed in retext 6.0.2-2+deb9u1
has caused the Debian Bug report #863640,
regarding retext: I install retext, try to run it, it segfault, please see 
output below
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863640: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863640
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: retext
Version: 6.0.2-2
Severity: important

Dear Maintainer,

➜  ~ sudo aptitude install retext
The following NEW packages will be installed:
  docutils-common{a} python3-docutils{a} python3-enchant{a} python3-markdown{a}
  python3-markups{a} python3-pil{a} python3-pygments{a} python3-pyqt5{a}
  python3-pyqt5.qtwebkit{a}
python3-roman{a} python3-textile{a} python3-yaml{a} retext
0 packages upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/4,226 kB of archives. After unpacking 25.0 MB will be used.
Do you want to continue? [Y/n/?] y
(Reading database ... 368111 files and directories currently installed.)
Preparing to unpack .../00-docutils-common_0.13.1+dfsg-2_all.deb ...
Unpacking docutils-common (0.13.1+dfsg-2) ...
Selecting previously unselected package python3-roman.
Preparing to unpack .../01-python3-roman_2.0.0-2_all.deb ...
Unpacking python3-roman (2.0.0-2) ...
Selecting previously unselected package python3-docutils.
Preparing to unpack .../02-python3-docutils_0.13.1+dfsg-2_all.deb ...
Unpacking python3-docutils (0.13.1+dfsg-2) ...
Selecting previously unselected package python3-enchant.
Preparing to unpack .../03-python3-enchant_1.6.7-1_all.deb ...
Unpacking python3-enchant (1.6.7-1) ...
Selecting previously unselected package python3-markdown.
Preparing to unpack .../04-python3-markdown_2.6.8-1_all.deb ...
Unpacking python3-markdown (2.6.8-1) ...
Selecting previously unselected package python3-markups.
Preparing to unpack .../05-python3-markups_2.0.0-1_all.deb ...
Unpacking python3-markups (2.0.0-1) ...
Selecting previously unselected package python3-pil:amd64.
Preparing to unpack .../06-python3-pil_4.0.0-4_amd64.deb ...
Unpacking python3-pil:amd64 (4.0.0-4) ...
Selecting previously unselected package python3-pygments.
Preparing to unpack .../07-python3-pygments_2.2.0+dfsg-1_all.deb ...
Unpacking python3-pygments (2.2.0+dfsg-1) ...
Selecting previously unselected package python3-pyqt5.
Preparing to unpack .../08-python3-pyqt5_5.7+dfsg-5_amd64.deb ...
Unpacking python3-pyqt5 (5.7+dfsg-5) ...
Selecting previously unselected package python3-pyqt5.qtwebkit.
Preparing to unpack .../09-python3-pyqt5.qtwebkit_5.7+dfsg-5_amd64.deb ...
Unpacking python3-pyqt5.qtwebkit (5.7+dfsg-5) ...
Selecting previously unselected package python3-textile.
Preparing to unpack .../10-python3-textile_1%3a2.3.5-1_all.deb ...
Unpacking python3-textile (1:2.3.5-1) ...
Selecting previously unselected package python3-yaml.
Preparing to unpack .../11-python3-yaml_3.12-1_amd64.deb ...
Unpacking python3-yaml (3.12-1) ...
Selecting previously unselected package retext.
Preparing to unpack .../12-retext_6.0.2-2_all.deb ...
Unpacking retext (6.0.2-2) ...
Setting up python3-yaml (3.12-1) ...
Setting up python3-markdown (2.6.8-1) ...
Setting up python3-roman (2.0.0-2) ...
Setting up python3-pil:amd64 (4.0.0-4) ...
Setting up docutils-common (0.13.1+dfsg-2) ...
Processing triggers for mime-support (3.60) ...
Processing triggers for desktop-file-utils (0.23-1) ...
Setting up python3-pyqt5 (5.7+dfsg-5) ...
Setting up python3-pyqt5.qtwebkit (5.7+dfsg-5) ...
Processing triggers for sgml-base (1.29) ...
Setting up python3-enchant (1.6.7-1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for shared-mime-info (1.8-1) ...
Unknown media type in type 'chemical/x-alchemy'
Unknown media type in type 'chemical/x-cache'
Unknown media type in type 'chemical/x-cactvs-ascii'
Unknown media type in type 'chemical/x-cactvs-binary'
Unknown media type in type 'chemical/x-cactvs-table'
Unknown media type in type 'chemical/x-cdx'
Unknown media type in type 'chemical/x-cdxml'
Unknown media type in type 'chemical/x-chem3d'
Unknown media type in type 'chemical/x-cif'
Unknown media type in type 'chemical/x-cml'
Unknown media type in type 'chemical/x-daylight-smiles'
Unknown media type in type 'chemical/x-d

Bug#867579: marked as pending

2017-07-15 Thread James Cowgill 
tag 867579 pending
thanks

Hello,

Bug #867579 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://anonscm.debian.org/git/pkg-multimedia/libopenmpt.git/commit/?id=d9d6089

---
commit d9d608980127f867775ed50c5ef774440a9b2f7a
Author: James Cowgill 
Date:   Sat Jul 15 18:35:26 2017 +0100

Upload to stretch

diff --git a/debian/changelog b/debian/changelog
index 6893f55..3e99a76 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,10 @@
-libopenmpt (0.2.7386~beta20.3-3+deb9u2) UNRELEASED; urgency=medium
+libopenmpt (0.2.7386~beta20.3-3+deb9u2) stretch; urgency=medium
 
-  *
+  * Add security patches (Closes: #867579).
+- up8: Out-of-bounds read while loading a malfomed PLM file.
+- up10: CVE-2017-11311: Arbitrary code execution by a crafted PSM file.
 
- -- James Cowgill   Sat, 15 Jul 2017 16:13:13 +0100
+ -- James Cowgill   Sat, 15 Jul 2017 18:33:57 +0100
 
 libopenmpt (0.2.7386~beta20.3-3+deb9u1) stretch; urgency=medium

Processed: Bug#867579 marked as pending

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 867579 pending
Bug #867579 {Done: James Cowgill } [src:libopenmpt] 
libopenmpt: CVE-2017-11311
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
867579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867579
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#867223: marked as done (libclamunrar: CVE-2012-6706: arbitrary memory write)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:49:20 +
with message-id 
and subject line Bug#867223: fixed in libclamunrar 0.99-0+deb8u3
has caused the Debian Bug report #867223,
regarding libclamunrar: CVE-2012-6706: arbitrary memory write
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867223: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867223
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libclamunrar
Version: 0.99-0+deb7u1
Severity: grave
Tags: security
Justification: user security hole

CVE-2012-6706 also affects libclamunrar. See #865461 for the original bug 
report against
unrar-nonfree.

Upstream fix:
https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd

Felix
--- End Message ---
--- Begin Message ---
Source: libclamunrar
Source-Version: 0.99-0+deb8u3

We believe that the bug you reported is fixed in the latest version of
libclamunrar, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman  (supplier of updated libclamunrar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 15 Jul 2017 13:34:18 -0400
Source: libclamunrar
Binary: libclamunrar7
Architecture: source amd64
Version: 0.99-0+deb8u3
Distribution: jessie
Urgency: medium
Maintainer: ClamAV Team 
Changed-By: Scott Kitterman 
Description:
 libclamunrar7 - anti-virus utility for Unix - unrar support
Closes: 867223
Changes:
 libclamunrar (0.99-0+deb8u3) jessie; urgency=medium
 .
   * Team upload.
 .
   [ Sebastian Andrzej Siewior ]
   * Cherry pick fix for arbitrary memory write. CVE-2012-6706
 (Closes: #867223).
Checksums-Sha1:
 56c7d6cb5cf54b719b5105e4708c2f4f18f2842a 2150 libclamunrar_0.99-0+deb8u3.dsc
 5edb1d1b54d59decf8bd4853c598e17c9d9b6c61 8844 
libclamunrar_0.99-0+deb8u3.debian.tar.xz
 de5e58fd7ab4dbfb559c49e59e337b848950735d 32366 
libclamunrar7_0.99-0+deb8u3_amd64.deb
Checksums-Sha256:
 83200239a7f87a62bdd282c6a255c9099e10cc4d659bdfbbbf4a48f6e125a04d 2150 
libclamunrar_0.99-0+deb8u3.dsc
 2c500d7940923a9d5db82639c4b0b6d0a2f2551a8e3dcfd641ac15ff797070f8 8844 
libclamunrar_0.99-0+deb8u3.debian.tar.xz
 dd0a4d1b9998e0d4c0157fa3bdb650b908dc89efdf7a113fe4716b074382ec0c 32366 
libclamunrar7_0.99-0+deb8u3_amd64.deb
Files:
 2c5103908635d5991a45ac704a31f95e 2150 non-free/libs extra 
libclamunrar_0.99-0+deb8u3.dsc
 4c55ea8683fae8b6ec2125d12fb8fc92 8844 non-free/libs extra 
libclamunrar_0.99-0+deb8u3.debian.tar.xz
 dd70e8c747c4800d03ecb4a03e525ad0 32366 non-free/libs extra 
libclamunrar7_0.99-0+deb8u3_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJZalRPAAoJEHjX3vua1Zrx744P+wV0/vj2A9jSTyX6RO5Stgvq
oY3rLPwssj3fr5cONRHNEykqVt3LL6mMFgoiVdzf1wNr/5/f3kvf7mVUwXhBVWrT
rMyoJFjp/merpv8NDlCegw6OLsAd+qoDZ8Sj24APbA5kBODIodjOmcqIE7GQs1Cn
ml75B2ynYeal5hXxzobPuBU1ZiOGIug/t6bZt3HNl7w+EjrrFdPeeNocUG99NHk7
vw46oSfb46ivZCWvnf201UWz+g8z/0bI7oiWrfHL4O2qaeNzAymzuSZHTYnTnzuO
3uMSUV7MNPopPVkH6L+hgi9p11wrEuCarzQlPS57EB6PUG4Imea3ZBrDUD7h2FIj
WD7NC6CrrgBv8KbZiZJhZWE5g2swGcuRVwh+0YV70K/V2IoMOmqOlC8ZbUE4gPQi
Qt5Fn+DvrTkbWTC0huWOQAgfLjBa6zkhY4JwJnN6woheUtf1Cj9LwRv/+p7d1MFI
7g70JY0t6mTU0J9pvC36zDANKyC4bFyqv7qflmv8JYcAwdWuLwoHXT6/BzpjYZQJ
r+rQU+3gYfhuzfOpHIphD+yIZr8w6rggxVqyUkdh/pCkpBpvll35iPr1WRIpMyXL
0jkYwlBJs4nB/jfWwe2WTHADBy07b4XOBBwkzVjMCA2RrPq8KP55TmpqCOspY+EE
pLNlt8YA39Vutctr1ue1
=MUhl
-END PGP SIGNATURE End Message ---

Bug#864405: marked as done (undertow: CVE-2017-2666 CVE-2017-2670)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:48:43 +
with message-id 
and subject line Bug#864405: fixed in undertow 1.4.8-1+deb9u1
has caused the Debian Bug report #864405,
regarding undertow: CVE-2017-2666 CVE-2017-2670
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864405: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: undertow
Severity: grave
Tags: security

There's no other reference that what Red Hat published here:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666

Upstream needs to be contacted or the patch pulled from their
update.

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: undertow
Source-Version: 1.4.8-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
undertow, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated undertow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 11 Jul 2017 13:37:02 +0200
Source: undertow
Binary: libundertow-java libundertow-java-doc
Architecture: source all
Version: 1.4.8-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libundertow-java - flexible performant web server written in Java
 libundertow-java-doc - Documentation for Undertow
Closes: 864405
Changes:
 undertow (1.4.8-1+deb9u1) stretch-security; urgency=high
 .
   * Fix CVE-2017-2666 and CVE-2017-2670:
 - CVE-2017-2666:
   Prevent HTTP smuggling attacks by making sure messages do not contain
   invalid headers.
 - CVE-2017-2670:
   Fix possible DoS attack. The websocket non clean close can cause IO
   thread to get stuck in a loop.
   (Closes: #864405)
Checksums-Sha1:
 2e16ab23debb026f9505b17a43b855e5937a6301 2725 undertow_1.4.8-1+deb9u1.dsc
 f6ed2e1985dfcae6be76a73e1539b2be045ec1b1 706084 undertow_1.4.8.orig.tar.xz
 145fdbd28398628c00b1683fded4c4d2b5406908 12456 
undertow_1.4.8-1+deb9u1.debian.tar.xz
 f569d4832a090eb538d07354e819a5f6f8627ea4 1091152 
libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 0b7654c3b6b362c33165a8714d2aa9f51636dfee 2464116 
libundertow-java_1.4.8-1+deb9u1_all.deb
 776ffa8299092170231651982f8d179f9e4621db 17258 
undertow_1.4.8-1+deb9u1_all.buildinfo
Checksums-Sha256:
 634faf38edc0c8a3a7958e2b1f264e6a8eef707e536c76cbed1231815c03c3a2 2725 
undertow_1.4.8-1+deb9u1.dsc
 e8da6d0bbe8de5c98121579a9c66a3a5dbf78c658cc8d49918f979bcf4d4bc76 706084 
undertow_1.4.8.orig.tar.xz
 107ed21a1f69440dac6aa902f53e647828e6a0f833e20876448b53b1d48e9cb3 12456 
undertow_1.4.8-1+deb9u1.debian.tar.xz
 3614af195f068ad779558d66e1dcef61672cbc593fe6bb7130c1a31b434e82ee 1091152 
libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 c356cf9a6ab9bda52798de0ef9f4cc95c933956092662eec79ff80864d58ad67 2464116 
libundertow-java_1.4.8-1+deb9u1_all.deb
 1eab1782ea0588244aa8e789751ffc2c211fe68e6f3fd056de27217bea75a74a 17258 
undertow_1.4.8-1+deb9u1_all.buildinfo
Files:
 068ef2a306342656ab3dddee8baed18c 2725 java optional undertow_1.4.8-1+deb9u1.dsc
 0cb50df7c574f61b30572db230e4c88f 706084 java optional 
undertow_1.4.8.orig.tar.xz
 95f4fbe5413ec5a05b016e73499023c8 12456 java optional 
undertow_1.4.8-1+deb9u1.debian.tar.xz
 10d72657e8f0473c5920341b8a9d6dbc 1091152 doc optional 
libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 181f644457c6f2eb08ae5006504f0c17 2464116 java optional 
libundertow-java_1.4.8-1+deb9u1_all.deb
 1a6ba70eff79e6795dc8507e19554213 17258 java optional 
undertow_1.4.8-1+deb9u1_all.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllk9zVfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk27YP/RhEaMC0sHLyo60lISJZ+QJFeXCo1GurjHdh
6RiUFigOF7zutRttckST61gAYy9zmR6UWGANJgBQ50gV3w3TgIk+zIT9kBQlRjaU
2prhevZsGLImxc5wot+b/g3ND8N2/RBjZc2AUke23+urA50d0VA3mwdg3sZQVCeV
2HCAdLOelI6ZdSuWq6sUNEVIA8e86tefz1WYiAywyqH969/qT4vb+Sq4o/EfVy6z
awZzKwV/OT51G

Bug#862689: marked as done (flightgear: CVE-2017-8921)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:49:18 +
with message-id 
and subject line Bug#862689: fixed in flightgear 3.0.0-5+deb8u2
has caused the Debian Bug report #862689,
regarding flightgear: CVE-2017-8921
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
862689: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862689
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: flightgear
Version: 1:2016.4.4+dfsg-2
Severity: grave
Tags: upstream patch security
Control: found -1 3.0.0-5

Hi,

the following vulnerability was published for flightgear.

CVE-2017-8921[0]:
| In FlightGear before 2017.2.1, the FGCommand interface allows
| overwriting any file the user has write access to, but not with
| arbitrary data: only with the contents of a FlightGear flightplan
| (XML). A resource such as a malicious third-party aircraft could
| exploit this to damage files belonging to the user. Both this issue and
| CVE-2016-9956 are directory traversal vulnerabilities in
| Autopilot/route_mgr.cxx - this one exists because of an incomplete fix
| for CVE-2016-9956.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8921

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: flightgear
Source-Version: 3.0.0-5+deb8u2

We believe that the bug you reported is fixed in the latest version of
flightgear, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 862...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Wanner  (supplier of updated flightgear package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 02 Jul 2017 13:54:58 +0200
Source: flightgear
Binary: flightgear
Architecture: source amd64
Version: 3.0.0-5+deb8u2
Distribution: jessie
Urgency: high
Maintainer: Debian FlightGear Crew 
Changed-By: Markus Wanner 
Description:
 flightgear - Flight Gear Flight Simulator
Closes: 862689
Changes:
 flightgear (3.0.0-5+deb8u2) jessie; urgency=high
 .
   * Add patch restrict-save-flightplan-secu-fix-faf872.patch: prevent
 overriding arbitrary files from the "save-flightplan" FGCommand.
 Closes: #862689 (CVE-2017-8921).
Checksums-Sha1:
 7075f4ea2969cb632828db9717dd574ecde12c17 3255 flightgear_3.0.0-5+deb8u2.dsc
 6af27a9fb2b6df0ca8c447ec4338d6ea883377ba 29628 
flightgear_3.0.0-5+deb8u2.debian.tar.xz
 90406a0b4ce81121ca5e3fb01837c41fe0518a0c 3941262 
flightgear_3.0.0-5+deb8u2_amd64.deb
Checksums-Sha256:
 c7bcab75113db0dfecfd38265ebe0fa1b04c8ca43f3dd00934c593f2f122074e 3255 
flightgear_3.0.0-5+deb8u2.dsc
 5f5b973ab45c95250e58e976136807f3724951939883f8d2f017b860f93b3ebe 29628 
flightgear_3.0.0-5+deb8u2.debian.tar.xz
 4716f9a91ae80ced0c248a84dd7671828042d301a3fb4a6edf325f1fd2b8beba 3941262 
flightgear_3.0.0-5+deb8u2_amd64.deb
Files:
 89ffddfdc07aef56c3e1b0522ea41444 3255 games extra flightgear_3.0.0-5+deb8u2.dsc
 13dbc7a59a1c18470ed363fb758884f5 29628 games extra 
flightgear_3.0.0-5+deb8u2.debian.tar.xz
 e9257fb7208d6ee762d8b3b03f47a7c2 3941262 games extra 
flightgear_3.0.0-5+deb8u2_amd64.deb

-BEGIN PGP SIGNATURE-

iQQzBAEBCAAdFiEE7WdiNgeE4zHiUwPWAlr+layd8xsFAllY7XkACgkQAlr+layd
8xsjgCAAoTJ+iEYfoPpRRUsT7p2t1WH56A7K2QoGFAoHX42re09SD3gkxBdLbmiC
Git7xCAecStRdj2vOxtkhvJUcCWLhHvJS4Q6LIk9GqiZZwYkkF1NkkIZwAaOhl50
dJ1CrtLSLBnop4EbctKQsCqcF6w+CdhcDTlX2ptRG2xXRIQpKy/0QbIEng/lqh2V
0KA+mCtleP1aal86HS9/dArRo0tQ8V/Y41ciwAofKk0Gp3+pdE768Fi2B+5HvKdY
eIKxSvdhUjQtkg8bmWbKczJrDFCgbLUZExyhiQ2YKnthA84lmv5NE09Gc2AQoyd0
0BBglqUUVdFcONOPKSOuVgZ6jWzz5V5zOoJt1MMcqHq5ybAST3DP+yRod/uo19h/
iuUvLULHZyU5uJx+aDuP9mIUFAdD872F2EC2/GM78HitjkM5ZdMAdVNt5vu24AVt
3O1N88UM/unZU8DNq2/bwM3jC4DoJpOie6CcUp/6BWFdBWvVGq16iCFsVAfNI7xt
k/QrQBfvZGaX8oIw588qUIPeezckHzizyvukrBac+ryog0/nBEBgAJwHvIZmZuu2
ClE9UYW7i/U0oli1ghm2dDNz/dlNtP7KwFoe/d5Tkyq982y0OTjWmkVJm6T10Ojo
h/73ZJZyBzV+lffS0ZSunTuaK7zD7kyORFohu3bMa1r6jkaAc371sA+QUMJuUTr6
QMDEUn4qQor+DFGN5SygjuCafNZfL5wc3I3cqcreomTtwgH+EsxIsUH4cUr9uKKy
TI0sezuPwrdXQidNX/5SBV

Bug#867422: marked as done (python3-colorlog: missing python3 dependency)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:49:25 +
with message-id 
and subject line Bug#867422: fixed in python-colorlog 2.4.0-1+deb8u1
has caused the Debian Bug report #867422,
regarding python3-colorlog: missing python3 dependency
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867422: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867422
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-colorlog
Version: 2.4.0-1
Severity: serious
Tags: patch

Due to a cut'n'paste error the python3 dependency is missing.

Fix:

--- debian/control.old  2017-07-06 15:32:46.0 +
+++ debian/control  2017-07-06 15:32:56.0 +
@@ -20,7 +20,7 @@
 
 Package: python3-colorlog
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: formatter to use with the logging module of Python 3
  python-colorlog allows colors to be placed in the format string, which is
  mostly useful when paired with a StreamHandler that is outputting to a
--- End Message ---
--- Begin Message ---
Source: python-colorlog
Source-Version: 2.4.0-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
python-colorlog, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Philipp Huebner  (supplier of updated python-colorlog 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2017 18:33:45 +0200
Source: python-colorlog
Binary: python-colorlog python3-colorlog
Architecture: source all
Version: 2.4.0-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Philipp Huebner 
Changed-By: Philipp Huebner 
Description:
 python-colorlog - formatter to use with the logging module of Python 2
 python3-colorlog - formatter to use with the logging module of Python 3
Closes: 867422
Changes:
 python-colorlog (2.4.0-1+deb8u1) jessie; urgency=medium
 .
   * Fix python3 dependencies (Closes: #867422)
Checksums-Sha1:
 a5459c8c2c076e7e19e72dc103e4f00f78911278 1987 
python-colorlog_2.4.0-1+deb8u1.dsc
 6c6119a1e785880384abed16ace4c2e8561de181 1924 
python-colorlog_2.4.0-1+deb8u1.debian.tar.xz
 ee5b54a6f88cc7011f4509f5a323e005a22b82fc 8740 
python-colorlog_2.4.0-1+deb8u1_all.deb
 1c742cd77fc3340bbd1375f70cc232351b4d3871 6570 
python3-colorlog_2.4.0-1+deb8u1_all.deb
Checksums-Sha256:
 35ac33dcf81912a6e36e8e015cc5d65c76be4642fe440d1369dc567ae73ff9e0 1987 
python-colorlog_2.4.0-1+deb8u1.dsc
 653c99a0543b362b7d4aec5b07fd906e6e8c9e9e20d9b82607482ff08aac32b5 1924 
python-colorlog_2.4.0-1+deb8u1.debian.tar.xz
 e8afaaad0503285976e33df0f1d7595f309a027a8bda491fd804bfb27b6c748e 8740 
python-colorlog_2.4.0-1+deb8u1_all.deb
 20fa54dfcfd9e8654396965cae697e5b4975b2ccb8096d25255781cbbee6dfb7 6570 
python3-colorlog_2.4.0-1+deb8u1_all.deb
Files:
 16e95f84808252cf807c84b0c3cbc67f 1987 python optional 
python-colorlog_2.4.0-1+deb8u1.dsc
 85b42791b13d49eb4d225e82ef8e8cdf 1924 python optional 
python-colorlog_2.4.0-1+deb8u1.debian.tar.xz
 70f2e4739d3c2c7216e77162d98fdc20 8740 python optional 
python-colorlog_2.4.0-1+deb8u1_all.deb
 8032f9c0cbf4399b3780b79575670d48 6570 python optional 
python3-colorlog_2.4.0-1+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQJJBAEBCgAzFiEECEGLvkRyDy26xQXsunokltrkDRwFAllnqYMVHGRlYmFsYW5j
ZUBkZWJpYW4ub3JnAAoJELp6JJba5A0cU7EQALJ7DL6fPKhMiShtZU4sk2tWMJQ3
Z3mZfPJGkZcoxgmPKfYeaw7UaBwnHiTI4Ui6nBZGAxyTcsvonhor611fLnQ5So2k
Se7zfGu5Id+hXnWQP/LzYSLTHmpWSI+7LG2ZU6Rc+9nHLqig53OBN2uHZNYZNom7
sbGGbCXxBo2Nv07dghY+wjcch2UUpfnj9UHldObupjC2Uxo5SjF4ioQUJtJN7V8B
hMw0SGQrPIgdK9ARgoaGUow5jOrGt2J9jmn9TbKfPAXUTGB0HgzJMU0GLIZxkMvV
SRRFU+ruy5XtRYpBO2meLEiYvWH7PhG1GMQor4vpImhTGY4LXeK6J+AAC8Cd9U2Z
K7oVJLxzcjlop9dGI2pcSpD63MI+yjI3srPAgD4TgmT4uOYiKlWlwRvZVmWV/8Kt
R2DgyT+C0Z3krsy+JK/nln/Qb2TZLnmmczDUH6HeZ31naMFcFco9jhBv5zI+MyuA
w6N9baLDKWJYC5K9yCVeiR9UUjZrmqFwYVii9wRAhTQXsIXGxr9M5n+52j5lhcps
0vMcX9OY/8QbLkLYRsn/+Tzjpm6VDu5KKbCgKlYPR45tOHNc7vra+nTMCJPZhP2Y
B2Mz1rZg8tqHgp872aSJ42cDPGzFcdrnOoBDfRUt3MlAC+GFfgDB95YkY/XATg+s
QI6Z1Ed1j2JMELt5
=0Z+i
-END PGP SIGNATURE End Message ---

Bug#867449: marked as done (python3-plumbum: missing dependencies)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:49:25 +
with message-id 
and subject line Bug#867449: fixed in python-plumbum 1.4.2-1+deb8u1
has caused the Debian Bug report #867449,
regarding python3-plumbum: missing dependencies
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867449
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-plumbum
Version: 1.4.2-1
Severity: serious
Tags: patch

Due to a cut'n'paste error there are no package dependencies.

Fix:

--- debian/control.old  2017-07-06 17:05:31.0 +
+++ debian/control  2017-07-06 17:05:37.0 +
@@ -22,7 +22,7 @@
 
 Package: python3-plumbum
 Architecture: all
-Depends: ${misc:Depends}, ${python:Depends}
+Depends: ${misc:Depends}, ${python3:Depends}
 Description: library for writing shell script-like programs in Python 3
  python-plumbum provides shell-like syntax and handy shortcuts for writing 
shell
  script one-liners in Python using shell combinators. It supports local and
--- End Message ---
--- Begin Message ---
Source: python-plumbum
Source-Version: 1.4.2-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
python-plumbum, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Philipp Huebner  (supplier of updated python-plumbum 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2017 18:33:30 +0200
Source: python-plumbum
Binary: python-plumbum python3-plumbum
Architecture: source all
Version: 1.4.2-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Philipp Huebner 
Changed-By: Philipp Huebner 
Description:
 python-plumbum - library for writing shell script-like programs in Python 2
 python3-plumbum - library for writing shell script-like programs in Python 3
Closes: 867449
Changes:
 python-plumbum (1.4.2-1+deb8u1) jessie; urgency=medium
 .
   * Fix python3 dependencies (Closes: #867449)
Checksums-Sha1:
 c1b8033fa0081c6be2cb3694bb239c0eaba649cd 1964 python-plumbum_1.4.2-1+deb8u1.dsc
 d6b1f4465ae44ff87e07899260b607d57bfc42e0 1964 
python-plumbum_1.4.2-1+deb8u1.debian.tar.xz
 99cccdc019c2639fee15b29efe78adf49fc4e841 47178 
python-plumbum_1.4.2-1+deb8u1_all.deb
 76fa54287043d045a49b5e799dc3392976e8d530 45100 
python3-plumbum_1.4.2-1+deb8u1_all.deb
Checksums-Sha256:
 c4123cd865a59fe1b0931700881022c0a9151f3dae5748e365e20fa671bea5ff 1964 
python-plumbum_1.4.2-1+deb8u1.dsc
 1bc6a3d038de883a937f6f9aaf7c88dba3db408c3afd5b7aadeaae943aa31a7d 1964 
python-plumbum_1.4.2-1+deb8u1.debian.tar.xz
 bee87c9220539fa073dbab547b6ebfbd2925d82fc1e6d951c743623ff11ed3de 47178 
python-plumbum_1.4.2-1+deb8u1_all.deb
 517d24e11d3836efdaf6778628db20cc408bbb8e89727fa3503f8a1f95c729eb 45100 
python3-plumbum_1.4.2-1+deb8u1_all.deb
Files:
 6a1e9ff16f279995ce07b63400a91e7c 1964 python optional 
python-plumbum_1.4.2-1+deb8u1.dsc
 ee953190a8cb0d97013bb748f3ae1bbf 1964 python optional 
python-plumbum_1.4.2-1+deb8u1.debian.tar.xz
 26ded73a5726f6684ff9d2fff18819fb 47178 python optional 
python-plumbum_1.4.2-1+deb8u1_all.deb
 6894594b158ffcfbf1ef1bacad790d48 45100 python optional 
python3-plumbum_1.4.2-1+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQJJBAEBCgAzFiEECEGLvkRyDy26xQXsunokltrkDRwFAllnqYQVHGRlYmFsYW5j
ZUBkZWJpYW4ub3JnAAoJELp6JJba5A0cr2sP/RgCtLVCfwpwr8ZwbreikQc3IOIZ
BMxt+wPck1NzQuO5Vf6U6duSQYeIo/5wNpV+02gXGl9Q2nRe5PWcfxqyyWhNrz7s
EXDelr+zdAvyKHdwRKCDwT5s19eUoBZ/k2KOk/lUyKqBLIZpHjPD3pqWrqbO8bBm
1g+AOgzOHwM0S/T4PP2eLEGy4UQpqrRS3gA/oaM0p+pGB0GRAQfeS1UKGGAr2KE7
X8Y2llCm7t2ruAqtLAm/osLTp4Hm9hTSs52SFO/Z9hf/nnDd1RMxhsuZ+1qY7SkA
LjVyG5a1ZZZ3IBz/rZcWSkos5l+WgPHJdL0hU8uwzzCg6wtcZ9yy3bh3G3m8i/p/
WSJ4xD9mmCSA2hCiWRb6fv3y/7g5KfD9GyUTVsJAKDiE3YLWVY9zZ1gPNxEGIiD2
dPK06orIlFHNlCbhHUg70KnHrecFLpgkArLEEjUDq3SpoXK3X+yEEjddEDnZU2rj
nyrWYJ92isB5RyHHKfYtnn+rRHoYKVIIH/NwDpGtOxeNkYDi5qr43YuOdW5Ok8Wk
K2mSerLlZRYVcG1q+VPPiDcp1Dvcc1snw9HqGiBA2Ney8ophCyRP2fqK8z4B+qA8
y4ERc+atzFrJyrrsYWbMZfnkSa4XtP/IsheNUX7lTf11Lg7tYryfNRAiVgQ9gDX6
ClFXwwGnbIFY6H6O
=oTkH
-END PGP SIGNATURE End Message ---

Bug#859478: marked as done (offlineimap: 'maxage' comments are wrong, offlineimap DELETES your mails)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:49:22 +
with message-id 
and subject line Bug#859478: fixed in offlineimap 6.3.4-1+deb8u1
has caused the Debian Bug report #859478,
regarding offlineimap: 'maxage' comments are wrong, offlineimap DELETES your 
mails
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
859478: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859478
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: offlineimap
Version: 6.3.4-1+kibi1
Severity: critical
Justification: causes serious data loss

Hi,

Looking at a way to stay below my mail quota, I've thought of using
offlineimap's "maxage" feature, which is advertised like this:

# Messages older than maxage days will not be synced, their flags will
# not be changed, they will not be deleted etc.  For offlineimap it will be 
like these
# messages do not exist.  This will perform an IMAP search in the case of IMAP 
or Gmail
# and therefor requires that the server support server side searching.  This 
will
# calculate the earliest day that would be included in the search and include 
all 
# messages from that day until today.   e.g. maxage = 3 to sync only the last 3 
days mail

Except… deleting a few mails from 2015 on the server with a little
python script using imaplib, and running offlineimap again leads to…
the same mails getting deleted from my laptop! Given the maxage
param was set to 90, I *think* 31-Dec-2015 happened before 90 days
ago, so clearly not a timezone thing.


Expected results: mails aren't on the server anymore (I deleted
them explicitly) BUT they're still on my laptop.


KiBi.
--- End Message ---
--- Begin Message ---
Source: offlineimap
Source-Version: 6.3.4-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
offlineimap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ilias Tsitsimpis  (supplier of updated offlineimap 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 09 May 2017 15:14:10 +0300
Source: offlineimap
Binary: offlineimap
Architecture: source all
Version: 6.3.4-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Ilias Tsitsimpis 
Changed-By: Ilias Tsitsimpis 
Description:
 offlineimap - IMAP/Maildir synchronization and reader support
Closes: 859478
Changes:
 offlineimap (6.3.4-1+deb8u1) jessie; urgency=medium
 .
   * Prevent the usage of maxage.
 The implementation of maxage is broken in this version of OfflineIMAP
 (v6.3.4) and may even result in data loss. Document the above behavior in
 the example conf file and also warn the user every time this feature is
 being used (Closes: #859478).
   * Set myself as the maintainer.
 Package has already been adopted in unstable.
Checksums-Sha1:
 4302b7c2966c8a68112b16da9f3d47efc6fa1bb8 1986 offlineimap_6.3.4-1+deb8u1.dsc
 111d8475deab3e6c44f9583663593d9f4acd4f76 18992 
offlineimap_6.3.4-1+deb8u1.debian.tar.xz
 78ba77e0c2d20328152f6721243630849b7afb9b 122122 
offlineimap_6.3.4-1+deb8u1_all.deb
Checksums-Sha256:
 b161bf92202af2d64b56934b7bb6207f91acc5d83f5c9dc7a0220a329871714f 1986 
offlineimap_6.3.4-1+deb8u1.dsc
 3d23fb879f74252fd24cd30c3a76cd4b99b765dd75f31f0d75d925a3a380530e 18992 
offlineimap_6.3.4-1+deb8u1.debian.tar.xz
 db6de0f2e95eb0190f9ae8c2b11166f8e42508c01d98fec488323ceec786b829 122122 
offlineimap_6.3.4-1+deb8u1_all.deb
Files:
 d5a4344835c11346b6a308906638d4a8 1986 mail optional 
offlineimap_6.3.4-1+deb8u1.dsc
 a7c593abc6cebafb9f1c3e3acf97f478 18992 mail optional 
offlineimap_6.3.4-1+deb8u1.debian.tar.xz
 90b3684784d8d3bfb483d800a2b89526 122122 mail optional 
offlineimap_6.3.4-1+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

iQJLBAEBCgA1FiEEJ9c8pfW11+AaUTb116hngMxkQDwFAllp9ooXHGkudHNpdHNp
bXBpc0BnbWFpbC5jb20ACgkQ16hngMxkQDwpNhAApsHCre8GFmjR15t3qbz27BX6
V/PGxUi8KfwFZPVkG+BjOdkfLi6LsgwsKmsKQlIYUUlfqVDe1bgtnAzBxKWGmL2L
Umg1GHCZP0mO9Sy8Zh80WLphP22yjLWFZc7gwcAp5cMMzjNqDxPZVsgHqDuQgqGc
fRrW8lkhhRQ/JjAR9A0cNqZbctD33pKZAZkGKPurM+bfvW9DQXKUJjid2uawGlx9
DhL4GtW/krrTd1nBna68Fqm4rhdHoIU1V81CEA5vXrQTO1c6nhPw36yVGBDH5XJG
9jntY7w8+cNxM2fx

Bug#858528: marked as done (grub-coreboot: fails to upgrade from jessie to stretch if init-select was installed)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:49:19 +
with message-id 
and subject line Bug#858528: fixed in init-select 1.20140921+deb8u1
has caused the Debian Bug report #858528,
regarding grub-coreboot: fails to upgrade from jessie to stretch if init-select 
was installed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
858528: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858528
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: grub-coreboot
Version: 2.02~beta3-5
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + init-select

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'jessie'.
It installed fine in 'jessie', then the upgrade to 'stretch' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

>From the attached log (scroll to the bottom...):

  Setting up grub-coreboot (2.02~beta3-5) ...
  Installing new version of config file /etc/kernel/postinst.d/zz-update-grub 
...
  Installing new version of config file /etc/kernel/postrm.d/zz-update-grub ...
  /var/lib/dpkg/info/grub-coreboot.config: 1: 
/etc/default/grub.d/init-select.cfg: /usr/lib/init-select/get-init: not found
  dpkg: error processing package grub-coreboot (--configure):
   subprocess installed post-installation script returned error exit status 127

This was observed in the following configuration:

* --arch i386
* --install-recommends
* package to be tested: init-select/jessie
* distupgrade from jessie to stretch (stretch does not have init-select,
  init-select was removed before grub-coreboot was configured)


cheers,

Andreas


init-select_None.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: init-select
Source-Version: 1.20140921+deb8u1

We believe that the bug you reported is fixed in the latest version of
init-select, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 858...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated init-select package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 14 Jul 2017 23:40:53 +0200
Source: init-select
Binary: init-select
Architecture: source all
Version: 1.20140921+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Michael Gilbert 
Changed-By: Andreas Beckmann 
Description:
 init-select - init system selection tool
Closes: 858528
Changes:
 init-select (1.20140921+deb8u1) jessie; urgency=medium
 .
   * Non-maintainer upload.
   * /etc/default/grub.d/init-select.cfg: Check for
 /usr/lib/init-select/get-init before calling it.
 The package may have been removed, but not purged.  (Closes: #858528)
Checksums-Sha1:
 5b45f4728843c8684d50880c79eb099d15888f6d 1458 init-select_1.20140921+deb8u1.dsc
 bec796f6c31aa9f07ce47a4a37998bfd498a4e12 9100 
init-select_1.20140921+deb8u1.tar.xz
 7e211a19da6eec8e5db760572bb37636d34bcfbc 8556 
init-select_1.20140921+deb8u1_all.deb
Checksums-Sha256:
 8cf0ca21cf88ea6c3b21d17c343e62b7065edf2a36a4f82ce559e88515b52b02 1458 
init-select_1.20140921+deb8u1.dsc
 0ce4fd295f5e1cefc8ff0c199900d7fa359d451c83a5ef8bde2dcf7cf7d01000 9100 
init-select_1.20140921+deb8u1.tar.xz
 e1e031f1780f1719ae4dbb59b7e9181e2ce1b44b0e509c3b9756c37d825dee3c 8556 
init-select_1.20140921+deb8u1_all.deb
Files:
 2b1646d3cd0775ff65a950a506196637 1458 utils optional 
init-select_1.20140921+deb8u1.dsc
 ec254b2ac9cef1e608783bd7ff0ce30e 9100 utils optional 
init-select_1.20140921+deb8u1.tar.xz
 7ebddde3087f946361747c0bae8f2913 8556 utils optional 
init-select_1.20140921+deb8u1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJZaTw3AAoJEF+zP5NZ6e0ICR4P+wc2mcvFnixW8jFFQDJEQ9/a
35zC9z4i4CooHrHHRn+8HEFOXc70hOdG0MhM3L6QwbsNXHpw203DoH1c+MAETGmN
9I0XIWkarAycE6S3lm8jp/Fr/Iaxwl1Tzij45gnmtdR+NqTGQo4itNaZFuthnYBa
pK+qOBuHI+pNYoQll7+LuYuWUYG9pq8qwgrbr1qjbUBpJVS5QtopLNYkKGISYQyc
fmMbKhtRKtwivTE1Q8zFtgXyBUIgiHzOnl73qO2Ovu9eG6lYo1EjAM0aOaIS0ab0
oCwAMXrggRLZoscpKhqxImUfXFg76zNttDT0p+BdbCemB0h0FC

Bug#865678: marked as done (knot: CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:47:22 +
with message-id 
and subject line Bug#865678: fixed in knot 2.4.0-3+deb9u1
has caused the Debian Bug report #865678,
regarding knot: CVE-2017-11104: Improper TSIG validity period check can allow 
TSIG forgery
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: knot
Version: 2.4.3-1
Severity: grave
Tags: security upstream patch
Control: found -1 2.5.1-1

Hi

See
https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
and
http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
and filling a bug in BTS to have a reference, afaik there is no CVE
yet assigned.

[16:19] < KGB-1> Yves-Alexis Perez 52846  /data/CVE/list add temporary entry 
for knot
[16:21] < Corsac> ondrej: I guess you know about it?

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: knot
Source-Version: 2.4.0-3+deb9u1

We believe that the bug you reported is fixed in the latest version of
knot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez  (supplier of updated knot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jul 2017 21:56:05 +0200
Source: knot
Binary: knot libknot5 libzscanner1 libdnssec2 libknot-dev knot-dnsutils 
knot-host knot-doc
Architecture: source
Version: 2.4.0-3+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian DNS Packaging 
Changed-By: Yves-Alexis Perez 
Closes: 865678
Description: 
 knot   - Authoritative domain name server
 knot-dnsutils - Clients provided with Knot DNS (kdig, knslookup, knsupdate)
 knot-doc   - Documentation for Knot DNS
 knot-host  - Version of 'host' bundled with Knot DNS
 libdnssec2 - DNSSEC shared library from Knot
 libknot5   - Authoritative domain name server (shared library)
 libknot-dev - Knot DNS shared library development files
 libzscanner1 - DNS zone-parsing library from Knot
Changes:
 knot (2.4.0-3+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * debian/patches:
 - 0001-tsig-move-signature-validity-period-check-after-the- added, fix
 TSIG signature validation bypass (CVE-2017-11104)   closes: #865678
Checksums-Sha1: 
 cd190e31c3b910dd139a8f60d09567a3a47193f5 2349 knot_2.4.0-3+deb9u1.dsc
 c1ad6007f5ecd31940f967e4370255d83869add7 1102856 knot_2.4.0.orig.tar.xz
 d20ac0f28e1a11cf38795b7a8692972a942ca00b 22592 
knot_2.4.0-3+deb9u1.debian.tar.xz
Checksums-Sha256: 
 72fa5a5ea38bf1131dd57065f9d5b2920104b557693ae0a066042689b421691e 2349 
knot_2.4.0-3+deb9u1.dsc
 0ba4d3e6951fc4d5c0e3dc88a720462690dd1d25f4bc1e7c24bb5747d3853679 1102856 
knot_2.4.0.orig.tar.xz
 8f023a2a91f838af742851d420ed7f5a0049e1dea2b9129b58e7ace7fc5ddfdb 22592 
knot_2.4.0-3+deb9u1.debian.tar.xz
Files: 
 b58e4de0ccf430a0b878785ecd4db18a 2349 net optional knot_2.4.0-3+deb9u1.dsc
 549dcc3778f12adee8d624dbc2c4de20 1102856 net optional knot_2.4.0.orig.tar.xz
 aa92495bdb4dbbd687e765d130cdec2a 22592 net optional 
knot_2.4.0-3+deb9u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAllotKkACgkQbdtT8qZ1
wKXzawf+NMh1E4IQTU0bIOlQARSzmIlT9TYWwz6Ifentl5Rrr74k9Wmr7Us8eXmM
6O5/VAJSoVW3iLC089pFnMKKNA/WR2v4ESK9BT/V4jc4I8vJd1yyzpRr9FpcV9+B
dpx7wtg70SxYpUlZnZMDWqs+bgXxk3pgbliMVMgfOvaZF3Ngb+jHuD9OncJqCQrE
4afPjbhas8ZFzdD/pB4opwF2ePqhjKNRHBcUsoNr3hnh4Ek4zPw+1DQ4AAZFKRAI
xwWz4f9k+XZZselDL8/FOB+ymAY3R8kLQX4IODt1SYAuBCLD8V1iAoSe/qr6myCi
p88GgXgmT6diWdmV46uTX0QoXilefg==
=s4Em
-END PGP SIGNATURE End Message ---

Bug#868109: marked as done (nginx: CVE-2017-7529 Integer overflow in the range filter)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:47:38 +
with message-id 
and subject line Bug#868109: fixed in nginx 1.10.3-1+deb9u1
has caused the Debian Bug report #868109,
regarding nginx: CVE-2017-7529 Integer overflow in the range filter
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868109: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: nginx
Severity: important
Tags: upstream security

A security issue was identified in nginx range filter.  A specially
crafted request might result in an integer overflow and incorrect
processing of ranges, potentially resulting in sensitive information
leak (CVE-2017-7529).

When using nginx with standard modules this allows an attacker to
obtain a cache file header if a response was returned from cache.
In some configurations a cache file header may contain IP address
of the backend server or other sensitive information.

Besides, with 3rd party modules it is potentially possible that
the issue may lead to a denial of service or a disclosure of
a worker process memory.  No such modules are currently known though.

The issue affects nginx 0.5.6 - 1.13.2.
The issue is fixed in nginx 1.13.3, 1.12.1.

For older versions, the following configuration can be used
as a temporary workaround:

   max_ranges 1;

Patch for the issue can be found here:
http://nginx.org/download/patch.2017.ranges.txt

Announcement: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
--- End Message ---
--- Begin Message ---
Source: nginx
Source-Version: 1.10.3-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christos Trochalakis  (supplier of updated nginx 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 12 Jul 2017 08:44:59 +0300
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-full nginx-light nginx-extras 
libnginx-mod-http-geoip libnginx-mod-http-image-filter 
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream 
libnginx-mod-http-perl libnginx-mod-http-auth-pam libnginx-mod-http-lua 
libnginx-mod-http-ndk libnginx-mod-nchan libnginx-mod-http-echo 
libnginx-mod-http-upstream-fair libnginx-mod-http-headers-more-filter 
libnginx-mod-http-cache-purge libnginx-mod-http-fancyindex 
libnginx-mod-http-uploadprogress libnginx-mod-http-subs-filter 
libnginx-mod-http-dav-ext
Architecture: source
Version: 1.10.3-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Nginx Maintainers 

Changed-By: Christos Trochalakis 
Description:
 libnginx-mod-http-auth-pam - PAM authentication module for Nginx
 libnginx-mod-http-cache-purge - Purge content from Nginx caches
 libnginx-mod-http-dav-ext - WebDAV missing commands support for Nginx
 libnginx-mod-http-echo - Bring echo and more shell style goodies to Nginx
 libnginx-mod-http-fancyindex - Fancy indexes module for the Nginx
 libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
 libnginx-mod-http-headers-more-filter - Set and clear input and output headers 
for Nginx
 libnginx-mod-http-image-filter - HTTP image filter module for Nginx
 libnginx-mod-http-lua - Lua module for Nginx
 libnginx-mod-http-ndk - Nginx Development Kit module
 libnginx-mod-http-perl - Perl module for Nginx
 libnginx-mod-http-subs-filter - Substitution filter module for Nginx
 libnginx-mod-http-uploadprogress - Upload progress system for Nginx
 libnginx-mod-http-upstream-fair - Nginx Upstream Fair Proxy Load Balancer
 libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
 libnginx-mod-mail - Mail module for Nginx
 libnginx-mod-nchan - Fast, flexible pub/sub server for Nginx
 libnginx-mod-stream - Stream module for Nginx
 nginx  - small, powerful, scalable web/proxy server
 nginx-common - small, powerful, scalable web/proxy server - common files
 nginx-doc  - small, powerful, scalable web/proxy server - documentation
 nginx-extras - nginx web/proxy server (extended version)
 nginx-full - nginx

Bug#867492: marked as done (xorg-server: CVE-2017-10971 CVE-2017-10972)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 21:02:18 +
with message-id 
and subject line Bug#867492: fixed in xorg-server 2:1.19.2-1+deb9u1
has caused the Debian Bug report #867492,
regarding xorg-server: CVE-2017-10971 CVE-2017-10972
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
867492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867492
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xorg-server
Version: 2:1.16.4-1
Severity: grave
Tags: upstream patch security
Justification: user security hole

Hi,

the following vulnerabilities were published for xorg-server, filling
the bug to track it int the BTS.

CVE-2017-10971[0]:
| In the X.Org X server before 2017-06-19, a user authenticated to an X
| Session could crash or execute code in the context of the X Server by
| exploiting a stack overflow in the endianness conversion of X Events.

CVE-2017-10972[1]:
| Uninitialized data in endianness conversion in the XEvent handling of
| the X.Org X Server before 2017-06-19 allowed authenticated malicious
| users to access potentially privileged data from the X server.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-10971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971
[1] https://security-tracker.debian.org/tracker/CVE-2017-10972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10972
[2] https://bugzilla.suse.com/show_bug.cgi?id=1035283

Could you please check back with team@s.d.o if those warrant a DSA.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:1.19.2-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated xorg-server 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 07 Jul 2017 07:09:57 +0200
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx 
xdmx-tools xnest xvfb xserver-xephyr xserver-common xorg-server-source xwayland 
xserver-xorg-legacy
Architecture: source
Version: 2:1.19.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian X Strike Force 
Changed-By: Salvatore Bonaccorso 
Closes: 867492
Description: 
 xdmx   - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xnest  - Nested X server
 xorg-server-source - Xorg X server - source files
 xserver-common - common files used by various X servers
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xvfb   - Virtual Framebuffer 'fake' X server
 xwayland   - Xwayland X server
Changes:
 xorg-server (2:1.19.2-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2017-10971: stack buffer overflow in X Event structures handling
 (Closes: #867492)
   * CVE-2017-10972: information leak due to an uninitialized stack area when
 swapping endianess.
 (Closes: #867492)
Package-Type: udeb
Checksums-Sha1: 
 ea4dca71ed8a1884545f5b1731f328849791de18 4998 xorg-server_1.19.2-1+deb9u1.dsc
 3648335593b9d267e44737b89694d38b99e3aee4 8321615 xorg-server_1.19.2.orig.tar.gz
 2c0650cf7a648d1639e0dd2292393c05d92b6a0c 140641 
xorg-server_1.19.2-1+deb9u1.diff.gz
Checksums-Sha256: 
 ad0d88dc1374aaa736e85b2d1f1495c95d5d8d48ab37ffd9a8e6bd2b80fb16f2 4998 
xorg-server_1.19.2-1+deb9u1.dsc
 191d91d02c059c66747635e145c30bc1004e703fe3b74439e26c0d05d5c4d28b 8321615 
xorg-server_1.19.2.orig.tar.gz
 0e309c92c661fc7e90beff5da2a9dca418ac6c618f9892f923ca1a237f38d941 140641 
xorg-server_1.19.2-1+deb9u1.diff.gz
Files: 
 cee7d7b9295a67b197cd1f8ee9886ece 4998 x11 optional 
xorg-server_1.1

Bug#865480: marked as done (openvpn: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 20:48:06 +
with message-id 
and subject line Bug#865480: fixed in openvpn 2.3.4-5+deb8u2
has caused the Debian Bug report #865480,
regarding openvpn: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865480: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865480
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openvpn
Version: 2.3.4-1
Severity: grave
Tags: security upstream

Hi,

the following vulnerabilities were published for openvpn.

CVE-2017-7508[0]:
Remotely-triggerable ASSERT() on malformed IPv6 packet

CVE-2017-7520[1]:
Pre-authentication remote crash/information disclosure for clients

CVE-2017-7521[2]:
Potential double-free in --x509-alt-username and memory leaks

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508
[1] https://security-tracker.debian.org/tracker/CVE-2017-7520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520
[2] https://security-tracker.debian.org/tracker/CVE-2017-7521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521
[3] https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
[4] http://www.openwall.com/lists/oss-security/2017/06/21/6

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openvpn
Source-Version: 2.3.4-5+deb8u2

We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta  (supplier of updated openvpn 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 22 Jun 2017 17:25:13 +0200
Source: openvpn
Binary: openvpn
Architecture: source amd64
Version: 2.3.4-5+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Alberto Gonzalez Iniesta 
Changed-By: Alberto Gonzalez Iniesta 
Description:
 openvpn- virtual private network daemon
Closes: 865480
Changes:
 openvpn (2.3.4-5+deb8u2) jessie-security; urgency=high
 .
   * SECURITY UPDATE: authenticated remote DoS vulnerability due to
 packet ID rollover. CVE-2017-7479.
 Kudos to Steve Beattie  for doing all the backporting
 work for this patch.
 - debian/patches/CVE-2017-7479-prereq.patch: merge
   packet_id_alloc_outgoing() into packet_id_write()
 - debian/patches/CVE-2017-7479.patch: do not assert when packet ID
   rollover occurs
   * SECURITY UPDATE: (Closes: #865480)
 - CVE-2017-7508.patch. Fix remotely-triggerable ASSERT() on malformed IPv6
   packet.
 - CVE-2017-7520.patch. Prevent two kinds of stack buffer OOB reads and a
   crash for invalid input data.
 - CVE-2017-7521.patch. Fix potential double-free in --x509-alt-username.
 - CVE-2017-7521bis.patch. Fix remote-triggerable memory leaks.
Checksums-Sha1:
 138a81d4ed1c15680bed97c73bce65789671937b 2072 openvpn_2.3.4-5+deb8u2.dsc
 71e1840311a4067a6166360f71c956888638b95e 1191101 openvpn_2.3.4.orig.tar.gz
 6646888b71f5200d43f592e083f03d706444a341 130596 
openvpn_2.3.4-5+deb8u2.debian.tar.xz
 89c2a5acbafc9a9ce57b09f6830762d0cc699c48 477340 
openvpn_2.3.4-5+deb8u2_amd64.deb
Checksums-Sha256:
 2987e8b53bde4f1b6853ea66a07f995ba3f7aa34b0a30b2a6edca907578b803d 2072 
openvpn_2.3.4-5+deb8u2.dsc
 af506d5f48568fa8d2f2435cb3fad35f9a9a8f263999ea6df3ba296960cec85a 1191101 
openvpn_2.3.4.orig.tar.gz
 a4d4fd8fde0441b0ddc44a87bd4c4ab262519e684660a307d9995774e25d53c2 130596 
openvpn_2.3.4-5+deb8u2.debian.tar.xz
 b19c3656f6a04babf64c5d9279f3a1f7978a8bc13fe5d7baff8f81c07de235df 477340 
openvpn_2.3.4-5+deb8u2_amd64.deb
Files:
 ad445bca715a8feff9c62f1d1b3e23ee 2072 net optional openvpn_2.3.4-5+deb8u2.dsc
 04d47237907faabe9d046970ffe44b2e 1191101 net optional openvpn_2.3.4.orig.tar.gz
 b7bb04530285ec110513602660f711e9 130596 net optional 
openvpn_2.3.4-5+deb8u2.debian.tar.xz
 a18

Bug#865678: marked as done (knot: CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 20:47:53 +
with message-id 
and subject line Bug#865678: fixed in knot 1.6.0-1+deb8u1
has caused the Debian Bug report #865678,
regarding knot: CVE-2017-11104: Improper TSIG validity period check can allow 
TSIG forgery
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: knot
Version: 2.4.3-1
Severity: grave
Tags: security upstream patch
Control: found -1 2.5.1-1

Hi

See
https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
and
http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
and filling a bug in BTS to have a reference, afaik there is no CVE
yet assigned.

[16:19] < KGB-1> Yves-Alexis Perez 52846  /data/CVE/list add temporary entry 
for knot
[16:21] < Corsac> ondrej: I guess you know about it?

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: knot
Source-Version: 1.6.0-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
knot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez  (supplier of updated knot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 14 Jul 2017 14:11:36 +0200
Source: knot
Binary: knot knot-libs knot-dbg knot-dnsutils knot-host knot-doc
Architecture: source amd64 all
Version: 1.6.0-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý 
Changed-By: Yves-Alexis Perez 
Description:
 knot   - authoritative domain name server
 knot-dbg   - Debug symbols for Knot DNS
 knot-dnsutils - Clients provided with Knot DNS (kdig, knslookup, knsupdate)
 knot-doc   - Documentation for Knot DNS
 knot-host  - Version of 'host' bundled with Knot DNS
 knot-libs  - authoritative domain name server
Closes: 865678
Changes:
 knot (1.6.0-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * debian/patches:
 - 0001-tsig-move-signature-validity-period-check-after-the- added, fix
 TSIG signature validation bypass (CVE-2017-11104)   closes: #865678
Checksums-Sha1:
 c98698e4096f9d7f98cc0923c1c5b152fd3e4016 2018 knot_1.6.0-1+deb8u1.dsc
 7c005d549bf8946743b8e02a1369a94b92ba1629 781192 knot_1.6.0.orig.tar.xz
 e35bed027d7d6023d35fac7498ba796a1775b285 17744 
knot_1.6.0-1+deb8u1.debian.tar.xz
 3d7babb3008aa1ded4b20c8a55cdab242d7a7517 203532 knot_1.6.0-1+deb8u1_amd64.deb
 8a421826543ccbcbf1daf4c51d97afdc64b7c929 168174 
knot-libs_1.6.0-1+deb8u1_amd64.deb
 330f721d0d83dcb741b816ae75ea2606b2cee2e9 1773014 
knot-dbg_1.6.0-1+deb8u1_amd64.deb
 5e915b33be3ce5bb3d10ca7d880e6c5ad51f3c64 66904 
knot-dnsutils_1.6.0-1+deb8u1_amd64.deb
 5f936812663b3879ed61e554b73ef1759ff71520 49744 
knot-host_1.6.0-1+deb8u1_amd64.deb
 ea7d8cdcf0959fdef08cb29841b64806bde10064 448320 knot-doc_1.6.0-1+deb8u1_all.deb
Checksums-Sha256:
 e8c6babce53b8d885e63f276e14ac1051147f8094c8a68aa970dba729b3933a8 2018 
knot_1.6.0-1+deb8u1.dsc
 38d6c19c70f0640bc9331afd1bee61196c647f138f4d36bdea7d0e1b49514f46 781192 
knot_1.6.0.orig.tar.xz
 169dfa98ce408d00add4b93c73246443834c730f0910f9147bf275ab3a8d92e1 17744 
knot_1.6.0-1+deb8u1.debian.tar.xz
 e5c84db19c7afd7e50976aad47ddce74c82b9ad906841845f3fbf6b31c727157 203532 
knot_1.6.0-1+deb8u1_amd64.deb
 0af985056c7b098fe1da0cc31a4af440b5c50081043714d8845a6e638961e8c7 168174 
knot-libs_1.6.0-1+deb8u1_amd64.deb
 a1f813a61d568043607bd0c3e794632531ab429e53ada987c9a35765ffd9a6da 1773014 
knot-dbg_1.6.0-1+deb8u1_amd64.deb
 972128fcc7c15bd89df7ee9b7f44a9a7d4299281a0dfafbeebb5ad869fb26d27 66904 
knot-dnsutils_1.6.0-1+deb8u1_amd64.deb
 28c8f87375d5d12d27e5084597e4d1db4b81e5c8f199795ff4e52a6f62648a46 49744 
knot-host_1.6.0-1+deb8u1_amd64.deb
 6213e9d5304ee8b9a1587c7477c9a2033c8b8e122d04f2ffad0559a8213e07f3 448320 
knot-doc_1.6.0-1+deb8u1_all.deb
Files:
 3098ea100fa17048bb377ccf3c13fbb0 2018 net optional knot_1.6.0-1+deb8u1.dsc
 63cd27658e05a7cd4f950b7e0b5c723a 781192 n

Processed: tagging 868469

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 868469 + fixed-upstream
Bug #868469 [src:imagemagick] imagemagick: Incomplete fix for CVE-2017-9144
Added tag(s) fixed-upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
868469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868469
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: fixed 868469 in 8:6.9.7.4+dfsg-11+deb9u1, fixed 868469 in 8:6.8.9.9-5+deb8u10

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> fixed 868469 8:6.9.7.4+dfsg-11+deb9u1
Bug #868469 [src:imagemagick] imagemagick: Incomplete fix for CVE-2017-9144
The source 'imagemagick' and version '8:6.9.7.4+dfsg-11+deb9u1' do not appear 
to match any binary packages
Marked as fixed in versions imagemagick/8:6.9.7.4+dfsg-11+deb9u1.
> fixed 868469 8:6.8.9.9-5+deb8u10
Bug #868469 [src:imagemagick] imagemagick: Incomplete fix for CVE-2017-9144
The source 'imagemagick' and version '8:6.8.9.9-5+deb8u10' do not appear to 
match any binary packages
Marked as fixed in versions imagemagick/8:6.8.9.9-5+deb8u10.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
868469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868469
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: imagemagick: Incomplete fix for CVE-2017-9144

2017-07-15 Thread Debian Bug Tracking System 
Processing control commands:

> fixed -1 8:6.9.7.4+dfsg-12
Bug #868469 [src:imagemagick] imagemagick: Incomplete fix for CVE-2017-9144
Marked as fixed in versions imagemagick/8:6.9.7.4+dfsg-12.
> found -1 8:6.9.7.4+dfsg-9
Bug #868469 [src:imagemagick] imagemagick: Incomplete fix for CVE-2017-9144
Marked as found in versions imagemagick/8:6.9.7.4+dfsg-9.
> found -1 8:6.8.9.9-5+deb8u9
Bug #868469 [src:imagemagick] imagemagick: Incomplete fix for CVE-2017-9144
Marked as found in versions imagemagick/8:6.8.9.9-5+deb8u9.

-- 
868469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868469
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#868469: imagemagick: Incomplete fix for CVE-2017-9144

2017-07-15 Thread Salvatore Bonaccorso 
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: serious
Tags: upstream patch security
Justification: incomplete fix for previous security fix
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/502
Control: fixed -1 8:6.9.7.4+dfsg-12
Control: found -1 8:6.9.7.4+dfsg-9
Control: found -1 8:6.8.9.9-5+deb8u9

As noted in the upstream bug [1] the original fix for CVE-2017-9144
was incomplete.

 [1] https://github.com/ImageMagick/ImageMagick/issues/502

As the incomplete fix has security implications itself (DoS at least?)
this might warrant a new CVE id.

Regards,
Salvatore

Bug#868448: marked as done (gearhead: needs updating for fpc 3.0.2)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 18:04:17 +
with message-id 
and subject line Bug#868448: fixed in gearhead 1.302-4
has caused the Debian Bug report #868448,
regarding gearhead: needs updating for fpc 3.0.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gearhead
Version: 1.302-3
Severity: serious
Tags: sid buster patch

Hi,

gearhead needs updating for fpc 3.0.2 which was recently uploaded to
unstable. Specifically the build-dependency on fpc-source-3.0.0 is going
to disappear soon.

I've attached the patch Graham Inggs uploaded to Ubuntu to fix this. You
may be able to base you changes on that.

Thanks,
James

diff -Nru gearhead-1.302/debian/changelog gearhead-1.302/debian/changelog
--- gearhead-1.302/debian/changelog	2016-11-21 16:50:02.0 +
+++ gearhead-1.302/debian/changelog	2017-04-10 10:17:42.0 +
@@ -1,3 +1,9 @@
+gearhead (1.302-3ubuntu1) zesty; urgency=medium
+
+  * Update for fpc 3.0.2
+
+ -- Graham Inggs   Mon, 10 Apr 2017 12:17:42 +0200
+
 gearhead (1.302-3) unstable; urgency=medium
 
   * Apply xterm-boxdrawing patch for better graphics and cursor behavior
diff -Nru gearhead-1.302/debian/control gearhead-1.302/debian/control
--- gearhead-1.302/debian/control	2016-11-21 16:26:05.0 +
+++ gearhead-1.302/debian/control	2017-04-10 10:17:42.0 +
@@ -1,8 +1,9 @@
 Source: gearhead
 Section: games
 Priority: optional
-Maintainer: Kari Pahula 
-Build-Depends: debhelper (>= 9), fp-compiler, fp-units-multimedia, fp-units-misc, fp-units-base, libsdl-ttf2.0-dev, libsdl-image1.2-dev, fpc-source-3.0.0
+Maintainer: Ubuntu Developers 
+XSBC-Original-Maintainer: Kari Pahula 
+Build-Depends: debhelper (>= 9), fp-compiler, fp-units-multimedia, fp-units-misc, fp-units-base, libsdl-ttf2.0-dev, libsdl-image1.2-dev, fpc-source-3.0.2
 Standards-Version: 3.9.8
 Homepage: http://www.gearheadrpg.com/
 
diff -Nru gearhead-1.302/debian/rules gearhead-1.302/debian/rules
--- gearhead-1.302/debian/rules	2016-11-21 16:38:53.0 +
+++ gearhead-1.302/debian/rules	2017-04-10 10:17:42.0 +
@@ -32,7 +32,7 @@
 export FPCFLAGS
 
 # TODO: find this dynamically
-FPCSRCVERSION=3.0.0
+FPCSRCVERSION=3.0.2
 
 #Architecture 
 build: build-arch build-indep


signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: gearhead
Source-Version: 1.302-4

We believe that the bug you reported is fixed in the latest version of
gearhead, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kari Pahula  (supplier of updated gearhead package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 15 Jul 2017 20:40:44 +0300
Source: gearhead
Binary: gearhead gearhead-sdl gearhead-data
Architecture: source all amd64
Version: 1.302-4
Distribution: unstable
Urgency: medium
Maintainer: Kari Pahula 
Changed-By: Kari Pahula 
Description:
 gearhead   - roguelike mecha role playing game, console version
 gearhead-data - data files for gearhead
 gearhead-sdl - roguelike mecha role playing game, SDL version
Closes: 868448
Changes:
 gearhead (1.302-4) unstable; urgency=medium
 .
   * Build depend on fpc-source metapackage instead of the direct version
 and determine fpcsrc directory by querying dependended package's
 version with dpkg.  (Closes: #868448)
Checksums-Sha1:
 5766c4fcefc46e0c4618796e1e08c36b0c8e708f 1936 gearhead_1.302-4.dsc
 3a943af7ab76aa5f5b498ef525f86fe444afb456 11980 gearhead_1.302-4.debian.tar.xz
 59e8121528960d0bfd00ccab6f5d4d7b379ad638 3534958 gearhead-data_1.302-4_all.deb
 67adb4272b016b569ce2a74f1b9aaeced237545a 375530 gearhead-sdl_1.302-4_amd64.deb
 62f03562770d384ab69627226e29f0d2b4b52304 11085 gearhead_1.302-4_amd64.buildinfo
 3ef0bf18c0d25755c91f92ca52a2ae782526835a 345060 gearhead_1.302-4_amd64.deb
Checksums-Sha256:
 678941c3c3a9c86e95daf7ccffc33fdf03b4a594ec2cdeee8dc695824ceb3ea5 1936 
gearhead_1.302-4.dsc
 59d635953e40822055c1220c57fc7214b297ac

Bug#868208: CVE-2017-11103: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre

2017-07-15 Thread Guido Günther 
Hi,
On Sat, Jul 15, 2017 at 09:08:37PM +1000, Brian May wrote:
> Guido Günther  writes:
> 
> > I've uploaded heimdal with the attached debdiff to delayed/2. Let me
> > know if you're o.k. with it and I'll reuplod without delay.
> 
> Thanks a lot for this.
> 
> I just uploaded version 7.4.0 so your upload is not required.

Great. Are you going to handle stable and oldstable as well?
Cheers,
 -- Guido

> -- 
> Brian May 
>

Processed: Bug#868109 marked as pending

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 868109 pending
Bug #868109 {Done: Christos Trochalakis } [src:nginx] 
nginx: CVE-2017-7529 Integer overflow in the range filter
Ignoring request to alter tags of bug #868109 to the same tags previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
868109: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#868109: marked as pending

2017-07-15 Thread Christos Trochalakis 
tag 868109 pending
thanks

Hello,

Bug #868109 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-nginx/nginx.git/commit/?id=47af479

---
commit 47af4791200c265e43523d7232ffdfc3de3377dd
Author: Chris Lamb 
Date:   Thu Jul 13 09:06:49 2017 +0100

Import Debian changes 1.2.1-2.2+wheezy4+deb7u1

nginx (1.2.1-2.2+wheezy4+deb7u1) wheezy-security; urgency=high

  * CVE-2017-7529: Fix an vulnerability in the range filter. A specially
crafted request could have resulted in an integer overflow and incorrect
processing of ranges, potentially resulting in sensitive information
leak. (Closes: #868109)

diff --git a/debian/changelog b/debian/changelog
index 2c76c12..5a07c41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+nginx (1.2.1-2.2+wheezy4+deb7u1) wheezy-security; urgency=high
+
+  * CVE-2017-7529: Fix an vulnerability in the range filter. A specially
+crafted request could have resulted in an integer overflow and incorrect
+processing of ranges, potentially resulting in sensitive information
+leak. (Closes: #868109)
+
+ -- Chris Lamb   Thu, 13 Jul 2017 09:06:49 +0100
+
 nginx (1.2.1-2.2+wheezy4) wheezy-security; urgency=high
 
   [ Christos Trochalakis ]

Bug#865111: marked as done (openmprtl FTBFS on mips64el: #error Unknown or unsupported architecture)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 16:51:51 +
with message-id 
and subject line Bug#865111: fixed in openmprtl 4.0.1-1
has caused the Debian Bug report #865111,
regarding openmprtl FTBFS on mips64el: #error Unknown or unsupported 
architecture
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865111
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openmprtl
Version: 4.0-1
Severity: serious

https://buildd.debian.org/status/fetch.php?pkg=openmprtl&arch=mips64el&ver=4.0-1&stamp=1497874221&raw=0

...
cd /«PKGBUILDDIR»/obj-mips64el-linux-gnuabi64/runtime/src && /usr/bin/c++   
-Domp_EXPORTS -I/«PKGBUILDDIR»/obj-mips64el-linux-gnuabi64/runtime/src 
-I/«PKGBUILDDIR»/runtime/src -I/«PKGBUILDDIR»/runtime/src/i18n 
-I/«PKGBUILDDIR»/runtime/src/include/45 
-I/«PKGBUILDDIR»/runtime/src/thirdparty/ittnotify  -g -O2 
-fdebug-prefix-map=/«PKGBUILDDIR»=. -fstack-protector-strong -Wformat 
-Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC   -D _GNU_SOURCE 
-D _REENTRANT -Wdate-time -D_FORTIFY_SOURCE=2 -std=c++11 -fno-exceptions 
-fno-rtti -Wno-sign-compare -Wno-unused-function -Wno-unused-value 
-Wno-unused-variable -Wno-switch -Wno-unknown-pragmas 
-Wno-missing-field-initializers -Wno-missing-braces -Wno-comment -o 
CMakeFiles/omp.dir/kmp_global.cpp.o -c /«PKGBUILDDIR»/runtime/src/kmp_global.cpp
In file included from /«PKGBUILDDIR»/runtime/src/kmp_global.cpp:17:0:
/«PKGBUILDDIR»/runtime/src/kmp_affinity.h:229:4: error: #error Unknown or 
unsupported architecture
 #  error Unknown or unsupported architecture
^
runtime/src/CMakeFiles/omp.dir/build.make:257: recipe for target 
'runtime/src/CMakeFiles/omp.dir/kmp_global.cpp.o' failed
make[4]: *** [runtime/src/CMakeFiles/omp.dir/kmp_global.cpp.o] Error 1
make[4]: Leaving directory '/«PKGBUILDDIR»/obj-mips64el-linux-gnuabi64'
CMakeFiles/Makefile2:180: recipe for target 
'runtime/src/CMakeFiles/omp.dir/all' failed
make[3]: *** [runtime/src/CMakeFiles/omp.dir/all] Error 2
make[3]: Leaving directory '/«PKGBUILDDIR»/obj-mips64el-linux-gnuabi64'
Makefile:130: recipe for target 'all' failed
make[2]: *** [all] Error 2
make[2]: Leaving directory '/«PKGBUILDDIR»/obj-mips64el-linux-gnuabi64'
debian/rules:21: recipe for target 'override_dh_auto_build' failed
make[1]: *** [override_dh_auto_build] Error 2
--- End Message ---
--- Begin Message ---
Source: openmprtl
Source-Version: 4.0.1-1

We believe that the bug you reported is fixed in the latest version of
openmprtl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvestre Ledru  (supplier of updated openmprtl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 15 Jul 2017 18:19:33 +0200
Source: openmprtl
Binary: libiomp-dev libomp-dev libiomp5 libomp5 libiomp5-dbg libomp5-dbg 
libiomp-doc libomp-doc
Architecture: source amd64 all
Version: 4.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: LLVM Packaging Team 
Changed-By: Sylvestre Ledru 
Description:
 libiomp-dev - Intel OpenMP runtime - dev package - transition package
 libiomp-doc - Intel OpenMP runtime - Documentation -  Transition package
 libiomp5   - Intel OpenMP runtime - transition package
 libiomp5-dbg - Intel OpenMP runtime - Debug transition package
 libomp-dev - LLVM OpenMP runtime - dev package
 libomp-doc - LLVM OpenMP runtime - Documentation
 libomp5- LLVM OpenMP runtime
 libomp5-dbg - LLVM OpenMP runtime - Debug package
Closes: 865111 865125
Changes:
 openmprtl (4.0.1-1) unstable; urgency=medium
 .
   * New upstream release
   * Fix the mips64el FTBFS. Thanks to James Cowgill for the patch
 (Closes: #865111)
   * Fix the symbol issues (Closes: #865125)
   * Standards-Version => 4.0.0
Checksums-Sha1:
 e0cb65b6a33f4d0fa0ef5c0947e3ab7778e80857 2346 openmprtl_4.0.1-1.dsc
 2fd559c29cc2f999509f5343cb1bd61bcd01a309 2275240 openmprtl_4.0.1.orig.tar.xz
 465b317ba747f658fbe91c1e3dcad6f23261d310 13960 openmprtl_4.0.1-1.debian.tar.xz
 383d2ac270e69da6f9b401e832e675b4db56a5b0 5004 libiomp-dev_4.0.1-1_amd64.deb

Bug#865125: marked as done (libomp5: symbols file contains syntax errors)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 16:51:51 +
with message-id 
and subject line Bug#865125: fixed in openmprtl 4.0.1-1
has caused the Debian Bug report #865125,
regarding libomp5: symbols file contains syntax errors
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865125
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libomp5
Version: 4.0-1
Severity: serious

Hi,

The build log reports that libomp5.symbols contains syntax errors. This
caused dpkg-gensymbols to ignore everything after the syntax errors and
now libomp5 contains a number of incorrect symbol versions containing
the Debian revision number.

Build log:
>dh_makeshlibs -a
> Use of uninitialized value $rest in pattern match (m//) at 
> /usr/share/perl5/Dpkg/Shlibs/Symbol.pm line 125, <$filehandle> line 272.
> dpkg-gensymbols: warning: failed to parse line in debian/libomp5.symbols:  
> (optional=templinst|arch=!mips !mipsel !ppc64 !ppc64el !mips64 !mips64el) 
> __kmpc_atomic_fixed1_add@VERSION 0.20130412
> Use of uninitialized value $rest in pattern match (m//) at 
> /usr/share/perl5/Dpkg/Shlibs/Symbol.pm line 125, <$filehandle> line 272.
> dpkg-gensymbols: warning: failed to parse line in debian/libomp5.symbols:  
> (optional=templinst|arch=!mips !mipsel !ppc64 !ppc64el !mips64 !mips64el) 
> __kmpc_atomic_fixed1_add@VERSION 0.20130412
> dpkg-gensymbols: warning: some libraries disappeared in the symbols file: 
> (optional=templinst|arch=!mips
> dpkg-gensymbols: warning: some new symbols appeared in the symbols file: see 
> diff output below
> dpkg-gensymbols: warning: debian/libomp5/DEBIAN/symbols doesn't match 
> completely debian/libomp5.symbols

Excerpt from libomp5 DEBIAN/symbols near the first syntax error:
>  __kmpc_atomic_fixed1u_div_cpt_rev_fp@VERSION 4.0
>  __kmpc_atomic_fixed1u_div_fp@VERSION 0.20130412
>  __kmpc_atomic_fixed1u_div_rev@VERSION 0.20130412
>  __kmpc_atomic_fixed1u_div_rev_fp@VERSION 4.0
>  __kmpc_atomic_fixed1u_mul_cpt_fp@VERSION 4.0-1
>  __kmpc_atomic_fixed1u_mul_fp@VERSION 4.0-1
>  __kmpc_atomic_fixed1u_shr@VERSION 4.0-1
>  __kmpc_atomic_fixed1u_shr_cpt@VERSION 4.0-1

All the remaining symbols have version "4.0-1"

Also, some of these symbols look very suspicious. For instance, the
above symbol "__kmpc_atomic_fixed1_add" is marked as
"optional=templinst" but it is clearly not a C++ template instantiation.
Do you know the reason why these symbols need to be optional?

Thanks,
James



signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: openmprtl
Source-Version: 4.0.1-1

We believe that the bug you reported is fixed in the latest version of
openmprtl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvestre Ledru  (supplier of updated openmprtl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 15 Jul 2017 18:19:33 +0200
Source: openmprtl
Binary: libiomp-dev libomp-dev libiomp5 libomp5 libiomp5-dbg libomp5-dbg 
libiomp-doc libomp-doc
Architecture: source amd64 all
Version: 4.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: LLVM Packaging Team 
Changed-By: Sylvestre Ledru 
Description:
 libiomp-dev - Intel OpenMP runtime - dev package - transition package
 libiomp-doc - Intel OpenMP runtime - Documentation -  Transition package
 libiomp5   - Intel OpenMP runtime - transition package
 libiomp5-dbg - Intel OpenMP runtime - Debug transition package
 libomp-dev - LLVM OpenMP runtime - dev package
 libomp-doc - LLVM OpenMP runtime - Documentation
 libomp5- LLVM OpenMP runtime
 libomp5-dbg - LLVM OpenMP runtime - Debug package
Closes: 865111 865125
Changes:
 openmprtl (4.0.1-1) unstable; urgency=medium
 .
   * New upstream release
   * Fix the mips64el FTBFS. Thanks to James Cowgill for the patch
 (Closes: #865111)
   * Fix the symbol issues (Closes: #865125)
   * Standards-Version => 4.0.0
Checksums-Sha1:
 e0cb65b6a33f4d0fa0ef5c0947e3ab7778e80857 2346 openmprtl_4.0.1-1.dsc
 2fd559c29cc2f999509f5343cb1bd61bcd01a309 2275

Bug#868109: marked as pending

2017-07-15 Thread Christos Trochalakis 
tag 868109 pending
thanks

Hello,

Bug #868109 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-nginx/nginx.git/commit/?id=95f7f65

---
commit 95f7f656da1f216cba0e292813cf0889dff2dd04
Author: Christos Trochalakis 
Date:   Wed Jul 12 11:20:46 2017 +0300

Release 1.13.3-1

diff --git a/debian/changelog b/debian/changelog
index 0b7711b..7d350cf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+nginx (1.13.3-1) unstable; urgency=high
+
+  * New upstream version 1.13.3.
+Fixes CVE-2017-7529 (Closes: #868109)
+  * Drop gzip_disable "msie6" directive. (Closes: #867024)
+
+ -- Christos Trochalakis   Wed, 12 Jul 2017 11:20:27 
+0300
+
 nginx (1.13.2-1) unstable; urgency=medium
 
   [ Christos Trochalakis ]

Processed: Bug#868109 marked as pending

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 868109 pending
Bug #868109 {Done: Christos Trochalakis } [src:nginx] 
nginx: CVE-2017-7529 Integer overflow in the range filter
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
868109: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#790204: gnucash: depends on libwebkitgtk-1.0-0 which is deprecated

2017-07-15 Thread Adrian Bunk 
On Fri, Jul 14, 2017 at 08:26:34AM -0400, Jeremy Bicha wrote:
> gnucash upstream is switching to gtk3 and webkit2gtk in git.
> 
> I guess they currently don't expect it to be "stable" until the end of
> the year, but a beta version might be good enough for Debian testing
> and Ubuntu 17.10?

Will there be an upstream beta good enough for shipping in an Ubuntu 
release in time for 17.10?

IMHO (just a normal user) shipping a random git snapshot of upstream 
master of an accounting software in an Ubuntu stable would be worse
than not shipping gnucash in 17.10

> Thanks,
> Jeremy Bicha

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#868455: libbiod: FTBFS with new ldc?

2017-07-15 Thread Gianfranco Costamagna 
Source: libbiod
Severity: serious
Version: 0.1.0-3

Hello, seems the latest changes in unstable somewhat broke libbiod linker.

ldc2  -of biod_test 'biod_test@exe/test_unittests.d.o' 
'biod_test@exe/bio_bam_utils_value.d.o' 
'biod_test@exe/bio_bam_utils_samheadermerger.d.o' 
'biod_test@exe/bio_bam_utils_array.d.o' 'biod_test@exe/bio_bam_utils_graph.d.o' 
'biod_test@exe/bio_bam_pileup.d.o' 'biod_test@exe/bio_bam_readrange.d.o' 
'biod_test@exe/bio_bam_reader.d.o' 
'biod_test@exe/bio_bam_thirdparty_msgpack.d.o' 
'biod_test@exe/bio_bam_baifile.d.o' 
'biod_test@exe/bio_bam_iontorrent_flowcall.d.o' 
'biod_test@exe/bio_bam_iontorrent_flowindex.d.o' 
'biod_test@exe/bio_bam_splitter.d.o' 'biod_test@exe/bio_bam_abstractreader.d.o' 
'biod_test@exe/bio_bam_bai_indexing.d.o' 'biod_test@exe/bio_bam_bai_bin.d.o' 
'biod_test@exe/bio_bam_multireader.d.o' 'biod_test@exe/bio_bam_reference.d.o' 
'biod_test@exe/bio_bam_md_operation.d.o' 'biod_test@exe/bio_bam_md_core.d.o' 
'biod_test@exe/bio_bam_md_parse.d.o' 'biod_test@exe/bio_bam_md_reconstruct.d.o' 
'biod_test@exe/bio_bam_tagvalue.d.o' 
'biod_test@exe/bio_bam_validation_alignment.d.o' 
'biod_test@exe/bio_bam_validation_samheader.d.o' 
'biod_test@exe/bio_bam_region.d.o' 
'biod_test@exe/bio_bam_randomaccessmanager.d.o' 
'biod_test@exe/bio_bam_referenceinfo.d.o' 'biod_test@exe/bio_bam_constants.d.o' 
'biod_test@exe/bio_bam_snpcallers_maq.d.o' 
'biod_test@exe/bio_bam_snpcallers_simple.d.o' 'biod_test@exe/bio_bam_read.d.o' 
'biod_test@exe/bio_bam_writer.d.o' 'biod_test@exe/bio_bam_baseinfo.d.o' 
'biod_test@exe/bio_maf_reader.d.o' 'biod_test@exe/bio_maf_parser.d.o' 
'biod_test@exe/bio_maf_block.d.o' 'biod_test@exe/bio_core_utils_memoize.d.o' 
'biod_test@exe/bio_core_utils_algo.d.o' 
'biod_test@exe/bio_core_utils_stream.d.o' 
'biod_test@exe/bio_core_utils_zlib.d.o' 
'biod_test@exe/bio_core_utils_tmpfile.d.o' 
'biod_test@exe/bio_core_utils_roundbuf.d.o' 
'biod_test@exe/bio_core_utils_format.d.o' 
'biod_test@exe/bio_core_utils_bylinefast.d.o' 
'biod_test@exe/bio_core_utils_range.d.o' 
'biod_test@exe/bio_core_utils_switchendianness.d.o' 
'biod_test@exe/bio_core_utils_outbuffer.d.o' 
'biod_test@exe/bio_core_genotype.d.o' 'biod_test@exe/bio_core_fasta.d.o' 
'biod_test@exe/bio_core_base.d.o' 'biod_test@exe/bio_core_kmer.d.o' 
'biod_test@exe/bio_core_region.d.o' 'biod_test@exe/bio_core_tinymap.d.o' 
'biod_test@exe/bio_core_sequence.d.o' 
'biod_test@exe/bio_core_bgzf_outputstream.d.o' 
'biod_test@exe/bio_core_bgzf_chunk.d.o' 
'biod_test@exe/bio_core_bgzf_inputstream.d.o' 
'biod_test@exe/bio_core_bgzf_constants.d.o' 
'biod_test@exe/bio_core_bgzf_block.d.o' 
'biod_test@exe/bio_core_bgzf_virtualoffset.d.o' 
'biod_test@exe/bio_core_bgzf_compress.d.o' 'biod_test@exe/bio_core_call.d.o' 
'biod_test@exe/bio_sff_utils_roundup.d.o' 'biod_test@exe/bio_sff_index.d.o' 
'biod_test@exe/bio_sff_readrange.d.o' 'biod_test@exe/bio_sff_reader.d.o' 
'biod_test@exe/bio_sff_constants.d.o' 'biod_test@exe/bio_sff_read.d.o' 
'biod_test@exe/bio_sff_writer.d.o' 
'biod_test@exe/bio_sam_utils_fastrecordparser.d.o' 
'biod_test@exe/bio_sam_utils_recordparser.d.o' 
'biod_test@exe/bio_sam_reader.d.o' 'biod_test@exe/bio_sam_header.d.o' -O -g 
-release -L-z -Lrelro -L-z -Lnow -L-lundead -L-lz  
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libundead.a(src_undead_stream.d.o):
 In function 
`_D6undead6stream6Stream6vreadfMFAC8TypeInfoPS6object13__va_list_tagZi':
(.text._D6undead6stream6Stream6vreadfMFAC8TypeInfoPS6object13__va_list_tagZi[_D6undead6stream6Stream6vreadfMFAC8TypeInfoPS6object13__va_list_tagZi]+0x11f2):
 undefined reference to `_D3std3utf7toUTF16FNaNfxAaZAyu'
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libundead.a(src_undead_stream.d.o):
 In function 
`_D6undead6stream6Stream6vreadfMFAC8TypeInfoPS6object13__va_list_tagZi':
(.text._D6undead6stream6Stream6vreadfMFAC8TypeInfoPS6object13__va_list_tagZi[_D6undead6stream6Stream6vreadfMFAC8TypeInfoPS6object13__va_list_tagZi]+0x1213):
 undefined reference to `_D3std3utf7toUTF32FNaNfxAaZAyw'
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libundead.a(src_undead_stream.d.o):
 In function 
`_D6undead8doformat13__T8doFormatZ8doFormatFMDFwZvAC8TypeInfoPS6object13__va_list_tagZv':
(.text._D6undead8doformat13__T8doFormatZ8doFormatFMDFwZvAC8TypeInfoPS6object13__va_list_tagZv[_D6undead8doformat13__T8doFormatZ8doFormatFMDFwZvAC8TypeInfoPS6object13__va_list_tagZv]+0x540):
 undefined reference to `_D3std3utf6toUTF8FNaNfxAuZAya'
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libundead.a(src_undead_stream.d.o):
 In function 
`_D6undead8doformat13__T8doFormatZ8doFormatFMDFwZvAC8TypeInfoPS6object13__va_list_tagZv':
(.text._D6undead8doformat13__T8doFormatZ8doFormatFMDFwZvAC8TypeInfoPS6object13__va_list_tagZv[_D6undead8doformat13__T8doFormatZ8doFormatFMDFwZvAC8TypeInfoPS6object13__va_list_tagZv]+0x5bf):
 undefined reference to `_D3std3utf6toUTF8FNaNfxAwZAya'
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libundead.a(src_undead_stre

Processed: Problem affects older versions too

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 863701 6.1.23~dfsg-2+deb8u1
Bug #863701 [sympa] sympa: insists that cookie has changed when it hasn't
Marked as found in versions sympa/6.1.23~dfsg-2+deb8u1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
863701: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863701
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: aeson troubles

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> block 868452 by 867996
Bug #868452 [src:haskell-pandoc-citeproc] haskell-pandoc-citeproc: FTBFS in 
unstable
868452 was not blocked by any bugs.
868452 was not blocking any bugs.
Added blocking bug(s) of 868452: 867996
> quit
Stopping processing here.

Please contact me if you need assistance.
-- 
868452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868452
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#868452: haskell-pandoc-citeproc: FTBFS in unstable

2017-07-15 Thread David Bremner 
Source: haskell-pandoc-citeproc
Version: 0.10.4.1-2
Severity: serious
Justification: fails to build from source (but built successfully in the past)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The relevant part of the build log from

% sbuild -d unstable haskell-pandoc-citeproc_0.10.4.1-2.dsc

is included below

See also 

https://buildd.debian.org/status/package.php?p=haskell%2dpandoc%2dciteproc

- --

(I)StdLoaders: Parsing and normalizing...
(I)Packages: Parsing Packages file -...
(I)Format822: total packages 54573
(I)Distcheck: Cudf Universe: 54573 packages
(I)Distcheck: --checkonly specified, consider all packages as background 
packages
(I)Distcheck: Solving...
output-version: 1.2
native-architecture: amd64
report:
 -
  package: sbuild-build-depends-haskell-pandoc-citeproc-dummy
  version: 0.invalid.0
  architecture: amd64
  status: broken
  reasons:
   -
missing:
 pkg:
  package: libghc-aeson-pretty-dev
  version: 0.8.5-1
  architecture: amd64
  unsat-dependency: libghc-aeson-dev-0.11.3.0-5a3a1:amd64
 depchains:
  -
   depchain:
-
 package: sbuild-build-depends-haskell-pandoc-citeproc-dummy
 version: 0.invalid.0
 architecture: amd64
 depends: libghc-aeson-pretty-dev:amd64 (>= 0.8)


- -- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQGzBAEBCAAdFiEE3VS2dnyDRXKVCQCp8gKXHaSnniwFAllqJnQACgkQ8gKXHaSn
nizBtgv+KnqCEVE6JlJpqJOpK4M2R6858gH+yoJK8pGdbxlJv0PIU9Vy0Sl32jAi
cYwG/0DjqvBtvxAm4n14g8mbmT9+WOJ/d9SgW/6TSlQhiVsoSfrlxXlUkOG5oRNm
efLdhMysrbvbuRktmzc91xhqqIx87CbTgfM5nt6iCB/jpGbuG/8lysw44btR5sqy
16aP4L3Q05EM2Eh4RUXoxBnAuTnF+Z4oywhZiV7MZvvVV54m6T91MhCOzBndL6Ll
Zo3AF9L+KeRrrD092FLZMN5vo3vpFXjg6A+B+DVucgOoh+HwnbQTaeNnoVXWYMvD
RY8daIdMNOTW5HyFR9BgIEBxVCnprL9/t1iR/tttzFEgWUQ5NelbhIpM3p073+CN
91skhlNKUVCBuzzOrPJNkyhrg/2VJW86Zj4rpf9VX8z/JhfSd+ggfy6KAcYRPXWk
dD1QGVO39LZc2hOP5KMHAM1CBLc545u9ADp8gUcTPY3PCIPgCnjryqagwxV9LuWX
eXxh+4KV
=ap9S
-END PGP SIGNATURE-

Bug#859577: golang-github-syndtr-goleveldb-dev: file conflict with golang-goleveldb-dev

2017-07-15 Thread peter green 

It seems that there is still some cleanup needed here. Britney still thinks 
this bug is a problem for testing migration.

I'm not 100% sure what is going on, but what I think needs to happen is that a 
removal request needs to be made to the ftpmasters to get rid of the 
golang-github-syndtr-goleveldb source package and associated binaries. Once 
this is done hopefully the version tracking stuff in the bts should become less 
confused and golang-goleveldb should be able to migrate to testing.

Bug#868448: gearhead: needs updating for fpc 3.0.2

2017-07-15 Thread James Cowgill 
Source: gearhead
Version: 1.302-3
Severity: serious
Tags: sid buster patch

Hi,

gearhead needs updating for fpc 3.0.2 which was recently uploaded to
unstable. Specifically the build-dependency on fpc-source-3.0.0 is going
to disappear soon.

I've attached the patch Graham Inggs uploaded to Ubuntu to fix this. You
may be able to base you changes on that.

Thanks,
James

diff -Nru gearhead-1.302/debian/changelog gearhead-1.302/debian/changelog
--- gearhead-1.302/debian/changelog	2016-11-21 16:50:02.0 +
+++ gearhead-1.302/debian/changelog	2017-04-10 10:17:42.0 +
@@ -1,3 +1,9 @@
+gearhead (1.302-3ubuntu1) zesty; urgency=medium
+
+  * Update for fpc 3.0.2
+
+ -- Graham Inggs   Mon, 10 Apr 2017 12:17:42 +0200
+
 gearhead (1.302-3) unstable; urgency=medium
 
   * Apply xterm-boxdrawing patch for better graphics and cursor behavior
diff -Nru gearhead-1.302/debian/control gearhead-1.302/debian/control
--- gearhead-1.302/debian/control	2016-11-21 16:26:05.0 +
+++ gearhead-1.302/debian/control	2017-04-10 10:17:42.0 +
@@ -1,8 +1,9 @@
 Source: gearhead
 Section: games
 Priority: optional
-Maintainer: Kari Pahula 
-Build-Depends: debhelper (>= 9), fp-compiler, fp-units-multimedia, fp-units-misc, fp-units-base, libsdl-ttf2.0-dev, libsdl-image1.2-dev, fpc-source-3.0.0
+Maintainer: Ubuntu Developers 
+XSBC-Original-Maintainer: Kari Pahula 
+Build-Depends: debhelper (>= 9), fp-compiler, fp-units-multimedia, fp-units-misc, fp-units-base, libsdl-ttf2.0-dev, libsdl-image1.2-dev, fpc-source-3.0.2
 Standards-Version: 3.9.8
 Homepage: http://www.gearheadrpg.com/
 
diff -Nru gearhead-1.302/debian/rules gearhead-1.302/debian/rules
--- gearhead-1.302/debian/rules	2016-11-21 16:38:53.0 +
+++ gearhead-1.302/debian/rules	2017-04-10 10:17:42.0 +
@@ -32,7 +32,7 @@
 export FPCFLAGS
 
 # TODO: find this dynamically
-FPCSRCVERSION=3.0.0
+FPCSRCVERSION=3.0.2
 
 #Architecture 
 build: build-arch build-indep


signature.asc
Description: OpenPGP digital signature

Processed: Re: [Debian-med-packaging] Bug#865012: htslib FTBFS on i386: test_vcf_{api, sweep} failed

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> forwarded 865012 https://github.com/samtools/htslib/issues/565
Bug #865012 [src:htslib] htslib FTBFS on i386: test_vcf_{api,sweep} failed
Set Bug forwarded-to-address to 'https://github.com/samtools/htslib/issues/565'.
> tags 865012 upstream
Bug #865012 [src:htslib] htslib FTBFS on i386: test_vcf_{api,sweep} failed
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
865012: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865012
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#868429: 1.12.2 uninstallable

2017-07-15 Thread Yuri D'Elia 

Package: gstreamer1.0-vaapi
Version: 1.12.2-1
Severity: serious

The dependencies for libgstreamer-plugins-bad1.0-0 listed in the current 1.12.2
version of the package make it uninstallable.

*-vaapi depends on both:

libgstreamer-plugins-bad1.0-0 (< 1.12.2)
libgstreamer-plugins-bad1.0-0 (>= 1.12.1)

Bug#852535: marked as done (qtile: FTBFS: ::test_multiple_stretches FAILED)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 11:37:06 +
with message-id 
and subject line Bug#852535: fixed in qtile 0.10.7-1
has caused the Debian Bug report #852535,
regarding qtile: FTBFS: ::test_multiple_stretches FAILED
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
852535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852535
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qtile
Version: 0.10.6-3
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Dear Maintainer,

qtile fails to build from source in unstable/amd64:

  […]

  copying libqtile/widget/memory.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/wallpaper.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/notify.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/sep.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/bitcoin_ticker.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/df.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/groupbox.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/windowname.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/tasklist.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/prompt.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/currentlayout.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/canto.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/wlan.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/mpriswidget.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/imapwidget.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/systray.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/cmus.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/khal_calendar.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/backlight.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/clipboard.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/countdown.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/launchbar.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/moc.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/yahoo_weather.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/she.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  copying libqtile/widget/textbox.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/widget
  creating «BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources
  copying libqtile/resources/__init__.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources
  copying libqtile/resources/default_config.py -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources
  creating 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources/battery-icons
  copying libqtile/resources/battery-icons/battery-empty.png -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources/battery-icons
  copying libqtile/resources/battery-icons/battery-caution-charging.png -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources/battery-icons
  copying libqtile/resources/battery-icons/battery-good-charging.png -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources/battery-icons
  copying libqtile/resources/battery-icons/battery-low.png -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources/battery-icons
  copying libqtile/resources/battery-icons/battery-full.png -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources/battery-icons
  copying libqtile/resources/battery-icons/battery-low-charging.png -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources/battery-icons
  copying libqtile/resources/battery-icons/battery-full-charging.png -> 
«BUILDDIR»/.pybuild/pythonX.Y_3.5/build/libqtile/resources/bat

Bug#867701: Radeon HD 6450, black screen, cursor, no console

2017-07-15 Thread Ivan Sergio Borgonovo 

On 07/15/2017 05:29 AM, Michel Dänzer wrote:

On 15/07/17 07:10 AM, Ivan Sergio Borgonovo wrote:

On 07/10/2017 04:03 AM, Michel Dänzer wrote:

On 09/07/17 03:06 AM, Ivan Sergio Borgonovo wrote:

Package: xserver-xorg-video-radeon
Version: 1:7.9.0-1
Severity: grave



I doubt this severity is justified.


Why?
X doesn't start so it "makes the package in question unusable", not to
mention that it makes all packages requiring X unusable.


The bug severities are defined in the context of all users, not just
some individual users. "Makes the package in question unusable" means
the package cannot be used on any system, which isn't the case here (or
there would have been many more reports about it, but there hasn't been
any other report).


Fine even if I don't find practically useful the constraint of "all users".
In effect without knowing the nature of the bug and the effective 
affected system, setting the severity to "grave" is a way to stop users 
from upgrading if they use apt-listbugs.
Probably the problem arise from the superposition of "priority" for 
developers and "severity" in the same tag.



Please provide the output of the following:

apt-cache policy libegl1-mesa

ldconfig -p|grep libEGL


See attachments.


Does the same problem happen with 1:7.8.0-1+b1 with

 Option "AccelMethod" "glamor"

in /etc/X11/xorg.conf ?


Older xserver-xorg-video-radeon with that option DOESN'T WORK.
Black screen, text cursor at the top right corner ( _ ).


Right, as expected the problem is specific to glamor, which is the
default for your GPU in 7.9.0 but wasn't yet in 7.8.0. This means in the
worst case you can work around the problem with

Option  "AccelMethod" "EXA"

in /etc/X11/xorg.conf.


Thanks, this solved the problem.

Could I suggest to add some notes in the changelog before closing the bug?

Thanks again.

--
Ivan Sergio Borgonovo
http://www.webthatworks.it http://www.borgonovo.net

libegl1-mesa:
  Installed: 13.0.6-1+b2
  Candidate: 13.0.6-1+b2
  Version table:
 17.1.4-1 550
550 http://ftp.it.debian.org/debian unstable/main amd64 Packages
550 http://ftp.ch.debian.org/debian unstable/main amd64 Packages
550 http://ftp.uk.debian.org/debian unstable/main amd64 Packages
550 http://ftp.at.debian.org/debian unstable/main amd64 Packages
 *** 13.0.6-1+b2 990
990 http://ftp.it.debian.org/debian testing/main amd64 Packages
990 http://ftp.ch.debian.org/debian testing/main amd64 Packages
990 http://ftp.fr.debian.org/debian testing/main amd64 Packages
990 http://ftp.at.debian.org/debian testing/main amd64 Packages
100 /var/lib/dpkg/status
libEGL.so.1 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libEGL.so.1

Bug#790201: geany-plugins: depends on libwebkitgtk-1.0-0 which is deprecated

2017-07-15 Thread Enrico Tröger 
On 07/15/2017 01:17 PM, Adrian Bunk wrote:
> On Fri, Jun 30, 2017 at 04:45:58PM -0400, Jeremy Bicha wrote:
>> Fedora "fixed" this issue by disabling geany's webkit plugins.
>> ...
> 
> Are there any maintainer plans to upload 1.30 from experimental with the 
> affected plugins disabled?
> 
> If not, would anyone object to me doing this in an NMU?

JFYI, we (Geany upstream) are about to release 1.31 on Monday, so
instead of updating the 1.30 package, it might be worth to wait for 1.31
and fix the libwebkitgtk issue then.

Regards,
Enrico




signature.asc
Description: OpenPGP digital signature

Bug#868379: calibre: Fails to start with "ImportError: cannot import name _thread"

2017-07-15 Thread Manolo Díaz 
Package: calibre
Version: 3.1.1+dfsg-1
Followup-For: Bug #868379

Dear Maintainer,

Calibre 3.1.1+dfsg-1 is also affected:

Traceback (most recent call last):
  File "/usr/bin/calibre", line 20, in 
sys.exit(calibre())
  File "/usr/lib/calibre/calibre/gui_launch.py", line 73, in calibre
from calibre.gui2.main import main
  File "/usr/lib/calibre/calibre/gui2/__init__.py", line 21, in 
from calibre.utils.date import UNDEFINED_DATE
  File "/usr/lib/calibre/calibre/utils/date.py", line 15, in 
from calibre.utils.iso8601 import utc_tz, local_tz, UNDEFINED_DATE
  File "/usr/lib/calibre/calibre/utils/iso8601.py", line 9, in 
from dateutil.tz import tzlocal, tzutc, tzoffset
  File "/usr/lib/python2.7/dist-packages/dateutil/tz/__init__.py", line 1, in

from .tz import *
  File "/usr/lib/python2.7/dist-packages/dateutil/tz/tz.py", line 23, in

from ._common import tzname_in_python2, _tzinfo, _total_seconds
  File "/usr/lib/python2.7/dist-packages/dateutil/tz/_common.py", line 2, in

from six.moves import _thread
ImportError: cannot import name _thread



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.1 (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages calibre depends on:
ii  calibre-bin  3.1.1+dfsg-1
ii  fonts-liberation 1:1.07.4-2
ii  imagemagick  8:6.9.7.4+dfsg-11
ii  imagemagick-6.q16 [imagemagick]  8:6.9.7.4+dfsg-11
ii  libjs-coffeescript   1.10.0~dfsg-1
ii  libjs-mathjax2.7.0-2
ii  poppler-utils0.48.0-2
ii  python-apsw  3.16.2-r1-2+b1
ii  python-beautifulsoup 3.2.1-1
ii  python-chardet   3.0.4-1
ii  python-cherrypy3 3.5.0-2
ii  python-cssselect 1.0.1-1
ii  python-cssutils  1.0-4.1
ii  python-dateutil  2.6.0-1
ii  python-dbus  1.2.4-1+b2
ii  python-feedparser5.1.3-3
ii  python-imaging   4.1.1-3
ii  python-lxml  3.8.0-1+b1
ii  python-markdown  2.6.8-1
ii  python-mechanize 1:0.2.5-3
ii  python-netifaces 0.10.4-0.1+b3
ii  python-pil   4.1.1-3
ii  python-pkg-resources 36.0.1-1
ii  python-pyparsing 2.1.10+dfsg1-1
ii  python-pyqt5 5.7+dfsg-5+b1
ii  python-pyqt5.qtsvg   5.7+dfsg-5+b1
ii  python-pyqt5.qtwebkit5.7+dfsg-5+b1
ii  python-regex 0.1.20170117-1+b1
ii  python-routes2.3.1-2
ii  python2.72.7.13-2
ii  xdg-utils1.1.1-1

Versions of packages calibre recommends:
pn  python-dnspython  

calibre suggests no packages.

-- no debconf information

Bug#790201: geany-plugins: depends on libwebkitgtk-1.0-0 which is deprecated

2017-07-15 Thread Adrian Bunk 
On Fri, Jun 30, 2017 at 04:45:58PM -0400, Jeremy Bicha wrote:
> Fedora "fixed" this issue by disabling geany's webkit plugins.
>...

Are there any maintainer plans to upload 1.30 from experimental with the 
affected plugins disabled?

If not, would anyone object to me doing this in an NMU?

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#868208: CVE-2017-11103: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre

2017-07-15 Thread Brian May 
Guido Günther  writes:

> I've uploaded heimdal with the attached debdiff to delayed/2. Let me
> know if you're o.k. with it and I'll reuplod without delay.

Thanks a lot for this.

I just uploaded version 7.4.0 so your upload is not required.
-- 
Brian May

Bug#868208: marked as done (CVE-2017-11103: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 11:06:31 +
with message-id 
and subject line Bug#868208: fixed in heimdal 7.4.0.dfsg.1-1
has caused the Debian Bug report #868208,
regarding CVE-2017-11103: MitM attack, impersonation of the Kerberos client, 
know as Orpheus Lyre
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868208
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: heimdal
Severity: grave
Tags: security patch
Version: 1.6~git20120403+dfsg1-2

Hi,

the following vulnerability was published for heimdal.

CVE-2017-11103[0]: MitM attack, impersonation of the Kerberos client, know as 
Orpheus Lyre

A dedicated website is here:
https://orpheus-lyre.info/

The heimdal patch is here:
https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea

All Debian releases are affected (from wheezy to sid).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103

Please adjust the affected versions in the BTS as needed.

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---
Source: heimdal
Source-Version: 7.4.0.dfsg.1-1

We believe that the bug you reported is fixed in the latest version of
heimdal, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Brian May  (supplier of updated heimdal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 15 Jul 2017 19:47:32 +1000
Source: heimdal
Binary: heimdal-docs heimdal-kdc heimdal-multidev heimdal-dev heimdal-clients 
heimdal-kcm heimdal-servers heimdal-dbg libheimbase1-heimdal libasn1-8-heimdal 
libkrb5-26-heimdal libhdb9-heimdal libkadm5srv8-heimdal libkadm5clnt7-heimdal 
libgssapi3-heimdal libkafs0-heimdal libroken18-heimdal libotp0-heimdal 
libsl0-heimdal libkdc2-heimdal libhx509-5-heimdal libheimntlm0-heimdal 
libwind0-heimdal libhcrypto4-heimdal
Architecture: source i386 all
Version: 7.4.0.dfsg.1-1
Distribution: unstable
Urgency: high
Maintainer: Brian May 
Changed-By: Brian May 
Description:
 heimdal-clients - Heimdal Kerberos - clients
 heimdal-dbg - Heimdal Kerberos - debugging symbols
 heimdal-dev - Heimdal Kerberos - development files
 heimdal-docs - Heimdal Kerberos - documentation
 heimdal-kcm - Heimdal Kerberos - KCM daemon
 heimdal-kdc - Heimdal Kerberos - key distribution center (KDC)
 heimdal-multidev - Heimdal Kerberos - Multi-implementation Development
 heimdal-servers - Heimdal Kerberos - server programs
 libasn1-8-heimdal - Heimdal Kerberos - ASN.1 library
 libgssapi3-heimdal - Heimdal Kerberos - GSSAPI support library
 libhcrypto4-heimdal - Heimdal Kerberos - crypto library
 libhdb9-heimdal - Heimdal Kerberos - kadmin server library
 libheimbase1-heimdal - Heimdal Kerberos - Base library
 libheimntlm0-heimdal - Heimdal Kerberos - NTLM support library
 libhx509-5-heimdal - Heimdal Kerberos - X509 support library
 libkadm5clnt7-heimdal - Heimdal Kerberos - kadmin client library
 libkadm5srv8-heimdal - Libraries for Heimdal Kerberos
 libkafs0-heimdal - Heimdal Kerberos - KAFS support library
 libkdc2-heimdal - Heimdal Kerberos - KDC support library
 libkrb5-26-heimdal - Heimdal Kerberos - libraries
 libotp0-heimdal - Heimdal Kerberos - OTP support library
 libroken18-heimdal - Heimdal Kerberos - roken support library
 libsl0-heimdal - Heimdal Kerberos - SL support library
 libwind0-heimdal - Heimdal Kerberos - stringprep implementation
Closes: 868208
Changes:
 heimdal (7.4.0.dfsg.1-1) unstable; urgency=high
 .
   * New upstream version.
   * Update standards version to 4.0.0.
   * CVE-2017-11103: Fix Orpheus' Lyre KDC-REP service name validation.
 (Closes: #868208).
Checksums-Sha1:
 2d2c17fd9015bf8386b69100ca1e5f2

Bug#868379: calibre: Fails to start with "ImportError: cannot import name _thread"

2017-07-15 Thread Manolo Díaz 
Package: calibre
Version: 2.75.1+dfsg-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Calibre has stopped working recently. This is the backtrace:

Traceback (most recent call last):
  File "/usr/bin/calibre", line 20, in 
sys.exit(calibre())
  File "/usr/lib/calibre/calibre/gui_launch.py", line 69, in calibre
from calibre.gui2.main import main
  File "/usr/lib/calibre/calibre/gui2/__init__.py", line 21, in 
from calibre.utils.date import UNDEFINED_DATE
  File "/usr/lib/calibre/calibre/utils/date.py", line 15, in 
from calibre.utils.iso8601 import utc_tz, local_tz, UNDEFINED_DATE
  File "/usr/lib/calibre/calibre/utils/iso8601.py", line 9, in 
from dateutil.tz import tzlocal, tzutc, tzoffset
  File "/usr/lib/python2.7/dist-packages/dateutil/tz/__init__.py", line 1, in 

from .tz import *
  File "/usr/lib/python2.7/dist-packages/dateutil/tz/tz.py", line 23, in 

from ._common import tzname_in_python2, _tzinfo, _total_seconds
  File "/usr/lib/python2.7/dist-packages/dateutil/tz/_common.py", line 2, in 

from six.moves import _thread
ImportError: cannot import name _thread

Kind Regards,
Manolo Díaz


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.1 (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8),
LANGUAGE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked
to /usr/bin/dash Init: systemd (via /run/systemd/system)

Versions of packages calibre depends on:
ii  calibre-bin  2.75.1+dfsg-1
ii  fonts-liberation 1:1.07.4-2
ii  imagemagick  8:6.9.7.4+dfsg-11
ii  imagemagick-6.q16 [imagemagick]  8:6.9.7.4+dfsg-11
ii  libjs-mathjax2.7.0-2
ii  poppler-utils0.48.0-2
ii  python-apsw  3.16.2-r1-2+b1
ii  python-beautifulsoup 3.2.1-1
ii  python-chardet   3.0.4-1
ii  python-cherrypy3 3.5.0-2
ii  python-cssselect 1.0.1-1
ii  python-cssutils  1.0-4.1
ii  python-dateutil  2.6.0-1
ii  python-dbus  1.2.4-1+b2
ii  python-feedparser5.1.3-3
ii  python-imaging   4.1.1-3
ii  python-lxml  3.8.0-1+b1
ii  python-markdown  2.6.8-1
ii  python-mechanize 1:0.2.5-3
ii  python-netifaces 0.10.4-0.1+b3
ii  python-pil   4.1.1-3
ii  python-pkg-resources 36.0.1-1
ii  python-pyparsing 2.1.10+dfsg1-1
ii  python-pyqt5 5.7+dfsg-5+b1
ii  python-pyqt5.qtsvg   5.7+dfsg-5+b1
ii  python-pyqt5.qtwebkit5.7+dfsg-5+b1
ii  python-routes2.3.1-2
ii  python2.72.7.13-2
ii  xdg-utils1.1.1-1

Versions of packages calibre recommends:
pn  python-dnspython  

calibre suggests no packages.

-- no debconf information

Processed: Re: Bug#864936: yagv: segmentation fault on startup

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 864936 + patch fixed-upstream
Bug #864936 [pyglet] yagv: segmentation fault on startup
Added tag(s) patch and fixed-upstream.
> kthxbye
Stopping processing here.

Please contact me if you need assistance.
-- 
864936: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864936
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#864936: yagv: segmentation fault on startup

2017-07-15 Thread Chow Loong Jin 
tags 864936 + patch fixed-upstream
kthxbye

This is caused by improper ctypes pointer handling in pyglet, causing the
64-bit pointers to be truncated to 32-bit integers when passing through python
code.

See
https://bitbucket.org/pyglet/pyglet/commits/30298988e3d1772cc396aa50398d239b279aef39
for a fix.

This is also fixed in the 1.2 release.

-- 
Kind regards,
Loong Jin


signature.asc
Description: PGP signature

Processed: reassign 864936 to pyglet

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> reassign 864936 pyglet 1.1.4
Bug #864936 [yagv] yagv: segmentation fault on startup
Bug reassigned from package 'yagv' to 'pyglet'.
No longer marked as found in versions yagv/0.4~20130422.r5bd15ed+dfsg-1.
Ignoring request to alter fixed versions of bug #864936 to the same values 
previously set
Bug #864936 [pyglet] yagv: segmentation fault on startup
There is no source info for the package 'pyglet' at version '1.1.4' with 
architecture ''
Unable to make a source version for version '1.1.4'
Marked as found in versions 1.1.4.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
864936: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864936
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#867560: moreinfo

2017-07-15 Thread tmp221 
Hi!

> Can you show your rules?

Sure.

##

*filter

# Default policies
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT

# Accept all loopback traffic
-A INPUT -i lo -j ACCEPT

# Drop spoofed packets
-A INPUT ! -i lo -s 127.0.0.0/8 -j DROP
-A INPUT ! -i lo -d 127.0.0.0/8 -j DROP
-A INPUT -s 10.0.0.0/8 -j DROP
-A INPUT -s 172.16.0.0/12 -j DROP
-A INPUT -s 192.168.0.0/16 -j DROP
-A INPUT -s 224.0.0.0/4 -j DROP

# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Accept ICMP
-A INPUT -p icmp -j ACCEPT

# Applications
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

COMMIT

##

*filter

# Default policies
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT

# Accept all loopback traffic
-A INPUT -i lo -j ACCEPT

# Drop spoofed packets
-A INPUT ! -i lo -s ::1 -j DROP
-A INPUT ! -i lo -d ::1 -j DROP

# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Accept ICMPv6
-A INPUT -p icmpv6 -j ACCEPT

# Applications
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

COMMIT

##

> do you have a custom kernel?

No, both machines are pretty boring. They have seperate /var (nodev),
/tmp (nodev,nosuid), and /home (nodev) partitions; otherwise, they
have pretty generic Debian installations, one of them running under
KVM, the other one running on bare metal.

> Can you run `lsmod` when the restore fails and when it works?

Can't do that when it fails because it only fails during boot.

When it works:

##

Module  Size  Used by
nf_conntrack_ipv4  16384  1
xt_tcpudp  16384  6
nf_defrag_ipv4 16384  1 nf_conntrack_ipv4
nf_conntrack_ipv6  20480  1
nf_defrag_ipv6 36864  1 nf_conntrack_ipv6
xt_conntrack   16384  2
nf_conntrack  114688  3 nf_conntrack_ipv6,nf_conntrack_ipv4,xt_conntrack
ip6table_filter16384  1
ip6_tables 28672  1 ip6table_filter
iptable_filter 16384  1
sb_edac24576  0
edac_core  57344  1 sb_edac
crct10dif_pclmul   16384  0
crc32_pclmul   16384  0
cirrus 24576  1
ghash_clmulni_intel16384  0
ttm98304  1 cirrus
drm_kms_helper155648  1 cirrus
drm   360448  4 cirrus,ttm,drm_kms_helper
sg 32768  0
ppdev  20480  0
virtio_balloon 16384  0
evdev  24576  3
serio_raw  16384  0
pcspkr 16384  0
joydev 20480  0
parport_pc 28672  0
parport49152  2 parport_pc,ppdev
acpi_cpufreq   20480  0
button 16384  0
ip_tables  24576  1 iptable_filter
x_tables   36864  6
ip_tables,iptable_filter,xt_tcpudp,ip6table_filter,xt_conntrack,ip6_tables
autofs440960  2
ext4  585728  4
crc16  16384  1 ext4
jbd2  106496  1 ext4
crc32c_generic 16384  0
fscrypto   28672  1 ext4
ecb16384  0
mbcache16384  5 ext4
hid_generic16384  0
usbhid 53248  0
hid   122880  2 hid_generic,usbhid
sr_mod 24576  0
cdrom  61440  1 sr_mod
sd_mod 45056  6
ata_generic16384  0
virtio_scsi20480  5
crc32c_intel   24576  0
aesni_intel   167936  1
ata_piix   36864  0
aes_x86_64 20480  1 aesni_intel
glue_helper16384  1 aesni_intel
lrw16384  1 aesni_intel
gf128mul   16384  1 lrw
ablk_helper16384  1 aesni_intel
cryptd 24576  3 ablk_helper,ghash_clmulni_intel,aesni_intel
libata249856  2 ata_piix,ata_generic
psmouse   135168  0
floppy 69632  0
scsi_mod  225280  5 sd_mod,virtio_scsi,libata,sr_mod,sg
uhci_hcd   45056  0
ehci_hcd   81920  0
virtio_pci 24576  0
virtio_ring24576  3 virtio_scsi,virtio_balloon,virtio_pci
i2c_piix4  24576  0
virtio 16384  3 virtio_scsi,virtio_balloon,virtio_pci
e1000 143360  0
usbcore   249856  3 usbhid,ehci_hcd,uhci_hcd
usb_common 16384  1 usbcore

##

> Regarding your last paragraph, rules can be created before the interface
> is up, or even present.

Okay. I'm just trying to understand what has changed between jessie and stretch.

(Right now, I'm using an /etc/network/if-pre-up.d/iptables script
instead of netfilter-persistent; this works smoothly. Still, if
netfilter-persistent exists, I think it should work as intended.)

Best,
David

Processed: your mail

2017-07-15 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> affects 868327 src:gdcm
Bug #868327 [cmake] Could NOT find Java: Found unsuitable version "..", but 
required is at
Added indication that 868327 affects src:gdcm
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
868327: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868327
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#868282: [debhelper-devel] Bug#868282: debhelper ?

2017-07-15 Thread Niels Thykier 
GM:
> Can someone explain why virtualbox 5.1.22-dfsg-2 works without debhelper
> package (I haven't installed it at all) and 5.1.22-dfsg-3 requires
> debhelper 10.6.4 and it is even not in a dependency.
> 

virtualbox is built using a tool can debhelper.  debhelper had a bug in
10.6 up to 10.6.3 that caused virtualbox-dkms to miss files.  This bug
was fixed in debhelper 10.6.4, but virtualbox-dkms/5.1.22-dfsg-3 had
still been built with debhelper 10.6.3 and therefore was still missing
files.  It needed a rebuild with a newer version of debhelper for that
fix to be applied.

Thanks,
~Niels

Bug#868068: [xserver-xorg-core] Upgrade from 2:1.16.4-1 to 2:1.16.4-1+deb8u1 loses keyboard and mouse

2017-07-15 Thread Jens Thiele 
Stéphane Lavergne  writes:

> Upgrading to the "+deb8u1" version of xserver-xorg-core and
> xserver-common and restarting X loses keyboard and mouse entirely,
> with nothing obvious showing up in Xorg.0.log.  Downgrading to the
> version without this suffix fixes the issue, so this is some kind of
> regression.

can't reproduce here (upgrade to 2:1.16.4-1+deb8u1 went just fine for
me)

Bug#867560: moreinfo

2017-07-15 Thread gustavo panizzo 


Control: tags -1  + moreinfo
thanks

Hello

Can you show your rules? do you have a custom kernel?

I suspect some of your rules may need kernel modules not already loaded.

Can you run `lsmod` when the restore fails and when it works?

Regarding your last paragraph, rules can be created before the interface
is up, or even present.



--
IRC: gfa
GPG: 0X44BB1BA79F6C6333



signature.asc
Description: Digital Signature

Processed: moreinfo

2017-07-15 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1  + moreinfo
Bug #867560 [netfilter-persistent] netfilter-persistent fails randomly during 
boot; restarting later works
Added tag(s) moreinfo.

-- 
867560: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867560
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#866708: marked as done (syslog-ng FTBFS on 32bit: FAIL: modules/diskq/tests/test_diskq)

2017-07-15 Thread Debian Bug Tracking System 
Your message dated Sat, 15 Jul 2017 09:48:17 +0200
with message-id 

and subject line Fwd: [Syslog-ng-maintainers] syslog-ng_3.10.1-2_amd64.changes 
ACCEPTED into unstable, unstable
has caused the Debian Bug report #866708,
regarding syslog-ng FTBFS on 32bit: FAIL: modules/diskq/tests/test_diskq
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
866708: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866708
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: syslog-ng
Version: 3.10.1-1
Severity: serious

https://buildd.debian.org/status/package.php?p=syslog-ng&suite=sid

...
FAIL: modules/diskq/tests/test_diskq


Feed speed: 24777.65

  ###
  #
  # FAIL: ASSERTION FAILED: one_msg_size 384: line: 465; actual=FALSE, 
expected=TRUE
  #
  ###

FAIL modules/diskq/tests/test_diskq (exit status: 1)


Testsuite summary for syslog-ng 3.10.1

# TOTAL: 68
# PASS:  67
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

See ./test-suite.log

Makefile:15100: recipe for target 'test-suite.log' failed
make[6]: *** [test-suite.log] Error 1
--- End Message ---
--- Begin Message ---
Version: 3.10.1-2

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 04 Jul 2017 22:05:34 +0200
Source: syslog-ng
Binary: syslog-ng syslog-ng-dbg syslog-ng-dev syslog-ng-core
syslog-ng-mod-journal syslog-ng-mod-json syslog-ng-mod-mongodb
syslog-ng-mod-sql syslog-ng-mod-smtp syslog-ng-mod-amqp
syslog-ng-mod-geoip syslog-ng-mod-redis syslog-ng-mod-stomp
syslog-ng-mod-riemann syslog-ng-mod-graphite syslog-ng-mod-python
syslog-ng-mod-add-contextual-data syslog-ng-mod-getent
syslog-ng-mod-stardate syslog-ng-mod-map-value-pairs
syslog-ng-mod-snmptrapd-parser
Architecture: source amd64 all
Version: 3.10.1-2
Distribution: unstable
Urgency: medium
Maintainer: syslog-ng maintainers

Changed-By: SZALAY Attila 
Description:
 syslog-ng  - Enhanced system logging daemon (metapackage)
 syslog-ng-core - Enhanced system logging daemon (core)
 syslog-ng-dbg - Enhanced system logging daemon (debug symbols)
 syslog-ng-dev - Enhanced system logging daemon (development files)
 syslog-ng-mod-add-contextual-data - Enhanced system logging daemon
(add-contextual-data plugin)
 syslog-ng-mod-amqp - Enhanced system logging daemon (AMQP plugin)
 syslog-ng-mod-geoip - Enhanced system logging daemon (GeoIP plugin)
 syslog-ng-mod-getent - Enhanced system logging daemon (getent plugin)
 syslog-ng-mod-graphite - Enhanced system logging daemon (graphite plugin)
 syslog-ng-mod-journal - Enhanced system logging daemon (systemd journal plugin)
 syslog-ng-mod-json - Enhanced system logging daemon (JSON plugin)
 syslog-ng-mod-map-value-pairs - Enhanced system logging daemon
(map-value-pairs plugin)
 syslog-ng-mod-mongodb - Enhanced system logging daemon (MongoDB plugin)
 syslog-ng-mod-python - Enhanced system logging daemon (Python plugin)
 syslog-ng-mod-redis - Enhanced system logging daemon (Redis plugin)
 syslog-ng-mod-riemann - Enhanced system logging daemon (Riemann destination)
 syslog-ng-mod-smtp - Enhanced system logging daemon (SMTP plugin)
 syslog-ng-mod-snmptrapd-parser - Enhanced system logging daemon
(snmptrapd-parser plugin)
 syslog-ng-mod-sql - Enhanced system logging daemon (SQL plugin)
 syslog-ng-mod-stardate - Enhanced system logging daemon (stardate plugin)
 syslog-ng-mod-stomp - Enhanced system logging daemon (STOMP plugin)
Changes:
 syslog-ng (3.10.1-2) unstable; urgency=medium
 .
   * [a776121] Added new plugins.
   - getent
   - stardate
   - mod-value-pairs
   - snmptrapd-parser
   * [b030059] Added scl to the .install file
   * [e4f5ac4] Bump the debhelper compat level to 10
   * [4e27f27] Fixed debhelper dependency
   * [ff8e0ff] Install new scl files and explicitly mention skipped ones
   * [50b4c13] Fixed 32 bit compile issues.
 This patch is suggested by upstream in github issue 1545.
   * [ae5e271] Remove obsoleted files from debian/
   * [2bb] Added the new packages to the testing
   * [8661982] Removed unneeded prebuild step
Checksums-Sha1:
 935bfdac756cb33e4e3e4a439338ea163e87b378 4070 syslog-ng_3.10.1-2.ds

Bug#868282: debhelper ?

2017-07-15 Thread GM 
Can someone explain why virtualbox 5.1.22-dfsg-2 works without debhelper 
package (I haven't installed it at all) and 5.1.22-dfsg-3 requires 
debhelper 10.6.4 and it is even not in a dependency.


--
Regards,
Gregory