Bug#925411: kernel-package: Not suitable for release

[Nicholas D Steeves]

Hi Ben,

On Sun, Mar 24, 2019 at 11:23:58PM +, Ben Hutchings wrote:
> Control: severity -1 serious
> 
> On Sun, 2019-03-24 at 16:19 -0600, Nicholas D Steeves wrote:
> > Control: severity -1 important
> > Justification: essential package that works flawlessly for me
> 
> This was agreed with the maintainer, so you should not override it.
> 
> The discussion is here:
> https://lore.kernel.org/lkml/1551888035-13329-1-git-send-email-yamada.masah...@socionext.com/
> but unfortunately Manoj's message didn't get archived there for some
> reason.
>

Maybe I'm missing something, but I couldn't find sufficient
justification there...  That said, I did more tests, because an RC bug
that cuts such a useful package from a release really ought to have
justification.

I can now confirm that at least one dkms module (tp-smapi-dkms)
doesn't build with make-kpkg-generated kernel packages on buster.
Maybe all dkms modules are affected?  Maybe Manoj' message said
something to that affect, and how make-kpkg produces packages that are
defective in this way...and maybe other ways?

> [...]
> > The new style kernel packaging is hard to learn how to use, and builds
> > take much longer for some reason (generation of more packages?).
> [...]
> 
> It sounds like you're looking at the linux source package.  I would
> certainly not suggest using that for local custom packages; it's meant
> for distributions.
> 
> The simple alternative is already included in the kernel tree itself:
> 
> make bindeb-pkg
>

Ah, yes, thank you! :-)  Regarding documentation, should
Debian-specific bits go on our wiki or be forwarded upstream?  eg: the
top line of BuildADebianKernelPackage says "this is an obsolete now
guide", but then at the bottom it says "make -j`nproc` bindeb-pkg".  I
specifically missed that because first line conveys the message "stop
reading this doc now, it's an obsolete waste of time".

> It does generate some extra packages (linux-headers and linux-libc-dev) 
> but that doesn't take very long.  The generated packages don't support
> /etc/kernel-img.conf but they do support hooks in /etc/kernel.
>

Should users who track a 4.19.x-based branch use buster's
linux-libc-dev headers, or install the ones that correspond to their
custom kernel?

> > 13.018+nmu1 on buster works like it always has for me--flawlessly.  I
> > built upstream vanilla 4.19.31 two days ago.
> 
> Bug #890817 also looks like it may be a big problem for current kernel
> versions, but apparently you have avoided it.
>

For once, yes :-)  Generally I'm unlucky and hit all the bugs haha.


Thanks again for taking the time to reply, I appreciate it!
Also, thank you for your hard work, and for all time spent on the BTS.

Cheers,
Nicholas


signature.asc
Description: PGP signature

Bug#914034: Bug#911938: libhttp-daemon-ssl-perl FTBFS: tests fail: Connection refused

[Guilhem Moulin]

On Sun, 07 Apr 2019 at 20:56:41 +0200, gregor herrmann wrote:
> Alright, after purging libssl1.0.2 (and the outdated packages which
> depended on it *cough*) I get the hang as well:
> […]
> Thanks for the push in the right direction!

You're welcome :-)  Does clearing the SSL_MODE_AUTO_RETRY context flag
(i.e., reverting the default from OpenSSL <1.1.1) solves this for you
too?  If so, what do you think about my proposed paths forwards from

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914034#71

If there is consensus that libssl's SSL_CTRL_CLEAR_MODE and/or
SSL_CTX_clear_mode should be exposed to Net::SSLeay I'd be happy to
propose a patch there.  That leaves the question about which defaults
context flags should IO::Socket::SSL (or LWP) have, though.

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#926603: Debian fails to start after installation into Virtualbox

[Michael Biebl]

Control: tags -1 moreinfo

Am 07.04.19 um 18:51 schrieb Andy Ruddock:
> Package: systemd
> Severity: critical
> 
> I'm running Windows 10 (Home edition - up to date) on the desktop, with
> Virtualbox (v6.0.4).
> I've used both the netinst CD & the testing DVD (downloaded today -
> 07/Apr/2019) to install Buster.
> After installation the system fails to start with many errors.
> The first is :
> 
> systemd[1]: user.slice: Failed to set inovcation ID for unit: File
> exists
> [FAILED]: Failed to start User and Session Slice.
> 
> other services then fail to start :
> 
> [FAILED] Failed to start Slices.
> [FAILED] Failed to listen on udev Kernel Socket.
> [FAILED] Failed to start Remote File Systems.
> [FAILED] Failed to listen on Syslog Socket.
> 
> and many more, followed by
> 
> systemd[1]: Timed out waiting for device /dev/disk/by-uuid/2cb
> 
> finally
> 
> [FAILED] Failed to start Network.
> 
> At which point there is no more, the system just halts.
> 
> Starting with "quiet" removed from linux invocation in grub, I see
> 
> systemd[1]: systemd 241 running in system mode. (+PAM +AUDIT +SELINUX
> +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS
> +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2
> default-hierarchy=hybrid)
> systemd[1]: Detected virtualization oracle.
> systemd[1]: Detected architecture x86-64.
> 
> Welcome to Debian GNU/Linux buser/sid!

Please follow the instructions at
https://freedesktop.org/wiki/Software/systemd/Debugging/ and get us a
verbose debug log from the complete boot.
Please also attach the output of "reportbug --template systemd" on the
affected system.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Processed: Re: Debian fails to start after installation into Virtualbox

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #926603 [systemd] Debian fails to start after installation into Virtualbox
Added tag(s) moreinfo.

-- 
926603: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926603
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Bug #834089 in socklog marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #834089 [socklog-run] runit: breaks users of runit: ln: failed to create 
symbolic link '/etc/service/bcron-sched': No such file or directory
Ignoring request to alter tags of bug #834089 to the same tags previously set

-- 
834089: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834089
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#857208: Bug #857208 in socklog marked as pending

[Mathieu Mirmont]

Control: tag -1 pending

Hello,

Bug #857208 in socklog reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/socklog/commit/72a4ab237ec4170c3563a40b1ec88ca0308cb3fd


Convert the package to debhelper (Closes: #857208)

Convert and modernise the original package. Quite a few things moved
in the past 11 years. Comply with Debian standards version 4.3.0.


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/857208

Bug#834089: Bug #834089 in socklog marked as pending

[Mathieu Mirmont]

Control: tag -1 pending

Hello,

Bug #834089 in socklog reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/socklog/commit/abe8840e59748eb8f0f4b5ec00061b59486ebe95


socklog-run: migrate to dh-runit (Closes: #668718, #834089)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/834089

Processed: Bug #857208 in socklog marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #857208 [src:socklog] socklog: building with -A doesn't put the changelog 
in usr/share/doc/socklog-run/changelog.Debian.gz
Ignoring request to alter tags of bug #857208 to the same tags previously set

-- 
857208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857208
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#925909: [Help] Re: pbgenomicconsensus: autopkgtest regression

[Andreas Tille]

On Sun, Apr 07, 2019 at 02:08:54PM +0200, Liubov Chuprikova wrote:
> I have just added python-pytest and one more missing library. Now the tests
> should pass.

Finally it passes now.

Thanks a lot, Andreas.

-- 
http://fam-tille.de

Bug#926613: openssh-server: Locked out of server after upgrading to buster.

[Sam Bull]

Package: openssh-server
Severity: serious
Justification: Policy 8.2

Dear Maintainer,

Due to a change in how some options are handled in sshd_config, upgrading to 
buster can result in the user getting locked out of their system if the config 
is not updated.

Probably the most likely cause (and what occurred to me) is if the 
PubkeyAcceptedKeyTypes includes ssh-rsa and the admin logs in with an RSA key. 
After upgrading, the user will no longer be able to connect to the server.
The solution for this case is to replace ssh-rsa with rsa-sha2-256,rsa-sha2-512.

At the very least this needs to be mentioned in the upgrade instructions in the 
release notes for buster.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-47-generic (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=C.UTF-8 (charmap=locale: Cannot set 
LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
UTF-8), LANGUAGE=en_GB:en (charmap=locale: Cannot set LC_MESSAGES to default 
locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.71
ii  dpkg   1.19.6
ii  libaudit1  1:2.8.4-2
ii  libc6  2.28-8
ii  libcom-err21.44.5-1
ii  libgssapi-krb5-2   1.17-2
ii  libkrb5-3  1.17-2
ii  libpam-modules 1.3.1-5
ii  libpam-runtime 1.3.1-5
ii  libpam0g   1.3.1-5
ii  libselinux12.8-1+b1
ii  libssl1.1  1.1.1b-1
ii  libsystemd0241-1
pn  libwrap0   
ii  lsb-base   10.2019031300
ii  openssh-client 1:7.9p1-9
pn  openssh-sftp-server
pn  procps 
pn  ucf
ii  zlib1g 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd  241-1
pn  ncurses-term
ii  xauth   1:1.0.10-1

Versions of packages openssh-server suggests:
pn  molly-guard   
pn  monkeysphere  
pn  rssh  
pn  ssh-askpass   
pn  ufw   

Bug#900912: Enabling jaw (Java-atk-wrapper) by default ? (Bug#900912)

[Samuel Thibault]

Vincent Privat, le dim. 07 avril 2019 21:55:33 +0200, a ecrit:
> Disabling it only through accessibility.properties means we have no control
> over it from JOSM. So when the next bug appears, we'll have to tell all of our
> impacted Ubuntu users to modify the file.

We are here only talking about Buster, not Ubuntu.

> It's cumbersome for us, and for them.
> I would prefer a runtime flag we can set in josm launcher. I don't want to
> experience major issues like [1]https://josm.openstreetmap.de/ticket/12022 
> and 
> [2]https://josm.openstreetmap.de/ticket/1 again.

AFAIK, these have been fixed, so won't appear again.

Exposing jaw largely *before* deciding to enable it for Buster is
precisely what could be a better option. Limited-scope testing wouldn't
expose the bugs seen in JOSM.

Samuel

Bug#923715: marked as done (ceph-osd: missing systemd service in package: ceph-volume@.service)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 19:05:09 +
with message-id 
and subject line Bug#924061: fixed in ceph 12.2.11+dfsg1-2.1
has caused the Debian Bug report #924061,
regarding ceph-osd: missing systemd service in package: ceph-volume@.service
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
924061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924061
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ceph-osd
Version: 12.2.11+dfsg1-2
Severity: normal

Dear Maintainer,

   * What led up to the situation?

I was learning how to set up a ceph cluster. I got this error when setting up 
an osd:

root@mnemos-000:~# ceph-volume lvm create --data /dev/sda4
Running command: /usr/bin/ceph-authtool --gen-print-key
Running command: /usr/bin/ceph --cluster ceph --name client.bootstrap-osd 
--keyring /var/lib/ceph/bootstrap-osd/ceph.keyring -i - osd new 
f28b9512-b4b7-4fd4-a9c6-6b811f3e2668
Running command: vgcreate --force --yes 
ceph-f1faaddc-1461-46cb-b4a0-5eb7686e10da /dev/sda4
 stdout: Physical volume "/dev/sda4" successfully created.
 stdout: Volume group "ceph-f1faaddc-1461-46cb-b4a0-5eb7686e10da" successfully 
created
Running command: lvcreate --yes -l 100%FREE -n 
osd-block-f28b9512-b4b7-4fd4-a9c6-6b811f3e2668 
ceph-f1faaddc-1461-46cb-b4a0-5eb7686e10da
 stdout: Logical volume "osd-block-f28b9512-b4b7-4fd4-a9c6-6b811f3e2668" 
created.
Running command: /usr/bin/ceph-authtool --gen-print-key
Running command: mount -t tmpfs tmpfs /var/lib/ceph/osd/ceph-0
--> Absolute path not found for executable: restorecon
--> Ensure $PATH environment variable contains common executable locations
Running command: chown -h ceph:ceph 
/dev/ceph-f1faaddc-1461-46cb-b4a0-5eb7686e10da/osd-block-f28b9512-b4b7-4fd4-a9c6-6b811f3e2668
Running command: chown -R ceph:ceph /dev/dm-0
Running command: ln -s 
/dev/ceph-f1faaddc-1461-46cb-b4a0-5eb7686e10da/osd-block-f28b9512-b4b7-4fd4-a9c6-6b811f3e2668
 /var/lib/ceph/osd/ceph-0/block
Running command: ceph --cluster ceph --name client.bootstrap-osd --keyring 
/var/lib/ceph/bootstrap-osd/ceph.keyring mon getmap -o 
/var/lib/ceph/osd/ceph-0/activate.monmap
 stderr: got monmap epoch 1
Running command: ceph-authtool /var/lib/ceph/osd/ceph-0/keyring 
--create-keyring --name osd.0 --add-key AQBFHnlcTgfKNBAAYZJWbQKfEZMqslPZ6RLaAg==
 stdout: creating /var/lib/ceph/osd/ceph-0/keyring
added entity osd.0 auth auth(auid = 18446744073709551615 
key=AQBFHnlcTgfKNBAAYZJWbQKfEZMqslPZ6RLaAg== with 0 caps)
Running command: chown -R ceph:ceph /var/lib/ceph/osd/ceph-0/keyring
Running command: chown -R ceph:ceph /var/lib/ceph/osd/ceph-0/
Running command: /usr/bin/ceph-osd --cluster ceph --osd-objectstore bluestore 
--mkfs -i 0 --monmap /var/lib/ceph/osd/ceph-0/activate.monmap --keyfile - 
--osd-data /var/lib/ceph/osd/ceph-0/ --osd-uuid 
f28b9512-b4b7-4fd4-a9c6-6b811f3e2668 --setuser ceph --setgroup ceph
--> ceph-volume lvm prepare successful for: /dev/sda4
Running command: chown -R ceph:ceph /var/lib/ceph/osd/ceph-0
Running command: ceph-bluestore-tool --cluster=ceph prime-osd-dir --dev 
/dev/ceph-f1faaddc-1461-46cb-b4a0-5eb7686e10da/osd-block-f28b9512-b4b7-4fd4-a9c6-6b811f3e2668
 --path /var/lib/ceph/osd/ceph-0
Running command: ln -snf 
/dev/ceph-f1faaddc-1461-46cb-b4a0-5eb7686e10da/osd-block-f28b9512-b4b7-4fd4-a9c6-6b811f3e2668
 /var/lib/ceph/osd/ceph-0/block
Running command: chown -h ceph:ceph /var/lib/ceph/osd/ceph-0/block
Running command: chown -R ceph:ceph /dev/dm-0
Running command: chown -R ceph:ceph /var/lib/ceph/osd/ceph-0
Running command: systemctl enable 
ceph-volume@lvm-0-f28b9512-b4b7-4fd4-a9c6-6b811f3e2668
 stderr: Failed to enable unit: Unit file 
ceph-volume@lvm-0-f28b9512-b4b7-4fd4-a9c6-6b811f3e2668.service does not exist.
--> Was unable to complete a new OSD, will rollback changes
--> OSD will be fully purged from the cluster, because the ID was generated
Running command: ceph osd purge osd.0 --yes-i-really-mean-it
 stderr: purged osd.0
-->  RuntimeError: command returned non-zero exit status: 1


It appears that the /lib/systemd/system/ceph-volume@.service file is actually 
missing. If I'm not mistaken, it should be shipped in ceph-osd package.

Best Regards.
 


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ceph-osd depends on:
ii  ceph-base   

Bug#924061: marked as done (ceph-osd: ceph-volume@.service missing)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 19:05:09 +
with message-id 
and subject line Bug#924061: fixed in ceph 12.2.11+dfsg1-2.1
has caused the Debian Bug report #924061,
regarding ceph-osd: ceph-volume@.service missing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
924061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924061
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ceph-osd
Version: 12.2.11+dfsg1-2
Severity: grave

Hi,

unfortunately the ceph-volume@.service systemd template is missing,
which basically breaks the activation of OSDs.

Sounds like
http://tracker.ceph.com/issues/21011

As this basically breaks the usage of bluestore volumes, I think grave
is the appropriate severity, especially as - looking at the ceph bug
tracker - this might have been working before.

Thanks for fixing,

Bernd


-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F
--- End Message ---
--- Begin Message ---
Source: ceph
Source-Version: 12.2.11+dfsg1-2.1

We believe that the bug you reported is fixed in the latest version of
ceph, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 924...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernd Zeimetz  (supplier of updated ceph package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 05 Apr 2019 15:12:52 +0200
Source: ceph
Architecture: source
Version: 12.2.11+dfsg1-2.1
Distribution: unstable
Urgency: medium
Maintainer: Ceph Maintainers 
Changed-By: Bernd Zeimetz 
Closes: 924061
Changes:
 ceph (12.2.11+dfsg1-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * [3194010] Install ceph-volume@.service into ceph-osd.
 (Closes: #924061)
Checksums-Sha1:
 1e09aea536652b2c2ab6bf8bbdef83dc7f4af983 5453 ceph_12.2.11+dfsg1-2.1.dsc
 1054a695230dd54add0bfafbe6691e462cc6cef4 386832 
ceph_12.2.11+dfsg1-2.1.debian.tar.xz
 3f16402b57c5ab095c0bb0f6d43c7bd909efecaf 20380 
ceph_12.2.11+dfsg1-2.1_source.buildinfo
Checksums-Sha256:
 9ac7dc57a5b0945d8c3e44f84c66adbc68b8633895c8cb0549f47befbb261ebb 5453 
ceph_12.2.11+dfsg1-2.1.dsc
 2838d74532318eae444586c16cb0c26ab69691200bd0d9eb3c0873ddc5238110 386832 
ceph_12.2.11+dfsg1-2.1.debian.tar.xz
 0a63eb7393758f3637de5a862f858f6976e9836dd97583b38e29e7bd4e4421cb 20380 
ceph_12.2.11+dfsg1-2.1_source.buildinfo
Files:
 5dd89d4dec60272d963eb55882b9866a 5453 admin optional ceph_12.2.11+dfsg1-2.1.dsc
 48f6bbfb404a2b305c3d03b2da6d9b72 386832 admin optional 
ceph_12.2.11+dfsg1-2.1.debian.tar.xz
 4ffbf56f80dc477445ec200878225c7c 20380 admin optional 
ceph_12.2.11+dfsg1-2.1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAlynnoEACgkQ6zYXGm/5
Q19oCw/8CQpatIiJqpWL7sVLGSmvU9pJ4q0vkGQOBwvpe1BbsWbyT42ZlJzHOCkv
N4BtQG0dpfXGVwa3HLkIDWZ3P5uQfHlvZyqUM/wTb5mEHRb8Nq/OQTufxJPo7UfC
EsbebW6XG/wf6ubkx01oeXz4V4h5N8PqozdNTWkm09QZ1GrmkRZEmuYzuxGWTrHV
dk71u4yvQopOLzr0arsVgubU9e7bqwiIaqBtMcX40l7rckfsO52s0c66IvyN0I3n
z7LUGd+p0/XjUwpe2YknhIQCX85BjxglwyuD++dsYIFsrL/mpgOHW4cQdFx4uoao
nEawlfCmAHKMdJtPKro0wrK6l4fxSDTh219qYcOPrDB/uJVZes94FSxkne5zYu5m
nIuYCEfCc6bTEmDSS3IGnuAkn5HL5v5x0PaAfVCltlpxdEuPAZvspoWcfb/wLTVA
OTngNNVXLJSVf3G5OVZxeAqfhKr7k5uJ6gQhW1mtW8skd+JM/hQg3uauXp8hmCEf
S1RY/VVcCZEOpGa3WbTIN97OtikJJDwfGtrLx4lZG05B29KCYHCIQoHtbSy3XeXu
hcE9LTigDqpjA5flmORies+ieAFoP6MmkzqF+r4SFSC+ZNp73yT4sXzcXww64yML
Fu+8eH54DBSar75v+TkrPhy/glGyIkwd/qr1+rzIzReHG89JKxY=
=6fgP
-END PGP SIGNATURE End Message ---

Bug#914034: Bug#911938: libhttp-daemon-ssl-perl FTBFS: tests fail: Connection refused

[gregor herrmann]

On Sun, 07 Apr 2019 18:39:44 +0200, Guilhem Moulin wrote:

> > I can't reproduce this problem:
> Interesting, are you talking TLS 1.3?

Good question :)
 
> $ dpkg-query -l "libssl*" "libnet-ssleay-perl" "liblwp-protocol-https-perl" 
> "libio-socket-ssl-perl"
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name   Version  Architecture Description
> +++-==---=
> ii  libio-socket-ssl-perl  2.060-3  all  Perl module 
> implementing object oriented interface to SSL sockets
> ii  liblwp-protocol-https-perl 6.07-2   all  HTTPS driver for 
> LWP::UserAgent
> ii  libnet-ssleay-perl 1.85-2+b1amd64Perl module for 
> Secure Sockets Layer (SSL)
> ii  libssl-dev:amd64   1.1.1b-1 amd64Secure Sockets Layer 
> toolkit - development files
> un  libssl-doc   (no description 
> available)
> un  libssl0.9.8  (no description 
> available)
> un  libssl1.0-dev(no description 
> available)
> ii  libssl1.1:amd641.1.1b-1 amd64Secure Sockets Layer 
> toolkit - shared libraries

% dpkg -l "libssl*" "libnet-ssleay-perl" "liblwp-protocol-https-perl" 
"libio-socket-ssl-perl" 
  
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version Architecture Description
+++-==-===--=
ii  libio-socket-ssl-perl  2.060-3 all  Perl module 
implementing object oriented interface to SSL sockets
ii  liblwp-protocol-https-perl 6.07-2  all  HTTPS driver for 
LWP::UserAgent
ii  libnet-ssleay-perl 1.85-2+b1   amd64Perl module for 
Secure Sockets Layer (SSL)
un  libssl0.9.8 (no description 
available)
un  libssl1.0.0 (no description 
available)
ii  libssl1.0.2:amd64  1.0.2r-1~deb9u1 amd64Secure Sockets 
Layer toolkit - shared libraries
ii  libssl1.1:amd641.1.1b-1amd64Secure Sockets 
Layer toolkit - shared libraries
ii  libssl1.1:i386 1.1.1b-1i386 Secure Sockets 
Layer toolkit - shared libraries

Hm I note that I still have libssl1.0.2 installed additionally.

Alright, after purging libssl1.0.2 (and the outdated packages which
depended on it *cough*) I get the hang as well:

% time perl -MLWP::UserAgent -e 
'LWP::UserAgent->new->post("https://facebook.com;, { data => "foo" }) or die'   

[long time nothing]
perl -MLWP::UserAgent -e   0.18s user 0.02s system 0% cpu 3:06.66 total


Thanks for the push in the right direction!
 
> > % time perl -MLWP::UserAgent -e 
> > 'LWP::UserAgent->new->post("https://twitter.com;, { data => "foo" }) or die'
> > perl -MLWP::UserAgent -e   0.13s user 0.02s system 36% cpu 0.415 total
> 
> twitter.com doesn't support TLS 1.3 though, right?

Good catch, I just wanted to try a random website which is IPv4-only.


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   NP: Furry Lewis: Billy lyons & stack o' lee


signature.asc
Description: Digital Signature

Bug#926212: gnome-shell crashed (segfault)

[Bernhard Übelacker]

Hello Guenter Grodotzki,

(I guess you wanted me to receive your last message, so you should
use "reply all", or it gets just attached to your bug report.)

I have left a note in this upstream report [1], lets see if they agree.

Kind regards,
Bernhard

[1] https://gitlab.gnome.org/GNOME/gnome-shell/issues/822#note_484642

PS.: My untested change in message 10 might not crash, but lead to an
infinitive loop, as app->running_state might not change anymore...

Bug#925455: alsa volume never saved/restored

[Elimar Riesebieter]

* gregor herrmann  [2019-04-07 18:16 +0200]:

> On Sun, 07 Apr 2019 18:05:06 +0200, Elimar Riesebieter wrote:
> 
> > > There is a commit in the packaging repo which claims to fix this bug:
> > > https://salsa.debian.org/alsa-team/alsa-utils/commit/af161676131e94bbaed72f37d0c5d4c6685a119e
> > Jordi is MIA at the moment. Tried to reach him since a few days. I
> > can't upload the fix myself, though...
> 
> I pinged him on a different channel, but if he doesn't have time I'm
> happy to offer a sponsored upload to fix this bug.

Would be nice. Yes, please :-)

-- 
  "Talking much about oneself can also
   be a means to conceal oneself."
 -Friedrich Nietzsche


signature.asc
Description: PGP signature

Bug#926603: Debian fails to start after installation into Virtualbox

[Andy Ruddock]

Package: systemd
Severity: critical

I'm running Windows 10 (Home edition - up to date) on the desktop, with
Virtualbox (v6.0.4).
I've used both the netinst CD & the testing DVD (downloaded today -
07/Apr/2019) to install Buster.
After installation the system fails to start with many errors.
The first is :

systemd[1]: user.slice: Failed to set inovcation ID for unit: File
exists
[FAILED]: Failed to start User and Session Slice.

other services then fail to start :

[FAILED] Failed to start Slices.
[FAILED] Failed to listen on udev Kernel Socket.
[FAILED] Failed to start Remote File Systems.
[FAILED] Failed to listen on Syslog Socket.

and many more, followed by

systemd[1]: Timed out waiting for device /dev/disk/by-uuid/2cb

finally

[FAILED] Failed to start Network.

At which point there is no more, the system just halts.

Starting with "quiet" removed from linux invocation in grub, I see

systemd[1]: systemd 241 running in system mode. (+PAM +AUDIT +SELINUX
+IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS
+ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2
default-hierarchy=hybrid)
systemd[1]: Detected virtualization oracle.
systemd[1]: Detected architecture x86-64.

Welcome to Debian GNU/Linux buser/sid!

-- 
Andy Ruddock

andy.rudd...@rainydayz.org (OpenPGP Key ID 0xB0324245)





signature.asc
Description: OpenPGP digital signature

Bug#919914: gnome-tweaks now equates "don't suspend on lid close" with "don't lock on lid close" (security issue)

[intrigeri]

intrigeri:
> Would you be interested in testing whether
> https://gitlab.gnome.org/GNOME/gnome-settings-daemon/merge_requests/84
> fixes this problem for you?

FWIW the patch proposed upstream applies nicely on top of our
debian/unstable branch:
https://salsa.debian.org/gnome-team/gnome-settings-daemon/merge_requests/3

I probably won't have time to test this myself in the next few days.
Hoping this WIP MR might save someone else a tiny bit of time :)

Cheers,
-- 
intrigeri

Processed: found 919914 in 3.30.2-3

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 919914 3.30.2-3
Bug #919914 [gnome-settings-daemon] gnome-tweaks now equates "don't suspend on 
lid close" with "don't lock on lid close" (security issue)
Marked as found in versions gnome-settings-daemon/3.30.2-3.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919914
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#926602: jinja2: CVE-2019-10906

[Salvatore Bonaccorso]

Source: jinja2
Version: 2.10-1
Severity: grave
Tags: patch security upstream

Hi,

The following vulnerability was published for jinja2.

CVE-2019-10906[0]:
| In Pallets Jinja before 2.10.1, str.format_map allows a sandbox
| escape.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-10906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
[1] https://palletsprojects.com/blog/jinja-2-10-1-released/
[2] 
https://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#882324: marked as done (amavisd-new doesn't honor "originating" configuration flag, contrary to documentation)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 16:48:45 +
with message-id 
and subject line Bug#882324: fixed in amavisd-new 1:2.11.0-6.1
has caused the Debian Bug report #882324,
regarding amavisd-new doesn't honor "originating" configuration flag, contrary 
to documentation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882324: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882324
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: amavisd-new
Version: 1:2.11.0-1
Severity: important
Tags: upstream

Dear Maintainer,

amavisd-new contains detailed documentation about using the "originating" 
flag[0],
but this is not actually supported.

A solution[1] has been posted to the amavisd mailing list, but has been without 
response for 
over a year.  It's curreently still a problem as evidenced by a thread on 
amavis-users[2]


[0] https://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-amavisd-path
[1] https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html
[2] https://lists.amavis.org/pipermail/amavis-users/2017-November/005116.html



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages amavisd-new depends on:
ii  adduser  3.116
ii  debconf  1.5.63
ii  file 1:5.32-1
ii  libarchive-zip-perl  1.59-1
ii  libberkeleydb-perl   0.55-1+b4
ii  libconvert-tnef-perl 0.18-1
ii  libconvert-uulib-perl1:1.5~dfsg-1
pn  libdigest-md5-perl   
ii  libio-stringy-perl   2.111-2
ii  libmail-dkim-perl0.44-1
ii  libmailtools-perl2.18-1
pn  libmime-base64-perl  
ii  libmime-tools-perl   5.509-1
ii  libnet-libidn-perl   0.12.ds-2+b5
ii  libnet-server-perl   2.008-4
ii  libperl5.26 [libtime-hires-perl] 5.26.1-2
ii  libunix-syslog-perl  1.1-2+b8
ii  lsb-base 9.20170808
ii  pax  1:20171021-1
ii  perl 5.26.1-2
ii  perl-modules-5.26 [libarchive-tar-perl]  5.26.1-2

Versions of packages amavisd-new recommends:
ii  altermime 0.3.10-9
ii  libnet-patricia-perl  1.22-1+b4
ii  ripole0.2.0+20081101.0215-4

Versions of packages amavisd-new suggests:
pn  apt-listchanges  
pn  arj  
pn  cabextract   
pn  clamav   
pn  clamav-daemon
ii  cpio 2.11+dfsg-6
pn  dspam
pn  lhasa
ii  libauthen-sasl-perl  2.1600-1
ii  libdbi-perl  1.637-1
ii  libmail-dkim-perl0.44-1
ii  libnet-ldap-perl 1:0.6500+dfsg-1
pn  libsnmp-perl 
pn  libzeromq-perl   
pn  lzop 
pn  nomarch  
pn  p7zip
pn  rpm  
ii  spamassassin 3.4.1-8
pn  unrar

-- Configuration Files:
/etc/amavis/conf.d/01-debian 
/etc/amavis/conf.d/05-domain_id 
/etc/amavis/conf.d/05-node_id 
/etc/amavis/conf.d/15-av_scanners 
/etc/amavis/conf.d/15-content_filter_mode 
/etc/amavis/conf.d/20-debian_defaults 
/etc/amavis/conf.d/25-amavis_helpers 
/etc/amavis/conf.d/30-template_localization 
/etc/amavis/conf.d/50-user 

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: amavisd-new
Source-Version: 1:2.11.0-6.1

We believe that the bug you reported is fixed in the latest version of
amavisd-new, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tobias Frost  (supplier of updated amavisd-new package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)

Bug#914034: Bug#911938: libhttp-daemon-ssl-perl FTBFS: tests fail: Connection refused

[Guilhem Moulin]

On Sun, 07 Apr 2019 at 18:12:45 +0200, gregor herrmann wrote:
> On Sun, 18 Nov 2018 19:41:05 +0200, Niko Tyni wrote:
> 
>> Reiterating a bit: the underlying issue with TLSv1.3 seems to be related
>> to handling of 'non-application_data_records'.
>> 
>> The client tries to POST but gets an 'SSL wants a read first' error,
>> then waits until timeout for the socket to become writable.
>> 
>> A simple way to reproduce it here is
>> 
>> perl -MLWP::UserAgent -e 'LWP::UserAgent->new->post("https://facebook.com;, 
>> { data => "foo" }) or die'
>> 
>> which deadlocks for me.
> 
> I can't reproduce this problem:

Interesting, are you talking TLS 1.3?

$ dpkg-query -l "libssl*" "libnet-ssleay-perl" "liblwp-protocol-https-perl" 
"libio-socket-ssl-perl"
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version  Architecture Description
+++-==---=
ii  libio-socket-ssl-perl  2.060-3  all  Perl module 
implementing object oriented interface to SSL sockets
ii  liblwp-protocol-https-perl 6.07-2   all  HTTPS driver for 
LWP::UserAgent
ii  libnet-ssleay-perl 1.85-2+b1amd64Perl module for Secure 
Sockets Layer (SSL)
ii  libssl-dev:amd64   1.1.1b-1 amd64Secure Sockets Layer 
toolkit - development files
un  libssl-doc   (no description 
available)
un  libssl0.9.8  (no description 
available)
un  libssl1.0-dev(no description 
available)
ii  libssl1.1:amd641.1.1b-1 amd64Secure Sockets Layer 
toolkit - shared libraries

$ openssl req -x509 -newkey rsa:4096 -keyout /tmp/key.pem -out /tmp/cert.pem 
-subj /CN=example.net -nodes
$ openssl s_server -accept 127.0.0.1:4433 -key /tmp/key.pem -cert /tmp/cert.pem 
-tls1_3
[…]

Then on a separate terminal, with SSL_MODE_AUTO_RETRY set (the default),
it blocks on read(2):

$ strace -eselect,read,write perl -MLWP::UserAgent -e 
'LWP::UserAgent->new(ssl_opts =>
{verify_hostname => 0, SSL_ca_file => 
"/tmp/cert.pem"})->post("https://127.0.0.1:4433;, { data => "foo" })'
[…]
select(8, [3], [3], NULL, {tv_sec=180, tv_usec=0}) = 2 (in [3], out [3], left 
{tv_sec=179, tv_usec=98})
read(3, "…", 5)   = 5
read(3, "…", 250) = 250
read(3, "…", 5)   = 5
read(3, "…", 250) = 250
read(3,

With SSL_MODE_AUTO_RETRY cleared, the handshake terminates and it waits
for the reply from the server:

$ strace -eselect,read,write perl -MLWP::UserAgent -e 
'LWP::UserAgent->new(ssl_opts =>
{verify_hostname => 0, SSL_ca_file => 
"/tmp/cert.pem"})->post("https://127.0.0.1:4433;, { data => "foo" })'
[…]
select(8, [3], [3], NULL, {tv_sec=180, tv_usec=0}) = 2 (in [3], out [3], left 
{tv_sec=179, tv_usec=98})
read(3, "…", 5) = 5
read(3, "…", 250) = 250
write(3, "…", 216) = 216
select(8, [3], NULL, NULL, {tv_sec=180, tv_usec=0}) = 1 (in [3], left 
{tv_sec=179, tv_usec=99})
read(3, "…", 5) = 5
read(3, "…", 250) = 250
select(8, [3], NULL, NULL, {tv_sec=180, tv_usec=0}

(and the connection closes gracefuly when I write “HTTP/1.1
200\r\nContent-Length: 0\r\n\r\n” from the server)

> % time perl -MLWP::UserAgent -e 
> 'LWP::UserAgent->new->post("https://twitter.com;, { data => "foo" }) or die'
> perl -MLWP::UserAgent -e   0.13s user 0.02s system 36% cpu 0.415 total

twitter.com doesn't support TLS 1.3 though, right?

$ openssl s_client -4 -connect twitter.com:443 -servername twitter.com -tls1_3
CONNECTED(0003)
139682444989504:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert 
handshake failure:../ssl/record/rec_layer_s3.c:1536:SSL alert number 40

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#914034: Bug#911938: libhttp-daemon-ssl-perl FTBFS: tests fail: Connection refused

[gregor herrmann]

On Sun, 18 Nov 2018 19:41:05 +0200, Niko Tyni wrote:

> Reiterating a bit: the underlying issue with TLSv1.3 seems to be related
> to handling of 'non-application_data_records'.
> 
> The client tries to POST but gets an 'SSL wants a read first' error,
> then waits until timeout for the socket to become writable.
> 
> A simple way to reproduce it here is
> 
>  perl -MLWP::UserAgent -e 'LWP::UserAgent->new->post("https://facebook.com;, 
> { data => "foo" }) or die'
> 
> which deadlocks for me.

I can't reproduce this problem:

% time perl -MLWP::UserAgent -e 
'LWP::UserAgent->new->post("https://facebook.com;, { data => "foo" }) or die'   
 
perl -MLWP::UserAgent -e   0.15s user 0.01s system 40% cpu 0.397 total

Has there something changed in LWP::Protocol::https Net::HTTPS
IO::Socket::SSL Net::SSLeay or something else, or is this some local
environment thing?

Also no issue with IPv4-only hosts:

% time perl -MLWP::UserAgent -e 
'LWP::UserAgent->new->post("https://twitter.com;, { data => "foo" }) or die'
perl -MLWP::UserAgent -e   0.13s user 0.02s system 36% cpu 0.415 total 


Cheers,
gregor, confused, as Guilhem (in message #71) could still reproduce
it at 7 Apr 2019

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   NP: Furry Lewis: Billy lyons & stack o' lee


signature.asc
Description: Digital Signature


signature.asc
Description: Digital Signature

Bug#925455: alsa volume never saved/restored

[gregor herrmann]

On Sun, 07 Apr 2019 18:05:06 +0200, Elimar Riesebieter wrote:

> > There is a commit in the packaging repo which claims to fix this bug:
> > https://salsa.debian.org/alsa-team/alsa-utils/commit/af161676131e94bbaed72f37d0c5d4c6685a119e
> Jordi is MIA at the moment. Tried to reach him since a few days. I
> can't upload the fix myself, though...

I pinged him on a different channel, but if he doesn't have time I'm
happy to offer a sponsored upload to fix this bug.


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   NP: Furry Lewis: Billy lyons & stack o' lee


signature.asc
Description: Digital Signature

Bug#925455: alsa volume never saved/restored

[Elimar Riesebieter]

* gregor herrmann  [2019-04-07 17:46 +0200]:

> Control: tag -1 + patch pending
> 
> On Mon, 25 Mar 2019 12:05:36 +0100, Laurent Bigonville wrote:
> 
> > The more obvious solution would of course be to remove the condition in the
> > .service file
> 
> There is a commit in the packaging repo which claims to fix this bug:
> https://salsa.debian.org/alsa-team/alsa-utils/commit/af161676131e94bbaed72f37d0c5d4c6685a119e

Jordi is MIA at the moment. Tried to reach him since a few days. I
can't upload the fix myself, though...

Elimar
-- 
  We all know Linux is great... it does infinite loops in 5 seconds.
-Linus Torvalds


signature.asc
Description: PGP signature

Bug#926305: nis startup scripts are completely broken

[Andreas Henriksson]

Hello everyone,

Greetings from the Gothenburg BSP.

If someone is interested in modernizing the nis package
it seems like ArchLinux has native systemd units for
nis and related services so I'd suggest importing those:

https://aur.archlinux.org/packages/nis-utils/
https://www.archlinux.org/packages/core/x86_64/rpcbind/

See also https://wiki.archlinux.org/index.php/NIS

Regards,
Andreas Henriksson

Processed: Re: Bug#925455: alsa volume never saved/restored

[Debian Bug Tracking System]

Processing control commands:

> tag -1 + patch pending
Bug #925455 [alsa-utils] alsa volume never saved/restored
Added tag(s) pending and patch.

-- 
925455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#925455: alsa volume never saved/restored

[gregor herrmann]

Control: tag -1 + patch pending

On Mon, 25 Mar 2019 12:05:36 +0100, Laurent Bigonville wrote:

> The more obvious solution would of course be to remove the condition in the
> .service file

There is a commit in the packaging repo which claims to fix this bug:
https://salsa.debian.org/alsa-team/alsa-utils/commit/af161676131e94bbaed72f37d0c5d4c6685a119e


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   NP: Furry Lewis: Billy lyons & stack o' lee


signature.asc
Description: Digital Signature

Bug#914034: bug in Net::SSLeay?

[Guilhem Moulin]

Control: usertag -1 bsp-2019-04-se-gothenburg

Hi there,

strace(1) shows a select(2) syscall indicating that the socket is ready for
both read and write, but is later blocking on a read(2) without any
write(2) taking place.

select(8, [3], [3], NULL, {tv_sec=180, tv_usec=0}) = 2 (in [3], out [3], 
left {tv_sec=179, tv_usec=98})
read(3, "…", 5)   = 5
read(3, "…", 156) = 156
read(3, 

Net::SSLeay warns:

If you need to select(2) on the socket, go right ahead, but be warned that
OpenSSL does some internal buffering so SSL_read does not always return
data even if the socket selected for reading (just keep on selecting and
trying to read). "Net::SSLeay" is no different from the C language OpenSSL
in this respect.

And indeed LWP::Protocol::http's use of select(2) on SSL sockets *does*
assume that read/write readiness won't block.  (If Net::SSLeay::read()
returns -1, then the loop will retry later with SSL_ERROR_WANT_READ/WRITE.)
However since OpenSSL 1.1.1 the SSL_MODE_AUTO_RETRY flag is on by
default, which breaks that assumption: ssl_read(3) might block, even
when select(2) claimed the socket had data to be read.

SSL_MODE_AUTO_RETRY

During normal operations, non-application data records might need to be
sent or received that the application is not aware of. If a
non-application data record was processed, SSL_read_ex(3) and SSL_read(3)
can return with a failure and indicate the need to retry with
SSL_ERROR_WANT_READ. If such a non-application data record was processed,
the flag SSL_MODE_AUTO_RETRY causes it to try to process the next record
instead of returning.

[…]

In a blocking environment, applications are not always prepared to deal
with the functions returning intermediate reports such as retry requests,
and setting the SSL_MODE_AUTO_RETRY flag will cause the functions to only
return after successfully processing an application data record or a
failure.

[…]

All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by
default since 1.1.1.

— https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_mode.html

See also https://github.com/openssl/openssl/issues/6234 .

I see several paths forward here:

  - Refactor LWP::Protocol::http's select loop to solve the assumption
that's now broken with OpenSSL ≥1.1.1; or
  - Unset SSL_MODE_AUTO_RETRY in IO::Socket::SSL; or
  - Make context flags configurable in IO::Socket::SSL, and unset
SSL_MODE_AUTO_RETRY from LWP.

IMHO the first option is not ideal so late in the release cycle.  The
second option is the easiest to implement, and should™ be regression-free,
but might confuse people who became used to OpenSSL ≥1.1.1's new context
default flags.

SSL_CTX_clear_mode(3) and SSL_CTRL_CLEAR_MODE macros are unfortunately
not exposed to Net::SSLeay 1.85-2.  The proper fix would be to expose
these and release a new version of Net::SSLeay, of course, but for tests
the macros can be taken from /usr/include/openssl/ssl.h:

# define SSL_CTRL_CLEAR_MODE 78
[…]
# define SSL_CTX_clear_mode(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)

and used as is in IO::Socket::SSL.pm.  With the following patch I'm
again able to POST to HTTPS servers using TLS 1.3.

--8<--->8--
--- a/IO/Socket/SSL.pm
+++ b/IO/Socket/SSL.pm
@@ -2433,6 +2433,7 @@
# cannot guarantee, that the location of the buffer stays constant
Net::SSLeay::CTX_set_mode( $ctx,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|SSL_MODE_ENABLE_PARTIAL_WRITE);
+   Net::SSLeay::CTX_ctrl($ctx, 78, Net::SSLeay::MODE_AUTO_RETRY(), undef);
 
if ( my $proto_list = $arg_hash->{SSL_npn_protocols} ) {
return IO::Socket::SSL->_internal_error("NPN not supported in 
Net::SSLeay",9)
--8<--->8--

(Again, I'm not proposing to patch IO::Socket::SSL as above :-)  With
MODE_AUTO_RETRY set — the default for OpenSSL ≥1.1.1 — one gets:

$ strace -e trace=read,write,select perl -MLWP::UserAgent -e 
'LWP::UserAgent->new(ssl_opts =>
{SSL_version => "TLSv1_3"})->post("https://facebook.com;, { data => 
"plonc" })';
[…]
select(8, [3], [3], NULL, {tv_sec=180, tv_usec=0}) = 2 (in [3], out [3], 
left {tv_sec=179, tv_usec=98})
read(3, "…", 5)   = 5
read(3, "…", 156) = 156
read(3, 

And now with the MODE_AUTO_RETRY flag unset:

$ select(8, [3], [3], NULL, {tv_sec=180, tv_usec=0}) = 2 (in [3], out [3], 
left {tv_sec=179, tv_usec=98})
read(3, "…", 5) = 5
read(3, "…", 156)   = 156
write(3, "…", 217)  = 217
select(8, [3], NULL, NULL, {tv_sec=180, tv_usec=0}) = 1 (in [3], left 
{tv_sec=179, tv_usec=870931})
read(3, "…", 5) = 5
read(3, "…", 361)   = 361

Cheers,
-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#925909: marked as done (pbgenomicconsensus: autopkgtest regression)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 15:33:36 +
with message-id 
and subject line Bug#925909: fixed in pbgenomicconsensus 2.3.2-5
has caused the Debian Bug report #925909,
regarding pbgenomicconsensus: autopkgtest regression
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
925909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925909
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: pbgenomicconsensus
Version: 2.3.2-1
Severity: serious
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: regression

Hi Maintainer

Since the upload of 2.3.2-1, pbgenomicconsensus has been failing its own 
autopkgtests [1] with the following error:


autopkgtest [12:23:51]: test command2: [---
# Tests that need to be run by Jenkins but are slowing
# down the development cycle, so aren't run by "tests"
# target.
PATH=`pwd`:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games cram 
--verbose --xunit-file=gc-extra-cram.xml `ls tests/cram/extra/*.t | grep 
-v arrow`

tests/cram/extra/plurality-fluidigm.t: failed
--- tests/cram/extra/plurality-fluidigm.t
+++ tests/cram/extra/plurality-fluidigm.t.err
@@ -8,12 +8,26 @@
 Set the QV threshold to 10.

   $ variantCaller --algorithm=plurality -r $REFERENCE -q 10 -o 
variants.gff -o consensus.csv -o consensus.fastq $INPUT

+  Traceback (most recent call last):
+File "/usr/bin/variantCaller", line 3, in 
+  from GenomicConsensus.main import main
+File "/usr/lib/python2.7/dist-packages/GenomicConsensus/main.py", 
line 16, in 

+  from GenomicConsensus import reference
+File 
"/usr/lib/python2.7/dist-packages/GenomicConsensus/reference.py", line 
8, in 

+  from .windows import holes, kCoveredIntervals, enumerateIntervals
+File 
"/usr/lib/python2.7/dist-packages/GenomicConsensus/windows.py", line 14, 
in 

+  from ConsensusCore import CoveredIntervals
+  ImportError: No module named ConsensusCore
+  [1]

 There are two true SNVs (and one diploid SNV that we miss right now).

   $ grep insertion variants.gff | wc | awk '{print $1}'
+  grep: variants.gff: No such file or directory
   0
   $ grep deletion variants.gff | wc | awk '{print $1}'
+  grep: variants.gff: No such file or directory
   0
   $ grep substitution variants.gff
- 
EGFR_Exon_23\t.\tsubstitution\t48\t48\t.\t.\t.\treference=T;variantSeq=C;frequency=97;coverage=100;confidence=40 
(esc)

+  grep: variants.gff: No such file or directory
+  [2]
# Ran 1 tests, 0 skipped, 1 failed.
make: *** [Makefile:25: extra-tests] Error 1
autopkgtest [12:23:52]: test command2: ---]
autopkgtest [12:23:52]: test command2:  - - - - - - - - - - results - - 
- - - - - - - -

command2 FAIL non-zero exit status 2

Regards
Graham


[1] https://ci.debian.net/packages/p/pbgenomicconsensus/unstable/amd64/
--- End Message ---
--- Begin Message ---
Source: pbgenomicconsensus
Source-Version: 2.3.2-5

We believe that the bug you reported is fixed in the latest version of
pbgenomicconsensus, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 925...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Liubov Chuprikova  (supplier of updated 
pbgenomicconsensus package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 07 Apr 2019 13:58:37 +0200
Source: pbgenomicconsensus
Binary: pbgenomicconsensus python-pbgenomicconsensus
Architecture: source
Version: 2.3.2-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team 

Changed-By: Liubov Chuprikova 
Description:
 pbgenomicconsensus - Pacific Biosciences variant and consensus caller
 python-pbgenomicconsensus - Pacific Biosciences variant and consensus caller 
(Python 2)
Closes: 925909
Changes:
 pbgenomicconsensus (2.3.2-5) unstable; urgency=medium
 .
   * Team upload.
   * Fix autopkgtest dependencies
 Closes: #925909
Checksums-Sha1:
 3b66aefda41a10c6efc0bbb68eb4e9da02363c02 2525 pbgenomicconsensus_2.3.2-5.dsc
 000ae613a5a54419564121511da922a75d1c04e6 20772 
pbgenomicconsensus_2.3.2-5.debian.tar.xz
Checksums-Sha256:
 

Processed: Re: ruby-pygments.rb: FTBFS randomly (failing tests)

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 923986 ruby-pygments.rb: FTBFS randomly (" class="ch">\#!\/usr\/bin\/ruby<\/span>/> was expected to be =~ ")
Bug #923986 [src:ruby-pygments.rb] ruby-pygments.rb: FTBFS randomly (failing 
tests)
Changed Bug title to 'ruby-pygments.rb: FTBFS randomly ("\#!\/usr\/bin\/ruby<\/span>/> was expected to be =~ ")' from 
'ruby-pygments.rb: FTBFS randomly (failing tests)'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
923986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#926380: marked as done (golang-github-puerkitobio-purell: FTBFS (failing tests))

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 15:18:31 +
with message-id 
and subject line Bug#926380: fixed in golang-github-puerkitobio-purell 1.1.0-2
has caused the Debian Bug report #926380,
regarding golang-github-puerkitobio-purell: FTBFS (failing tests)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
926380: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926380
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:golang-github-puerkitobio-purell
Version: 1.1.0-1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
dh build-indep --buildsystem=golang --with=golang
   dh_update_autotools_config -i -O--buildsystem=golang
   dh_auto_configure -i -O--buildsystem=golang
   dh_auto_build -i -O--buildsystem=golang
cd obj-x86_64-linux-gnu && go install 
-gcflags=all=\"-trimpath=/<>/obj-x86_64-linux-gnu/src\" 
-asmflags=all=\"-trimpath=/<>/obj-x86_64-linux-gnu/src\" -v -p 1 
github.com/PuerkitoBio/purell
errors
internal/cpu
internal/bytealg
internal/race
runtime/internal/atomic
runtime/internal/sys
runtime
sync/atomic
sync
io
unicode
unicode/utf8
bytes
math
syscall
time
internal/poll
internal/syscall/unix
internal/testlog
os
math/bits
strconv
reflect
fmt
sort
strings
net/url
github.com/PuerkitoBio/urlesc
golang.org/x/text/transform
container/list
log
golang.org/x/text/unicode/bidi
golang.org/x/text/secure/bidirule
golang.org/x/text/unicode/norm
golang.org/x/net/idna
golang.org/x/text/width
regexp/syntax
regexp
github.com/PuerkitoBio/purell
   dh_auto_test -i -O--buildsystem=golang
cd obj-x86_64-linux-gnu && go test -vet=off -v -p 1 
github.com/PuerkitoBio/purell
=== RUN   TestRunner
--- PASS: TestRunner (0.00s)
purell_test.go:715: running LowerScheme...
purell_test.go:715: running LowerScheme2...
purell_test.go:715: running LowerHost...
purell_test.go:715: running UpperEscapes...
purell_test.go:715: running UnnecessaryEscapes...
purell_test.go:715: running RemoveDefaultPort...
purell_test.go:715: running RemoveDefaultPort2...
purell_test.go:715: running RemoveDefaultPort3...
purell_test.go:715: running Safe...
purell_test.go:715: running BothLower...
purell_test.go:715: running RemoveTrailingSlash...
purell_test.go:715: running RemoveTrailingSlash2...
purell_test.go:715: running RemoveTrailingSlash3...
purell_test.go:715: running AddTrailingSlash...
purell_test.go:715: running AddTrailingSlash2...
purell_test.go:715: running AddTrailingSlash3...
purell_test.go:715: running RemoveDotSegments...
purell_test.go:715: running RemoveDotSegments2...
purell_test.go:715: running UsuallySafe...
purell_test.go:715: running RemoveDirectoryIndex...
purell_test.go:715: running RemoveDirectoryIndex2...
purell_test.go:715: running RemoveFragment...
purell_test.go:715: running ForceHTTP...
purell_test.go:715: running RemoveDuplicateSlashes...
purell_test.go:715: running RemoveDuplicateSlashes2...
purell_test.go:715: running RemoveWWW...
purell_test.go:715: running RemoveWWW2...
purell_test.go:715: running AddWWW...
purell_test.go:715: running SortQuery...
purell_test.go:715: running RemoveEmptyQuerySeparator...
purell_test.go:715: running Unsafe...
purell_test.go:715: running Safe2...
purell_test.go:715: running UsuallySafe2...
purell_test.go:715: running AddTrailingSlashBug...
purell_test.go:715: running SourceModified...
purell_test.go:715: running IPv6-1...
purell_test.go:715: running IPv6-2...
purell_test.go:715: running IPv6-3...
purell_test.go:715: running IPv6-4...
purell_test.go:715: running FTP...
purell_test.go:715: running Standard-1...
purell_test.go:715: running Standard-2...
purell_test.go:715: running Standard-3...
purell_test.go:715: running Standard-4...
purell_test.go:715: running Standard-5...
purell_test.go:715: running Standard-6...
purell_test.go:715: running Standard-7...
purell_test.go:715: running Standard-8...
purell_test.go:715: running Standard-9...
purell_test.go:715: running Standard-10...
purell_test.go:715: running StandardCasesAddTrailingSlash...
purell_test.go:715: running OctalIP-1...
purell_test.go:715: running OctalIP-2...
purell_test.go:715: running OctalIP-3...
purell_test.go:715: running OctalIP-4...
purell_test.go:715: running DWORDIP-1...

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 888547 CVE-2017-1000190: XXE vulnerability resulting in SSRF, 
> information disclosure, DoS, etc.
Bug #888547 [src:simple-xml] CVE-2017-1000190
Changed Bug title to 'CVE-2017-1000190: XXE vulnerability resulting in SSRF, 
information disclosure, DoS, etc.' from 'CVE-2017-1000190'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
888547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: sqlalchemy: CVE-2019-7164 CVE-2019-7548 (SQL injection)

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 922669 sqlalchemy: CVE-2019-7164 CVE-2019-7548 (SQL injection)
Bug #922669 [src:sqlalchemy] sqlalchemy: CVE-2019-7164 CVE-2019-7548
Changed Bug title to 'sqlalchemy: CVE-2019-7164 CVE-2019-7548 (SQL injection)' 
from 'sqlalchemy: CVE-2019-7164 CVE-2019-7548'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
922669: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922669
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: CVE-2018-1000073

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 925986 CVE-2018-173: directory Traversal vulnerability in 
> install_location
Bug #925986 [jruby] CVE-2018-173
Changed Bug title to 'CVE-2018-173: directory Traversal vulnerability in 
install_location' from 'CVE-2018-173'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
925986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Bug #926380 in golang-github-puerkitobio-purell marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #926380 [src:golang-github-puerkitobio-purell] 
golang-github-puerkitobio-purell: FTBFS (failing tests)
Added tag(s) pending.

-- 
926380: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926380
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#926380: Bug #926380 in golang-github-puerkitobio-purell marked as pending

[Andreas Henriksson]

Control: tag -1 pending

Hello,

Bug #926380 in golang-github-puerkitobio-purell reported by you has been fixed 
in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/go-team/packages/golang-github-puerkitobio-purell/commit/4b1efd9dfe93232d5b814c8cff961968a3418865


Add debian/patches/pr-29.patch

https://github.com/PuerkitoBio/purell/pull/29

Closes: #926380


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/926380

Bug#923930: testsuite comes with built-in time-bomb

[Andreas Henriksson]

Control: forwarded -1 https://github.com/heimdal/heimdal/issues/533

Greetings from the Gothenburg BSP.

To summarize the above issue:
- certs used in test-suite expired
- upstream regenerated certs with 500 years expiration time set
- this solves the issue on machines with 64bit time_t
  but 32bit machines still fails the test-suite.
- A suggestion was made to generate certs that expire
  "Tue, 19 Jan 2038 03:14:06 GMT" instead.

On the debian side of things: including the upstream diff is
annoying because debian/patches/ (quilt 3.0) doesn't support
git binary diffs.

The lazy solution here is to argue that we don't want time-bombs and
just disable the test-suite. The better solution involves generating
the certificates so that they align with what 32bit machines can handle,
uuencoding the result and setting up debian/rules handling to "manually
patch" the build.

Regards,
Andreas Henriksson

Processed: testsuite comes with built-in time-bomb

[Debian Bug Tracking System]

Processing control commands:

> forwarded -1 https://github.com/heimdal/heimdal/issues/533
Bug #923930 [src:heimdal] FTBFS: FAIL test_chain (exit status: 1)
Set Bug forwarded-to-address to 'https://github.com/heimdal/heimdal/issues/533'.

-- 
923930: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923930
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#926380: golang-github-puerkitobio-purell: FTBFS (failing tests)

[Shengjing Zhu]

Hi,

On Sun, Apr 7, 2019 at 10:09 PM Andreas Henriksson  wrote:
>
> Greetings from the Gothenburg BSP.
>
> This is the output I get when reproducing this issue:
>
> ---8<->8-
>
> --- FAIL: TestEncodeNecessaryEscapesAll (0.00s)
> purell_test.go:761: Got error parse http://host/
>
>
> � net/url: invalid control character in URL
> FAIL
> exit status 1
> FAIL_/tmp/golang-github-puerkitobio-purell-1.1.00.003s
>
> ---8<->8-
>
>
> net/url Parse now explicitly check that you don't pass in
> "invalid" (non-encoded) urls and rejects them:
> https://sources.debian.org/src/golang-1.11/1.11.6-1/src/net/url/url.go/?hl=498#L498
>
> The NormalizeUrlString helper function starts out by passing the url
> string to url.Parse:
> https://sources.debian.org/src/golang-github-puerkitobio-purell/1.1.0-1/purell.go/#L153
>
> The TestDecodeUnnecessaryEscapesAll function creates an url with control
> characters and passes it to NormalizeURLString to try to get it
> normalized/escaped.
>
> I'd say the design of the NormalizeUrlString function is broken and thus
> it's not obvious to me how to fix it. I'd say that if you have a
> non-normalized string you want encoded, you should pass it in as
> something that doesn't need to be parsed. ie. use NormalizeUrl helper
> function, which takes an Url type.
>
> Removing the NormalizeUrlString function however would be an API/ABI
> break as it's publicly exported (and used by Hugo and Kubernetes)...
>
> Maybe open-coding some homebrew url parsing to fall back on could be
> done to keep the function around. Sounds bad to think you know
> better than net/url how to parse an url though.
>
> I'm attaching a patch which "fixes" this issue, but really it's most likely
> a stupid and wrong things to do to solve this. It's just designed to
> make the testsuite pass. As mentioned, I think the NormalizeURLString
> function is incorrectly designed and there's no way to fix it (so should
> be deprecated in favour of NormalizeURL).
> Thus intentionally *not* tagging patch, as this is rather a "proof of
> concept".
>
> Regards,
> Andreas Henriksson

Thanks for your great work!

However it's already fixed by upstream,
https://github.com/PuerkitoBio/purell/pull/29

If someone is going to upload the new version, please take upstream
patch instead :/

-- 
Shengjing Zhu

Processed: bug 926380 is forwarded to https://github.com/PuerkitoBio/purell/issues/28

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 926380 https://github.com/PuerkitoBio/purell/issues/28
Bug #926380 [src:golang-github-puerkitobio-purell] 
golang-github-puerkitobio-purell: FTBFS (failing tests)
Set Bug forwarded-to-address to 
'https://github.com/PuerkitoBio/purell/issues/28'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
926380: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926380
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#919914: gnome-tweaks now equates "don't suspend on lid close" with "don't lock on lid close" (security issue)

[intrigeri]

Hi Josh,

Josh Triplett:
> Recently, disabling the setting "Suspend when laptop lid is closed"
> seems to have started preventing *any* action on lid close, including
> locking the screen;

Would you be interested in testing whether
https://gitlab.gnome.org/GNOME/gnome-settings-daemon/merge_requests/84
fixes this problem for you?

Cheers,
-- 
intrigeri

Processed: reassign 919914 to gnome-settings-daemon, affects 919914, found 919914 in 3.31.90-1 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 919914 gnome-settings-daemon
Bug #919914 [gnome-tweaks] gnome-tweaks now equates "don't suspend on lid 
close" with "don't lock on lid close" (security issue)
Bug reassigned from package 'gnome-tweaks' to 'gnome-settings-daemon'.
No longer marked as found in versions gnome-tweaks/3.30.2-1.
Ignoring request to alter fixed versions of bug #919914 to the same values 
previously set
> affects 919914 + gnome-tweaks
Bug #919914 [gnome-settings-daemon] gnome-tweaks now equates "don't suspend on 
lid close" with "don't lock on lid close" (security issue)
Added indication that 919914 affects gnome-tweaks
> found 919914 3.31.90-1
Bug #919914 [gnome-settings-daemon] gnome-tweaks now equates "don't suspend on 
lid close" with "don't lock on lid close" (security issue)
Marked as found in versions gnome-settings-daemon/3.31.90-1.
> found 919914 3.32.0-1
Bug #919914 [gnome-settings-daemon] gnome-tweaks now equates "don't suspend on 
lid close" with "don't lock on lid close" (security issue)
Marked as found in versions gnome-settings-daemon/3.32.0-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919914
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 919914 is forwarded to https://gitlab.gnome.org/GNOME/gnome-settings-daemon/merge_requests/84

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 919914 
> https://gitlab.gnome.org/GNOME/gnome-settings-daemon/merge_requests/84
Bug #919914 [gnome-tweaks] gnome-tweaks now equates "don't suspend on lid 
close" with "don't lock on lid close" (security issue)
Set Bug forwarded-to-address to 
'https://gitlab.gnome.org/GNOME/gnome-settings-daemon/merge_requests/84'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919914
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: CVE-2018-15587

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 924616 CVE-2018-15587: Signature Spoofing in PGP encrypted email
Bug #924616 [src:evolution] CVE-2018-15587
Changed Bug title to 'CVE-2018-15587: Signature Spoofing in PGP encrypted 
email' from 'CVE-2018-15587'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
924616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924616
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#926380: golang-github-puerkitobio-purell: FTBFS (failing tests)

[Andreas Henriksson]

Greetings from the Gothenburg BSP.

This is the output I get when reproducing this issue:

---8<->8-

--- FAIL: TestEncodeNecessaryEscapesAll (0.00s)
purell_test.go:761: Got error parse http://host/


� net/url: invalid control character in URL
FAIL
exit status 1
FAIL_/tmp/golang-github-puerkitobio-purell-1.1.00.003s

---8<->8-


net/url Parse now explicitly check that you don't pass in
"invalid" (non-encoded) urls and rejects them:
https://sources.debian.org/src/golang-1.11/1.11.6-1/src/net/url/url.go/?hl=498#L498

The NormalizeUrlString helper function starts out by passing the url
string to url.Parse:
https://sources.debian.org/src/golang-github-puerkitobio-purell/1.1.0-1/purell.go/#L153

The TestDecodeUnnecessaryEscapesAll function creates an url with control
characters and passes it to NormalizeURLString to try to get it
normalized/escaped.

I'd say the design of the NormalizeUrlString function is broken and thus
it's not obvious to me how to fix it. I'd say that if you have a
non-normalized string you want encoded, you should pass it in as
something that doesn't need to be parsed. ie. use NormalizeUrl helper
function, which takes an Url type.

Removing the NormalizeUrlString function however would be an API/ABI
break as it's publicly exported (and used by Hugo and Kubernetes)...

Maybe open-coding some homebrew url parsing to fall back on could be
done to keep the function around. Sounds bad to think you know
better than net/url how to parse an url though.

I'm attaching a patch which "fixes" this issue, but really it's most likely
a stupid and wrong things to do to solve this. It's just designed to
make the testsuite pass. As mentioned, I think the NormalizeURLString
function is incorrectly designed and there's no way to fix it (so should
be deprecated in favour of NormalizeURL).
Thus intentionally *not* tagging patch, as this is rather a "proof of
concept".

Regards,
Andreas Henriksson
diff -uriNp golang-github-puerkitobio-purell-1.1.0/purell.go golang-github-puerkitobio-purell-1.1.0-fixed/purell.go
--- golang-github-puerkitobio-purell-1.1.0/purell.go	2016-11-15 03:49:42.0 +0100
+++ golang-github-puerkitobio-purell-1.1.0-fixed/purell.go	2019-04-07 16:00:06.039745498 +0200
@@ -12,6 +12,7 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+	"errors"
 
 	"github.com/PuerkitoBio/urlesc"
 	"golang.org/x/net/idna"
@@ -147,10 +148,43 @@ func MustNormalizeURLString(u string, f
 	return result
 }
 
+func myURLParse(u string) (*url.URL, error) {
+	// first try to parse the url as normal and return it if successful
+	parsed, err := url.Parse(u)
+	if err == nil {
+		return parsed, nil
+	}
+
+	// path possibly contains control characters, which url.Parse
+	// doesn't allow. Try to parse url without path and then add it.
+
+	// find third / and assume that's where path starts.
+	parts := strings.SplitN(u, "/", 4)
+
+	var noPathURL string
+	if len(parts) != 4 {
+		return nil, errors.New("Failed to find start of path in url")
+	}
+	noPathURL = strings.Join(parts[:3], "/")
+
+	parsed, err = url.Parse(noPathURL)
+	if err != nil {
+		return nil, err
+	}
+
+	pathquery := strings.SplitN(parts[3], "#", 2)
+	parsed.Path = pathquery[0]
+	if len(pathquery) > 1 {
+		parsed.Fragment = pathquery[1]
+	}
+
+	return parsed, nil
+}
+
 // NormalizeURLString returns the normalized string, or an error if it can't be parsed into an URL object.
 // It takes an URL string as input, as well as the normalization flags.
 func NormalizeURLString(u string, f NormalizationFlags) (string, error) {
-	parsed, err := url.Parse(u)
+	parsed, err := myURLParse(u)
 	if err != nil {
 		return "", err
 	}

Processed: Re: src:lexicon: Build-Depends on to be removed package

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 926541 src:lexicon: Build-Depends on python-softlayer which will be 
> removed
Bug #926541 [src:lexicon] src:lexicon: Build-Depends on to be removed package
Changed Bug title to 'src:lexicon: Build-Depends on python-softlayer which will 
be removed' from 'src:lexicon: Build-Depends on to be removed package'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
926541: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926541
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#926542: marked as done (javatools: jh_build -N has undefined behaviour (--no-package vs. --no-javadoc))

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 13:34:12 +
with message-id 
and subject line Bug#926542: fixed in javatools 0.72.8
has caused the Debian Bug report #926542,
regarding javatools: jh_build -N has undefined behaviour (--no-package vs. 
--no-javadoc)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
926542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926542
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: javahelper
Version: 0.72.4
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

I'm experiencing random failures while building hdf5 for unstable using
sbuild. Starting with javahelper 0.72.4, the debian/rules clean target
randomly reports:

make[1]: Leaving directory '/<>/hdf5-1.10.5+repack'
   dh_autoreconf_clean
   jh_clean
Unknown option: l
Unknown option: b
Usage: jh_build [options]

  jh_build is a part of debhelper. See debhelper(7)
  and jh_build(1) for complete usage instructions.

This failure occurs about one time in two.

The clean target doesn't fail despite this error, but subsequent calls to
jh_build fail the very same way, causing hdf5 to FTBS.

This behavior occurs only when I use DH_OPTION="-N..." to skip some binary
packages:

$ DH_OPTIONS="-Nlibhdf5-openmpi-103" jh_clean   
  
Unknown option: l
Unknown option: b
Usage: jh_build [options]

  jh_build is a part of debhelper. See debhelper(7)
  and jh_build(1) for complete usage instructions.

I can somewhat reproduce it on another java packages. For example mac-widgets:
(unstable-amd64-sbuild)/<>/mac-widgets-0.10.0+svn416-dfsg1$ 
DH_OPTIONS="-Nlibmac-widgets-java" jh_clean
Unknown option: l
Unknown option: b
jh_build: warning: ignored unknown options in DH_OPTIONS

But in this case jh_build states it ignores DH_OPTIONS content.

Release 0.72.2 of javahelper is OK.

Thanks,

_g.

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAlyo7C4ACgkQ7+hsbH/+
z4NjkQgAma6UaCbJ/ab+8HPqUUjG5s2u+iXIqVc1B2W+eB4rRx8adcSIsBWQDc88
q5gcAfcNzxnG0YUZimy8lyrE5yoyUKTe+6B2crhT1z10wkYVCJENkP0BQDgZBkhW
XAVtUVXmwS71tJP/wUh84+F0LSRu3OFtKi92augSfxFZXm90j3uAeh9QBKwYpglg
9Tz9Rrsnjb9yu5W95XyWBRGwoOXUqRuD1mjgsX9TVwpN4jMwfd7dBw5VDIH27JWs
ZYX7K9k9lPOJzyzIYF7kXRMdl/h9YPE1WAQIuxfmfjnvpu1AQDowO8mrya4XhJZO
TxpqaSLhhX2geGeGDr/Fi7Mh9J+UjQ==
=jYwS
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: javatools
Source-Version: 0.72.8

We believe that the bug you reported is fixed in the latest version of
javatools, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 926...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niels Thykier  (supplier of updated javatools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 07 Apr 2019 13:18:04 +
Source: javatools
Architecture: source
Version: 0.72.8
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Niels Thykier 
Closes: 925507 926542
Changes:
 javatools (0.72.8) unstable; urgency=medium
 .
   * Team upload.
   * jh_build: Fix a regression in 0.72.7 where the first
 parameter of debian/javabuild was incorrectly interpreted
 as a glob that had to match something (rather than the
 name of the output file).  Thanks to Ole Streicher for
 reporting this issue.  (Closes: #925507)
   * jh_build: Deprecate -N as short form of --no-javadoc and
 add a work around to make -N work reliably.  This fixes
 -N being either --no-package or --no-javadoc with a 50/50
 probability.  Thanks to Gilles Filippini for reporting
 the issue.  (Closes: #926542)
Checksums-Sha1:
 1531a80b14961df76cd7e75042c1b34f516d7898 1869 javatools_0.72.8.dsc
 5cfc42e15a932107b53c7d30471baf5f1782de9a 54200 javatools_0.72.8.tar.xz
 d7982c1e7ae383e4693c079c4fb8e94cc4112e39 9874 javatools_0.72.8_source.buildinfo
Checksums-Sha256:
 de581a3a952404e5b3f9b1d877f3e0961624c82bc093b140362e16e976a0a7d9 1869 
javatools_0.72.8.dsc
 d858d72bb4233f49d1bc14a147625b090cd32295704ee51a7cfdb035176a2ff2 54200 
javatools_0.72.8.tar.xz
 

Bug#925507: marked as done (jh_build fails when source files are specified)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 13:34:12 +
with message-id 
and subject line Bug#925507: fixed in javatools 0.72.8
has caused the Debian Bug report #925507,
regarding jh_build fails when source files are specified
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
925507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925507
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: javahelper
Version: 0.72.6
Severity: serious
Control: affects -1 src:healpix-java
Control: blocks -1 923752

The javahelper package fails when files are specified as src. The source 
package healpix-java has the following debian/javabuild:

healpix.jar src/healpix/essentials/*.java

When I compile this (healpix-java version 3.40-1), I get the following 
error (the files ofcourse exist):

jh_build
jh_build: Ignoring src/healpix/essentials/*.java because it does not exist

When I include the options in d/rules instead:

override_jh_build:
jh_build healpix.jar src/healpix/essentials/*.java
[...]

I get a very mystic error:

jh_build healpix.jar src/healpix/essentials/*.java
error: invalid flag: -quiet
Usage: javac  
use --help for a list of possible options
jh_build: /usr/lib/jvm/default-java/bin/javac -g -cp 
/usr/share/java/fits.jar:_jh_build.healpix -d debian/_jh_build.healpix -quiet 
-encoding ISO8859-1 -source 1.7 -target 1.7 
src/healpix/essentials/CircleFinder.java src/healpix/essentials/Compressor.java 
src/healpix/essentials/Constants.java src/healpix/essentials/FastMath.java 
src/healpix/essentials/FitsUtil.java src/healpix/essentials/Fxyf.java 
src/healpix/essentials/HealpixBase.java 
src/healpix/essentials/HealpixMapDouble.java 
src/healpix/essentials/HealpixMapFloat.java 
src/healpix/essentials/HealpixProc.java 
src/healpix/essentials/HealpixTables.java 
src/healpix/essentials/HealpixUtils.java src/healpix/essentials/Hploc.java 
src/healpix/essentials/Moc.java src/healpix/essentials/MocFitsIO.java 
src/healpix/essentials/MocQuery.java src/healpix/essentials/MocStringIO.java 
src/healpix/essentials/Pointing.java src/healpix/essentials/RangeSet.java 
src/healpix/essentials/Scheme.java src/healpix/essentials/Vec3.java 
src/healpix/essentials/Zphi.java src/healpix/essentials/package-info.java 
returned exit code 2

Looking into the sources show that the "-quiet" flag is indeed 
unconditionally added there, and seems to not work at least with the 
current openjdk-11-jdk-headless:amd64 (11.0.3+4-1).

https://salsa.debian.org/java-team/javatools/blob/master/jh_build#L229

Best regards

Ole
--- End Message ---
--- Begin Message ---
Source: javatools
Source-Version: 0.72.8

We believe that the bug you reported is fixed in the latest version of
javatools, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 925...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niels Thykier  (supplier of updated javatools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 07 Apr 2019 13:18:04 +
Source: javatools
Architecture: source
Version: 0.72.8
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Niels Thykier 
Closes: 925507 926542
Changes:
 javatools (0.72.8) unstable; urgency=medium
 .
   * Team upload.
   * jh_build: Fix a regression in 0.72.7 where the first
 parameter of debian/javabuild was incorrectly interpreted
 as a glob that had to match something (rather than the
 name of the output file).  Thanks to Ole Streicher for
 reporting this issue.  (Closes: #925507)
   * jh_build: Deprecate -N as short form of --no-javadoc and
 add a work around to make -N work reliably.  This fixes
 -N being either --no-package or --no-javadoc with a 50/50
 probability.  Thanks to Gilles Filippini for reporting
 the issue.  (Closes: #926542)
Checksums-Sha1:
 1531a80b14961df76cd7e75042c1b34f516d7898 1869 javatools_0.72.8.dsc
 5cfc42e15a932107b53c7d30471baf5f1782de9a 54200 javatools_0.72.8.tar.xz
 d7982c1e7ae383e4693c079c4fb8e94cc4112e39 9874 javatools_0.72.8_source.buildinfo
Checksums-Sha256:
 

Processed: closing 926587

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> close 926587 1.4.20-1.1+deb8u2
Bug #926587 {Done: "Chris Lamb" } [roundup] roundup: 
CVE-2019-10904
There is no source info for the package 'roundup' at version 
'1.4.20-1.1+deb8u2' with architecture ''
Unable to make a source version for version '1.4.20-1.1+deb8u2'
Marked as fixed in versions 1.4.20-1.1+deb8u2.
Bug #926587 {Done: "Chris Lamb" } [roundup] roundup: 
CVE-2019-10904
Bug 926587 is already marked as done; not doing anything.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
926587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926587
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#926587: closing 926587

[Salvatore Bonaccorso]

close 926587 1.4.20-1.1+deb8u2
thanks

Processed: retitle 926593

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 926593 llvm-toolchain-8: unicode non free license
Bug #926593 [llvm-toolchain-8] llvm-toolchain-7: unicode non free license
Changed Bug title to 'llvm-toolchain-8: unicode non free license' from 
'llvm-toolchain-7: unicode non free license'.
> found 926593 1:8-3
Bug #926593 [llvm-toolchain-8] llvm-toolchain-8: unicode non free license
There is no source info for the package 'llvm-toolchain-8' at version '1:8-3' 
with architecture ''
Unable to make a source version for version '1:8-3'
Marked as found in versions 1:8-3.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
926593: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)

[Thorsten Glaser]

On Sun, 7 Apr 2019, Ivo De Decker wrote:

> Also, I'm not sure adding an init script now is an approriate change
> for the freeze.

It is, it only touches systems on which it previously did not work.

> Some other changes suggested in this bug (like changes in systemd)
> certainly are not.

This was discussed for later. Emmanuel agreed that, if those changes
were not implemented for buster, the suggested patch to restore user
creation with adduser (trivial, fits into less than an ANSI screen
page, easy to audit) can go into this for buster.

> This bug should not be used as an argument to force these kind of
> changes for buster.

Indeed, and that was never my intention.


I would like to respectfully ask that this *not* be buster-ignored,
and to review the attached patch, which has been tested to indeed
unbreak sysvinit (and fixed some bugs detected during that).

Thanks in advance,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steegdiff -Nru tomcat9-9.0.16/debian/README.Debian 
tomcat9-9.0.16/debian/README.Debian
--- tomcat9-9.0.16/debian/README.Debian 2019-02-05 10:11:13.0 +0100
+++ tomcat9-9.0.16/debian/README.Debian 2019-04-01 16:26:55.0 +0200
@@ -54,6 +54,13 @@
   systemctl daemon-reload
   systemctl restart tomcat9
 
+⚠ This is supported only when Tomcat is started with the systemd unit.
+
+Using Tomcat with other init systems is supported, however that will
+negate the security hardening detailed above, make Tomcat not have
+its own temporary directory, not drop privileges/capabilities after
+start, and not be restarted on crashing. Use at your own risk.
+
   * To run more than one Tomcat instance on your server, install the package
 tomcat9-user and run the tomcat9-instance-create utility.
 You should remove the tomcat9 package if you don't want Tomcat to
diff -Nru tomcat9-9.0.16/debian/changelog tomcat9-9.0.16/debian/changelog
--- tomcat9-9.0.16/debian/changelog 2019-02-26 09:31:13.0 +0100
+++ tomcat9-9.0.16/debian/changelog 2019-04-02 22:54:17.0 +0200
@@ -1,3 +1,21 @@
+tomcat9 (9.0.16-4) unstable; urgency=medium
+
+  * Team upload.
+  * debian/logging.properties: Add commented-out non-systemd configuration
+  * Make tomcat9 installable without systemd:
+- Readd logic to create the system user via adduser
+- Add sysvinit script, for init independence (Closes: #925473)
+  * debian/README.Debian: Document non-systemd risks
+  * debian/libexec/tomcat-locate-java.sh: Remove shebang and make
+not executable as this is only ever sourced (makes no sense otherwise)
+  * Make the systemd startup script honour the (renamed) $SECURITY_MANAGER
+  * Remove -XX:+UseG1GC from standard JAVA_OPTS; the JRE chooses
+a suitable GC automatically anyway (Closes: #925928)
+  * Correct the ownership and permissions on the log directory:
+group adm and setgid (Closes: #925929)
+
+ -- Thorsten Glaser   Tue, 02 Apr 2019 22:54:17 +0200
+
 tomcat9 (9.0.16-3) unstable; urgency=medium
 
   * Removed read/write access to /var/lib/solr (Closes: #923299)
diff -Nru tomcat9-9.0.16/debian/control tomcat9-9.0.16/debian/control
--- tomcat9-9.0.16/debian/control   2019-02-05 10:53:30.0 +0100
+++ tomcat9-9.0.16/debian/control   2019-04-01 16:26:55.0 +0200
@@ -47,7 +47,7 @@
 Architecture: all
 Depends:
  lsb-base (>= 3.0-6),
- systemd (>= 215),
+ systemd (>= 215) | adduser,
  tomcat9-common (>= ${source:Version}),
  ucf,
  ${misc:Depends}
diff -Nru tomcat9-9.0.16/debian/copyright tomcat9-9.0.16/debian/copyright
--- tomcat9-9.0.16/debian/copyright 2019-02-05 10:11:13.0 +0100
+++ tomcat9-9.0.16/debian/copyright 2019-04-01 16:26:55.0 +0200
@@ -49,6 +49,7 @@
2013-2014, Gianfranco Costamagna 
2013-2018, Emmanuel Bourg 
2001-2017, Markus Koschany 
+   2015–2019, mirabilos 
 License: Apache-2.0
 
 License: Apache-2.0
diff -Nru tomcat9-9.0.16/debian/default.template 
tomcat9-9.0.16/debian/default.template
--- tomcat9-9.0.16/debian/default.template  2019-02-05 10:11:13.0 
+0100
+++ tomcat9-9.0.16/debian/default.template  2019-04-01 17:15:52.0 
+0200
@@ -3,9 +3,10 @@
 # OpenJDK and the Oracle JDK are tried.
 #JAVA_HOME=/usr/lib/jvm/java-8-openjdk
 
-# You may pass JVM startup parameters to Java here. If unset, the default
-# options will be: -Djava.awt.headless=true -XX:+UseG1GC
-JAVA_OPTS="-Djava.awt.headless=true -XX:+UseG1GC"
+# You may pass JVM startup parameters to Java here. If you run Tomcat with
+# Java 8 instead of 9 or newer, add "-XX:+UseG1GC" to select a suitable GC.
+# If unset, the default options will be: -Djava.awt.headless=true
+JAVA_OPTS="-Djava.awt.headless=true"
 
 # To enable remote debugging uncomment the 

Processed: tagging 902255 and 916945

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> clone 916945 -1
Bug #916945 [src:llvm-toolchain-7] llvm-toolchain-7: unicode non free license
Bug 916945 cloned as bug 926593
> reassign -1 llvm-toolchain-8
Bug #926593 [src:llvm-toolchain-7] llvm-toolchain-7: unicode non free license
Bug reassigned from package 'src:llvm-toolchain-7' to 'llvm-toolchain-8'.
No longer marked as found in versions llvm-toolchain-7/1:7.0.1-1.
Ignoring request to alter fixed versions of bug #926593 to the same values 
previously set
> # it looks like the offending file is available under a different license so
> # it probably is a license documentation issue rather than a non-free file
> tags 902255 buster-ignore
Bug #902255 [src:llvm-toolchain-6.0] llvm-toolchain-6.0: unicode non free 
license
Added tag(s) buster-ignore.
> tags 916945 buster-ignore
Bug #916945 [src:llvm-toolchain-7] llvm-toolchain-7: unicode non free license
Added tag(s) buster-ignore.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
902255: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902255
916945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916945
926593: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)

[Debian Bug Tracking System]

Processing control commands:

> tags -1 buster-ignore
Bug #925473 [tomcat9] tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)
Added tag(s) buster-ignore.

-- 
925473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925473
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)

[Ivo De Decker]

Control: tags -1 buster-ignore

Hi,

On Wed, Apr 03, 2019 at 02:33:47PM +0200, Thorsten Glaser wrote:
> On Wed, 3 Apr 2019, Emmanuel Bourg wrote:
> 
> > > I really insist on being able to install tomcat9 without having to
> > > install a whole other init system, even if it is not used.
> > 
> > See this as a compromise?
> 
> I don’t know… the missing initscript is an RC bug, so the compromise
> would start _after_ it’s added…

I'm tagging this bug buster-ignore, because we're not going to delay buster
for it. Also, I'm not sure adding an init script now is an approriate change
for the freeze. Some other changes suggested in this bug (like changes in
systemd) certainly are not.

This bug should not be used as an argument to force these kind of changes for
buster.

Thanks,

Ivo

Bug#923986: ruby-pygments.rb: FTBFS randomly (failing tests)

[Chris Lamb]

Santiago Vila wrote:

> I tried to build this package in buster but it failed:

Hm, I've just built this package 20 times in sid and the tests pass
every time.

> My recommendation is that the failing tests are simply disabled for buster.

If it's a specific test, then I recommend just disabling that one or
(better) explicitly marking it as XFAIL.


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Processed: Re: Bug#916145: closure-compiler: Not working with recent JS code

[Debian Bug Tracking System]

Processing control commands:

> severity -1 important
Bug #916145 [closure-compiler] closure-compiler: Not working with recent JS code
Severity set to 'important' from 'serious'

-- 
916145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916145
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#916145: closure-compiler: Not working with recent JS code

[Ivo De Decker]

Control: severity -1 important

Hi,

On Sun, Apr 07, 2019 at 11:16:53AM +0300, Adrian Bunk wrote:
> > Adrian: you raised the severity, care to lower it until buster is
> > out (or say some words on why)?
> 
> IMHO the release team adding a buster-ignore tag would be the best way 
> forward here - this would still show up as RC bug for bullseye.

No. Downgrading is the way forward.

If you want to update the package for bullseye, filing an RC bug is not the
way to do it. Joining the team and preparing a new package (after the freeze)
is.

Thanks,

Ivo

Processed: severity of 926542 is serious ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 926542 serious
Bug #926542 [javahelper] jh_build: randomly fails with DH_OPTIONS="-N..."
Severity set to 'serious' from 'normal'
> retitle 926542 javatools: jh_build -N has undefined behaviour (--no-package 
> vs. --no-javadoc)
Bug #926542 [javahelper] jh_build: randomly fails with DH_OPTIONS="-N..."
Changed Bug title to 'javatools: jh_build -N has undefined behaviour 
(--no-package vs. --no-javadoc)' from 'jh_build: randomly fails with 
DH_OPTIONS="-N..."'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
926542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926542
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#905446: haskell-hackage-mirror: FTBFS: Module `Control.Monad.Trans.Resource' does not export `monadThrow'

[Alexandre Peyroux]

This package is deprecated. https://github.com/fpco/hackage-mirror

Regards

Processed: Re: FTBFS on at least two architectures: test failure in the enigma algorithm

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 917203 + pending
Bug #917203 [src:libmcrypt] FTBFS on at least two architectures: test failure 
in the enigma algorithm
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
917203: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917203
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#917203: FTBFS on at least two architectures: test failure in the enigma algorithm

[Chris Lamb]

tags 917203 + pending
thanks

I've uploaded libmcrypt 2.5.8-3.4 to DELAYED/5:
  
  libmcrypt (2.5.8-3.4) unstable; urgency=medium
  
* Non-maintainer upload.
* Fix FTBFS on at least two architectures due to test failures in the
  "enigma". Thanks to Göran Weinholt (weinholt) for the patch.
  (Closes: #917203)
* Update Vcs-{Git,Browser} to point to salsa.debian.org.

The full debdiff is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
diffstat for libmcrypt_2.5.8-3.3 libmcrypt_2.5.8-3.4

 libmcrypt-2.5.8/debian/changelog |   10 ++
 libmcrypt-2.5.8/debian/control   |4 ++--
 modules/algorithms/enigma.h  |   10 +-
 3 files changed, 17 insertions(+), 7 deletions(-)

diff -u libmcrypt-2.5.8/debian/changelog libmcrypt-2.5.8/debian/changelog
--- libmcrypt-2.5.8/debian/changelog
+++ libmcrypt-2.5.8/debian/changelog
@@ -1,3 +1,13 @@
+libmcrypt (2.5.8-3.4) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS on at least two architectures due to test failures in the
+"enigma". Thanks to Göran Weinholt (weinholt) for the patch.
+(Closes: #917203)
+  * Update Vcs-{Git,Browser} to point to salsa.debian.org.
+
+ -- Chris Lamb   Sun, 07 Apr 2019 14:38:10 +0200
+
 libmcrypt (2.5.8-3.3) unstable; urgency=low
 
   * Non-maintainer upload.
diff -u libmcrypt-2.5.8/debian/control libmcrypt-2.5.8/debian/control
--- libmcrypt-2.5.8/debian/control
+++ libmcrypt-2.5.8/debian/control
@@ -3,8 +3,8 @@
 Priority: optional
 Maintainer: RISKO Gergely 
 Build-Depends: debhelper (>= 7.0.50), dh-autoreconf, libltdl-dev
-Vcs-Browser: http://git.debian.org/?p=collab-maint/libmcrypt.git;a=summary
-Vcs-Git: git://git.debian.org/collab-maint/libmcrypt.git
+Vcs-Browser: http://salsa.debian.org/debian/libmcrypt
+Vcs-Git: http://salsa.debian.org/debian/libmcrypt.git
 Homepage: http://mcrypt.sourceforge.net/
 Standards-Version: 3.8.1
 
--- libmcrypt-2.5.8.orig/modules/algorithms/enigma.h
+++ libmcrypt-2.5.8/modules/algorithms/enigma.h
@@ -3,11 +3,11 @@
 #define MASK 0377
 
 typedef struct crypt_key {
-   char t1[ROTORSZ];
-   char t2[ROTORSZ];
-   char t3[ROTORSZ];
-   char deck[ROTORSZ];
-   char cbuf[13];
+   signed char t1[ROTORSZ];
+   signed char t2[ROTORSZ];
+   signed char t3[ROTORSZ];
+   signed char deck[ROTORSZ];
+   signed char cbuf[13];
int n1, n2, nr1, nr2;
 } CRYPT_KEY;
 

Bug#900912: Enabling jaw (Java-atk-wrapper) by default ? (Bug#900912)

[Vincent Privat]

If enabled by default, please offer a reliable way for applications to
disable it. We don't need it for JOSM, and we have been so impacted with
jaw's problems in the past years that we will never want it enabled by
default for us.

Le dim. 7 avr. 2019 à 12:08, Samuel Thibault  a
écrit :

> Hello,
>
> Matthias Klose, le sam. 06 avril 2019 15:46:21 +0200, a ecrit:
> > On 06.04.19 15:13, Paul Gevers wrote:
> > > We're late already, I would want this rather sooner than latter
> > > in buster, such that there is some real live testing before we release.
> > > Sure, there are chances for bugs, but if that's the case, let's find
> > > them and fix them.
> >
> > I disagree.  I'll do the next upload with Samuel's proposed patches, not
> > enabling that by default, together with the planned security update.
> Then
> > people can start testing if the wrapper works.
>
> Well, I'm afraid that what will happen is that the people who will
> test will simply find out that it just works for them (just like it
> does already for them with openjdk-8) ; will we then conclude near the
> release that it should be enabled by default for Buster, and then be hit
> by the much wider exposition to jaw?
>
> If on the contrary we enable it by default during the freeze, we will
> have *way* more testing coverage, and thus be much more confident with
> keeping it enabled by default in Buster if we don't see bug reports.
>
> > Enabling features during the freeze which were broken most of the time
> > during the development cycle sounds risky.
>
> Just ftr: what was broken was the load of jaw in openjdk-11, jaw itself
> seems to work in openjdk-8 for people needing it.
>
> Samuel
>

Processed: Patch for the enigma algorithm

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 917203 + patch
Bug #917203 [src:libmcrypt] FTBFS on at least two architectures: test failure 
in the enigma algorithm
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
917203: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917203
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#917203: Patch for the enigma algorithm

[Göran Weinholt]

tags 917203 + patch
thanks

Hello,

greetings from the BSP in Gothenburg. Please find attached a patch that
fixes the libmcrypt ftbfs on armel.

Regards,

-- 
Göran Weinholt
https://weinholt.se/
--- modules/algorithms/enigma.h.orig	2002-03-09 21:17:08.0 +0100
+++ modules/algorithms/enigma.h	2019-04-07 13:54:03.0 +0200
@@ -3,11 +3,11 @@
 #define MASK 0377
 
 typedef struct crypt_key {
-	char t1[ROTORSZ];
-	char t2[ROTORSZ];
-	char t3[ROTORSZ];
-	char deck[ROTORSZ];
-	char cbuf[13];
+	signed char t1[ROTORSZ];
+	signed char t2[ROTORSZ];
+	signed char t3[ROTORSZ];
+	signed char deck[ROTORSZ];
+	signed char cbuf[13];
 	int n1, n2, nr1, nr2;
 } CRYPT_KEY;
 

Bug#926591: libelogind0: does not ship SONAME link /lib//libelogind.so.0 -> libsystemd.so.0.25.0

[Andreas Beckmann]

Package: libelogind0
Version: 241.1-1+debian1
Severity: serious
Tags: patch
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package does not ship the
SONAME link for its library (Policy 8.1).
That link got created later by ldconfig.

>From the attached log (scroll to the bottom...):

0m16.6s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpL2PdQe', 
'tmp/scripts/pre_remove_40_find_unowned_lib_links']
0m17.2s DUMP: 
  UNOWNED SYMLINK /lib/x86_64-linux-gnu/libelogind.so.0 -> libsystemd.so.0.25.0
0m17.2s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpL2PdQe', 
'tmp/scripts/pre_remove_40_find_unowned_lib_links']

I think the symlink setup is overly complicated by using both
/lib and /usr/lib. You should either move everything to /lib
(if that is really required for compatibility with libsystemd0)
or just restrict to /usr/lib (as done in my patch).
I also think you don't need libsystemd.so.0.25.0 symlinks at all,
a libsystemd.so.0 -> libelogind.so.0 symlink should be sufficient.

This produces some noise in piuparts tests and therefore I'd like
to see it fixed for buster.

Andreas
>From 331f7543426163abf628ae13feee4c2253e930c8 Mon Sep 17 00:00:00 2001
From: Andreas Beckmann 
Date: Sun, 7 Apr 2019 13:32:25 +0200
Subject: [PATCH] simplify compat symlink setup

---
 debian/changelog | 3 +++
 debian/libelogind0.links | 3 +--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 572ae4b8f..9ff0bef1d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ elogind (241.1-2~wip1) UNRELEASED; urgency=medium
   [ Andreas Messer ]
   * Retire package maintenance
 
+  [ Andreas Beckmann ]
+  * Simplify compat symlink setup.  (Closes: #xx)
+
  -- Andreas Messer   Fri, 15 Mar 2019 18:06:50 +0100
 
 elogind (241.1-1) unstable; urgency=medium
diff --git a/debian/libelogind0.links b/debian/libelogind0.links
index 47785742c..dd1a34455 100755
--- a/debian/libelogind0.links
+++ b/debian/libelogind0.links
@@ -1,3 +1,2 @@
 #! /usr/bin/dh-exec
-usr/lib/${DEB_HOST_MULTIARCH}/libelogind.so.0.25.0 
lib/${DEB_HOST_MULTIARCH}/libsystemd.so.0.25.0
-lib/${DEB_HOST_MULTIARCH}/libsystemd.so.0.25.0 
lib/${DEB_HOST_MULTIARCH}/libsystemd.so.0
+usr/lib/${DEB_HOST_MULTIARCH}/libelogind.so.0 
usr/lib/${DEB_HOST_MULTIARCH}/libsystemd.so.0
-- 
2.11.0



libelogind0_241.1-1+debian1.log.gz
Description: application/gzip

Processed: block 884128 with 926589

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> block 884128 with 926589
Bug #884128 [src:libical] libical: don't release with buster
884128 was blocked by: 906219 906221 905697
884128 was not blocking any bugs.
Added blocking bug(s) of 884128: 926589
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
884128: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884128
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#925909: [Help] Re: pbgenomicconsensus: autopkgtest regression

[Liubov Chuprikova]

Hi,

On Sun, 7 Apr 2019 at 11:30, Graham Inggs  wrote:

> Hi Andeas
>
> On Sun, 7 Apr 2019 at 07:50, Andreas Tille  wrote:
> > I have no idea why command1 is failing.  Anybody who can reproduce
> > this test result and can fix this test?
>
> The output of command1 is the following:
>
> autopkgtest [15:39:43]: test command1: unset GZIP && cp -r Makefile
> tests $AUTOPKGTEST_TMP && cd $AUTOPKGTEST_TMP && make tests
> autopkgtest [15:39:43]: test command1: [---
> # Unit tests
> # ignore tests requiring
> https://github.com/PacificBiosciences/PacBioTestData which is not
> packaged
> set -e ; \
> TMPDIR=$(mktemp -d /tmp/test_ignore_XX) ; \
> mv tests/unit/test_tool_contract.py ${TMPDIR} ; \
> py.test --junit-xml=nosetests.xml tests/unit ; \
> rm -rf tests/unit/__pycache__ ; \
> mv ${TMPDIR}/* tests/unit ; \
> rmdir ${TMPDIR}
> /bin/bash: line 3: py.test: command not found
> make: *** [Makefile:12: unit-tests] Error 127
> autopkgtest [15:39:44]: test command1: ---]
> autopkgtest [15:39:44]: test command1:  - - - - - - - - - - results -
> - - - - - - - - -
> command1 FAIL non-zero exit status 2
>
> I think all that is needed here is adding a test dependency on
> python-pytest.  See the 'available diffs' section on Steve Langasek's
> upload [1].
>

I have just added python-pytest and one more missing library. Now the tests
should pass.

With regards,
Liubov

Processed (with 1 error): reassign 926589 to ftp.debian.org, severity of 926589 is normal ..., block 926589 with 926589

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 926589 ftp.debian.org
Bug #926589 [src:libical] libical: don't release with buster
Bug reassigned from package 'src:libical' to 'ftp.debian.org'.
No longer marked as found in versions libical/2.0.0-1.
Ignoring request to alter fixed versions of bug #926589 to the same values 
previously set
> severity 926589 normal
Bug #926589 [ftp.debian.org] libical: don't release with buster
Severity set to 'normal' from 'serious'
> retitle 926589 RM: libical -- RoQA, orphaned, superceeded
Bug #926589 [ftp.debian.org] libical: don't release with buster
Changed Bug title to 'RM: libical -- RoQA, orphaned, superceeded' from 
'libical: don't release with buster'.
> block 926589 with 926589
Bug #926589 [ftp.debian.org] RM: libical -- RoQA, orphaned, superceeded
Failed to set blocking bugs of 926589: It is nonsensical for a bug to block 
itself (or a merged partner): 926589.

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
926589: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926589
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#915333: git-annex: Illegal Instruction on armel (Fujitsu Q700 like QNAP TS-21x/TS-22x)

[Darshaka Pathirana]

Hey,

On Mon, 11 Mar 2019 12:05:55 +0200 Adrian Bunk  wrote:
> On Thu, Jan 31, 2019 at 08:12:17PM +0100, Bernhard Übelacker wrote:
> > Hello Everyone,
> > I own a qnap ts-119pII with a similar cpu.
> >
> > See attached file with several debugging attempts.

I took some time and wanted to reproduce and test this issue.

> > If I read [1] right, then the UXTH instruction is just supported
> > on ARMv6 or later.
>
> Looking at the code, the bug seems to be in
> https://sources.debian.org/src/ghc/8.4.4+dfsg1-2/debian/patches/llvm-arm-unknown-linux-gnueabi.patch/
>
> ARM1136JF-S is ARM11, which is ARMv6.
> arm9e would be correct here instead of arm1136jf-s.
>
> Due to the static-only nature of the ghc ecosystem the fix would then
> require a complete rebuild of all Haskell packages on armel, but with
> the buildds otherwise mostly idle now this should be finished within
> 2-3 days.

First I tried to reproduce the crash on one of our porterboxes[4]
`amdahl` (where I could not reproduce the bug, git-annex runs just
fine), but I only much later figured out that it run armv8l:

[4] https://db.debian.org/machines.cgi?host=amdahl

  dpat@amdahl ~ % export sessionid=913555
  dpat@amdahl ~ % schroot -b -c sid_armel-dchroot -n $sessionid
  I: 00check: Untarring chroot environment.  This might take a minute or two.
  I: 99porterbox-extra-sources: o To install build dependencies run
  I: 99porterbox-extra-sources:   dd-schroot-cmd -c 915333 apt-get update
  I: 99porterbox-extra-sources:   followed by build-dep/install as appropriate 
in the host system.
  I: 99porterbox-extra-sources: o If you started this session with schroot -b, 
please do not forget to run
  I: 99porterbox-extra-sources:   schroot --end-session -c 915333
  I: 99porterbox-extra-sources:   when you no longer need this environment.
  915333
  schroot -b -c sid_armel-dchroot -n $sessionid  9.08s user 5.17s system 126% 
cpu 11.293 total
  (sid_armel-dchroot)dpat@amdahl ~ % uname -a
  Linux amdahl 4.9.0-8-arm64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) armv8l 
GNU/Linux

I also tried on `abel` but its a armv7l.

I then wanted to setup a qemu-arm environment but I am stuck finding out which
machine/cpu option would be correct. I found [1] and [2] which states that the 
CPU
"Feroceon 88FR131 rev 1 (v5l)" is a actually a Marvell Kirkwood 88F6281.
(Ok, [3] says that qnap ts-11x runs on Kirkwood system-on-chip (SoC) from 
Marvell).

[1] 
https://www.chainsawonatireswing.com/2012/01/07/find-out-which-cpu-your-synology-diskstation-uses/
[2] https://www.7-cpu.com/cpu/Kirkwood.html
[3] https://www.debian.org/releases/stable/armel/ch02s01.html.en (see 2.1.4)

So, is it possible to emulate a armv5 and if yes, how? Thanks.

Regards from the Debian BSP201904, Salzburg,
 - Darsha



signature.asc
Description: OpenPGP digital signature

Bug#924616: CVE-2018-15587

[Tobias Frost]

Hi,

at the Salzburg BSP I was looking at this report,

On Thu, 14 Mar 2019 23:18:39 +0100 Moritz Muehlenhoff 
wrote:
> Source: evolution
> Severity: grave
> Tags: security
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15587:
> 
> https://bugzilla.gnome.org/show_bug.cgi?id=796424
> 
https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21

https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85

I was triaging into it, but unfortunatly cannot solve it...

Summary:
The second patch seems to be already applied, but the first one seems
not to be... However, I'm not sure if it does the trick as the speciem
attached to the forwarded bug shows still up as "verified"...


> 
> Cheers,
> Moritz
>
> 
> 

Bug#923930: FTBFS: FAIL test_chain (exit status: 1)

[Chris Lamb]

Hi all,

> It looks like this is fixed upstream (at least for 64-bit machines): 
> https://github.com/heimdal/heimdal/issues/533

If it helps, I just blindly tried applying:

  
https://github.com/quanah/heimdal/commit/e3cd069e5c40b455541508b81ffeb0563e882aed

… on top of src:heimdal 7.5.0+dfsg-2.1 (in sid) and it failed with:

  https://gist.githubusercontent.com/lamby/41c5d8aa85972c7c2b289296637dfa7e/raw

(Uninvestigated.)


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Processed (with 5 errors): Re: libical: don't release with buster

[Debian Bug Tracking System]

Processing control commands:

> clone -1 -2
Bug #884128 [src:libical] libical: don't release with buster
Bug 884128 cloned as bug 926589
No valid blocking bug(s) given; not doing anything
Failed to clone 884128: Unknown/archived blocking bug(s):906219.

> retitle -2 RM: libical -- RoQA, orphaned, superceeded
Failed to set the title of -2: The 'bug' parameter ("-2") to 
Debbugs::Control::set_title did not pass regex check
.

> reassign -2 ftp.debian.org
Failed to clear fixed versions and reopen on -2: The 'bug' parameter ("-2") to 
Debbugs::Control::set_package did not pass regex check
.

> block -1 by -2
Failed to set blocking bugs of 884128: Invalid blocking bug(s):-2.

> severity -2 normal
Failed to set severity of Bug -2 to normal: The 'bug' parameter ("-2") to 
Debbugs::Control::set_severity did not pass regex check
.


-- 
884128: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884128
926589: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926589
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#884128: libical: don't release with buster

[Tobias Frost]

Control: clone -1 -2
Control: retitle -2 RM: libical -- RoQA, orphaned, superceeded
Control: reassign -2 ftp.debian.org
Control: block -1 by -2
Control: severity -2 normal

Hi,

as dak is not so unhappy (only 3 packages on kreebsd, see below) I
think we should remove it...

(cloning and assigning clone to ftp.d.o) 

ssh mirror.ftp-master.debian.org "dak rm -Rn libical"
Will remove the following packages from unstable:

   libical |2.0.0-4 | source
  libical2 |2.0.0-4 | armel, hurd-i386, kfreebsd-i386, mips, mipsel
  libical2 | 2.0.0-4+b1 | kfreebsd-amd64
  libical2 | 2.0.0-4+b2 | amd64, arm64, armhf, i386, mips64el, ppc64el,
s390x
libical2-dev |2.0.0-4 | armel, hurd-i386, kfreebsd-i386, mips,
mipsel
libical2-dev | 2.0.0-4+b1 | kfreebsd-amd64
libical2-dev | 2.0.0-4+b2 | amd64, arm64, armhf, i386, mips64el,
ppc64el, s390x

Maintainer: Debian QA Group 

--- Reason ---

--

Checking reverse dependencies...
# Broken Depends:
cairo-dock-plug-ins: cairo-dock-clock-plug-in [kfreebsd-amd64 kfreebsd-
i386]
cyrus-imapd: cyrus-caldav [kfreebsd-amd64 kfreebsd-i386]
 cyrus-common [kfreebsd-amd64 kfreebsd-i386]
kdepimlibs: libkcal4 [kfreebsd-amd64 kfreebsd-i386]
libkcalcore4 [kfreebsd-amd64 kfreebsd-i386]

Dependency problem found.


On Thu, 21 Mar 2019 11:30:09 +0100 "Thierry fa...@linux.ibm.com" <
thie...@linux.ibm.com> wrote:
> Hello,
> As currently we have (for most of the platforms)
> 
> $ apt-cache madison libical2
>   libical2 | 2.0.0-4+b2 | http://ftp.fr.debian.org/debian buster/main
> amd64 Packages
>libical |2.0.0-4 | http://ftp.fr.debian.org/debian buster/main
> Sources
> 
> What do we do with that bug ?
> Thanks
> 
> 
> 
> On Wed, 8 Aug 2018 10:39:14 +0200 Emilio Pozuelo Monfort
>  wrote:
> > On 08/08/18 09:33, Niels Thykier wrote:
> > > Control: tags -1 moreinfo
> > > 
> > > On Mon, 11 Dec 2017 19:43:59 +0100 Emilio Pozuelo Monfort
> > >  wrote:
> > >> Source: libical
> > >> Version: 2.0.0-1
> > >> Severity: serious
> > >>
> > >> Hi,
> > >>
> > >> We have src:libical3 now, so libical2 should be dropped before
the
> > >> freeze. We shouldn't need to release buster with both libical 2
and 3.
> > >> Filing this bug so we don't forget about that.
> > >>
> > >> Emilio
> > >>
> > >> [...]
> > > Hi Emilio,
> > > 
> > > We are getting "close" to the transition freeze.  If it is still
the
> > > plan to remove libical from Debian buster, please start filing
bugs
> > > against the (remaining) reverse dependencies and have them fixed.
> > 
> > That's basically kdepimlibs, as cyrus-imapd is not in testing and
kmymoney is
> > already fixed in experimental and just needs an upload to sid.
> > 
> > kdepimlibs may not be easy though as disabling libical will
probably disable
> > some libs that may be used by rdeps. Someone needs to look at that.
I have just
> > opened a bug for it and made it block this one.
> > 
> > Cheers,
> > Emilio
> > 
> > 
> 
> -- 
> Thierry Fauck @ fr.ibm.com
> 
> 
> 

Bug#926587: marked as done (roundup: CVE-2019-10904)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 08:04:14 -0400
with message-id 
and subject line Re: Bug#926587: Acknowledgement (roundup: CVE-2019-10904)
has caused the Debian Bug report #926587,
regarding roundup: CVE-2019-10904
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
926587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926587
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: roundup
Version: 1.4.20-1.1+deb8u1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for roundup.

CVE-2019-10904[0]:
| Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and
| roundup/cgi/wsgi_handler.py mishandle 404 errors.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-10904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10904


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- End Message ---
--- Begin Message ---
The Debian Bug Tracking System wrote:

> Thank you for filing a new Bug report with Debian.

… nd I've just noticed that src:roundup was removed since jessie, so
closing this bug.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   ` End Message ---

Bug#926587: roundup: CVE-2019-10904

[Chris Lamb]

Package: roundup
Version: 1.4.20-1.1+deb8u1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for roundup.

CVE-2019-10904[0]:
| Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and
| roundup/cgi/wsgi_handler.py mishandle 404 errors.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-10904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10904


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#924123: marked as done (shishi: FTBFS with pam >= 1.3)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 11:48:56 +
with message-id 
and subject line Bug#924123: fixed in shishi 1.0.2-6.2
has caused the Debian Bug report #924123,
regarding shishi: FTBFS with pam >= 1.3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
924123: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924123
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:shishi
Version: 1.0.2-6.1
Severity: serious
Tags: ftbfs

Dear maintainer:

I tried to build this package in buster but it failed:


[...]
 debian/rules build-indep
test -x debian/rules
mkdir -p "."
CDBS WARNING:DEB_DH_STRIP_ARGS is deprecated since 0.4.85
CDBS WARNING:DEB_COMPRESS_EXCLUDE is deprecated since 0.4.85
set -e;   mv ./build-aux/config.guess ./build-aux/config.guess.cdbs-orig; cp 
--remove-destination /usr/share/misc/config.guess ./build-aux/config.guess;
set -e;   mv ./build-aux/config.sub ./build-aux/config.sub.cdbs-orig; cp 
--remove-destination /usr/share/misc/config.sub ./build-aux/config.sub;
dh_autoreconf 
Copying file build-aux/config.rpath
Copying file m4/codeset.m4
Copying file m4/glibc2.m4
Copying file m4/glibc21.m4
Copying file m4/intdiv0.m4
Copying file m4/intl.m4

[... snipped ...]

gtkdoc-mkhtml 2>&1 --help | grep  >/dev/null "\-\-verbose"; \
if test "$?" = "0"; then \
  if test "x" = "x1"; then \
mkhtml_options="$mkhtml_options --verbose"; \
  fi; \
fi; \
gtkdoc-mkhtml 2>&1 --help | grep  >/dev/null "\-\-path"; \
if test "$?" = "0"; then \
  mkhtml_options="$mkhtml_options --path=\"/<>/doc/reference\""; \
fi; \
cd html && gtkdoc-mkhtml $mkhtml_options  shishi ../shishi-docs.sgml
gtkdoc-fixxref --module=shishi --module-dir=html 
--html-dir=/usr/share/gtk-doc/html 
Package glib-2.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `glib-2.0.pc'
to the PKG_CONFIG_PATH environment variable
No package 'glib-2.0' found
touch html-build.stamp
make[4]: Leaving directory '/<>/doc/reference'
make[3]: Leaving directory '/<>/doc'
Making all in extra
make[3]: Entering directory '/<>/extra'
Making all in pam_shishi
make[4]: Entering directory '/<>/extra/pam_shishi'
/bin/bash ../../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. 
-I../..  -I../../gl -I../../lib -I../../gl -I../../lib -Wdate-time 
-D_FORTIFY_SOURCE=2  -g -O2 -fdebug-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -c -o pam_shishi.lo 
pam_shishi.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../.. -I../../gl -I../../lib 
-I../../gl -I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -c pam_shishi.c  -fPIC -DPIC -o .libs/pam_shishi.o
pam_shishi.c: In function 'pam_sm_authenticate':
pam_shishi.c:185:48: warning: cast to pointer from integer of different size 
[-Wint-to-pointer-cast]
   pam_set_data (pamh, "shishi_setcred_return", (void *) retval, NULL);
^
pam_shishi.c:127:7: warning: ignoring return value of 'asprintf', declared with 
attribute warn_unused_result [-Wunused-result]
   asprintf ((char **) [0].msg, "Password for `%s@%s': ",
   ^~
   shishi_principal_default (h), shishi_realm_default (h));
   ~~~
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../.. -I../../gl -I../../lib 
-I../../gl -I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 
-fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -c pam_shishi.c -o pam_shishi.o >/dev/null 2>&1
make[4]: *** [Makefile:1359: pam_shishi.lo] Error 1
make[4]: Leaving directory '/<>/extra/pam_shishi'
make[3]: *** [Makefile:1272: all-recursive] Error 1
make[3]: Leaving directory '/<>/extra'
make[2]: *** [Makefile:1440: all-recursive] Error 1
make[2]: Leaving directory '/<>'
make[1]: *** [Makefile:1301: all] Error 2
make[1]: Leaving directory '/<>'
make: *** [/usr/share/cdbs/1/class/makefile.mk:77: debian/stamp-makefile-build] 
Error 2
dpkg-buildpackage: error: debian/rules build-indep subprocess returned exit 
status 2


The build was made in my autobuilder with "dpkg-buildpackage -A"
and it also fails here:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/shishi.html

where you can get a full build log if you need it.

If this is really a bug in one of 

Processed: severity of 926400 is grave

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 926400 grave
Bug #926400 [libaprutil1-dbd-mysql] libapr1-dbd-mysql: apache fails to start if 
dbd with mysql is used
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
926400: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926400
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#926584: caffe-contrib: needs new upload for leveldb transition

[Ivo De Decker]

package: caffe-contrib
severity: serious
version: 1.0.0+git20180821.99bd997-2

Hi,

There is an ongoing transition of leveldb to fix #83. caffe-contrib needs
an upload for this transition (it is not buildable on the buildd).

Thanks,

Ivo

Bug#924123: shishi seems to be fixed upstream (in git)

[Andreas Henriksson]

Control: tags -1 + fixed-upstream

Greetings from Gothenburg BSP.

Upstream seems to have adressed this (and many other issues) in their
git repository (but there hasn't been any new releases for years):
http://git.savannah.gnu.org/gitweb/?p=shishi.git;a=commitdiff;h=07cd137bf79af3b9abfe08ff55c36a0c6785e733;hp=cbc4c1ca3f8af8ac80248aab5b06244d5df5fda3

Regards,
Andreas Henriksson

Processed: shishi seems to be fixed upstream (in git)

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + fixed-upstream
Bug #924123 [src:shishi] shishi: FTBFS with pam >= 1.3
Added tag(s) fixed-upstream.

-- 
924123: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924123
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#897489: python-whoosh: FTBFS: dh_auto_test: pybuild --test --test-pytest -i python{version} -p 3.6 returned exit code 13

[Ivo De Decker]

Hi Chris,

On 4/7/19 11:45 AM, Chris Lamb wrote:

Hi Ivo,


Fixing this bug and reuploading now... :)


Thanks for the upload. However, you included the changes from -2. Could you
revert the debhelper compat bump?


Sure, it was already committed prior to the freeze IIRC. Uploaded as
-4, including all the changes since the -1 in buster.


Thanks! I added an unblock for it (so no need to file an unblock request).


(For completeness, the reason why -1 did not hit the archive is due to
a pristine-tar issue; I reverted and recreated the entry on the
pristine-tar branch and it regenerates correctly at build time, avoiding
the REJECT when the file was "different in the archive").


Ah, that explains that...

Ivo

Processed: severity of 919486 is important

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 919486 important
Bug #919486 [osinfo-db] Please support Debian Buster
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
919486: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919486
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882324: amavisd-new: diff for NMU version 1:2.11.0-6.1

[Brian May]

Tobias Frost  writes:

> I've prepared an NMU for amavisd-new (versioned as 1:2.11.0-6.1) and
> uploaded it to DELAYED/10. Please feel free to tell me if I
> should delay it longer.

Thanks. This looks good to me. Feel free to upload immediately without
the delay if you want.
-- 
Brian May 

Bug#926578: faudio: Incomplete debian/copyright?

[Chris Lamb]

Source: faudio
Version: 19.02-1
Severity: serious
Justication: Policy §12.5
X-Debbugs-CC: Michael Gilbert , 
ftpmas...@debian.org

Hi,

I just ACCEPTed faudio from NEW but noticed it was missing 
attribution in debian/copyright for at least Sean Barrett.

This is in no way exhaustive so please check over the entire package 
carefully and address these on your next upload.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#924635: marked as done (libactivemq-java depends on the removed libspring-jms-java)

[Debian Bug Tracking System]

Your message dated Sun, 7 Apr 2019 12:17:36 +0200
with message-id <20190407101735.ct5b3qjwbxe2e...@debian.org>
and subject line Re: Update
has caused the Debian Bug report #924635,
regarding libactivemq-java depends on the removed libspring-jms-java
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
924635: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924635
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libactivemq-java
Version: 5.15.8-2
Severity: serious
Tags: sid buster

libactivemq-java depends on the removed libspring-jms-java.
--- End Message ---
--- Begin Message ---
Hi,

On Sun, Apr 07, 2019 at 07:30:09AM +0200, Dominik Stadler wrote:
> Bug #925533 re-adds the messaging and jms modules in libspring, so this bug
> could be merged as duplicate with that one now.

The issue in libactivemq-java no longer exists. Closing this bug.

Ivo--- End Message ---

Bug#900912: Enabling jaw (Java-atk-wrapper) by default ? (Bug#900912)

[Samuel Thibault]

Hello,

Matthias Klose, le sam. 06 avril 2019 15:46:21 +0200, a ecrit:
> On 06.04.19 15:13, Paul Gevers wrote:
> > We're late already, I would want this rather sooner than latter
> > in buster, such that there is some real live testing before we release.
> > Sure, there are chances for bugs, but if that's the case, let's find
> > them and fix them.
> 
> I disagree.  I'll do the next upload with Samuel's proposed patches, not
> enabling that by default, together with the planned security update.  Then
> people can start testing if the wrapper works.

Well, I'm afraid that what will happen is that the people who will
test will simply find out that it just works for them (just like it
does already for them with openjdk-8) ; will we then conclude near the
release that it should be enabled by default for Buster, and then be hit
by the much wider exposition to jaw?

If on the contrary we enable it by default during the freeze, we will
have *way* more testing coverage, and thus be much more confident with
keeping it enabled by default in Buster if we don't see bug reports.

> Enabling features during the freeze which were broken most of the time
> during the development cycle sounds risky.

Just ftr: what was broken was the load of jaw in openjdk-11, jaw itself
seems to work in openjdk-8 for people needing it.

Samuel

Processed: archiving 815545

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> archive 815545
Bug #815545 {Done: Rene Engelhard } [src:graphite2] 
libgraphite2-2.0.0: Incorrect SONAME in shlibs (3 vs 2.0.0)
archived 815545 to archive/45 (from 815545)
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
815545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815545
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#897489: marked as done (python-whoosh: FTBFS due to non-deterministic behaviour in NFA.minimize)

[Debian Bug Tracking System]

Your message dated Sun, 07 Apr 2019 10:03:36 +
with message-id 
and subject line Bug#897489: fixed in python-whoosh 2.7.4+git6-g9134ad92-4
has caused the Debian Bug report #897489,
regarding python-whoosh: FTBFS due to non-deterministic behaviour in 
NFA.minimize
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
897489: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897489
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-whoosh
Version: 2.7.4+git6-g9134ad92-1
Severity: serious
Tags: buster sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20180502 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part (hopefully):
> make[1]: Entering directory '/<>/python-whoosh-2.7.4+git6-g9134ad92'
> dh_auto_build --buildsystem=pybuild
> I: pybuild base:217: /usr/bin/python setup.py build 
> running build
> running build_py
> creating 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/highlight.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/fields.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/system.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/legacy.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/multiproc.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/writing.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/searching.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/formats.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/spelling.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/collectors.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/sorting.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/classify.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/scoring.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/columns.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/idsets.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/compat.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/__init__.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/externalsort.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/index.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> copying src/whoosh/reading.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh
> creating 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/filedb
> copying src/whoosh/filedb/structfile.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/filedb
> copying src/whoosh/filedb/filetables.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/filedb
> copying src/whoosh/filedb/filestore.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/filedb
> copying src/whoosh/filedb/gae.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/filedb
> copying src/whoosh/filedb/__init__.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/filedb
> copying src/whoosh/filedb/compound.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/filedb
> creating 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/automata
> copying src/whoosh/automata/glob.py -> 
> /<>/python-whoosh-2.7.4+git6-g9134ad92/.pybuild/cpython2_2.7_whoosh/build/whoosh/automata
> copying 

Processed: found 788721 in firefox-esr/60.5.1esr-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 788721 firefox-esr/60.5.1esr-1
Bug #788721 [firefox-esr] firefox-esr: Some sources are missing
Marked as found in versions firefox-esr/60.5.1esr-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
788721: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788721
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: severity of 815545 is serious

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 815545 serious
Bug #815545 {Done: Rene Engelhard } [src:graphite2] 
libgraphite2-2.0.0: Incorrect SONAME in shlibs (3 vs 2.0.0)
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
815545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815545
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: firefox-esr: Some sources are misssing

[Debian Bug Tracking System]

Processing control commands:

> reassign 788721 firefox-esr
Bug #788721 [src:firefox-esr] [src:iceweasel] Some sources are not included in 
your package
Bug reassigned from package 'src:firefox-esr' to 'firefox-esr'.
Ignoring request to alter found versions of bug #788721 to the same values 
previously set
Ignoring request to alter fixed versions of bug #788721 to the same values 
previously set
> retitle 788721 firefox-esr: Some sources are missing
Bug #788721 [firefox-esr] [src:iceweasel] Some sources are not included in your 
package
Changed Bug title to 'firefox-esr: Some sources are missing' from 
'[src:iceweasel] Some sources are not included in your package'.

-- 
788721: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788721
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#788721: firefox-esr: Some sources are misssing

[Jonas Smedegaard]

control: reassign 788721 firefox-esr
control: retitle 788721 firefox-esr: Some sources are missing

This bug affects firefox-esr in testing:

At least these non-source files are still problematic:

js/src/octane/typescript-input.js
js/src/octane/box2d.js
third_party/python/mock-1.0.0/html/_static/underscore.js
third_party/python/mock-1.0.0/html/_static/jquery.js
browser/components/translation/cld2/cld-worker.js
browser/extensions/pocket/content/panels/js/vendor/jquery.tokeninput.min.js
browser/extensions/pocket/content/panels/js/vendor/jquery-2.1.1.min.js
layout/mathml/tests/stretchy-and-large-operators.js

Other of the previously reported files may still be relevant as well, 
and possibly additional files are similarly problematic (indicated by 
doing a "find -name '*.min.js'" without examining further).

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#924634: marked as done (libuima-as-java depends on the removed libspring-jms-java)

[Debian Bug Tracking System]

Your message dated Sun, 7 Apr 2019 11:52:38 +0200
with message-id <20190407095236.wivmwod6272aq...@debian.org>
and subject line Re: Update
has caused the Debian Bug report #924634,
regarding libuima-as-java depends on the removed libspring-jms-java
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
924634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libuima-as-java
Version: 2.3.1-9
Severity: serious
Tags: sid buster

libuima-as-java depends on the removed libspring-jms-java in unstable.
--- End Message ---
--- Begin Message ---
Hi,

On Sun, Apr 07, 2019 at 07:29:48AM +0200, Dominik Stadler wrote:
> Bug #925533 re-adds the messaging and jms modules in libspring, so this bug
> could be merged as duplicate with that one now.

I think it's better to close this bug, as the issue in libuima-as-java no
longer exists.

Thanks,

Ivo--- End Message ---

Bug#897489: python-whoosh: FTBFS: dh_auto_test: pybuild --test --test-pytest -i python{version} -p 3.6 returned exit code 13

[Chris Lamb]

Hi Ivo,

> > Fixing this bug and reuploading now... :)
> 
> Thanks for the upload. However, you included the changes from -2. Could you
> revert the debhelper compat bump?

Sure, it was already committed prior to the freeze IIRC. Uploaded as
-4, including all the changes since the -1 in buster.

(For completeness, the reason why -1 did not hit the archive is due to
a pristine-tar issue; I reverted and recreated the entry on the
pristine-tar branch and it regenerates correctly at build time, avoiding
the REJECT when the file was "different in the archive").


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#919571: This shouldn't need fixing: obsoleted by libical3

[Jonas Smedegaard]

control: affects 926574 libical

Please note that libical is superseded by libical3, and has now been 
requested removed from Debian - see bug#926574.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#925909: [Help] Re: pbgenomicconsensus: autopkgtest regression

[Graham Inggs]

Hi Andeas

On Sun, 7 Apr 2019 at 07:50, Andreas Tille  wrote:
> I have no idea why command1 is failing.  Anybody who can reproduce
> this test result and can fix this test?

The output of command1 is the following:

autopkgtest [15:39:43]: test command1: unset GZIP && cp -r Makefile
tests $AUTOPKGTEST_TMP && cd $AUTOPKGTEST_TMP && make tests
autopkgtest [15:39:43]: test command1: [---
# Unit tests
# ignore tests requiring
https://github.com/PacificBiosciences/PacBioTestData which is not
packaged
set -e ; \
TMPDIR=$(mktemp -d /tmp/test_ignore_XX) ; \
mv tests/unit/test_tool_contract.py ${TMPDIR} ; \
py.test --junit-xml=nosetests.xml tests/unit ; \
rm -rf tests/unit/__pycache__ ; \
mv ${TMPDIR}/* tests/unit ; \
rmdir ${TMPDIR}
/bin/bash: line 3: py.test: command not found
make: *** [Makefile:12: unit-tests] Error 127
autopkgtest [15:39:44]: test command1: ---]
autopkgtest [15:39:44]: test command1:  - - - - - - - - - - results -
- - - - - - - - -
command1 FAIL non-zero exit status 2

I think all that is needed here is adding a test dependency on
python-pytest.  See the 'available diffs' section on Steve Langasek's
upload [1].

Regards
Graham


[1] https://launchpad.net/ubuntu/+source/pbgenomicconsensus/2.3.2-1ubuntu1

Bug#916145: closure-compiler: Not working with recent JS code

[Adrian Bunk]

On Sat, Apr 06, 2019 at 06:13:05PM +0200, Chris Hofstaedtler wrote:
> * Roland Gruber  [190406 16:07]:
> > the current version is so old that it got incompatible with recent JS code.
> > E.g. jQuery 3.3.1 cannot be minified as the tool reports parsing errors.
> > 
> > Please either update the tool or remove it from the archive. This is now
> > 5 years in unmaintained state.
> 
> I've checked all r-deps of closure-compiler in Debian, and they all
> build -- datatables-extensions shows some errors in a prebuilt file,
> but it has done so for a long time, so probably not super relevant.
> 
> While I agree that having a 5 year old JS compiler in Debian is not

Now over 6 years.

> a great situation, its also not threatening to the packages in
> Debian using it, so I'd suggest keeping it for now.

Packages that would require a non-prehistoric version of 
closure-compiler are already blocked from entering Debian,
see #843951 and #727529 (since 2013!) as examples.

Any actual user installing closure-compiler will have a WTF experience 
when discovering that the new Debian release ships a version that was
already outdated when the dinosaurs roamed the earth.

> Adrian: you raised the severity, care to lower it until buster is
> out (or say some words on why)?

IMHO the release team adding a buster-ignore tag would be the best way 
forward here - this would still show up as RC bug for bullseye.

> Cheers,
> Chris (from the Salzburg BSP)

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#901148: Some analysis

[Wolfgang Silbermayr]

Having been hit by this on Buseter Testing before, I did some
investigation. Here are my findings:

Conditions for this bug to appear are:

   * timidity-daemon is installed
   * timidity service (from the timidity-daemon package) is enabled or
 timidity gets started by hand
   * No midi device is provided by the kernel

Only if all of these these conditions are fulfilled at the same time,
this comes into effect.

A quick test on Stretch with the timidity service enabled did not reveal
the bug. However, timidity was not running after boot, and I didn't find
the reason why. After starting it by hand, pulseaudio got unusable, just
like it does on Buster. So my guess is that the bug was actually present
in Stretch, it just did not show due to timidity not starting properly
at boot.

A removal of timidity-daemon on affected systems is sufficient. It is
set to "Suggests" instead of "Recommends" with timidity as of 2.14.0-8,
so the majority of people who install games or music programs that pull
in timidity will no longer be affected.

People who will be affected are those that got timidity-daemon installed
in Stretch by the "Recommends" dep, and then upgraded to Buster. Even an
apt autoremove will keep timidity-daemon installed.

One way to escape this bug is to have a midi device available in the
system, which can also be snd_virmidi. But I don't consider this a clean
solution, because it will probably interfere for people who have real
midi hardware.

What other options do we have? Simply keep it as-is and document it in
the the upgrade manual? Or do we have some mechanism available that
would remove timidity-daemon if it was installed automatically? Any
other ideas?