Bug#933693: rust-cargo: FTBFS due to missing/uninstallable build dependencies

[Nicolas Braud-Santoni]

Control: tag -1 + confirmed pending

On Fri, Aug 02, 2019 at 01:24:00AM +, Ximin Luo wrote:
> We are blocked on FTP masters accepting rust-bstr and the new build
> dependencies of the new version of cargo.

Hi Ximin,

Thanks for the explanation.

> Please check the debcargo-conf.git repo first, before filing bug reports for
> these types of FTBFS bugs.

I did look, but I missed it.  Sorry about that...


Best,

  nicoo

> > Hi,
> > 
> > rust-cargo fails to rebuild from source (in a clean sbuild environment).
> > 
> > I ran into this while rebuilding all reverse dependencies of 
> > rust-openssl-sys
> > prior to uploading an updated version.
> > 
> > Best,
> > 
> >   nicoo
> > 
> > ---
> > 
> > $ sbuild -d sid rust-cargo
> > sbuild (Debian sbuild) 0.78.1 (09 February 2019) on localhost
> > 
> > +==+
> > | rust-cargo (amd64)   Thu, 01 Aug 2019 23:34:16 
> > + |
> > +==+
> > 
> > Package: rust-cargo
> > Distribution: sid
> > Machine Architecture: amd64
> > Host Architecture: amd64
> > Build Architecture: amd64
> > Build Type: full
> > 
> > [...]
> > 
> > +--+
> > | Update chroot 
> >|
> > +--+
> > 
> > [...]
> > 
> > +--+
> > | Fetch source files
> >|
> > +--+
> > 
> > 
> > Check APT
> > -
> > 
> > Checking available source versions...
> > 
> > Download source files with APT
> > --
> > 
> > Reading package lists...
> > NOTICE: 'rust-cargo' packaging is maintained in the 'Git' version control 
> > system at:
> > https://salsa.debian.org/rust-team/debcargo-conf.git [src/cargo]
> > Please use:
> > git clone https://salsa.debian.org/rust-team/debcargo-conf.git [src/cargo]
> > to retrieve the latest (possibly unreleased) updates to the package.
> > Need to get 943 kB of source archives.
> > Get:1 http://localhost:3142/debian sid/main rust-cargo 0.35.0-1 (dsc) [5100 
> > B]
> > Get:2 http://localhost:3142/debian sid/main rust-cargo 0.35.0-1 (tar) [934 
> > kB]
> > Get:3 http://localhost:3142/debian sid/main rust-cargo 0.35.0-1 (diff) 
> > [4304 B]
> > Fetched 943 kB in 0s (11.2 MB/s)
> > Download complete and in download only mode
> > I: NOTICE: Log filtering will replace 
> > 'build/rust-cargo-oCDNo8/rust-cargo-0.35.0' with '<>'
> > I: NOTICE: Log filtering will replace 'build/rust-cargo-oCDNo8' with 
> > '<>'
> > 
> > +--+
> > | Install package build dependencies
> >|
> > +--+
> > 
> > 
> > Setup apt archive
> > -
> > 
> > Merged Build-Depends: debhelper (>= 11), dh-cargo (>= 15), cargo, rustc, 
> > libstd-rust-dev, librust-atty-0.2+default-dev, 
> > librust-byteorder-1+default-dev (>= 1.2-~~), 
> > librust-bytesize-1+default-dev, librust-clap-2+default-dev (>= 2.31.2-~~), 
> > librust-core-foundation-0.6+default-dev, 
> > librust-core-foundation-0.6+mac-os-10-7-support-dev, 
> > librust-crates-io-0.23+default-dev, 
> > librust-crossbeam-utils-0.6+default-dev, 
> > librust-crypto-hash-0.3+default-dev (>= 0.3.1-~~), 
> > librust-curl-0.4+default-dev (>= 0.4.19-~~), librust-curl-0.4+http2-dev (>= 
> > 0.4.19-~~), librust-curl-sys-0.4+default-dev (>= 0.4.15-~~), 
> > librust-env-logger-0.6+default-dev, librust-failure-0.1+default-dev (>= 
> > 0.1.5-~~), librust-filetime-0.2+default-dev, librust-flate2-1+default-dev 
> > (>= 1.0.3-~~), librust-flate2-1+zlib-dev (>= 1.0.3-~~), 
> > librust-fs2-0.4+default-dev, librust-fwdansi-1+default-dev, 
> > librust-git2-0.8+default-dev, librust-git2-curl-0.9+default-dev, 
> > librust-glob-0.2+default-dev (>= 0.2.11-~~), librust-hex-0.3+default-dev, 
> > librust-home-0.3+default-dev, librust-ignore-0.4+default-dev, 
> > librust-im-rc-12+default-dev (>= 12.1.0-~~), 
> > librust-jobserver-0.1+default-dev (>= 0.1.11-~~), 
> > librust-lazy-static-1+default-dev (>= 1.2.0-~~), 
> > librust-lazycell-1+default-dev (>= 1.2.0-~~), librust-libc-0.2+default-dev, 
> > librust-libgit2-sys-0.7+default-dev (>= 0.7.9-~~), 
> > librust-log-0.4+default-dev (>= 0.4.6-~~), librust-miow-0.3+default-dev (>= 
> > 0.3.1-~~), librust-num-cpus-1+default-dev, librust-opener-0.3+default-dev, 
> > librust-rustc-workspace-hack-1+default-dev, librust-rustfix-0.4+default-dev 
> > (>= 0.4.4-~~), librust-same-file-1+default-dev, 
> > librust-semver-0.9+default-dev, 

Bug#933693: rust-cargo: FTBFS due to missing/uninstallable build dependencies

[Nicolas Braud-Santoni]

Source: rust-cargo
Version: 0.35.0-1
Severity: serious
Justification: FTBFS

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

rust-cargo fails to rebuild from source (in a clean sbuild environment).

I ran into this while rebuilding all reverse dependencies of rust-openssl-sys
prior to uploading an updated version.

Best,

  nicoo

- ---

$ sbuild -d sid rust-cargo
sbuild (Debian sbuild) 0.78.1 (09 February 2019) on localhost

+==+
| rust-cargo (amd64)   Thu, 01 Aug 2019 23:34:16 + |
+==+

Package: rust-cargo
Distribution: sid
Machine Architecture: amd64
Host Architecture: amd64
Build Architecture: amd64
Build Type: full

[...]

+--+
| Update chroot|
+--+

[...]

+--+
| Fetch source files   |
+--+


Check APT
- -

Checking available source versions...

Download source files with APT
- --

Reading package lists...
NOTICE: 'rust-cargo' packaging is maintained in the 'Git' version control 
system at:
https://salsa.debian.org/rust-team/debcargo-conf.git [src/cargo]
Please use:
git clone https://salsa.debian.org/rust-team/debcargo-conf.git [src/cargo]
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 943 kB of source archives.
Get:1 http://localhost:3142/debian sid/main rust-cargo 0.35.0-1 (dsc) [5100 B]
Get:2 http://localhost:3142/debian sid/main rust-cargo 0.35.0-1 (tar) [934 kB]
Get:3 http://localhost:3142/debian sid/main rust-cargo 0.35.0-1 (diff) [4304 B]
Fetched 943 kB in 0s (11.2 MB/s)
Download complete and in download only mode
I: NOTICE: Log filtering will replace 
'build/rust-cargo-oCDNo8/rust-cargo-0.35.0' with '<>'
I: NOTICE: Log filtering will replace 'build/rust-cargo-oCDNo8' with 
'<>'

+--+
| Install package build dependencies   |
+--+


Setup apt archive
- -

Merged Build-Depends: debhelper (>= 11), dh-cargo (>= 15), cargo, rustc, 
libstd-rust-dev, librust-atty-0.2+default-dev, librust-byteorder-1+default-dev 
(>= 1.2-~~), librust-bytesize-1+default-dev, librust-clap-2+default-dev (>= 
2.31.2-~~), librust-core-foundation-0.6+default-dev, 
librust-core-foundation-0.6+mac-os-10-7-support-dev, 
librust-crates-io-0.23+default-dev, librust-crossbeam-utils-0.6+default-dev, 
librust-crypto-hash-0.3+default-dev (>= 0.3.1-~~), librust-curl-0.4+default-dev 
(>= 0.4.19-~~), librust-curl-0.4+http2-dev (>= 0.4.19-~~), 
librust-curl-sys-0.4+default-dev (>= 0.4.15-~~), 
librust-env-logger-0.6+default-dev, librust-failure-0.1+default-dev (>= 
0.1.5-~~), librust-filetime-0.2+default-dev, librust-flate2-1+default-dev (>= 
1.0.3-~~), librust-flate2-1+zlib-dev (>= 1.0.3-~~), 
librust-fs2-0.4+default-dev, librust-fwdansi-1+default-dev, 
librust-git2-0.8+default-dev, librust-git2-curl-0.9+default-dev, 
librust-glob-0.2+default-dev (>= 0.2.11-~~), librust-hex-0.3+default-dev, 
librust-home-0.3+default-dev, librust-ignore-0.4+default-dev, 
librust-im-rc-12+default-dev (>= 12.1.0-~~), librust-jobserver-0.1+default-dev 
(>= 0.1.11-~~), librust-lazy-static-1+default-dev (>= 1.2.0-~~), 
librust-lazycell-1+default-dev (>= 1.2.0-~~), librust-libc-0.2+default-dev, 
librust-libgit2-sys-0.7+default-dev (>= 0.7.9-~~), librust-log-0.4+default-dev 
(>= 0.4.6-~~), librust-miow-0.3+default-dev (>= 0.3.1-~~), 
librust-num-cpus-1+default-dev, librust-opener-0.3+default-dev, 
librust-rustc-workspace-hack-1+default-dev, librust-rustfix-0.4+default-dev (>= 
0.4.4-~~), librust-same-file-1+default-dev, librust-semver-0.9+default-dev, 
librust-semver-0.9+serde-dev, librust-serde-1+default-dev (>= 1.0.82-~~), 
librust-serde-1+derive-dev (>= 1.0.82-~~), 
librust-serde-ignored-0.0.4+default-dev, librust-serde-json-1+default-dev (>= 
1.0.30-~~), librust-serde-json-1+raw-value-dev (>= 1.0.30-~~), 
librust-shell-escape-0.1+default-dev (>= 0.1.4-~~), librust-tar-0.4-dev (>= 
0.4.18-~~), librust-tempfile-3+default-dev, librust-termcolor-1+default-dev, 
librust-toml-0.4+default-dev (>= 0.4.2-~~), 
librust-unicode-width-0.1+default-dev (>= 0.1.5-~~), librust-url-1+default-dev 
(>= 1.1-~~), librust-url-serde-0.2+default-dev, librust-winapi-0.3+basetsd-dev, 
librust-winapi-0.3+default-dev, librust-winapi-0.3+handleapi-dev, 
librust-winapi-0.3+jobapi-dev, 

Bug#926551: libykpiv1: Security issues in versions prior to 1.7.0

[Nicolas Braud-Santoni]

Package: libykpiv1
Version: 1.6.2-1
Severity: serious
Tags: security buster sid upstream fixed-upstream pending
Justification: Security issue

Hi,

Yubico released a new version of libykpiv, mentionning “security fixes” in
the NEWS file, but without publishing a new security advisory.

I believe this refers to the following issues (quoting changelog entries):

* Memory unsafety:
* lib/internal.h, lib/ykpiv.c: lib: tlv length buffer checks
* lib/internal.h, lib/util.c: lib: correct overflow checks in 
_write_certificate
* lib/util.c, lib/ykpiv.c: lib: resolves potential reads of
uninitialized data

* Correctly erasing secrets from memory after use:
  * lib/util.c: lib: clear secrets in set_protected_mgm
* lib/ykpiv.c: lib: clear secrets in ykpiv_import_private_key
* lib/ykpiv.c: lib: clear secrets in auth api
* lib/internal.c, lib/ykpiv.c: lib: clear buffers containing key
  material
* lib/internal.h, lib/util.c: lib: use secure zero memory platform
functions

* lib/ykpiv.c: lib: check internal authentication crypt errors


Given the absence of an advisory, I assume those issues are not known to be
exploitable.  However, I believe it would be worth fixing them before the
release of Buster.

Please let me know if a fix should be backported to stretch.


Best,

  nicoo


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libykpiv1 depends on:
ii  libc6 2.28-8
ii  libpcsclite1  1.8.24-1
ii  libssl1.1 1.1.1b-1

Versions of packages libykpiv1 recommends:
ii  pcscd  1.8.24-1

libykpiv1 suggests no packages.

-- no debconf information

Bug#925212: yubikey-manager: ykman doesn't properly handle static passwords on non-QWERTY keyboards

[Nicolas Braud-Santoni]

Package: yubikey-manager
Version: 2.0.0-2
Severity: serious
Tags: fixed-upstream upstream pending
Justification: RoM, severe usability degradation for many users

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

See https://github.com/Yubico/yubikey-manager/pull/220


- -- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages yubikey-manager depends on:
ii  pcscd1.8.24-1
ii  python3  3.7.2-1
ii  python3-click7.0-1
ii  python3-yubikey-manager  2.0.0-2

yubikey-manager recommends no packages.

yubikey-manager suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEU7EqA8ZVHYoLJhPE5vmO4pLV7MsFAlyTcjMRHG5pY29vQGRl
Ymlhbi5vcmcACgkQ5vmO4pLV7MuPSQ//Tub1Si5y5+JWfnAMj5tUtC/W7AIXC/Z5
LDW0irOlnXpKiT2FQGv0/wV7KXU1wlAkLuA4YGpHP4SDvBnohB5+ix3oWPvHnkX8
fP75V+SWsLWLPGmCtcYbfTxETs9o2zDmv13GIJMBGP9DVU2ucO+98rGnpG3y2gRB
DPOilDR648ZbPkWcYrsm72oQ0SeREXZ1O27EsnRCCM5pPjAOfihpUbyNSdRkLmru
/RbHsHlC7ObkeCB2iOuMEuIAwHojERTML/fNB9B/tpTJwO+3RnkQ+/rkgvn9ceIb
I93H4pA9lYhFDr8/ipBha8A1rGAx5p/2S5wkMwNhZs3oRAoU6PR4vH3TE8Yll26X
UyA9iTaRshHp0LBlMmXxwerKNXBtE84ww+R0hue2mHUp3YMpcdWYpqjfKQvatuof
0Zrlfc7j2wjADoL82Hei9VeC8L0WJn+ddS7Y/XiRfsFv2fK7d9JyhufYmpf18d7p
8e/ASIJvdK1+RIf0XF+Qt6AfdisDGz1XwxuYR/sHGc1N1yAoqOedJNS7FdAq74Kl
RQTEHWlzJvNZbo/S1AH0+uUYynBLZmkriBPoPpFaEl0oWNIr3GHXHIuZeLPewLxR
5QnLgFA7rflmw0tz/AG8McKZvRwKmnx7kruJ6pH22XSyW8B59zh+u+WsJHx6fQ+J
WLKGOaSku5o=
=iCFg
-END PGP SIGNATURE-

Bug#917807: libcaca: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549

[Nicolas Braud-Santoni]

clone 917807 -1
retitle -1 Orphan libcaca
severity -1 normal
thanks


Hi Sam,

I'm planning on fixing those security issues for Buster.

Given that you last touched the package in 2014, and didn't address this 
critical
bug within 3 months, may I go ahead and orphan the package while I'm at it?

I will do so in the absence of an answer, but I shall make sure that my upload
is delayed until at least next Monday (2019-03-18), so you have time to
intercept it.


Best,

  nicoo


On Sun, Dec 30, 2018 at 04:42:04PM +0100, Salvatore Bonaccorso wrote:
> Source: libcaca
> Version: 0.99.beta19-2
> Severity: important
> Tags: security upstream fixed-upstream
> 
> Hi,
> 
> The following vulnerabilities were published for libcaca.
> 
> CVE-2018-20544[0]:
> | There is floating point exception at caca/dither.c (function
> | caca_dither_bitmap) in libcaca 0.99.beta19.
> 
> CVE-2018-20545[1]:
> | There is an illegal WRITE memory access at common-image.c (function
> | load_image) in libcaca 0.99.beta19 for 4bpp data.
> 
> CVE-2018-20546[2]:
> | There is an illegal READ memory access at caca/dither.c (function
> | get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
> 
> CVE-2018-20547[3]:
> | There is an illegal READ memory access at caca/dither.c (function
> | get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.
> 
> CVE-2018-20548[4]:
> | There is an illegal WRITE memory access at common-image.c (function
> | load_image) in libcaca 0.99.beta19 for 1bpp data.
> 
> CVE-2018-20549[5]:
> | There is an illegal WRITE memory access at caca/file.c (function
> | caca_file_read) in libcaca 0.99.beta19.
> 
> Note: obviously I realize given you are both upstream am Debian
> maintainer you have already fixed this upstream with the reports
> submitted and two of those issues are actually unimportant as the
> Debian build does not use the fallback.
> 
> Reporting these issues still in the BTS for tracking purpose.
> 
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2018-20544
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20544
> [1] https://security-tracker.debian.org/tracker/CVE-2018-20545
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20545
> [2] https://security-tracker.debian.org/tracker/CVE-2018-20546
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20546
> [3] https://security-tracker.debian.org/tracker/CVE-2018-20547
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20547
> [4] https://security-tracker.debian.org/tracker/CVE-2018-20548
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20548
> [5] https://security-tracker.debian.org/tracker/CVE-2018-20549
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20549
> 
> Regards,
> Salvatore
> 


signature.asc
Description: PGP signature

Bug#919843: lirc-doc: broken symlinks: /usr/share/doc/lirc/lirc.org/* -> /build/lirc-rOeUaU/lirc-0.10.1/debian/tmp/usr/share/doc/lirc/*

[Nicolas Braud-Santoni]

Control: tag -1 + patch pending

Dear maintainer,

On Sun, Jan 20, 2019 at 04:57:04AM +0100, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package ships (or creates)
> a broken symlink.

Given the lack of answer, I prepared a fixed version, and performed a NMU
to DELAYED/3, so you can dcut it should it be undesirable.

The changes were also submitted against the packaging repository:

  https://gitlab.com/leamas/lirc/merge_requests/1



Best,

  nicoo


signature.asc
Description: PGP signature

Bug#923053: python3-stem: Version in stretch-backport isn't installable

[Nicolas Braud-Santoni]

Package: python3-stem
Version: 1.7.0-1~bpo9+1
Severity: serious
Justification: Non installable
Control: block 905212 by -1

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

The version of python3-stem in stretch-backports isn't installable due to
its dependency on python3-distutils, which only exists starting with buster:

> (stretch-backports-amd64-sbuild)# apt install --dry-run python3-stem
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> 
> The following packages have unmet dependencies:
>  python3-stem : Depends: python3-distutils but it is not installable
> E: Unable to correct problems, you have held broken packages.
> 
> (stretch-backports-amd64-sbuild)# apt-cache policy python3-stem 
> python3-distutils
> python3-stem:
>   Installed: (none)
>   Candidate: 1.7.0-1~bpo9+1
>   Version table:
>  1.7.0-1~bpo9+1 990
> 990 http://localhost:3142/debian stretch-backports/main amd64 Packages
>  1.5.3-1 500
> 500 http://localhost:3142/debian stretch/main amd64 Packages
> python3-distutils:
>   Installed: (none)
>   Candidate: (none)
>   Version table:
> 
> $ rmadison python3-distutils
> python3-distutils | 3.7.2-3   | testing| all
> python3-distutils | 3.7.2-3   | unstable   | all


Best,

  nicoo

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEU7EqA8ZVHYoLJhPE5vmO4pLV7MsFAlxxiy0RHG5pY29vQGRl
Ymlhbi5vcmcACgkQ5vmO4pLV7Mt7hw//Z5579LzG2Ud5Hd32hGiqO1mc9Xo4eyFm
ALuXAofejUmM7lgnSx32EfNYXPuYUg4gRXHTqKbvjSqpVrP9Jsy1z/Uzflw1VP/T
cURzp9KdlFQvyarb/TXiYKUyX08YzF6ncAZVggqlbHTW78nzs1+tXfHtD6rIZKVQ
5IG+H+OCVS17x2hZh+rQeQgC9ILC4+Av/Uhzt8BCpoq0e2Pecg7ntIBJLYXF4Qxf
VuyF+KQFkFsvCBBgctc8hkhDNLjUehPyeVlh0JA1WjEpVKPv6WxH59pNtnR65tt7
K1jU8+dJ5WHmM73lfP/Xt4ZHmoNiZiBWmGWD/yTE4FIFCwN5ifvdDwxsyd2VKc6Q
m1wR2/k+KrrVvvhZ4u5rp3p0CrMN1kH0RgSKXGtAFZxxDe44yZ9qXbaB3g6WYUkP
Z3L87fl/nwFr3Ui2PEi1IGR5GkiPxH+HMRmsKBjoU6ZycSafIbacsIOQGeNZylm9
MTkRfa3FcUyMyV7zQDiV6CFYXVJ74a73LhBu2lFn3iU8c2ytYtEbVlSdTLEqzLyv
rwTwVKH/uTvLoF8+Y22gI/P7+FwWFqs4+QqxfCqzBQseXD/yD/WYgAG2qvR4rAWn
0UQ0eU2s2QSVf0Zil/x/1/9Dc+xWPAG8C/yrm0Ahjfs/tKEbl8ByDDiYyg27iiRo
rE2fPMrUXbQ=
=7ewQ
-END PGP SIGNATURE-

Bug#921725: libu2f-host: CVE-2018-20340

[Nicolas Braud-Santoni]

On Sat, Feb 09, 2019 at 01:54:19PM +0100, Nicolas Braud-Santoni wrote:
> On Sat, Feb 09, 2019 at 11:19:47AM +0100, Sébastien Delafond wrote:
> > don't forget to use -sa as it will be new there
> 
> OK.  My first dput didn't seem to include the orig tarball, even though I
> built with --force-orig-source and the .dsc mentionned the orig tarball.
> 
> I will reupload as soon as I figure it out  :)

Ah, I was bitten in the arse by #884428 again.
The upload to security-master should now be fine  :)

Sorry for accidentally duplicating your work, I didn't realise you had prepared
a backported fix for stable before the issue went public  :)


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#921725: libu2f-host: CVE-2018-20340

[Nicolas Braud-Santoni]

On Sat, Feb 09, 2019 at 11:19:47AM +0100, Sébastien Delafond wrote:
> On Feb/08, Nicolas Braud-Santoni wrote:
> > I backported the fix and prepared an upload.
> > The debdiff is attached, and the commands used to produced it are 
> > documented below.
> > 
> > May I proceed with an upload to security-master?
> 
> It looks OK to me, so if it passes testing on your end please upload to
> security-master (don't forget to use -sa as it will be new there).

OK.  My first dput didn't seem to include the orig tarball, even though I
built with --force-orig-source and the .dsc mentionned the orig tarball.

I will reupload as soon as I figure it out  :)


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#921725: libu2f-host: CVE-2018-20340

[Nicolas Braud-Santoni]

Dear security team,

On Fri, Feb 08, 2019 at 08:23:10PM +0100, Nicolas Braud-Santoni wrote:
> On Fri, Feb 08, 2019 at 02:08:40PM +0100, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for libu2f-host.
> > 
> > CVE-2018-20340[0]:
> > buffer overflow
>
> I just uploaded a fixed version to unstable.
> I will see about backporting the fix to stretch.


I backported the fix and prepared an upload.
The debdiff is attached, and the commands used to produced it are documented 
below.

May I proceed with an upload to security-master?


Best,

  nicoo

-

  $ dget 
http://deb.debian.org/debian/pool/main/libu/libu2f-host/libu2f-host_1.1.2-2.dsc
  [...]
  
  $ debdiff libu2f-host_1.1.2-2.dsc 
/opt/deb/buildarea/libu2f-host_1.1.2-2+deb9u1.dsc
  warning: extracting unsigned source package 
(/opt/deb/buildarea/libu2f-host_1.1.2-2+deb9u1.dsc)
  diff -Nru libu2f-host-1.1.2/debian/changelog 
libu2f-host-1.1.2/debian/changelog
  --- libu2f-host-1.1.2/debian/changelog  2016-09-23 20:42:49.0 +0200
  +++ libu2f-host-1.1.2/debian/changelog  2019-02-08 21:42:16.0 +0100
  @@ -1,3 +1,9 @@
  +libu2f-host (1.1.2-2+deb9u1) stretch-security; urgency=high
  +
  +  * Backport patch for CVE-2018-20340 (Closes: #921725)
  +
  + -- Nicolas Braud-Santoni   Fri, 08 Feb 2019 21:42:16 +0100
  +
   libu2f-host (1.1.2-2) unstable; urgency=medium
   
 * debian/control: Move the packaging repo to Alioth
  diff -Nru libu2f-host-1.1.2/debian/patches/Fix-CVE-2018-20340.patch 
libu2f-host-1.1.2/debian/patches/Fix-CVE-2018-20340.patch
  --- libu2f-host-1.1.2/debian/patches/Fix-CVE-2018-20340.patch   1970-01-01 
01:00:00.0 +0100
  +++ libu2f-host-1.1.2/debian/patches/Fix-CVE-2018-20340.patch   2019-02-08 
21:42:16.0 +0100
  @@ -0,0 +1,46 @@
  +Subject: Fix CVE-2018-20340
  +
  +Origin: upstream, 
https://github.com/Yubico/libu2f-host/commit/4d490bb2c528c351e32837fcdaebd998eb5d3f27
  +Bug-Debian: https://bugs.debian.org/921725
  +From: Klas Lindfors 
  +Reviewed-by: Nicolas Braud-Santoni 
  +Last-Update: 2019-02-08
  +Applied-Upstream: yes
  +
  +---
  + u2f-host/devs.c| 5 +
  + u2f-host/u2fmisc.c | 5 +
  + 2 files changed, 10 insertions(+)
  +
  +diff --git a/u2f-host/devs.c b/u2f-host/devs.c
  +index 6f27c72..0c50882 100644
  +--- a/u2f-host/devs.c
   b/u2f-host/devs.c
  +@@ -247,6 +247,11 @@ init_device (u2fh_devs * devs, struct u2fdevice *dev)
  +) == U2FH_OK)
  + {
  +   U2FHID_INIT_RESP initresp;
  ++  if (resplen > sizeof (initresp))
  ++{
  ++  return U2FH_MEMORY_ERROR;
  ++}
  ++
  +   memcpy (, resp, resplen);
  +   dev->cid = initresp.cid;
  +   dev->versionInterface = initresp.versionInterface;
  +diff --git a/u2f-host/u2fmisc.c b/u2f-host/u2fmisc.c
  +index 0be1adc..e17a6c3 100644
  +--- a/u2f-host/u2fmisc.c
   b/u2f-host/u2fmisc.c
  +@@ -306,6 +306,11 @@ u2fh_sendrecv (u2fh_devs * devs, unsigned index, 
uint8_t cmd,
  +frame.cont.seq, sequence);
  +   return U2FH_TRANSPORT_ERROR;
  + }
  ++
  ++  if (recvddata + sizeof (frame.cont.data) > maxlen)
  ++{
  ++  return U2FH_TRANSPORT_ERROR;
  ++}
  +   memcpy (recv + recvddata, frame.cont.data, sizeof (frame.cont.data));
  +   recvddata += sizeof (frame.cont.data);
  +   }
  diff -Nru libu2f-host-1.1.2/debian/patches/series 
libu2f-host-1.1.2/debian/patches/series
  --- libu2f-host-1.1.2/debian/patches/series 1970-01-01 01:00:00.0 
+0100
  +++ libu2f-host-1.1.2/debian/patches/series 2019-02-08 21:42:16.0 
+0100
  @@ -0,0 +1 @@
  +Fix-CVE-2018-20340.patch
Format: 3.0 (quilt)
Source: libu2f-host
Binary: libu2f-host0, libu2f-host-dev, u2f-host
Architecture: any
Version: 1.1.2-2+deb9u1
Maintainer: Debian Authentication Maintainers 

Uploaders: Simon Josefsson , Klas Lindfors 
, Dain Nilsson , Nicolas Braud-Santoni 

Homepage: https://developers.yubico.com/libu2f-host/
Standards-Version: 3.9.8
Vcs-Browser: https://anonscm.debian.org/git/pkg-auth/libu2f-host.git/
Vcs-Git: https://anonscm.debian.org/git/pkg-auth/libu2f-host.git
Build-Depends: debhelper (>= 9), pkg-config, libglib2.0-dev, libhidapi-dev, 
libjson-c-dev, gengetopt, help2man, dh-autoreconf, gtk-doc-tools, dblatex
Package-List:
 libu2f-host-dev deb libdevel extra arch=any
 libu2f-host0 deb libs extra arch=any
 u2f-host deb utils extra arch=any
Checksums-Sha1:
 c3e6ebb9c48924c87d9fb4f41436620a36a8f064 456160 libu2f-host_1.1.2.orig.tar.xz
 1956c724599d688523f71171df335db2f3114517 61552 
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
Checksums-Sha256:
 5bcdfbc5e6f972da5395185b71de2272f9a397f0f0d431860e71545f52f1c56a 456160 
libu2f-host_1.1.2.orig.tar.xz
 4bf2a1135cfd8c4d28c586267c126948d7dca40655a7a713530a3287611a3abd 61552 
libu2f-host_1.1.2-2+deb9u1.debian.tar.xz
Files:
 92fde5650151623635e97287bd389592 456160 libu2f-host_1.1.2.orig.tar.xz
 129f13bdae5ef1

Bug#921725: libu2f-host: CVE-2018-20340

[Nicolas Braud-Santoni]

On Fri, Feb 08, 2019 at 02:08:40PM +0100, Salvatore Bonaccorso wrote:
> Hi,
> 
> The following vulnerability was published for libu2f-host.
> 
> CVE-2018-20340[0]:
> buffer overflow


Hi Salvatore & Sébastien,

Thanks a lot for the swift report(s).  :)

I just uploaded a fixed version to unstable.
I will see about backporting the fix to stretch.


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#893817: Fwd: [saltstack/salt-jenkins] [Py3][Tornado 5.0] IOLoop tests failing with asyncio (#995)

[Nicolas Braud-Santoni]

Hi,

Upstream isn't fixing this in the next minor release of Salt, so it looks like
we won't be able to ship Salt 2018.3 in Debian any time soon (unless we switch
back to making it use Py2 temporarily).

I'm sorry to be bringing the bad news, and I would suggest waiting for the
Fluorine release:
- switching back and forth between py2 and py3 would likely break things,
- the ones who absolutely need Salt in buster or sid are likely using the
  vendor's repository (as Salt has been broken in Debian for ~half a year)

Of course, as I'm not in the Salt team, my opinion should likely be taken
with... a grain of salt  ;)


Best,

  nicoo

- Forwarded message from Daniel Wallace  -

Date: Tue, 28 Aug 2018 05:46:22 -0700
From: Daniel Wallace 
To: saltstack/salt-jenkins 
Cc: Nicolas Braud-Santoni , Comment 

Subject: Re: [saltstack/salt-jenkins] [Py3][Tornado 5.0] IOLoop tests failing 
with asyncio
(#995)

This is not going to be fixed in 2018.3.3, you will have to stick with salt 
with python2 for versions where python-tornado is already upgraded.

This is will be fixed in Fluorine for python3 and if it is not too complicated 
it may be backported to 2018.3 once it has finished, but it is not holding up 
the 2018.3.3 release.

-- 
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/saltstack/salt-jenkins/issues/995#issuecomment-416570266

- End forwarded message -


signature.asc
Description: PGP signature

Bug#893817: salt-common: fails to install with Python 3.7

[Nicolas Braud-Santoni]

tag 904654 + upstream fixed-upstream
forward 904654 https://github.com/saltstack/salt/issues/48556

tag 893817 - fixed-upstream
forward 893817 https://github.com/saltstack/salt-jenkins/issues/995
thanks


Hi,

Just updating the bugs metadata  ;)

#904654 is fixed in upstream's 2018.3.3, to be released soon,
but #893817 still isn't fixed under Python 3  :(


Best,

  nicoo

On Fri, Aug 24, 2018 at 03:08:24PM +0200, Daniel Dehennin wrote:
> Hello.
> 
> I think the best thing to do is to update to the latest version
> 
> https://github.com/saltstack/salt/issues/48556
> 
> Regards.
> -- 
> Daniel Dehennin
> Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
> Fingerprint: 3E69 014E 5C23 50E8 9ED6  2AAD CC1E 9E5B 7A6F E2DF




signature.asc
Description: PGP signature

Bug#907431: cppo's testsuite fails on arm{el,hf} and ppc64el

[Nicolas Braud-Santoni]

Package: cppo
Version: 1.6.4-1
Severity: serious
Tags: upstream
Justification: fails to build from source

The testsuite of cppo fails on arm{el,hf} and ppc64el in the same location:

  
https://buildd.debian.org/status/fetch.php?pkg=cppo=ppc64el=1.6.4-1=1533482737=0
  
https://buildd.debian.org/status/fetch.php?pkg=cppo=armhf=1.6.4-1=1533483827=0
  
https://buildd.debian.org/status/fetch.php?pkg=cppo=armel=1.6.4-1=1533484809=0

> dh_auto_test -a
>   make -j4 test
> make[1]: Entering directory '/<>'
> cppo alias test/runtest (exit 1)
> (cd _build/default/test && ../../install/default/bin/cppo test.cppo) > 
> /dev/null
> Error: File "test.cppo", line 98, characters 0-20
> Error: math error
> make[1]: *** [Makefile:5: test] Error 1
> make[1]: Leaving directory '/<>'
> dh_auto_test: make -j4 test returned exit code 2
> make: *** [debian/rules:18: build-arch] Error 2


This seems likely to be an upstream bug, so I am forwarding the bug there.


Best,

  nicoo

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cppo depends on:
ii  libc6   2.27-5
ii  ocaml-base-nox [ocaml-base-nox-4.05.0]  4.05.0-10+b1

cppo recommends no packages.

cppo suggests no packages.

Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER

[Nicolas Braud-Santoni]

On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> 
> I'm attaching the relevant files.

Oops, forgot the attachments.


exploit.ps
Description: PostScript document


signature.asc
Description: PGP signature

Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER

[Nicolas Braud-Santoni]

Package: ghostscript
Version: 9.22~dfsg-2.1
Severity: grave
Tags: security buster sid
Justification: user security hole

Hi,

Tavis Ormandy disclosed a new ghoscript security issue, leading directly to code
execution:  http://openwall.com/lists/oss-security/2018/08/21/2

I don't think this is [CVE-2018-11645], as it's supposedly fixed in buster, and
I was able to reproduce the issue on my system:

> $ gs -q -sDEVICE=ppmraw -dSAFER -sOutputFile=/dev/null < exploit.ps
> GS>GS>GS>GS>GS<1>uid=1000(nicoo) gid=1000(nicoo) 
> groups=1000(nicoo),4(adm),5(tty),20(dialout),27(sudo),44(video),46(plugdev),104(input),113(sbuild),115(wireshark)
> 
> $ convert exploit.jpg exploit.gif:(
> uid=1000(nicoo) gid=1000(nicoo) 
> groups=1000(nicoo),4(adm),5(tty),20(dialout),27(sudo),44(video),46(plugdev),104(input),113(sbuild),115(wireshark)
> convert-im6.q16: FailedToExecuteCommand `'gs' -sstdout=%stderr -dQUIET 
> -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=5 -dAlignToPixels=0 
> -dGridFitTT=2 '-sDEVICE=pngalpha' -dTextAlphaBits=4 -dGraphicsAlphaBits=4 
> '-r72x72' -g612x792  '-sOutputFile=/tmp/magick-955WzJ4UvxhLwQT%d' 
> '-f/tmp/magick-95505j-kbelxXGs' '-f/tmp/magick-955IqsJtzVIPtx1' -c showpage' 
> (-1) @ error/delegate.c/ExternalDelegateCommand/462.
> convert-im6.q16: no images defined `exploit.gif' @ 
> error/convert.c/ConvertImageCommand/3258.
> 
> $ apt-cache policy ghostscript 
> ghostscript:
>   Installed: 9.22~dfsg-2.1
>   Candidate: 9.22~dfsg-2.1
>   Version table:
>  *** 9.22~dfsg-2.1 990
> 990 http://localhost:3142/debian buster/main amd64 Packages
> 500 http://localhost:3142/debian sid/main amd64 Packages
> 100 /var/lib/dpkg/status


I'm attaching the relevant files.


Best,

  nicoo


[CVE-2018-11645]: https://security-tracker.debian.org/tracker/CVE-2018-11645


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ghostscript depends on:
ii  debconf [debconf-2.0]  1.5.69
ii  libc6  2.27-5
ii  libgs9 9.22~dfsg-2.1

Versions of packages ghostscript recommends:
ii  gsfonts  1:8.11+urwcyr1.0.7~pre44-4.4

Versions of packages ghostscript suggests:
pn  ghostscript-x  

-- no debconf information

Bug#907042: opam 1.2.0 is deprecated (jessie)

[Nicolas Braud-Santoni]

Dear LTS contributors,

I'm a co-maintainer of opam, the OCaml-specific dependencies manager, which
is currently broken in olstable: the version in Jessie is 1.2.0 and does
not support the current opam repository format[0], meaning that users
cannot install new OPAM packages, get updates, ... (see #907042)

I would like to propose an update in Jessie to 1.2.2, the same version as
in Stretch, and Ben suggested that I ask here to check nobody would be
opposed to it, and to get advise on the process to follow.

Please note that upstream is planning a change to a new repository format
(as part of releasing 2.0.0, which is currently in NEW) [1], but they plan
to keep a branch of the repository in 1.2 format, and accept important
updates there, so opam 1.2 will keep working for users of stable and LTS.


Best,

  nicoo


[0]: https://opam.ocaml.org/blog/deprecating-opam-1-2-0/
[1]: http://opam.ocaml.org/blog/opam-2-0-0-repo-upgrade-roadmap/


signature.asc
Description: PGP signature

Bug#907042: opam 1.2.0 is deprecated (jessie)

[Nicolas Braud-Santoni]

On Thu, Aug 23, 2018 at 07:39:13PM +0200, Mehdi Dogguy wrote:
> On 2018-08-23 16:53, Nicolas Braud-Santoni wrote:
> > On Thu, Aug 23, 2018 at 03:00:22PM +0200, Mehdi Dogguy wrote:
> > > > It makes opam unusable for jessie users: already initialised ones can't
> > > > install new compilers nor update packages, and with a fresh install opam
> > > > is almost unusable (e.g. [3]).
> > > 
> > > Unfortunately, we won't be able to upgrade Opam to 1.2.2 in Debian
> > > stable.
> 
> fwiw, I meant "oldstable" above.

Yes, I didn't even notice the mistake  :3
(i.e. I understood we were talking about jessie)


> > > I can ask for its removal, or document in this bugreport how to
> > > point their
> > > installation to a frozen working mirror?
> > 
> > Doesn't the release policy allow shipping a new upstream version to
> > *-pu, if
> > there is no other way to get the bug resolved (and after consulting the
> > release
> > team) ?  Or is the issue that there won't be new point releases ?
> 
> I am not sure what the Release Team would accept at this point (Jessie is
> already EOL'ed). So, a sloppy-backport should be enough for oldstable
> users. They can upgrade to stable if necessary.

OK, that's fair enough; I had no idea whether there would be a point
release in the future where we could have that put, or through LTS.

Do you mind if I check with Ben? IIRC he does some LTS work, and I'm seeing
him this weekend (at OMGWTFBBQ).


> Once, 2.0 will be ready in Buster, Stretch users can use from backports.

Yeap, I am very much planning to make a backport.

Speaking of which, the version of opam in the packaging repo should be
good-to-go, it's just blocked on someone sponsoring the upload; I asked
highvoltage to do so, at the end of DebConf, but I guess he isn't very
available currently, so fill free to review & dput if you feel like it.

Worst case, I might get to upload 2.0 by myself within some weeks, at I'm
currently going through the NM process.


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#907042: opam 1.2.0 is deprecated (jessie)

[Nicolas Braud-Santoni]

Hi Mehdi,

On Thu, Aug 23, 2018 at 03:00:22PM +0200, Mehdi Dogguy wrote:
> > [...]
> > It makes opam unusable for jessie users: already initialised ones can't
> > install new compilers nor update packages, and with a fresh install opam
> > is almost unusable (e.g. [3]).
> 
> Unfortunately, we won't be able to upgrade Opam to 1.2.2 in Debian stable.
> I can ask for its removal, or document in this bugreport how to point their
> installation to a frozen working mirror?

Doesn't the release policy allow shipping a new upstream version to *-pu, if
there is no other way to get the bug resolved (and after consulting the release
team) ?  Or is the issue that there won't be new point releases ?

(I'm not up to speed on the policies for oldstable, unfortunately.)


> In the meantime, I'll work on a {sloppy-,}backport of 1.2.2.

Thanks  :)


Best,

  nicoo


PS: Thanks again for filing the bug report, Raja.


signature.asc
Description: PGP signature

Bug#906128: libykpiv1 impacted by CVE-2018-14779 and CVE-2018-14780

[Nicolas Braud-Santoni]

Hi Salvatore,

On Tue, Aug 14, 2018 at 09:55:39PM +0200, Salvatore Bonaccorso wrote:
> On Tue, Aug 14, 2018 at 08:36:10PM +0200, Nicolas Braud-Santoni wrote:
> > Hi,
> > 
> > Gunnar Wolf sponsored the upload to sid (thanks!) and I just prepared an
> > upload for stretch-security.  It is available in the branch debian/stretch 
> > on:
> > 
> >   https://salsa.debian.org/auth-team/yubico-piv-tool.git
> > 
> > If the security team finds it suitable, please upload directly.
> 
> The issue does not warrant a DSA (was marked no-dsa in the tracker
> already). Can you though propose a fix to be included in the next
> stretch point release?

Yes, jcristau pointed out on IRC that there was a race condition between my mail
and the update of the security-tracker; I updated the changelog for an upload
to stretch-p-u, and jcc@ said he will look at it tomorrow.

Thanks for the swift reply  :)


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#906128: libykpiv1 impacted by CVE-2018-14779 and CVE-2018-14780

[Nicolas Braud-Santoni]

Hi,

Gunnar Wolf sponsored the upload to sid (thanks!) and I just prepared an
upload for stretch-security.  It is available in the branch debian/stretch on:

  https://salsa.debian.org/auth-team/yubico-piv-tool.git

If the security team finds it suitable, please upload directly.


Best,

  nicoo

PS: In case I need to be reached swiftly, IRC might be the most effective medium
(nicoo on irc.oftc.net/#debian-security)

On Tue, Aug 14, 2018 at 06:39:43PM +0200, Nicolas Braud-Santoni wrote:
> Package: libykpiv1
> Severity: serious
> Tags: security pending stretch buster sid
> Justification: security
> 
> libykpiv1 versions below 1.6.0 are affected by a buffer overflow, exploitable 
> by
> malicious USB devices, that can lead to arbitrary code execution.
> 
> I will upload the fixed upstream version later today, and coordinate with
> the security team to get fixed in stretch and jessie-backports
> 
> 
> Best,
> 
>   nicoo
> 
> -- System Information:
> Debian Release: buster/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: 
> LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: 
> LC_ALL set to en_US.UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages libykpiv1 depends on:
> ii  libc6 2.27-5
> ii  libpcsclite1  1.8.23-3
> ii  libssl1.1 1.1.0h-4
> 
> Versions of packages libykpiv1 recommends:
> ii  pcscd  1.8.23-3
> 
> libykpiv1 suggests no packages.
> 


signature.asc
Description: PGP signature

Bug#906128: libykpiv1 impacted by CVE-2018-14779 and CVE-2018-14780

[Nicolas Braud-Santoni]

Package: libykpiv1
Severity: serious
Tags: security pending stretch buster sid
Justification: security

libykpiv1 versions below 1.6.0 are affected by a buffer overflow, exploitable by
malicious USB devices, that can lead to arbitrary code execution.

I will upload the fixed upstream version later today, and coordinate with
the security team to get fixed in stretch and jessie-backports


Best,

  nicoo

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libykpiv1 depends on:
ii  libc6 2.27-5
ii  libpcsclite1  1.8.23-3
ii  libssl1.1 1.1.0h-4

Versions of packages libykpiv1 recommends:
ii  pcscd  1.8.23-3

libykpiv1 suggests no packages.

Bug#904661: vtk7 FTBFS due to uninstallable build dependencies

[Nicolas Braud-Santoni]

Hi Gert,

On Sun, Jul 29, 2018 at 01:28:58PM +0200, Gert Wollny wrote:
> python-autobahn is currently not installable with python3-all-dev
> because the latter depends on python3.7 and python-autobahn depends on
> python-ubjson, which in turn FTBFS with python-3.7. 

Thanks for the explanation.  :)


> As a side note: I think it is very uncommon to file a bug against a
> package that FTBFS because of some dependency being (temporarly) not
> installable. 

You are of course right, sorry for mis-assigning it in the first place.
I was in the middle of triaging a bunch of bugs, which is probably why
I made the mistake, but this is more an explanation than an excuse.

In any case, I'm sorry for all that, it was probably an unpleasant bug
report to receive  :(


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#904667: sumo FTBFS due to a C++ error

[Nicolas Braud-Santoni]

Source: sumo
Version: 0.32.0+dfsg1-1
Severity: serious
Justification: FTBFS

Hi,

While rebuilding packages in preparation of the json-c transition (#904418),
I discovered that sumo fails to build from source, independently of the
transition.

Please find a build log attached.


Best,

  nicoo

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#904661: vtk7 FTBFS due to uninstallable build dependencies

[Nicolas Braud-Santoni]

Source: vtk7
Version: 7.1.1+dfsg1-4
Severity: serious
Justification: FTBFS

While doing a rebuild of all reverse dependencies of json-c (as preparation
for transition #904418), I discovered that vtk7 fails to build due to a broken
build-dependency on python3-autobahn, independently of the upcoming json-c
transition.

Please find the complete sbuild log below.


Best,

  nicoo


> $ sbuild vtk7
> sbuild (Debian sbuild) 0.77.0 (06 July 2018) on localhost
> 
> +==+
> | vtk7 (amd64) Thu, 26 Jul 2018 10:30:30 
> + |
> +==+
> 
> Package: vtk7
> Distribution: unstable
> Machine Architecture: amd64
> Host Architecture: amd64
> Build Architecture: amd64
> Build Type: binary
> 
> I: NOTICE: Log filtering will replace 
> 'var/run/schroot/mount/sid-amd64-sbuild-12147a10-88bb-42b5-bf88-6963affcbbc3' 
> with '<>'
> I: NOTICE: Log filtering will replace 'build/vtk7-ktKPC8/resolver-4dtglN' 
> with '<>'
> 
> +--+
> | Update chroot   
>  |
> +--+
> 
> Get:1 file:/opt/deb/buildarea ./ InRelease
> Ign:1 file:/opt/deb/buildarea ./ InRelease
> Get:2 file:/opt/deb/buildarea ./ Release
> Ign:2 file:/opt/deb/buildarea ./ Release
> Get:3 file:/opt/deb/buildarea ./ Packages
> Ign:3 file:/opt/deb/buildarea ./ Packages
> Get:3 file:/opt/deb/buildarea ./ Packages
> Ign:3 file:/opt/deb/buildarea ./ Packages
> Get:3 file:/opt/deb/buildarea ./ Packages
> Ign:3 file:/opt/deb/buildarea ./ Packages
> Get:3 file:/opt/deb/buildarea ./ Packages
> Ign:3 file:/opt/deb/buildarea ./ Packages
> Get:3 file:/opt/deb/buildarea ./ Packages
> Ign:3 file:/opt/deb/buildarea ./ Packages
> Get:3 file:/opt/deb/buildarea ./ Packages
> Ign:3 file:/opt/deb/buildarea ./ Packages
> Get:3 file:/opt/deb/buildarea ./ Packages [154 kB]
> Get:4 http://localhost:3142/debian sid InRelease [233 kB]
> Get:5 http://localhost:3142/debian sid/main Sources [8618 kB]
> Get:6 http://localhost:3142/debian sid/main amd64 Packages.diff/Index [27.9 
> kB]
> Get:7 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-24-0812.36.pdiff [30.1 kB]
> Get:8 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-24-1408.05.pdiff [32.9 kB]
> Get:9 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-24-2017.15.pdiff [16.2 kB]
> Get:10 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-25-0207.37.pdiff [6068 B]
> Get:11 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-25-0810.42.pdiff [14.0 kB]
> Get:12 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-25-1418.46.pdiff [24.3 kB]
> Get:13 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-25-2023.54.pdiff [42.3 kB]
> Get:14 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-26-0211.09.pdiff [12.5 kB]
> Get:15 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-26-0815.27.pdiff [12.7 kB]
> Get:15 http://localhost:3142/debian sid/main amd64 Packages 
> 2018-07-26-0815.27.pdiff [12.7 kB]
> Fetched 9070 kB in 13s (682 kB/s)
> Reading package lists...
> Reading package lists...
> Building dependency tree...
> Reading state information...
> Calculating upgrade...
> The following packages will be upgraded:
>   debconf libdebconfclient0 libexporter-tiny-perl lintian
> 4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> Need to get 1357 kB of archives.
> After this operation, 25.6 kB disk space will be freed.
> Get:1 http://localhost:3142/debian sid/main amd64 debconf all 1.5.69 [145 kB]
> Get:2 http://localhost:3142/debian sid/main amd64 libdebconfclient0 amd64 
> 0.244 [48.6 kB]
> Get:3 http://localhost:3142/debian sid/main amd64 libexporter-tiny-perl all 
> 1.002001-1 [36.9 kB]
> Get:4 http://localhost:3142/debian sid/main amd64 lintian all 2.5.94 [1127 kB]
> debconf: delaying package configuration, since apt-utils is not installed
> Fetched 1357 kB in 0s (12.6 MB/s)
> (Reading database ... 16363 files and directories currently installed.)
> Preparing to unpack .../debconf_1.5.69_all.deb ...
> Unpacking debconf (1.5.69) over (1.5.68) ...
> Setting up debconf (1.5.69) ...
> (Reading database ... 16348 files and directories currently installed.)
> Preparing to unpack .../libdebconfclient0_0.244_amd64.deb ...
> Unpacking libdebconfclient0:amd64 (0.244) over (0.243) ...
> Setting up libdebconfclient0:amd64 (0.244) ...
> (Reading database ... 16348 files and directories currently installed.)
> Preparing to unpack .../libexporter-tiny-perl_1.002001-1_all.deb ...
> Unpacking libexporter-tiny-perl (1.002001-1) over (1.00-2) ...
> Preparing to unpack .../lintian_2.5.94_all.deb ...
> Unpacking lintian (2.5.94) over (2.5.93) ...
> Setting up 

Bug#898519: Bug #898519: libpam-u2f: upgrade to 1.0.6 breaks authentication with u2fzero device

[Nicolas Braud-Santoni]

On Sat, May 26, 2018 at 11:18:40PM +0200, Nicolas Braud-Santoni wrote:
> In the meantime, I am forwarding this bug upstream (against pam-u2f), who
> might be able to pinpoint the issue faster than I would. (OTOH, several of
> the pam-u2f upstream developers are in the relevant packaging team and
> should have received the bug report anyhow.)

Upstream suggested this might be a regression introduced by the implementation
of the cue option [0]; could you try removing the cue option?

[0] https://github.com/Yubico/pam-u2f/pull/87


Best,

  nicoo

Bug#898734: ocaml-rope: FTBFS with dune/1.0~beta20-1

[Nicolas Braud-Santoni]

Source: ocaml-rope
Version: 0.6-1
Severity: serious
Justification: FTBFS

Hi,

ocaml-rope fails to build using the new version of dune/jbuilder
due to dh_missing complaining about uninstalled files.

I will prepare a new upload momentarily.


Best,

  nicoo

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#894621: ocaml-rope FTBFS: Error: Library "bytes" not found

[Nicolas Braud-Santoni]

Control: fixed -1 1.0~beta20-1

Hi,

I just checked and this was fixed by my upload of v1.0~beta20-1, ...
which I did because I ran into the same bug while packaging something else ;)

However, ocaml-rope now FTBFS due to dh_missing; I will file a bug and fix that
momentarily.


Best,

  nicoo

On Mon, Apr 02, 2018 at 11:58:01PM +0300, Adrian Bunk wrote:
> Control: reassign -1 jbuilder 1.0~beta19-1
> Control: affects -1 src:ocaml-rope src:ocaml-migrate-parsetree
> 
> On Mon, Apr 02, 2018 at 07:23:01PM +0200, Ralf Treinen wrote:
> > On Mon, Apr 02, 2018 at 08:13:56PM +0300, Adrian Bunk wrote:
> > > On Mon, Apr 02, 2018 at 07:08:52PM +0200, Ralf Treinen wrote:
> > > > Hi,
> > > > 
> > > > On Mon, Apr 02, 2018 at 06:15:11PM +0300, Adrian Bunk wrote:
> > > > > Source: ocaml-rope
> > > > > Version: 0.6-1
> > > > > Severity: serious
> > > > > 
> > > > > Some recent change in unstable makes ocaml-rope FTBFS:
> > > > > 
> > > > > https://tests.reproducible-builds.org/debian/history/ocaml-rope.html
> > > > > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ocaml-rope.html
> > > > 
> > > > This rather looks like bug #881770 of jbuilder, which was supposed to be
> > > > fixed in jbuilder (1.0~beta18-1), except that recent versions of 
> > > > jbuilder
> > > > fail to compile at all on byte-code architectures.
> > > 
> > > amd64 and arm64 are not byte-code architectures.
> > 
> > You are right. I was looking at the autobuilder status which only
> > displays build-failures on bytecode arches at the moment.
> 
> I just tried with jbuilder 1.0~beta14-1,
> and that fixed the build.
> 
> Likely related beta14 -> beta19 breakage in ocaml-migrate-parsetree:
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ocaml-migrate-parsetree.html
> 
> > -Ralf.
> 
> cu
> Adrian
> 
> -- 
> 
>"Is there not promise of rain?" Ling Tan asked suddenly out
> of the darkness. There had been need of rain for many days.
>"Only a promise," Lao Er said.
>Pearl S. Buck - Dragon Seed
> 
> 

Bug#803713: Elasticsearch should not be part of a Debian release

[Nicolas Braud-Santoni]

Control: clone -1 -2
Control: retitle -2 RM: elasticsearch -- ROM; NPOASR; unmaintained since ~2 
years; security issues
Control: severity -2 normal
Control: reassign -2 ftp.debian.org

On Thu, Mar 08, 2018 at 11:17:20PM +0100, Emmanuel Bourg wrote:
> Le 08/03/2018 à 22:50, Nicolas Braud-Santoni a écrit :
> 
> > Given that this is the last activity and the package, that the last upload
> > is almost 2 years old, and that no progress has been made towards fixing the
> > RC bugs (esp. the issues wrt. security), should we ask ftp-masters to remove
> > this package from sid?
> 
> +1

OK, requesting the removal.

Bug#803713: Elasticsearch should not be part of a Debian release

[Nicolas Braud-Santoni]

On Mon, Nov 21, 2016 at 09:33:18PM +0100, Hilko Bengen wrote:
> * Emmanuel Bourg:
> > Do you think elasticsearch should be removed from unstable?
> 
> Not necessarily. It should just not become part of stretch because there
> is no sensible way to support it.

Given that this is the last activity and the package, that the last upload
is almost 2 years old, and that no progress has been made towards fixing the
RC bugs (esp. the issues wrt. security), should we ask ftp-masters to remove
this package from sid?


Best,

  nicoo

Bug#887988: mblaze: File conflict at /usr/bin/{msort,mprev}

[Nicolas Braud-Santoni]

Control: tag -1 pending

On Tue, Jan 23, 2018 at 01:33:39AM +0100, Andreas Beckmann wrote:
> 
> let the new package figure out what it want's to do here ...

As I had an upload ready for the new upstream version,
I just added a conflict for now.

I will figure out what we can do to solve this in a more satisfying way,
though I guess it's not the end of the world if a couple of obscure packages
conflict.


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#887786: glances: FTBFS during sphinx-build: The configuration file called sys.exit()

[Nicolas Braud-Santoni]

Source: glances
Version: 2.11.1-2
Severity: serious
Justification: fails to build from source

Dear maintainer,

glances version 2.11.1-2 fails to build from source here (under sbuild) :

> User Environment
> 
> 
> APT_CONFIG=/var/lib/sbuild/apt.conf
> HOME=/sbuild-nonexistent
> LANG=en_US.UTF-8
> LC_ALL=POSIX
> LC_COLLATE=C
> LOGNAME=nbraud
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
> SCHROOT_ALIAS_NAME=unstable-amd64-sbuild
> SCHROOT_CHROOT_NAME=sid-amd64-sbuild
> SCHROOT_COMMAND=env
> SCHROOT_GID=1000
> SCHROOT_GROUP=nbraud
> SCHROOT_SESSION_ID=sid-amd64-sbuild-2e48edd2-bacb-49af-9613-a9a782418837
> SCHROOT_UID=1000
> SCHROOT_USER=nbraud
> SHELL=/bin/sh
> USER=nbraud
> 
> dpkg-buildpackage
> -
> 
> dpkg-buildpackage: info: source package glances
> dpkg-buildpackage: info: source version 2.11.1-2
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Sebastien Badia 
> [...]
> dh build --with python3,sphinxdoc --buildsystem=pybuild
>dh_update_autotools_config -O--buildsystem=pybuild
>dh_autoreconf -O--buildsystem=pybuild
>dh_auto_configure -O--buildsystem=pybuild
> I: pybuild base:184: python3.6 setup.py config 
> running config
>dh_auto_build -O--buildsystem=pybuild
> I: pybuild base:184: /usr/bin/python3 setup.py build 
> running build
> running build_py
> [...]
>create-stamp debian/debhelper-build-stamp
>  fakeroot debian/rules binary
> dh binary --with python3,sphinxdoc --buildsystem=pybuild
>dh_testroot -O--buildsystem=pybuild
>dh_prep -O--buildsystem=pybuild
>debian/rules override_dh_auto_install
> make[1]: Entering directory '/<>'
> dh_auto_install --destdir /<>/debian/glances
> I: pybuild base:184: /usr/bin/python3 setup.py install --root 
> /<>/debian/glances 
> [...]
> make[1]: Leaving directory '/<>'
>dh_install -O--buildsystem=pybuild
>debian/rules override_dh_installdocs
> make[1]: Entering directory '/<>'
> set -e && for docs in COPYING AUTHORS NEWS glances.conf; do \
> rm -f 
> /<>/debian/glances/usr/share/doc/glances/$docs ; \
> done
> dh_installdocs
> make[1]: Leaving directory '/<>'
>debian/rules override_dh_sphinxdoc
> make[1]: Entering directory '/<>'
> sphinx-build -b html -d debian/tmp/doctrees docs \
>   debian/glances-doc/usr/share/doc/glances/html
> Running Sphinx v1.6.6
> making output directory...
> 
> Configuration error:
> The configuration file (or one of the modules it imports) called sys.exit()
> PSutil library not found. Glances cannot start.
> debian/rules:13: recipe for target 'override_dh_sphinxdoc' failed
> make[1]: *** [override_dh_sphinxdoc] Error 1
> make[1]: Leaving directory '/<>'
> debian/rules:9: recipe for target 'binary' failed
> make: *** [binary] Error 2
> dpkg-buildpackage: error: fakeroot debian/rules binary subprocess returned 
> exit status 2
> 
> Build finished at 2018-01-19T21:28:59Z
> 
> Finished
> 


The full build log is attached.


Best,

  nicoo


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
 gbp buildpackage --git-ignore-branch
gbp:info: Exporting 'HEAD' to '/opt/deb/build-area/glances-tmp'
gbp:info: Moving '/opt/deb/build-area/glances-tmp' to 
'/opt/deb/build-area/glances-2.11.1'
gbp:info: Performing the build
dh clean --with python3,sphinxdoc --buildsystem=pybuild
   dh_auto_clean -O--buildsystem=pybuild
I: pybuild base:184: python3.6 setup.py clean 
running clean
removing '/opt/deb/build-area/glances-2.11.1/.pybuild/pythonX.Y_3.6/build' (and 
everything under it)
'build/bdist.linux-x86_64' does not exist -- can't clean it
'build/scripts-3.6' does not exist -- can't clean it
   debian/rules override_dh_clean
make[1]: Entering directory '/opt/deb/build-area/glances-2.11.1'
rm -rf ./Glances.egg-info
dh_clean
make[1]: Leaving directory '/opt/deb/build-area/glances-2.11.1'
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: applying 001_reproducible-build.patch
dpkg-source: info: applying 002_no_put_links_in_doc.patch
dpkg-source: info: applying 003_not_install_static_dir.patch
dpkg-source: info: applying 001_disable-pypi.patch
dpkg-source: info: building glances using existing ./glances_2.11.1.orig.tar.gz
dpkg-source: info: building glances in glances_2.11.1-2.debian.tar.xz
dpkg-source: info: building glances in glances_2.11.1-2.dsc
sbuild (Debian sbuild) 0.73.0 (23 Dec 2016) on 

Bug#884038: Bug #884038: [git] 2.15.x fails to fetch remote repository

[Nicolas Braud-Santoni]

Control: tag -1 + moreinfo

Hi,

On Sun, Dec 10, 2017 at 07:44:14PM +0100, mirq-debo...@rere.qmqm.pl wrote:
> Package: git
> Version: 1:2.15.1-1
> Severity: grave
> 
> --- Please enter the report below this line. ---
> 
> git 2.15.x from testing can't properly fetch from remote repository:

I find myself unable to reproduce the problem:

> $ git clone https://github.com/torvalds/linux.git
> Cloning into 'linux'...
> remote: Counting objects: 5772759, done.
> remote: Compressing objects: 100% (945/945), done.
> remote: Total 5772759 (delta 852), reused 339 (delta 339), pack-reused 5771475
> Receiving objects: 100% (5772759/5772759), 1.94 GiB | 5.39 MiB/s, done.
> Resolving deltas: 100% (4785819/4785819), done.
> 
> git clone https://github.com/torvalds/linux.git  430.98s user 60.46s system 
> 95% cpu 8:34.72 total
> 
> $ git --version
> git version 2.15.1

(Subsequent `git fetch`es worked as intended)


Is this the only repository on which you encounter this problem?
Can you reliably reproduce it? Can you reproduce it in a fresh git-clone?


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#858576: python3-seaborn: Missing dependency on python3-tk

[Nicolas Braud-Santoni]

Package: python3-seaborn
Version: 0.7.1-2
Severity: serious

Dear Maintainer,

In a Python 3 interpreter, with python3-seaborn freshly installed,
`import seaborn` simply fails:

> >>> import seaborn
> Traceback (most recent call last):
>   File "/usr/lib/python3.5/tkinter/__init__.py", line 36, in 
> import _tkinter
> ImportError: No module named '_tkinter'
> 
> During handling of the above exception, another exception occurred:
> 
> Traceback (most recent call last):
>   File "", line 1, in 
>   File "/usr/lib/python3/dist-packages/seaborn/__init__.py", line 6, in 
> 
> from .rcmod import *
>   File "/usr/lib/python3/dist-packages/seaborn/rcmod.py", line 8, in 
> from . import palettes, _orig_rc_params
>   File "/usr/lib/python3/dist-packages/seaborn/palettes.py", line 12, in 
> 
> from .utils import desaturate, set_hls_values, get_color_cycle
>   File "/usr/lib/python3/dist-packages/seaborn/utils.py", line 12, in 
> import matplotlib.pyplot as plt
>   File "/usr/lib/python3/dist-packages/matplotlib/pyplot.py", line 115, in 
> 
> _backend_mod, new_figure_manager, draw_if_interactive, _show = 
> pylab_setup()
>   File "/usr/lib/python3/dist-packages/matplotlib/backends/__init__.py", line 
> 32, in pylab_setup
> globals(),locals(),[backend_name],0)
>   File "/usr/lib/python3/dist-packages/matplotlib/backends/backend_tkagg.py", 
> line 6, in 
> from six.moves import tkinter as Tk
>   File "/usr/lib/python3/dist-packages/six.py", line 92, in __get__
> result = self._resolve()
>   File "/usr/lib/python3/dist-packages/six.py", line 115, in _resolve
> return _import_module(self.mod)
>   File "/usr/lib/python3/dist-packages/six.py", line 82, in _import_module
> __import__(name)
>   File "/usr/lib/python3.5/tkinter/__init__.py", line 38, in 
> raise ImportError(str(msg) + ', please install the python3-tk package')
> ImportError: No module named '_tkinter', please install the python3-tk package


Installing python3-tk solves the issue.


Filing as serious, as I believe this is a missing dependency (hence,
a severe policy violation).  Feel free to readjust this.


Best,

  nicoo


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-seaborn depends on:
ii  python3-matplotlib  2.0.0+dfsg1-2
ii  python3-numpy   1:1.12.0-2
ii  python3-pandas  0.19.2-5
ii  python3-scipy   0.18.1-2
pn  python3:any 

Versions of packages python3-seaborn recommends:
pn  python3-bs4
pn  python3-patsy  

python3-seaborn suggests no packages.

-- no debconf information

Bug#854517: vagrant-sshfs: Makes vagrant crash with “cannot load translations”

[Nicolas Braud-Santoni]

Package: vagrant-sshfs
Version: 1.3.0-1
Severity: grave

Dear Maintainer,

After installing vagrant-sshfs, I cannot run vagrant anymore.

> % vagrant init debian/jessie64; vagrant up --provider libvirt
> /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:184:in `rescue in load_yml': 
> can not load translations from /usr/lib/ruby/locales/synced_folder_sshfs.yml: 
> # /usr/lib/ruby/locales/synced_folder_sshfs.yml> (I18n::InvalidLocaleData)
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:181:in `load_yml'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:165:in `load_file'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:15:in `block in 
> load_translations'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:15:in `each'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:15:in 
> `load_translations'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/simple.rb:57:in 
> `init_translations'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/simple.rb:40:in 
> `available_locales'
>   from /usr/lib/ruby/vendor_ruby/i18n/config.rb:43:in `available_locales'
>   from /usr/lib/ruby/vendor_ruby/i18n/config.rb:49:in 
> `available_locales_set'
>   from /usr/lib/ruby/vendor_ruby/i18n.rb:278:in `locale_available?'
>   from /usr/lib/ruby/vendor_ruby/i18n.rb:284:in 
> `enforce_available_locales!'
>   from /usr/lib/ruby/vendor_ruby/i18n.rb:151:in `translate'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/errors.rb:103:in
>  `translate_error'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/errors.rb:72:in
>  `initialize'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/plugins/commands/init/command.rb:51:in
>  `exception'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/plugins/commands/init/command.rb:51:in
>  `raise'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/plugins/commands/init/command.rb:51:in
>  `execute'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/cli.rb:42:in
>  `execute'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/environment.rb:274:in
>  `cli'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/bin/vagrant:122:in 
> `'
>   from /usr/bin/vagrant:22:in `load'
>   from /usr/bin/vagrant:22:in `'
> /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:184:in `rescue in load_yml': 
> can not load translations from /usr/lib/ruby/locales/synced_folder_sshfs.yml: 
> # /usr/lib/ruby/locales/synced_folder_sshfs.yml> (I18n::InvalidLocaleData)
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:181:in `load_yml'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:165:in `load_file'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:15:in `block in 
> load_translations'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:15:in `each'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:15:in 
> `load_translations'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/simple.rb:57:in 
> `init_translations'
>   from /usr/lib/ruby/vendor_ruby/i18n/backend/simple.rb:40:in 
> `available_locales'
>   from /usr/lib/ruby/vendor_ruby/i18n/config.rb:43:in `available_locales'
>   from /usr/lib/ruby/vendor_ruby/i18n/config.rb:49:in 
> `available_locales_set'
>   from /usr/lib/ruby/vendor_ruby/i18n.rb:278:in `locale_available?'
>   from /usr/lib/ruby/vendor_ruby/i18n.rb:284:in 
> `enforce_available_locales!'
>   from /usr/lib/ruby/vendor_ruby/i18n.rb:151:in `translate'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/plugins/providers/virtualbox/provider.rb:102:in
>  `state'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/machine.rb:506:in
>  `state'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/machine.rb:145:in
>  `initialize'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/vagrantfile.rb:79:in
>  `new'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/vagrantfile.rb:79:in
>  `machine'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/environment.rb:635:in
>  `machine'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/plugin/v2/command.rb:177:in
>  `block in with_target_vms'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/plugin/v2/command.rb:201:in
>  `block in with_target_vms'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/plugin/v2/command.rb:183:in
>  `each'
>   from 
> /usr/share/rubygems-integration/all/gems/vagrant-1.9.1/lib/vagrant/plugin/v2/command.rb:183:in
>  `with_target_vms'
>   from 
> 

Bug#851513: Build fails with Linux kernel 4.9.0

[Nicolas Braud-Santoni]

Package: zfs-dkms
Version: 0.6.5.8-3
Followup-For: Bug #851513

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Confirmed not working in stretch.

See attached make.log


- -- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages zfs-dkms depends on:
ii  debconf [debconf-2.0]  1.5.59
ii  dkms   2.3-2
ii  lsb-release9.20161125
ii  spl-dkms   0.6.5.8-3

Versions of packages zfs-dkms recommends:
pn  zfs-zed 
ii  zfsutils-linux  0.6.5.8-3

zfs-dkms suggests no packages.

- -- debconf information:
* zfs-dkms/note-incompatible-licenses:
  zfs-dkms/stop-build-for-32bit-kernel: true
  zfs-dkms/stop-build-for-unknown-kernel: true

-BEGIN PGP SIGNATURE-

iQJNBAEBCgA3FiEEiWEbFKE2h/s1SpJPnU+IAQz+GeMFAliQvtYZHG5pY29sYXNA
YnJhdWQtc2FudG9uaS5ldQAKCRCdT4gBDP4Z43UID/9nsoTM9YLXQSvfQmnLmOdT
0MF+7JB98jJZ6ZwmdY5Ub+n7jSLUefNGcpSgi5+5Howu0vv1xPX261jjCHzzJne9
AvkUepTWPiwEP+b38mHAQyPJ5AHF38fBtqX37kZwHc+RtyzFiqcV3F/MDezRqCCN
fEFornUBASISeaZ8fHmE9pTG2RkCKQAVytLQqStvTUZ7l536jQCWdpccOigJ1OcS
2vNu+PJiKgNXXR6hhxjFc0Nv2dNDZanQVms/dSubLgQ38w6cUjMDS/ON4IesGXYD
Sl7H9up3x8vPW4vQFhsSkX9EnskE8MG+owPuxsF3qsbxK6l0TKHtkLHaStoJl2ou
amb6ivHjhj/x6kfGE2AI0pbjm6Kmf72thu2KcZXkpAWQqnnxA6TDQur/59zCSlxm
WT87qBc8tRbrzrKY/gNeGMQbVjC9+QWm81tglXaBnLv/dQWANXRQ1WDMAP2LnXwG
vZ5w9DZUpsZLsDgOP631/KhTIaa9IC79etdyaqTpfZAfo9H3L693iOPrHOAzIZTl
uC+4zZE2yBCYOE5bFIDg8xOkO889VhyYMv8mNxwd3RTcLEZDw06CWMLkzQcRBnOk
L0HpYz6gYOgHvZTs9SM7C9yCjnY12OtimZwR5wzOs1wyxtmCse1PPWhWGa4Jf5KO
aWQrK6pC1I1R4ZsDKiCJUA==
=l9wm
-END PGP SIGNATURE-
DKMS make.log for zfs-0.6.5.8 for kernel 4.9.0-1-amd64 (x86_64)
Tue Jan 31 13:44:17 CET 2017
make  all-recursive
make[1]: Entering directory '/var/lib/dkms/zfs/0.6.5.8/build'
Making all in module
make[2]: Entering directory '/var/lib/dkms/zfs/0.6.5.8/build/module'
make -C /lib/modules/4.9.0-1-amd64/build SUBDIRS=`pwd`  
O=/lib/modules/4.9.0-1-amd64/build CONFIG_ZFS=m modules
make[3]: Entering directory '/usr/src/linux-headers-4.9.0-1-amd64'
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/avl/avl.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/nvpair/nvpair.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/unicode/u8_textprep.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zfs_deleg.o
/var/lib/dkms/zfs/0.6.5.8/build/module/avl/avl.c: In function ‘avl_add’:
/var/lib/dkms/zfs/0.6.5.8/build/module/avl/avl.c:647:2: warning: ‘where’ may be 
used uninitialized in this function [-Wmaybe-uninitialized]
  avl_insert(tree, new_node, where);
  ^
  LD [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/avl/zavl.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/arc.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zfs_prop.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/nvpair/fnvpair.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zprop_common.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/unicode/uconv.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/nvpair/nvpair_alloc_spl.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/nvpair/nvpair_alloc_fixed.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zfs_namecheck.o
  LD [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/unicode/zunicode.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zfs_comutil.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/blkptr.o
  LD [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/nvpair/znvpair.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zpios/pios.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/bplist.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zfs_fletcher.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zfs_uio.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/bpobj.o
  LD [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zpios/zpios.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/dbuf.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zpool_prop.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/dbuf_stats.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/bptree.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/ddt.o
  LD [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zcommon/zcommon.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/ddt_zap.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/dmu.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/dmu_diff.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/dmu_object.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/dmu_objset.o
  CC [M]  /var/lib/dkms/zfs/0.6.5.8/build/module/zfs/dmu_send.o
  CC [M]  

Bug#837026: {t,}csh FTBFS

[Nicolas Braud-Santoni]

Hi,

I was working on this today at the Salzburg BSP and should finish
tomorrow.


Best,

  nicoo

Bug#838748: Patch pending for cloud-init bugs 838748, 780637 and 695327

[Nicolas Braud-Santoni]

Control: tag -1 pending
X-Debbugs-CC: hol...@debian.org

Hi,

I prepared an upload for a new version of cloud-init which fixes
(among other things) this bug.  It is currently available in the
v0.7.8/master branch on alioth.

Should I NMU this?


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#832877: Bug #832877: mathcomp: FTBFS: build-dependency not installable: libssreflect-coq (>= 1.5)

[Nicolas Braud-Santoni]

Hi Lucas,

Your report is in essence a duplicate of #832877 (which is assigned to
ssreflect).

There is an upload pending that solves this issue  ;)


Best,

  nicoo


PS: I'm not merging those bugs, since they are assigned to different
source packages; after the upload, ssreflect will be built by the
mathcomp source package.


signature.asc
Description: PGP signature

Bug#815684: Bug#813596: coq-float and why cannot be built with Coq 8.5 (Bugs #813596 and #815684)

[Nicolas Braud-Santoni]

Control: tag -1 upstream

On Sat, Jul 23, 2016 at 08:35:15PM +0200, Ralf Treinen wrote:
> 
> Why also does not compile with the current vesion of why3. I talked 
> to why upstream about this a few days ago. There will be a new upstream
> release of why soon which will fix this. I suspect this will also 
> fix compilation whith coq-8.5.
> 
> I also asked him whether it stills makes sense to maintain a package
> for why and was told that yes, since why3 does not yet support
> interfaces to frama-c and krakakoa. 
> 
> I don't know about coq-float, though.


That's great news!

Thanks a lot  :)

Bug#731400: Future of camlduce (Debian bug #731400)

[Nicolas Braud-Santoni]

Hi Stéphane,

camlduce is not compilable since 2013, and requires an update upstream
to make it work with recent versions of OCaml.


Since you are the upstream developer, I would like to ask you if there
are any plans to make this happen in the forseeable future.

If not, would you be OK with camlduce being removed from Debian
unstable?


Best regards,

  nicoo

Bug#742881: Bug #742881: missing license in debian/copyright

[Nicolas Braud-Santoni]

Control: tag -1 pending

Hi,

I prepared an upload for a new upstream version of camlpdf.
As part of this, I updated the copyright information.


Best,

  nicoo

Bug#813459: Bug #813459: aac-tactics: FTBFS: Error: The constructor vcons (in type vT) expects 2 arguments

[Nicolas Braud-Santoni]

Control: tag -1 pending

Hi,

I prepared an upload for an up-to-date version of aac-tactics,
which (obviously) solves the FTBFS.

I should push it to alioth in the evening.


Best,

  nicoo

Bug#813596: coq-float and why cannot be built with Coq 8.5 (Bugs #813596 and #815684)

[Nicolas Braud-Santoni]

Hi,

coq-float and why cannot build under Coq 8.5, leading to two FTBFS bugs.
(Note: This is about why, not why3)

I confirmed that (beyond some mild build-system breakage) the issues
are due to changes in Coq, and neither are still maintained upstream.

As such, I would like to suggest we delete those packages:
they are not buildable anymore, are not maintained anymore,
and taking up maintainership ourselves sounds like a losing proposal.


Best,

  nicoo

Bug#829237: Bug #829237: systemd-docker: FTBFS

[Nicolas Braud-Santoni]

Control: block -1 by 830478

Hi,

I attempted to fix this, and it seems to be a simple missing
Build-Depends.  However, I discovered that the dependency installs
its source in the wrong directory.

The fix is thus blocked on #830478


Best,

  nicoo

Bug#830478: golang-github-docker-docker-dev installs source to /usr/share/gocode/github.com/docker/docker

[Nicolas Braud-Santoni]

Package: golang-github-docker-docker-dev
Severity: serious

Dear Maintainer,


While working on #829237 (FTBFS on systemd-docker), I discovered that
golang-github-docker-docker-dev installs its source under
/usr/share/gocode/${DH_GOPKG} rather than /usr/share/gocode/src/${DH_GOPKG}.


Best,

  nicoo


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#752208: [unison-gtk] Doesn't synchronize windows fat subfolders

[Nicolas Braud-Santoni]

Control: tags -1 + moreinfo
Control: severity -1 important
Control: retitle -1 unison fails to synchronize FS modified under Windows

Hi,

According to the documentation, only file timestamps are
used, not directory timestamps, and fastchecks can be disabled:

  
https://www.cis.upenn.edu/~bcpierce/unison/download/releases/stable/unison-manual.html#fastcheck

I'm reducing the severity to “important”, given that:
- the issue only occurs in a very specific corner-case:
  a FS modified under Windows is subsequently mounted on Linux
  and synchronized from there (with the default fastcheck setting);
- the issue can be easily worked around by disabling fastcheck.


I tested using a Windows 8 VM and a FAT32 volume that I shared with
my Linux host, and was able to synchronize properly with fastcheck
disabled.

Could you confirm that this was the issue you encountered (your initial
bug report was a bit unclear) and that disabling fastcheck indeed solves
it?


Best,

  nicoo


signature.asc
Description: PGP signature

Bug#820690: libu2f-server: FTBFS - missing build-dep libglib2.0-dev

[Nicolas Braud-Santoni]

Control: tags -1 - patch + pending

The patch was merged in the packaging repo a month ago.

Please upload the updated package.


signature.asc
Description: PGP signature

Bug#820690: libu2f-server: FTBFS - missing build-dep libglib2.0-dev

[Nicolas Braud-Santoni]

Control: tags -1 patch

Hi,

A patch was submitted, as a pull request against the packaging repo[0].


[0] https://github.com/Yubico/libu2f-server-dpkg/pull/1


signature.asc
Description: PGP signature

Bug#820686: libu2f-host: FTBFS - missing build-dep libglib2.0-dev

[Nicolas Braud-Santoni]

Control: tags -1 patch

The previous patch contained a typo in the changelog.
Please find enclosed a fixed version.


Best,

  nicoo
From e8a764087c88dc569f5d264cf9e28845499a0efb Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: Mon, 9 May 2016 00:23:54 +0200
Subject: [PATCH] Fix dependencies and bump Standards-Version

---
 debian/changelog | 6 ++
 debian/control   | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 5f2a95b..02f0584 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libu2f-host (1.0.0-3) unstable; urgency=medium
+
+  * Fix dependencies (libjson & glib2.0) (Closes: 820686).
+
+ --
+
 libu2f-host (1.0.0-2) UNRELEASED; urgency=low
 
   * Add gbp.conf.
diff --git a/debian/control b/debian/control
index acc2b87..3e8c507 100644
--- a/debian/control
+++ b/debian/control
@@ -5,14 +5,15 @@ Section: utils
 Priority: extra
 Build-Depends: debhelper (>= 9),
 	   pkg-config,
+	   libglib2.0-dev,
 	   libhidapi-dev,
-	   libjson0-dev,
+	   libjson-c-dev,
 	   gengetopt,
 	   help2man,
 	   dh-autoreconf,
 	   gtk-doc-tools,
 	   dblatex
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Homepage: https://developers.yubico.com/libu2f-host/
 Vcs-Git: git://github.com/Yubico/libu2f-host-dpkg.git
 Vcs-Browser: https://github.com/Yubico/libu2f-host-dpkg
-- 
2.8.1



signature.asc
Description: PGP signature

Bug#820686: libu2f-host: FTBFS - missing build-dep libglib2.0-dev

[Nicolas Braud-Santoni]

Dear maintainer,

Here is a patch fixing the build failure.

I also took the opportunity to bump the Standards-Version (after checking
  that the package was compliant).

There remains a Lintian warning about debian/copyright containing multiple
  licences under the same name, but I'm not sure how to handle the “messy”
  situation here.


Please consider merging and uploading this patch soon, as the package is
  due for removal on the 25th.  In case you do not have the time or
  inclination to maintain it anymore, please consider putting it in
  collab-maint.


Best,

  nicoo
From cb99d35f7cb0abf91d40403201a66895ee8f6c35 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: Mon, 9 May 2016 00:23:54 +0200
Subject: [PATCH] Fix dependencies and bump Standards-Version

---
 debian/changelog | 6 ++
 debian/control   | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 5f2a95b..5da36c5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libu2f-host (1.0.0-3) unstable; urgency=medium
+
+  * Fix dependencies (libjson & glib2.0) (closes 820686).
+
+ --
+
 libu2f-host (1.0.0-2) UNRELEASED; urgency=low
 
   * Add gbp.conf.
diff --git a/debian/control b/debian/control
index acc2b87..3e8c507 100644
--- a/debian/control
+++ b/debian/control
@@ -5,14 +5,15 @@ Section: utils
 Priority: extra
 Build-Depends: debhelper (>= 9),
 	   pkg-config,
+	   libglib2.0-dev,
 	   libhidapi-dev,
-	   libjson0-dev,
+	   libjson-c-dev,
 	   gengetopt,
 	   help2man,
 	   dh-autoreconf,
 	   gtk-doc-tools,
 	   dblatex
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Homepage: https://developers.yubico.com/libu2f-host/
 Vcs-Git: git://github.com/Yubico/libu2f-host-dpkg.git
 Vcs-Browser: https://github.com/Yubico/libu2f-host-dpkg
-- 
2.8.1



signature.asc
Description: PGP signature