Bug#898679: palapeli: using palapeli if you try to navigate to hidden directory you cannot see hidden directory.

[shirish शिरीष]

Package: palapeli
Version: 4:17.12.2-1
Severity: normal

Dear Maintainer,

I tried adding an image which is in a hidden directory, i.e.
./$directory. I am on debian-mate on debian-testing. I am not using
konqueror

$ aptitude search konqueror nautilus
p   konqueror- advanced
file manager, web browser and document viewer
..
p   nautilus - file
manager and graphical shell for GNOME

So the only option left is caja and as can be seen it doesn't show the
hidden files and folders. Attaching two pictures which show the same.


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (100, 'experimental'), (100, 'unstable'), (1,
'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages palapeli depends on:
ii  kio   5.45.0-1
ii  libc6 2.27-3
ii  libkf5archive55.45.0-1
ii  libkf5completion5 5.45.0-1
ii  libkf5configcore5 5.45.0-1
ii  libkf5configgui5  5.45.0-1
ii  libkf5configwidgets5  5.45.0-1
ii  libkf5coreaddons5 5.45.0-1
ii  libkf5crash5  5.45.0-1
ii  libkf5i18n5   5.45.0-1
ii  libkf5itemviews5  5.45.0-1
ii  libkf5kiowidgets5 5.45.0-1
ii  libkf5notifications5  5.45.0-1
ii  libkf5service-bin 5.45.0-1
ii  libkf5service55.45.0-1
ii  libkf5widgetsaddons5  5.45.0-1
ii  libkf5xmlgui5 5.45.0-1
ii  libqt5core5a  5.10.1+dfsg-6
ii  libqt5gui55.10.1+dfsg-6
ii  libqt5svg55.10.1-2
ii  libqt5widgets55.10.1+dfsg-6
ii  libstdc++68.1.0-1
ii  palapeli-data 4:17.12.2-1

Versions of packages palapeli recommends:
ii  khelpcenter  4:18.04.0-1
ii  qhull-bin2015.2-4

palapeli suggests no packages.

-- no debconf information


-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#898320: kdeconnect: 1.3.0 does not work with 1.8.2 android version

[Eric Valette]

On 5/11/18 10:42 PM, Eric Valette wrote:
Le 11 mai 2018 20:37:06 GMT+02:00, Diederik de Haas 
 a écrit :


On vrijdag 11 mei 2018 10:18:06 CEST Eric Valette wrote:

It can be on the client side (android both and 1.8.2 android version
both) but I have two differents. It could be network but no
firewall and
both machines do see each other using ssh, upnp, ...


With me it also fails from time to time and I have not found a pattern which
would explain it.
What very often helps, is starting kdeconnect explicitly on my phone and 
that
either fixes it or gives me a clue why it fails, which often means 
re-pairing
the devices.


Thanks for the hint. I started KDE connect explicitly, no help. I even 
added pc device by Name or ip without result. I'm good for a Wireshark 
session.


Well, I did a quick wireshark session, using my pĥone source ip address 
as a filter crietria on the PC running wireshark and I do see both 
devices (tel and PC) talking to each other, sending IPV4 payload message 
containing things like strings containing kdeconnect, PC name, tel name, 
various devices properties, but in the end they do not connect to each 
other. So this is not a simple "network problem".


I can send pcap traces if anyone speaks kde connect fluently ;-)

-- eric

qbs_1.11.1+dfsg-2_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 14 May 2018 23:18:21 +0300
Source: qbs
Binary: qbs qbs-common libqbscore1.11 libqbsqtprofilesetup1.11 qbs-dev 
qbs-examples qbs-doc qbs-doc-html
Architecture: source
Version: 1.11.1+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Dmitry Shachnev 
Description:
 libqbscore1.11 - Qbs core library
 libqbsqtprofilesetup1.11 - Qbs profile setup library
 qbs- cross-platform build tool
 qbs-common - Qbs static files
 qbs-dev- Qbs development files
 qbs-doc- Qbs documentation
 qbs-doc-html - Qbs HTML documentation
 qbs-examples - examples for Qbs build tool
Changes:
 qbs (1.11.1+dfsg-2) unstable; urgency=medium
 .
   * Fix architecture independent builds.
   * Update libqbsqtprofilesetup1.11.symbols from buildds’ logs.
Checksums-Sha1:
 de8cc463b64861238c21499795765ddb2d21181a 2582 qbs_1.11.1+dfsg-2.dsc
 5adf681e2c9d144d3a72d6c39fad9e52fe2c0a94 4277757 qbs_1.11.1+dfsg.orig.tar.gz
 22548bc860616a5f1a2aaf5a56659cfca73129ee 26964 qbs_1.11.1+dfsg-2.debian.tar.xz
 af958ba8afa6ff6b200bc55cd4121215fb8a419d 8679 
qbs_1.11.1+dfsg-2_source.buildinfo
Checksums-Sha256:
 eeaf547b9bac3b161e9f1855f088b1bff81f52fb65e4ac49bdb55b5832bbb6b1 2582 
qbs_1.11.1+dfsg-2.dsc
 4c58ad69e31fa7ae67aebf383c12d2d0faf83c1a54456f70f0856fbc534a9e70 4277757 
qbs_1.11.1+dfsg.orig.tar.gz
 a6989afe61cbdbb217c4f969efa3e46dc1729e5600852bea84cf5e761ff92fc3 26964 
qbs_1.11.1+dfsg-2.debian.tar.xz
 ebc04b6f5056960028f1ada0b973666c3235f2d5e16214acfcaa1f8595a99c96 8679 
qbs_1.11.1+dfsg-2_source.buildinfo
Files:
 d8b32908026fc09a17cf45a3fce349a6 2582 devel optional qbs_1.11.1+dfsg-2.dsc
 ec1ac40acfb99c4a8a057d3b6f14732c 4277757 devel optional 
qbs_1.11.1+dfsg.orig.tar.gz
 61b885c44c1c68502a10e0e4c046c0ce 26964 devel optional 
qbs_1.11.1+dfsg-2.debian.tar.xz
 2ec5d85511719d318257e6f137557cea 8679 devel optional 
qbs_1.11.1+dfsg-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJHBAEBCgAxFiEEbEPcK+5mZmLK5jNU1v5xA2P4XdMFAlr575YTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRDW/nEDY/hd08e1D/9MLinTu4KGC1BFR6Rnr7TXwJ3VblIo
YRhcqDuUM4KcRXKsaPXPpJSblbjEF92uLx3rCYIiGIR18EaPJgw2BWVVGC3j/Zbt
9GWQwq7G3CXIsSL8CiU526qu/bRN8I1NPf9GGaquQFmzM18QVc0HdbSyCkGIarLI
G0jntrTxFOZiu0KbV4qeG4Rpii99sh5hlepI6mRjodNtKbQEL3FEopdrAQ/3ztXW
vfWnFQv7DWUHflSEBpj1Llpl9P7LljOPlb1VHglhxaWocFYXYZnJqB67UnD57iDR
JHF9+PJ+JeopHo9wjN+1qHziM7MSM4YKU+ZVqPaCGnOxUW0P9OPolfi9EfiQG9Og
jgR7rSXJpUnHzjd4KV8eAz2ydZAFzr6P7PEMXKWVFlN6bU7ne2B9SDLQJgX+oSC3
tk3gKsgRm22wE2tLkHqtayK640YABbbNf0Cb5JCXpBwuhOiRTDOtfTMVqZmTKw0X
x6prqcB6P9Cfm+XafqfscSQsWaPaBdmXGVRip52N5nIPk5xiiL8JJLe6FF6wKERX
LSOHiPPPNXwXMp+o/SG3Zci8pENRjUzX6cGexP9Ct3C6WHRtp4obNwvaGsBwTagc
aG+y/KIjzrf9FP9yQq4hbNedWT7OVtIfUHNnYjtdJK0vl5efZYeDkFqadicOIYtb
37YixXuoO3/Ehg==
=ptD6
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of qbs_1.11.1+dfsg-2_source.changes

[Debian FTP Masters]

qbs_1.11.1+dfsg-2_source.changes uploaded successfully to localhost
along with the files:
  qbs_1.11.1+dfsg-2.dsc
  qbs_1.11.1+dfsg.orig.tar.gz
  qbs_1.11.1+dfsg-2.debian.tar.xz
  qbs_1.11.1+dfsg-2_source.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

kwallet-pam_5.8.4-1+deb9u2_amd64.changes ACCEPTED into proposed-updates->stable-new

[Debian FTP Masters]

Mapping stable-security to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 09 May 2018 22:55:11 +0200
Source: kwallet-pam
Binary: libpam-kwallet-common libpam-kwallet4 libpam-kwallet5
Architecture: source all amd64
Version: 5.8.4-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian/Kubuntu Qt/KDE Maintainers 
Changed-By: Maximiliano Curia 
Description:
 libpam-kwallet-common - KWallet integration with PAM (common files)
 libpam-kwallet4 - KWallet (KDE 4) integration with PAM
 libpam-kwallet5 - KWallet (Kf5) integration with PAM
Changes:
 kwallet-pam (5.8.4-1+deb9u2) stretch-security; urgency=high
 .
   * Add patch Avoid-giving-an-stderr-to-kwallet.patch.
 The fixes for CVE-2018-10380 introduced a regression, the reorder of the
 close calls and creating a new socket caused that the socket is always
 assigned the file descriptor 2, aka stderr, causing kwalletd to break
 the socket when printing something. This patch reorders the calls to avoid
 having the socket in stderr.
Checksums-Sha1:
 e00208fde88c0278ca71c98ee41264bc613c370d 2276 kwallet-pam_5.8.4-1+deb9u2.dsc
 771c731eb497346e72d29097478439e427f49cf9 7892 
kwallet-pam_5.8.4-1+deb9u2.debian.tar.xz
 16da7e6c70174052e5e9800d453ee66b6268fb50 12374 
kwallet-pam_5.8.4-1+deb9u2_amd64.buildinfo
 2a77c83d51f040b162bd36029391631d079a875b 6022 
libpam-kwallet-common_5.8.4-1+deb9u2_all.deb
 d0f0756d8031f04992d1945acdf1f80a9350f84d 16504 
libpam-kwallet4-dbgsym_5.8.4-1+deb9u2_amd64.deb
 d787039fe0602a22ebc42419f78e58500e24cf05 10982 
libpam-kwallet4_5.8.4-1+deb9u2_amd64.deb
 655a6ab30d8946ffb5ae62dc0bb10c24e2b2de1f 16524 
libpam-kwallet5-dbgsym_5.8.4-1+deb9u2_amd64.deb
 31a17d369a986e8c903e4f2dd0ce0656140ddc3d 10944 
libpam-kwallet5_5.8.4-1+deb9u2_amd64.deb
Checksums-Sha256:
 953518cb48685ff9de645617a18e4aa935f54d83fbb359f9b7fa6b288deadc92 2276 
kwallet-pam_5.8.4-1+deb9u2.dsc
 835513dec413ce1aa40758aa8f974e5a516520ff8b33684703adf90e5256b876 7892 
kwallet-pam_5.8.4-1+deb9u2.debian.tar.xz
 b3086c63138a9f78853dcc0afb3bf583677053f71bbdf55879977e5e3c1b 12374 
kwallet-pam_5.8.4-1+deb9u2_amd64.buildinfo
 ce5d593e705352c930573be3bad90ff52d2b316b14b8cca2f570f5ea67caba5c 6022 
libpam-kwallet-common_5.8.4-1+deb9u2_all.deb
 55b230aed381b5464cca01f4fd6212d30119a799001c2d1af79531d0c3bbc7fa 16504 
libpam-kwallet4-dbgsym_5.8.4-1+deb9u2_amd64.deb
 5dff51ab097d3c4129bda787f6bb4b513d9ba01a9097129188f3730b164e5a9c 10982 
libpam-kwallet4_5.8.4-1+deb9u2_amd64.deb
 0a09c374e63798adb946e1db8f6a487b56e07ddd8e7b4fa62e9290bf3f62fa13 16524 
libpam-kwallet5-dbgsym_5.8.4-1+deb9u2_amd64.deb
 9cabac4a5d26a9dde9744b54eb1b6bdbea22acf4bc14cacc90b9af34ce25f2d5 10944 
libpam-kwallet5_5.8.4-1+deb9u2_amd64.deb
Files:
 f330151be238b42950c8ff23ad8c2380 2276 kde optional 
kwallet-pam_5.8.4-1+deb9u2.dsc
 b41b72a338f16bd06a0a23d0123710cc 7892 kde optional 
kwallet-pam_5.8.4-1+deb9u2.debian.tar.xz
 7679537c90d138f229bbd0780c2f51ed 12374 kde optional 
kwallet-pam_5.8.4-1+deb9u2_amd64.buildinfo
 43383400881527a67c326253bcd34d3f 6022 kde optional 
libpam-kwallet-common_5.8.4-1+deb9u2_all.deb
 4e328bcb55df6e2d506acd5277e43540 16504 debug extra 
libpam-kwallet4-dbgsym_5.8.4-1+deb9u2_amd64.deb
 df1b1925517099774f0e40d99aac8920 10982 kde optional 
libpam-kwallet4_5.8.4-1+deb9u2_amd64.deb
 4e7b97d1540def552878ea12df180383 16524 debug extra 
libpam-kwallet5-dbgsym_5.8.4-1+deb9u2_amd64.deb
 4386bfee51f55f4020fe2864f2d64459 10944 kde optional 
libpam-kwallet5_5.8.4-1+deb9u2_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE+JIdOnQEyG4RNSIVxxl2mbKbIyoFAlrza40ACgkQxxl2mbKb
IyqhtQ//Tg79PB76si9/IiFSSACdCMlDRuR5Fc2jBJnYL3zdA8Jc1Zypz1zbUW4I
uBJnfA5At1RQ2KlQI0GGcSfADdAbJLnU4f3Liy/BemXB92UP2gKq7tXtCgI6qL6c
L7hJEG6qTPf35yU6bvlM8gvvR7bbGBuLyYELZkUaaeODJvSxs7rksMG160T6m+Nb
6JezQjbZ+xeW9AlrG6IFccOmFsrWcByobuq7U5L9dYvSmzrkcbf722FsW/yh6ipq
1y+sVKYAcrYfJvbcV1Gqu1Rycz9PFwj1JJaChG/0qkDLJzW4D2a2lspyJXs6pdNk
88OTOMl3m2L10BNZLjsZNZNm2a3OpUEmVtnwef5HOtIQgRQ6G0FHF+DX1KXBiOnN
KVpWYikx2tuoTml+DLuJemgukY1C7hYSh5Lurz0OleFa0nFBBjvJunfA4VMht1Gk
tThCuWmPBJaCuGXVS+KIF2eQMk/huoFN3lbgqaKetsFfHLgW+xgPoQb3d/VQwNgP
oquql0DneJPgg3IvnIiVwLG9GkTt+Tu1hMRYR4yjFWNAZVLkAOiMelHbpz3OVMYm
X2iKxhcZeQ5gzRG1iTpNPURI/zw2jDlEiTqYdwYzLGy2mWf3V/dvtGuYYOGG0POa
2U+6tp5qsYuHjIjvuhKUipOz+cCuNjH51cjr7W7bE5ccJfCwv5o=
=ihnq
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

kwallet-pam_5.8.4-1+deb9u1_source.changes ACCEPTED into proposed-updates->stable-new

[Debian FTP Masters]

Mapping stable-security to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 03 May 2018 19:01:35 +0200
Source: kwallet-pam
Binary: libpam-kwallet-common libpam-kwallet4 libpam-kwallet5
Architecture: source
Version: 5.8.4-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian/Kubuntu Qt/KDE Maintainers 
Changed-By: Maximiliano Curia 
Description:
 libpam-kwallet-common - KWallet integration with PAM (common files)
 libpam-kwallet4 - KWallet (KDE 4) integration with PAM
 libpam-kwallet5 - KWallet (Kf5) integration with PAM
Changes:
 kwallet-pam (5.8.4-1+deb9u1) stretch-security; urgency=high
 .
   * CVE-2018-10380 fix
 Add upstream patches Move-salt-creation-to-an-unprivileged-process.patch
 and Move-socket-creation-to-unprivileged-codepath.patch.
Checksums-Sha1:
 f85b0baae9912f14efdcca073f85f449fb00f0e3 2276 kwallet-pam_5.8.4-1+deb9u1.dsc
 4280fb70578c28df229fc257cac936b62a2111dc 17656 kwallet-pam_5.8.4.orig.tar.xz
 32f92c605b8abf0bd58d1e9ebab66c9bc961b3fe 7316 
kwallet-pam_5.8.4-1+deb9u1.debian.tar.xz
 352c21be1513cad3fd3a1691aa341c4830649f62 13126 
kwallet-pam_5.8.4-1+deb9u1_source.buildinfo
Checksums-Sha256:
 ac588ee78c309e33a7ea7a661bcc9e6c4cd3e7932ecb950666583521c6ea413f 2276 
kwallet-pam_5.8.4-1+deb9u1.dsc
 9689604b63e34a3ec17fa945e21a3184ee46c510886cb754415bfa4362e63891 17656 
kwallet-pam_5.8.4.orig.tar.xz
 2331a3722ba6b5b4b26a2e49008fc60ce1cb74bff47c2d1ae234f41a2a4c618d 7316 
kwallet-pam_5.8.4-1+deb9u1.debian.tar.xz
 9d18e4e8331595928028966d1d05500b151a860324a37d6563b5e24146eca422 13126 
kwallet-pam_5.8.4-1+deb9u1_source.buildinfo
Files:
 d4e5649fdd002bbe5c6fb30e984a182e 2276 kde optional 
kwallet-pam_5.8.4-1+deb9u1.dsc
 e93eb6019aa58af3ab94eb4b1e03309f 17656 kde optional 
kwallet-pam_5.8.4.orig.tar.xz
 0e71411cd47c21d36c570e9521b72c77 7316 kde optional 
kwallet-pam_5.8.4-1+deb9u1.debian.tar.xz
 8fab72ce3e22345a0b857ef1908c4e3a 13126 kde optional 
kwallet-pam_5.8.4-1+deb9u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE+JIdOnQEyG4RNSIVxxl2mbKbIyoFAlrrfEIACgkQxxl2mbKb
IyrV2hAAiOIt0SpSpGbNpNgvQISiJTrkPAZ1SMHfEIpcn0KH2AAfGqxGfvWMfdfo
aoPTZOwvqAQe3bMyhYCOx3L6eVnR5CQG0b5Htyt89ucoZW+MV0pEh24/ajuIPxfB
5r6hORlEjjbbOtI/1sDSD81zLT60GUUpd9wdB8mK5C5jpugAKtI/l6H/J/2nG48W
CylJ/DvsKqNAFHpRnhI478BGn+6XsmVOvS3ss55eiQRgWfpiKaehicBSjq2x5j3v
16VMgdIcd9AsDIo/M7DEBJEcDKogO/PnM1uzmf6zixQtzYd/2PjQ4TG4EGWor6Uq
8FnezGsB8ZIzGNZj4u4xSCxiOXt4GTqBO8gYg4zJVDbdGF2Qw2P9BPjgBDpEe10M
EOZ+8u5IzevRoBuCb2ojLs+PHYi2vBHe4l+hhJSDQxEKGr5pwvfJcTb/kRLlLJsf
rFShN7j5y5BG7oDE2vGnH3FBWDxSko/p+WzZ6rW3/Q6mLNlHH8iL2X5ldKC77RFe
dAFppkHHrVSCTAT+RUpCR73U35AXEa9cYi1L66LT9gNdzI9w08xfvR5JY09W9Qum
C9D0kuRK2ZdBlf+Mtz2t3ReIwGGQ8jR9Kkyrb2bISc9LemRb6zdNIB+N0juVaXLv
qRapGiUNHzcmI7LNdsIxaiwlXQ24xhDwaKIiLKv++hoGrqiuRYM=
=wj0a
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Bug#895718: python-pyqt5: import PyQt5.QtCore fails

[Lisandro Damián Nicanor Pérez Meyer]

On 14 May 2018 at 16:24, Mattia Rizzolo  wrote:
> On Mon, May 14, 2018 at 01:55:55PM -0300, Lisandro Damián Nicanor Pérez Meyer 
> wrote:
>> Quoting from the above:
>>
>>   The rationale of this system call is to provide resiliance against
>>   file descriptor exhaustion attacks, where the attacker consumes all
>>   available file descriptors, forcing the use of the fallback code where
>>   /dev/[u]random is not available.  Since the fallback code is often not
>>   well-tested, it is better to eliminate this potential failure mode
>>   entirely.
>>
>> So if we disable it we disable a feature providing a more robust method to
>> provide randomness to ours users.
>
> Reading this sounds like the presence of the syscall could be tested at
> runtime, and if present used and if not fall back to dev/urandom?

Patches directly at upstream (due to copyright issues) are welcomed :-)

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

Bug#895718: python-pyqt5: import PyQt5.QtCore fails

[Lisandro Damián Nicanor Pérez Meyer]

El lunes, 14 de mayo de 2018 13:43:18 -03 Dmitry Shachnev escribió:
[snip] 
> > - We do not know the impact we create by disabling the getentropy feature.
> > And normally that stuff is related to criptography. Believe me I don't
> > want to mess with that.
> 
> If we disable it, Qt will fall back to reading /dev/urandom directly.
> 
> As I understand, it will be a bit less secure because it is vulnerable
> to file descriptor exhaustion attacks, and also a bit slower. But on the
> other hand, it is a traditional interface for getting randomness, and the
> majority of software probably still uses it.
> 
> See for details:
> 
> - https://lwn.net/Articles/606141/
> - https://git.kernel.org/linus/c6e9d6f38894798696f23c8084ca7edbf16ee895

Quoting from the above:

  The rationale of this system call is to provide resiliance against
  file descriptor exhaustion attacks, where the attacker consumes all
  available file descriptors, forcing the use of the fallback code where
  /dev/[u]random is not available.  Since the fallback code is often not
  well-tested, it is better to eliminate this potential failure mode
  entirely.

So if we disable it we disable a feature providing a more robust method to 
provide randomness to ours users.

In this case our users come first, so no, we should not disable this.

-- 
Never attribute to malice that which is adequately explained by stupidity.
  http://en.wikipedia.org/wiki/Hanlon's_razor

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#895718: python-pyqt5: import PyQt5.QtCore fails

[Dmitry Shachnev]

On Mon, May 14, 2018 at 10:41:47AM -0300, Lisandro Damián Nicanor Pérez Meyer 
wrote:
> = On the Qt side:
> - With an upstream maintainer hat on: Qt 5.10 is not meant for oldstable.
> People wanting to run Qt 5.10 on those system must modify whatever is
> necessary.

OK. This is an understandable point.

> - We do not know the impact we create by disabling the getentropy feature. 
> And 
> normally that stuff is related to criptography. Believe me I don't want to 
> mess with that.

If we disable it, Qt will fall back to reading /dev/urandom directly.

As I understand, it will be a bit less secure because it is vulnerable
to file descriptor exhaustion attacks, and also a bit slower. But on the
other hand, it is a traditional interface for getting randomness, and the
majority of software probably still uses it.

See for details:

- https://lwn.net/Articles/606141/
- https://git.kernel.org/linus/c6e9d6f38894798696f23c8084ca7edbf16ee895
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=120ecc976fc3d550

--
Dmitry Shachnev


signature.asc
Description: PGP signature

Bug#898645: palapeli shows segmentation fault

[shirish शिरीष]

Package: palapeli
Version: 4:17.12.2-1
Severity: important

Dear Maintainer,

Palapeli shows segmentation fault, meybe due to old version ?

$ gdb palapeli
GNU gdb (Debian 7.12-6+b1) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from palapeli...Reading symbols from
/usr/lib/debug/.build-id/72/bc62ede820ab4e4ac433beb6b012b6897d71f3.debug...done.
done.
(gdb) set logging on
Copying output to gdb.txt.
(gdb) set pagination 0
(gdb) run
Starting program: /usr/games/palapeli
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe44ff700 (LWP 3166)]
[New Thread 0x7fffda002700 (LWP 3167)]
[New Thread 0x7fffd9801700 (LWP 3168)]
[New Thread 0x7fffd9000700 (LWP 3169)]
CONSTRUCTED TeleportPieceInteractor
CONSTRUCTED ToggleCloseUpInteractor
SCENE RECT QRectF(-30,-30 101.6x101.6) VIEW SIZE QSize(640, 480)
View::zoomTo: level 100 scalingFactor 0.32 QPoint(821,451)
QPointF(128.393,66.2329)
Initial size of Palapeli::View QSize(640, 480)
[New Thread 0x7fffc6ee5700 (LWP 3171)]
[New Thread 0x7fffc66e4700 (LWP 3172)]
[New Thread 0x7fffc5ee3700 (LWP 3173)]
[New Thread 0x7fffc56e2700 (LWP 3174)]

Thread 7 "Thread (pooled)" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffc66e4700 (LWP 3172)]
0x7419b28f in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
(gdb) bt
#0  0x7419b28f in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#1  0x7412dd9c in QLockFile::tryLock(int) () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#2  0x759229b9 in ?? () from
/usr/lib/x86_64-linux-gnu/libKF5ConfigCore.so.5
#3  0x7590c8be in KConfig::sync() () from
/usr/lib/x86_64-linux-gnu/libKF5ConfigCore.so.5
#4  0x555d5e26 in Palapeli::CollectionStorageComponent::cast
(this=0x55bd8f30, type=) at
./src/file-io/components-collectionstorage.cpp:81
#5  0x555eb4e6 in Palapeli::Puzzle::Private::get
(this=0x55dc0540, type=) at
./src/file-io/puzzle.cpp:149
#6  0x555ec9f4 in
QtConcurrent::StoredMemberFunctionPointerCall1::runFunctor (this=0x55dc8200) at
/usr/include/x86_64-linux-gnu/qt5/QtConcurrent/qtconcurrentstoredfunctioncall.h:551
#7  QtConcurrent::RunFunctionTask::run (this=0x55dc8200) at
/usr/include/x86_64-linux-gnu/qt5/QtConcurrent/qtconcurrentrunbase.h:108
#8  0x74021c32 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x74024b4f in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#10 0x7fffef9b65aa in start_thread (arg=0x7fffc66e4700) at
pthread_create.c:463
#11 0x7359dcbf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) thread apply all bt

Thread 9 (Thread 0x7fffc56e2700 (LWP 3174)):
#0  0x7419b28f in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#1  0x7412dd9c in QLockFile::tryLock(int) () from
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#2  0x759229b9 in ?? () from
/usr/lib/x86_64-linux-gnu/libKF5ConfigCore.so.5
#3  0x7590c8be in KConfig::sync() () from
/usr/lib/x86_64-linux-gnu/libKF5ConfigCore.so.5
#4  0x555d5e26 in Palapeli::CollectionStorageComponent::cast
(this=0x55b3fe20, type=) at
./src/file-io/components-collectionstorage.cpp:81
#5  0x555eb4e6 in Palapeli::Puzzle::Private::get
(this=0x55dd07d0, type=) at
./src/file-io/puzzle.cpp:149
#6  0x555ec9f4 in
QtConcurrent::StoredMemberFunctionPointerCall1::runFunctor (this=0x55dc9880) at
/usr/include/x86_64-linux-gnu/qt5/QtConcurrent/qtconcurrentstoredfunctioncall.h:551
#7  QtConcurrent::RunFunctionTask::run (this=0x55dc9880) at
/usr/include/x86_64-linux-gnu/qt5/QtConcurrent/qtconcurrentrunbase.h:108
#8  0x74021c32 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x74024b4f in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#10 0x7fffef9b65aa in start_thread (arg=0x7fffc56e2700) at
pthread_create.c:463
#11 0x7359dcbf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 8 (Thread 0x7fffc5ee3700 (LWP 3173)):
#0  0x7fffef9bc81a in futex_reltimed_wait_cancelable
(private=, reltime=0x7fffc5ee2c00, expected=0,
futex_word=0x55bc5310) at
../sysdeps/unix/sysv/linux/futex-internal.h:142
#1  __pthread_cond_wait_common (abstime=0x7fffc5ee2cc0,

Bug#898556: [kwin-wayland] Closing windows in Plasma Wayland crashes the entire session

[Alexander Kernozhitsky]

В письме от воскресенье, 13 мая 2018 г. 19:19:39 +03 Вы написали:
> Control: severity -1 important
> 
> ¡Hola Alexander!
> 
> El 2018-05-13 a las 17:09 +0300, Alexander Kernozhitsky escribió:
> > Package: kwin-wayland
> > Version: 4:5.12.5-1
> > Severity: grave
> > 
> > I tried Plasma session on Wayland today. Closing a window in it crashes
> > the
> > session and returns me back to SDDM.
> 
> I'm sorry to hear that, but most of the wayland support in Debian is in
> preview release mode, in fact, I think that that problem that you are
> reporting might be in xwayland or in a lower layer of the wayland stack (see
> #897390[1], for example).
> 
> I couldn't reproduce the issue in my machine. Is there any other wayland
> desktop session that does work for you?
> 
> Given this, I'm lowering the severity.
> 
> Happy hacking,
> 
> [1]: https://bugs.debian.org/897390

No, I didn't try any other Wayland session.

-
Alexander Kernozhitsky

Bug#895718: python-pyqt5: import PyQt5.QtCore fails

[Lisandro Damián Nicanor Pérez Meyer]

El lunes, 14 de mayo de 2018 11:56:05 -03 Lisandro Damián Nicanor Pérez Meyer 
escribió:
[snip] 
> > > - We do not know the impact we create by disabling the getentropy
> > > feature.
> > > And normally that stuff is related to criptography. Believe me I don't
> > > want to mess with that.
> > 
> > That's my fear as well indeed :(
> > What do you recomend to look at to discover what uses that feature?

On the other hand: should we deprive unstable/testing users of this feature 
just for a check that it's currently running on an oldstable kernel?

I strongly think we should not.


-- 
Una sola bomba nuclear puede arruinar el resto de tu día.

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#895718: python-pyqt5: import PyQt5.QtCore fails

[Lisandro Damián Nicanor Pérez Meyer]

El lunes, 14 de mayo de 2018 11:17:37 -03 Mattia Rizzolo escribió:
> On Mon, May 14, 2018 at 10:41:47AM -0300, Lisandro Damián Nicanor Pérez 
Meyer wrote:
> > = On the reproducible side:
> > - Ben Hutchings marked #876035 as minor
> > 
> > I do not understand the rationale but he is the kernel maintainer so I'll
> > simply trust him here.
> 
> The rationale is that this is a very uncommon configuration (an i386
> with loads of RAM).
> 
> > - They are using oldstable, which is clearly something we do not intend to
> > support with Qt 5.10. With our maintainer hat on: of course if there is
> > something we can do the better, but within some limits, like what upstream
> > expects.
> 
> *we are not using oldstable*, at least not in the way I understand your
> sentence.
> That Qt 5.10 is running in regular unstable chroots.
> We are simply using a tad older kernel from second-last LTS release.

Sorry, I wasn't clear enough: yes, I was actually expecting that. Still and 
oldstable kernel, so not a target for Qt 5.10 I'm afraid.

> Consider that glibc currently requires Linux 3.2.

But Qt requires a newer kernel it seems.

> > - We do not know the impact we create by disabling the getentropy feature.
> > And normally that stuff is related to criptography. Believe me I don't
> > want to mess with that.
> 
> That's my fear as well indeed :(
> What do you recomend to look at to discover what uses that feature?

Contacting upstream, specially whoever did the code:

  developm...@qt-project.org

Might require subscription though.

-- 
firmaware: soft cuya licencia pagas enviando un autografo
  StucKman en #grulic, irc.freenode.net

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#895718: python-pyqt5: import PyQt5.QtCore fails

[Mattia Rizzolo]

On Mon, May 14, 2018 at 10:41:47AM -0300, Lisandro Damián Nicanor Pérez Meyer 
wrote:
> = On the reproducible side:
> - Ben Hutchings marked #876035 as minor
> 
> I do not understand the rationale but he is the kernel maintainer so I'll
> simply trust him here.

The rationale is that this is a very uncommon configuration (an i386
with loads of RAM).

> - They are using oldstable, which is clearly something we do not intend to
> support with Qt 5.10. With our maintainer hat on: of course if there is
> something we can do the better, but within some limits, like what upstream
> expects.

*we are not using oldstable*, at least not in the way I understand your
sentence.
That Qt 5.10 is running in regular unstable chroots.
We are simply using a tad older kernel from second-last LTS release.

Consider that glibc currently requires Linux 3.2.

> - We do not know the impact we create by disabling the getentropy feature. And
> normally that stuff is related to criptography. Believe me I don't want to
> mess with that.

That's my fear as well indeed :(
What do you recomend to look at to discover what uses that feature?

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#898638: verdigris: Reduce tests' memory usage on limited archs

[Lisandro Damián Nicanor Pérez Meyer]

Source: verdigris
Version: 1.0-1
Severity: important
Tags: patch

Hi! Marking this as important because it prevents verdigris from being built in 
mips.

The current test suite of verdigris makes a havey memory usage for some archs. 
The
way to reduce this is reducing debugging symbols on thise archs, which for tests
is just OK.

Here is a patch by Adrian Bunk:

--- debian/rules.old2018-05-13 08:28:51.581772929 +
+++ debian/rules2018-05-13 08:30:15.391768205 +
@@ -4,6 +4,11 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+# less debug info to avoid running out of address space
+ifneq (,$(filter $(DEB_HOST_ARCH), mips mipsel))
+export DEB_CXXFLAGS_MAINT_APPEND += -g1
+endif
+
 export QT_SELECT=qt5
 
 %:

Kinds regards, Lisandro.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'buildd-unstable'), (500, 'testing'), (500, 'stable'), 
(1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_AR:es (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#895718: python-pyqt5: import PyQt5.QtCore fails

[Lisandro Damián Nicanor Pérez Meyer]

Hi everyone!

El lunes, 14 de mayo de 2018 08:26:55 -03 Dmitry Shachnev escribió:
> Control: reassign -1 libqt5core5a 5.10.1+dfsg-5
> Control: retitle -1 libqt5core5a: Requires Linux kernel 3.17.0 or newer
> 
> On Sun, Apr 29, 2018 at 06:21:57PM -0400, Scott Kitterman wrote:
> > I've reopened this at a normal priority since it seems to reliably happen
> > in a pbuilder/cowbuilder chroot environment (I hit it again today), but
> > nowhere else.
> 
> We discussed this on #debian-reproducible today and finally found the
> reason: Qt 5.10 started using the getrandom(2) syscall which was introduced
> in Linux 3.17.
> 
> However Debian oldstable (jessie) has 3.16 and it seems some people are
> still running this as a host kernel. Mattia (CCed) says he cannot use newer
> kernels because of bug #876035.
> 
> We can build Qt without the “getentropy” feature and that would lower the
> required kernel version to 3.16:
> https://code.qt.io/cgit/qt/qtbase.git/tree/src/corelib/global/minimum-linux_
> p.h#n64
> 
> Lisandro, what is your opinion on this?

Let me try to sum up the info.

= On the reproducible side:
- Ben Hutchings marked #876035 as minor

I do not understand the rationale but he is the kernel maintainer so I'll 
simply trust him here.

- They are using oldstable, which is clearly something we do not intend to 
support with Qt 5.10. With our maintainer hat on: of course if there is 
something we can do the better, but within some limits, like what upstream 
expects.

= On the Qt side:
- With an upstream maintainer hat on: Qt 5.10 is not meant for oldstable. 
People wanting to run Qt 5.10 on those system must modify whatever is 
necessary.

- We do not know the impact we create by disabling the getentropy feature. And 
normally that stuff is related to criptography. Believe me I don't want to 
mess with that.

So in my point of view, without any further data, it's a non-go.

Regards, Lisandro.

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#898634: kmail: efail attack against S/MIME

[Yves-Alexis Perez]

Source: kmail
Severity: grave
Tags: security
Justification: user security hole

Hi,

as you may already know, a paper was published this morning describing a
vulnerability known as efail against S/MIME and PGP/MIME implementations
in various mail clients.

This vulnerability allows an attacker with read/write access to
encrypted mail to retrieve the plaintext provided HTML mails are
enabled, as well as loading of remote content.

The paper indicates that the PGP/MIME implementation in kmail is not
vulnerable, but the S/MIME is.

It might be possible that the vulnerability is in an underlying library,
so feel free to reassign if needed.

It's likely we'll have to issue a DSA for this.

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Processed: Removing unreproducible tag

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 895718 - unreproducible
Bug #895718 [libqt5core5a] libqt5core5a: Requires Linux kernel 3.17.0 or newer
Removed tag(s) unreproducible.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
895718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895718
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#895718: python-pyqt5: import PyQt5.QtCore fails

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 libqt5core5a 5.10.1+dfsg-5
Bug #895718 [python-pyqt5] python-pyqt5: import PyQt5.QtCore fails
Bug reassigned from package 'python-pyqt5' to 'libqt5core5a'.
No longer marked as found in versions pyqt5/5.9.2+dfsg-1.
Ignoring request to alter fixed versions of bug #895718 to the same values 
previously set
Bug #895718 [libqt5core5a] python-pyqt5: import PyQt5.QtCore fails
Marked as found in versions qtbase-opensource-src/5.10.1+dfsg-5.
> retitle -1 libqt5core5a: Requires Linux kernel 3.17.0 or newer
Bug #895718 [libqt5core5a] python-pyqt5: import PyQt5.QtCore fails
Changed Bug title to 'libqt5core5a: Requires Linux kernel 3.17.0 or newer' from 
'python-pyqt5: import PyQt5.QtCore fails'.

-- 
895718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895718
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems