Uploading linux (4.8.4-1)

2016-10-22 Thread Ben Hutchings 
I intend to upload linux version 4.8.4-1 to unstable during this week.
As this is a new upstream version, there is of course an ABI bump.

Some of the notable changes:

* Include HTML documentation built with the new upstream documentation
  system using Sphinx
* Enable various hardening features
  - Some of the changed defaults are incompatible with some userland
    applications.  These are noted in the changelog along with how to
    override them, and there will also be a NEWS entry in linux-latest
* [arm64] Support for many new platforms and devices, including RPi 3
* [arm64] Support for ACPI and for larger address spaces
* [rt] Updated and re-enabled

Ben.

-- 
Ben Hutchings
One of the nice things about standards is that there are so many of
them.



signature.asc
Description: This is a digitally signed message part

Bug#841661: marked as done (release.debian.org: grass not migrating to testing)

2016-10-22 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Oct 2016 23:58:40 +0200
with message-id <9d6e02c9-1344-bde8-2720-adfdf5e90...@xs4all.nl>
and subject line Re: Bug#841661: release.debian.org: grass not migrating to 
testing
has caused the Debian Bug report #841661,
regarding release.debian.org: grass not migrating to testing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
841661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: britney

grass (7.0.5-2) is not migrating to testing even though it's a valid
candidate.

Due to the motif issue (#840394) the grass package and its reverse
dependencies (libgdal-grass & qgis) have been removed from the
problematic architectures (#840783, #840784 & #840785), but these
partial removals have not been performed in testing yet.

Please help grass migrate to testing.

Kind Regards,

Bas
--- End Message ---
--- Begin Message ---
This is apparently not an issue with britney.--- End Message ---

Bug#841733: Transition Opencv 3.1

2016-10-22 Thread Nobuhiro Iwamatsu 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi,

I want to upload the opencv 3.1 to unstable. This is changed API and
soname and remove
oobsolete library from 2.4.x, some of the packages that depend on this
is the need to change.
I checked this, with regard to the possible package has sent a patch
to the bug report both.

Can you permission to upload this?

https://release.debian.org/transitions/html/auto-opencv.html

- ffmpeg:   Build OK
- frei0r:   FTBFS / BTS: #841245 /  already fixed in
Debian git repository
- actiona:  Build OK
- auto-multiple-choice: FTBFS / BTS; #841244 with patch
- cimg: FTBFS / BTS: #841263 and #841264 with patch /
Blocked: #819606
- digikam:  FTBFS / BTS: #841412
- eviacam:  FTBFS / BTS: #841407 / NOTE: fixed in upstream
git branch
- gmic: FTBFS / BTS: #841246 with patch
- gst-plugins-bad1.0:   FTBFS / BTS: #841413 / NOTE: Fixed in upstream
- libkf5kface:  FTBFS / BTS: #84141
- limereg:  FTBFS / BTS: #841406  with patch.
- mldemos:  FTBFS / BTS: #812032 (non opencv issue)
- mrpt: Build OK
- nomacs:   FTBFS / BTS: #841370 with patch
- openalpr: Build OK
- opencfu:  FTBFS / BTS: #841246 / NOTE: Fix in upstream.
- openimageio:  Build OK
- os-autoinst:  Build OK
- otb:  FTBFS / BTS: #841408
- php-facedetect:   FTBFS / BTS: #841246 with patch
- ros-vision-opencv:Build OK
- sikuli:   FTBFS / BTS: #841409
- siril:Build OK
- sitplus:  FTBFS / BTS: #841405
- visp: Build OK
- freecad:  FTBFS / BTS: #841416  with patch
- lush: FTBFS / BTS: #841410 with patch
- saga: FTBFS / BTS:  #841287 with patch

Best regards,
  Nobuhiro

-- 
Nobuhiro Iwamatsu
   iwamatsu at {nigauri.org / debian.org}
   GPG ID: 40AD1FA6

Bug#841504: transition: gammu

2016-10-22 Thread Michal Čihař 
Hi

Emilio Pozuelo Monfort píše v So 22. 10. 2016 v 13:02 +0200:
> On 21/10/16 10:54, Michal Čihař wrote:
> > 
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > 
> > Hi
> > 
> > I've uploaded new Gammu version to experimental and it increases
> > soversion. I'd like to upload new version together with new python-
> > gammu
> > (the only reverse dependency) to unstable in few weeks (let's say
> > first
> > half of November). Is there anything blocking this?
> 
> The transition freeze is the 5th of November... Can you do this
> before then?

I can probably upload it tomorrow or on Monday as well (at least I
don't see any blockers right now).


-- 
Michal Čihař | https://cihar.com/ | https://weblate.org/


signature.asc
Description: This is a digitally signed message part

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

2016-10-22 Thread Rob Browning 
"Adam D. Barratt"  writes:

> Control: tags -1 + moreinfo
> Control: severity -1 normal
>
> On Sat, 2016-10-22 at 13:10 -0500, Rob Browning wrote:
>> I'd like to propose an update for jessie as described by the attached
>> debdiff.  Though the final upload/diff might be slightly different
>> (i.e. the dpm hashes).
>> 
>> Both of the changes (patches) have been cherry-picked from upstream as
>> described in the patch headers.
>
> The security tracker indicates that both issues - CVE-2016-8605 and
> CVE-2016-8606 - still affect the guile-2.0 packages in unstable. Is that
> correct? If so then that would be a prerequisite to applying the fixes
> in stable.

Hmm, well I'm also preparing 2.0.13+1-1 packages for unstable that include
(upstream) both fixes.  Should I upload those first?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

2016-10-22 Thread Adam D. Barratt 
Control: tags -1 + moreinfo
Control: severity -1 normal

On Sat, 2016-10-22 at 13:10 -0500, Rob Browning wrote:
> I'd like to propose an update for jessie as described by the attached
> debdiff.  Though the final upload/diff might be slightly different
> (i.e. the dpm hashes).
> 
> Both of the changes (patches) have been cherry-picked from upstream as
> described in the patch headers.

The security tracker indicates that both issues - CVE-2016-8605 and
CVE-2016-8606 - still affect the guile-2.0 packages in unstable. Is that
correct? If so then that would be a prerequisite to applying the fixes
in stable.

Regards,

Adam

Processed: Re: Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

2016-10-22 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + moreinfo
Bug #841724 [release.debian.org] jessie-pu: package guile-2.0/2.0.11+1-9
Added tag(s) moreinfo.
> severity -1 normal
Bug #841724 [release.debian.org] jessie-pu: package guile-2.0/2.0.11+1-9
Severity set to 'normal' from 'important'

-- 
841724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841724
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

2016-10-22 Thread Rob Browning 

Package: release.debian.org
Severity: important
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

I'd like to propose an update for jessie as described by the attached
debdiff.  Though the final upload/diff might be slightly different
(i.e. the dpm hashes).

Both of the changes (patches) have been cherry-picked from upstream as
described in the patch headers.

diff -Nru guile-2.0-2.0.11+1/debian/.git-dpm guile-2.0-2.0.11+1/debian/.git-dpm
--- guile-2.0-2.0.11+1/debian/.git-dpm	2014-10-06 10:07:49.0 -0500
+++ guile-2.0-2.0.11+1/debian/.git-dpm	2016-10-14 00:08:24.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-fdc2c9e00af5f2721c4e70180d30f45c15adc65a
-fdc2c9e00af5f2721c4e70180d30f45c15adc65a
+6f697cf7a887fcb4163bef810536bb55cf3b11d3
+6f697cf7a887fcb4163bef810536bb55cf3b11d3
 972fb41f0ce124d97f5cf64bde1075510cd21e18
 972fb41f0ce124d97f5cf64bde1075510cd21e18
 guile-2.0_2.0.11+1.orig.tar.bz2
diff -Nru guile-2.0-2.0.11+1/debian/changelog guile-2.0-2.0.11+1/debian/changelog
--- guile-2.0-2.0.11+1/debian/changelog	2014-10-07 14:49:51.0 -0500
+++ guile-2.0-2.0.11+1/debian/changelog	2016-10-22 11:36:24.0 -0500
@@ -1,3 +1,19 @@
+guile-2.0 (2.0.11+1-9+deb8u1) jessie; urgency=high
+
+  * Fix REPL server vulnerability (CVE-2016-8606).  Add
+0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch to
+incorporate the fix.  See that file for further information.
+(Closes: 840555)
+
+  * Fix mkdir umask-related vulnerability (CVE-2016-8605).  Previously,
+whenever the second argument to mkdir was omitted, it would
+temporarily change the umask to 0, a change which would also affect
+any concurrent threads.  Add
+0018-Remove-umask-calls-from-mkdir.patch to incorporate the fix.
+See that file for further information. (Closes: 840556)
+
+ -- Rob Browning   Sat, 22 Oct 2016 11:36:24 -0500
+
 guile-2.0 (2.0.11+1-9) unstable; urgency=medium
 
   * Always use "gcc" in guile-snarf.  Avoid the gcc-4.8 CC override that
diff -Nru guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch
--- guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch	1969-12-31 18:00:00.0 -0600
+++ guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch	2016-10-14 00:08:23.0 -0500
@@ -0,0 +1,337 @@
+From 9de478809f909986c725294d1dc03a317eafa3ff Mon Sep 17 00:00:00 2001
+From: Mark H Weaver 
+Date: Fri, 9 Sep 2016 07:36:52 -0400
+Subject: REPL Server: Guard against HTTP inter-protocol exploitation attacks.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported by Christopher Allan Webber 
+Co-authored-by: Ludovic Courtès 
+
+This commit adds protection to Guile's REPL servers against HTTP
+inter-protocol exploitation attacks, a scenario whereby an attacker can,
+via an HTML page, cause a web browser to send data to TCP servers
+listening on a loopback interface or private network.  See
+ and
+, The HTML Form Protocol
+Attack (2001) by Tochen Topf .
+
+Here we add a procedure to 'before-read-hook' that looks for a possible
+HTTP request-line in the first line of input from the client socket.  If
+present, the socket is drained and closed, and a loud warning is written
+to stderr (POSIX file descriptor 2).
+
+* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
+to 'before-read-hook' when this module is loaded.
+(with-temporary-port-encoding, with-saved-port-line+column)
+(drain-input-and-close, permissive-http-request-line?)
+(check-for-http-request, guard-against-http-request)
+(maybe-check-for-http-request): New procedures.
+(serve-client): Use 'guard-against-http-request'.
+* module/system/repl/coop-server.scm (start-repl-client): Use
+'guard-against-http-request'.
+* doc/ref/guile-invoke.texi (Command-line Options): In the description
+of the --listen option, make the security warning more prominent.
+Mention the new protection added here.  Recommend using UNIX domain
+sockets for REPL servers.  "a path to" => "the file name of".
+
+Origin: upstream, http://git.savannah.gnu.org/cgit/guile.git/commit/?id=08c021916dbd3a235a9f9cc33df4c418c0724e03
+Bug-Debian: http://bugs.debian.org/840555
+---
+ doc/ref/guile-invoke.texi  |  20 +++-
+ module/system/repl/coop-server.scm |   7 +-
+ module/system/repl/server.scm  | 182 -
+ 3 files changed, 201 insertions(+), 8 deletions(-)
+
+diff --git a/doc/ref/guile-invoke.texi b/doc/ref/guile-invoke.texi
+index 95493dd..9353e8a 100644
+--- a/doc/ref/guile-invoke.texi
 b/doc/ref/guile-invoke.texi
+@@ -1,7 +1,7 @@
+ @c -*-texinfo-*-
+ @c This is part of the GNU Guile

Re: ppc64el porter situation

2016-10-22 Thread Adrian Bunk 
On Fri, Oct 21, 2016 at 01:30:13PM -0400, Lennart Sorensen wrote:
> On Thu, Oct 20, 2016 at 11:18:39PM +0300, Adrian Bunk wrote:
> > Freescala/NXP is not even on the OpenPOWER member list - this is not the 
> > old power.org
> 
> Neither is AMCC as far as I can tell.  Doesn't mean they aren't still
> doing powerpc.

Are they developing new powerpc products?

Their latest products are also pretty ARM.

> > For their network processors Freescala/NXP is moving away from PowerPC, 
> > and their first ARM based network processors are already on the market.
> 
> That's not what they are telling their customers.  They insist they are
> very much behind both arm and powerpc.

Are you talking about new e6500 SoCs, or are you only talking about 
support for existing products?

I have no doubt they will continue to provide support for e6500 for 
several years, just like they supported SoCs with SPE cpus in their
SDK until December 2015.

They released only two e6500 based SoCs for QorIQ (T2080 and T4240),[1]
and for one of them samples of ARM replacements are already available.

These are anyway big endian, but the general situation is that there
is not much powerpc development left that does not depend on IBM.

> Len Sorensen

cu
Adrian

[1] with T2081/T4160/T4080 variants, plus two in the Qonverge platform

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#841462: jessie-pu: package libdatetime-timezone-perl/1:1.75-2+2016h

2016-10-22 Thread gregor herrmann 
On Sat, 22 Oct 2016 11:42:39 +0100, Adam D. Barratt wrote:

> > Another month, another tzdata update.
> > As usual, I've added a quilt patch for the Olson db, this time 2016h,
> > to libdatetime-timezone-perl.
> 
> Please go ahead.

Thanks; uploaded.


Cheers,
gregor

-- 
 .''`.  Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Status Quo: Fun Fun Fun


signature.asc
Description: Digital Signature

Bug#841693: nmu: digikam_4:5.2.0-1 and libkf5kgeomap_16.08.0-1

2016-10-22 Thread Maximiliano Curia 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hi,

The new version of marble bumped it's libs soversion, requiring a rebuild of 
the packages that build depend on it's libs. Please trigger the following 
rebuilds.

nmu digikam_4:5.2.0-1 . ANY . unstable . -m "Rebuild against new marblewidget 
version (Closes: 840841)"
nmu libkf5kgeomap_16.08.0-1 . ANY . unstable . -m "Rebuild against new 
marblewidget version"

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Bug#841638: transition: libcrypto++

2016-10-22 Thread GCS 
Hi Emilio,

On Sat, Oct 22, 2016 at 1:06 PM, Emilio Pozuelo Monfort
 wrote:
> On 21/10/16 18:20, Laszlo Boszormenyi (GCS) wrote:
>> I'd like to update libcrypto++ from 5.6.4 to 5.6.5; which is a
>> semi-transition. Packages I've tried works with both version,
>> however without binNMUs those will print this:
>> Symbol `_ZTVN8CryptoPP23FilterWithBufferedInputE' has different size in 
>> shared object, consider re-linking
>> Symbol `_ZTVN8CryptoPP10HexEncoderE' has different size in shared object, 
>> consider re-linking
>> Symbol `_ZTVN8CryptoPP11ProxyFilterE' has different size in shared object, 
>> consider re-linking
>>
>> This matches upstream recommendation[1]:
>> "maintenance release, recompile of programs recommended"
>
> Does this bump the SONAME, or is it an ABI break without a SONAME bump?
 No, the SONAME is the same. ABI should be the same, but I've found
one (more may exist) case where one (probably internal) symbol can't
be found anymore:
Generating secure encryption key. This might take some time..done
cryfs: symbol lookup error: cryfs: undefined symbol:
_ZN8CryptoPP10RandomPool34GenerateIntoBufferedTransformationERNS_22BufferedTransformationERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEy

If I recompile it with the new libcrypto++ release, it is solved.
As this effects cryptography related programs, I want to be extra
safe. The package list for binNMUs:
amule
armory
clementine
codecrypt
cryfs
entropybroker
gdal
murasaki
newlisp
pycryptopp
synergy
tegrarcm

Regards,
Laszlo/GCS

Re: premail is marked for autoremoval from testing

2016-10-22 Thread Adrian Bunk 
On Sat, Oct 22, 2016 at 11:24:46AM +0100, Adam D. Barratt wrote:
> On Sat, 2016-10-22 at 11:17 +0300, Adrian Bunk wrote:
> > On Sat, Oct 22, 2016 at 04:39:13AM +, Debian testing autoremoval watch 
> > wrote:
> > > premail 0.46-10 is marked for autoremoval from testing on 2016-11-20
> > > 
> > > It (build-)depends on packages with these RC bugs:
> > > 837712: xemacs21: FTBFS with bindnow and PIE enabled
> > 
> > Is this bogus?
> > 
> > I cannot see any direct or indirect (build-)depends of premail
> > on xemacs21.
> 
> It would need someone more familiar with the autoremovals code to
> confirm, but I imagine it's due to premail's dependency on the
> "mail-reader" virtual package, which is provided by, among others,
> xemacs21-gnome-mule, xemacs21-gnome-mule-canna-wnn,
> xemacs21-gnome-nomule, xemacs21-mule, xemacs21-mule-canna-wnn and
> xemacs21-nomule.

Looking at the tracker page for premail [1] you seem to be right 
regarding where the problem is:

premail already got removed from testing 4 times this year when
a mail-reader was removed, and always re-entered testing the
following day.

Some autoremoval bug involving virtual packages and contrib?

> Regards,
> 
> Adam

cu
Adrian

[1] https://tracker.debian.org/pkg/premail

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#841661: release.debian.org: grass not migrating to testing

2016-10-22 Thread Adam D. Barratt 
On Sat, 2016-10-22 at 13:12 +0200, Sebastiaan Couwenberg wrote:
> Removing grass from the problematic architectures where actual users of
> grass are unlikely since almost everyone is using amd64 is the road of
> least resistance to not block testing migration of grass. Which britney
> unhelpfully hadn't performed despite it being a valid candidate.

It would be appreciated if you would please stop framing this as "my
packages are fine, why isn't britney doing as she's told?". It's really
unhelpful, particularly when the issue is explicitly the result of the
removals from "problematic architectures" (well, one of them).

(Also, for avoidance of doubt, "valid candidate" purely means that the
package doesn't have RC bugs, has spent enough days in unstable since
upload, etc. It doesn't mean "can immediately migrate without issue",
and expecting that to necessarily be the case will lead to
disappointment.)

For the record, the logs are public, and analysing this situation is
quite simple:

[britney log]
trying: grass
skipped: grass (119, 0, 24)
got: 81+0: a-3:i-23:a-0:a-1:a-0:m-0:m-17:m-0:p-36:p-0:s-1
* i386: grass, libgdal-grass, libgdal20-2.1.1-grass, libqgis-dev, 
qgis-plugin-grass

[check why]
zcat /srv/mirrors/debian/dists/unstable/main/binary-i386/Packages.gz | 
grep-dctrl -S grass | dose-debcheck --explain --failures --checkonly grass
report:
 -
  package: grass
  version: 7.0.5-2
  architecture: all
  essential: false
  source: grass (= 7.0.5-2)
  status: broken
  reasons:
   -
missing:
 pkg:
  package: grass
  version: 7.0.5-2
  architecture: all
  essential: false
  unsat-dependency: grass-core

The "grass" binary package is architecture-independent. britney
therefore expects it to be installable on i386 and am64. With the
removal of the architecture-specific packages on i386, that is no longer
the case.

Allowing the package to migrate in that circumstance requires using the
biggest hammer britney has (the "force-hint") which says "ignore any and
all installability issues that this migration might create". That's
something I'm not personally prepared to do in this case, but other team
members may have different opinions.

Regards,

Adamj

Bug#841661: release.debian.org: grass not migrating to testing

2016-10-22 Thread Sebastiaan Couwenberg 
Control: tags -1 - moreinfo

On 10/22/2016 12:56 PM, Julien Cristau wrote:
> On Fri, Oct 21, 2016 at 22:05:01 +0200, Bas Couwenberg wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: britney
>>
>> grass (7.0.5-2) is not migrating to testing even though it's a valid
>> candidate.
>>
>> Due to the motif issue (#840394) the grass package and its reverse
>> dependencies (libgdal-grass & qgis) have been removed from the
>> problematic architectures (#840783, #840784 & #840785), but these
>> partial removals have not been performed in testing yet.
>>
> That makes no sense to me.  Removing those packages on most
> architectures because of #840394 seems like the wrong thing to do
> entirely...

I considered it a better option than waiting for motif/libfl-dev to get
fixed, especially since grass was affected by the readline7 transition.

There has so far been no progress in #837658 nor #841203 to get motif
fixed, especially the libfl-dev bug is quite old. And I don't want to
NMU it and become responsible for someone else's package.

Removing grass from the problematic architectures where actual users of
grass are unlikely since almost everyone is using amd64 is the road of
least resistance to not block testing migration of grass. Which britney
unhelpfully hadn't performed despite it being a valid candidate.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Processed: Re: Bug#841661: release.debian.org: grass not migrating to testing

2016-10-22 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 - moreinfo
Bug #841661 [release.debian.org] release.debian.org: grass not migrating to 
testing
Removed tag(s) moreinfo.

-- 
841661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#841638: transition: libcrypto++

2016-10-22 Thread Emilio Pozuelo Monfort 
Hi Laszlo,

On 21/10/16 18:20, Laszlo Boszormenyi (GCS) wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> I'd like to update libcrypto++ from 5.6.4 to 5.6.5; which is a
> semi-transition. Packages I've tried works with both version,
> however without binNMUs those will print this:
> Symbol `_ZTVN8CryptoPP23FilterWithBufferedInputE' has different size in 
> shared object, consider re-linking
> Symbol `_ZTVN8CryptoPP10HexEncoderE' has different size in shared object, 
> consider re-linking
> Symbol `_ZTVN8CryptoPP11ProxyFilterE' has different size in shared object, 
> consider re-linking
> 
> This matches upstream recommendation[1]:
> "maintenance release, recompile of programs recommended"

Does this bump the SONAME, or is it an ABI break without a SONAME bump?

Cheers,
Emilio

Bug#841504: transition: gammu

2016-10-22 Thread Emilio Pozuelo Monfort 
On 21/10/16 10:54, Michal Čihař wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> Hi
> 
> I've uploaded new Gammu version to experimental and it increases
> soversion. I'd like to upload new version together with new python-gammu
> (the only reverse dependency) to unstable in few weeks (let's say first
> half of November). Is there anything blocking this?

The transition freeze is the 5th of November... Can you do this before then?

> I've noticed this has been already caught in the transitions tracker, I
> thought it follows just unstable.

The "planned" column in https://release.debian.org/transitions/index.html tracks
new transitions in experimental.

Emilio

Bug#841661: release.debian.org: grass not migrating to testing

2016-10-22 Thread Julien Cristau 
Control: tag -1 moreinfo

On Fri, Oct 21, 2016 at 22:05:01 +0200, Bas Couwenberg wrote:

> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: britney
> 
> grass (7.0.5-2) is not migrating to testing even though it's a valid
> candidate.
> 
> Due to the motif issue (#840394) the grass package and its reverse
> dependencies (libgdal-grass & qgis) have been removed from the
> problematic architectures (#840783, #840784 & #840785), but these
> partial removals have not been performed in testing yet.
> 
That makes no sense to me.  Removing those packages on most
architectures because of #840394 seems like the wrong thing to do
entirely...

Cheers,
Julien

Processed: Re: Bug#841661: release.debian.org: grass not migrating to testing

2016-10-22 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 moreinfo
Bug #841661 [release.debian.org] release.debian.org: grass not migrating to 
testing
Added tag(s) moreinfo.

-- 
841661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#841661: release.debian.org: grass not migrating to testing

2016-10-22 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 moreinfo
Bug #841661 [release.debian.org] release.debian.org: grass not migrating to 
testing
Ignoring request to alter tags of bug #841661 to the same tags previously set

-- 
841661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#841681: jessie-pu: package ark/4:4.14.2-2

2016-10-22 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Sat, 2016-10-22 at 10:22 +0200, Maximiliano Curia wrote:
> I would like to fix the bugs #800021 and #770840 of the ark package in stable.
> 
> The current behaviour is that the version of ark in stable crashes when 
> working on nested files, and it also crashes on exit when there is an open 
> file.
> 
> The patch for fixing this was provided by upstream, backporting the fix to 
> the 
> 4.14 branch.

Please go ahead.

Regards,

Adam

Processed: Re: Bug#841681: jessie-pu: package ark/4:4.14.2-2

2016-10-22 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #841681 [release.debian.org] jessie-pu: package ark/4:4.14.2-2
Added tag(s) confirmed.

-- 
841681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841681
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#841462: jessie-pu: package libdatetime-timezone-perl/1:1.75-2+2016h

2016-10-22 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Thu, 2016-10-20 at 23:48 +0200, gregor herrmann wrote:
> Another month, another tzdata update.
> As usual, I've added a quilt patch for the Olson db, this time 2016h,
> to libdatetime-timezone-perl.
> 
> Since this release contains changes that are effective in a bit more
> than 2 hours from now, this is probably material for -updates before
> the next point release, whenever it's convenient for you.

Please go ahead.

Regards,

Adam

Processed: Re: Bug#841462: jessie-pu: package libdatetime-timezone-perl/1:1.75-2+2016h

2016-10-22 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #841462 [release.debian.org] jessie-pu: package 
libdatetime-timezone-perl/1:1.75-2+2016h
Added tag(s) confirmed.

-- 
841462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841462
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: premail is marked for autoremoval from testing

2016-10-22 Thread Adam D. Barratt 
On Sat, 2016-10-22 at 11:17 +0300, Adrian Bunk wrote:
> On Sat, Oct 22, 2016 at 04:39:13AM +, Debian testing autoremoval watch 
> wrote:
> > premail 0.46-10 is marked for autoremoval from testing on 2016-11-20
> > 
> > It (build-)depends on packages with these RC bugs:
> > 837712: xemacs21: FTBFS with bindnow and PIE enabled
> 
> Is this bogus?
> 
> I cannot see any direct or indirect (build-)depends of premail
> on xemacs21.

It would need someone more familiar with the autoremovals code to
confirm, but I imagine it's due to premail's dependency on the
"mail-reader" virtual package, which is provided by, among others,
xemacs21-gnome-mule, xemacs21-gnome-mule-canna-wnn,
xemacs21-gnome-nomule, xemacs21-mule, xemacs21-mule-canna-wnn and
xemacs21-nomule.

Regards,

Adam

Processed: libfl-dev: Please build libfl_pic.a with -fPIC

2016-10-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> reassign 841360 libfl-dev
Bug #841360 [libmotif-common] libmotif-common stuck at 2.3.4-10 in sid 
(src:motif is 2.3.4-11)
Bug reassigned from package 'libmotif-common' to 'libfl-dev'.
No longer marked as found in versions motif/2.3.4-10.
Ignoring request to alter fixed versions of bug #841360 to the same values 
previously set
> forcemerge 837658 841360
Bug #837658 [libfl-dev] libfl-dev: Please build libfl_pic.a with -fPIC
Bug #840394 [libfl-dev] motif: FTBFS: relocation R_X86_64_PC32 against symbol 
`exit@@GLIBC_2.2.5' can not be used when making a shared object; recompile with 
-fPIC
Bug #841394 [libfl-dev] filters: FTBFS: relocation R_X86_64_PC32 against symbol 
`exit@@GLIBC_2.2.5' can not be used when making a shared object; recompile with 
-fPIC
Bug #841360 [libfl-dev] libmotif-common stuck at 2.3.4-10 in sid (src:motif is 
2.3.4-11)
Severity set to 'serious' from 'normal'
841360 was not blocked by any bugs.
841360 was not blocking any bugs.
Added blocking bug(s) of 841360: 841203
841360 was blocked by: 841203
841360 was not blocking any bugs.
Added blocking bug(s) of 841360: 835148
Added indication that 841360 affects motif,src:filters,src:motif,filters
The source libfl-dev and version 2.6.1-1 do not appear to match any binary 
packages
Marked as found in versions libfl-dev/2.6.1-1.
Bug #840394 [libfl-dev] motif: FTBFS: relocation R_X86_64_PC32 against symbol 
`exit@@GLIBC_2.2.5' can not be used when making a shared object; recompile with 
-fPIC
Removed indication that 840394 affects filters, src:filters, src:motif, and 
motif
Added indication that 840394 affects motif,src:filters,src:motif,filters
Removed indication that 837658 affects src:filters, filters, motif, and 
src:motif
Added indication that 837658 affects motif,src:filters,src:motif,filters
Removed indication that 841394 affects motif, src:motif, src:filters, and 
filters
Added indication that 841394 affects motif,src:filters,src:motif,filters
Bug #841394 [libfl-dev] filters: FTBFS: relocation R_X86_64_PC32 against symbol 
`exit@@GLIBC_2.2.5' can not be used when making a shared object; recompile with 
-fPIC
Merged 837658 840394 841360 841394
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
837658: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837658
840394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840394
841360: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841360
841394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841394
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#841681: jessie-pu: package ark/4:4.14.2-2

2016-10-22 Thread Maximiliano Curia 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I would like to fix the bugs #800021 and #770840 of the ark package in stable.

The current behaviour is that the version of ark in stable crashes when 
working on nested files, and it also crashes on exit when there is an open 
file.

The patch for fixing this was provided by upstream, backporting the fix to the 
4.14 branch.

I'm attaching the diff file for the proposed 4:4.14.2-2+deb8u1 upload.

Happy hacking,

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 
'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 331b38f..f43137e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ark (4:4.14.2-2+deb8u1) jessie; urgency=medium
+
+  * Add new upstream patch:
+Stop-crashing-on-exit-when-being-used-solely-as-a-KPart.patch.
+Thanks to Nick Leverton for reporting (Closes: 800021, 770840)
+
+ -- Maximiliano Curia   Fri, 21 Oct 2016 20:52:52 +0200
+
 ark (4:4.14.2-2) unstable; urgency=medium
 
   * New upstream patch: upstream_remove_part_from_KXMLGUIFactory_on_exit
diff --git a/debian/patches/Stop-crashing-on-exit-when-being-used-solely-as-a-KPart.patch b/debian/patches/Stop-crashing-on-exit-when-being-used-solely-as-a-KPart.patch
new file mode 100644
index 000..5afa004
--- /dev/null
+++ b/debian/patches/Stop-crashing-on-exit-when-being-used-solely-as-a-KPart.patch
@@ -0,0 +1,77 @@
+From: Raphael Kubo da Costa 
+Date: Mon, 24 Nov 2014 01:37:06 +0200
+Subject: Stop crashing on exit when being used solely as a KPart.
+
+This change fixes a crash introduced by commit 3b981ca ("Remove Part
+from KXMLGUIFactory on exit").
+
+Part::~Part() is the wrong place to call KXMLGUIFactory::removeClient(),
+as it assumes addClient() had been called in the first place.
+
+This is only true if Ark is called as a standalone program, since that
+is done in MainWindow::loadPart()'s call to KXMLGuiWindow::createGUI().
+
+Conversely, if the Ark KPart is being used as an embedded viewer in,
+say, Konqueror or to preview an archive inside an archive (ie. Ark
+inside Ark) that does not hold true and we try to access a
+KXMLGUIFactory that does not exist.
+
+Instead, call KXMLGuiWindow::removeClient() in MainWindow's destructor,
+since in this case we are certain that addClient() was been called
+before.
+
+CCBUG:  341187
+
+(cherry picked from commit 9c30f30b38c36a31e6fcb3aa047a0247ac5a22fb)
+This was committed for completeness, as there will be no additional
+releases from the KDE/4.14 branch.
+
+Conflicts:
+	part/part.cpp
+---
+ app/mainwindow.cpp | 3 +++
+ part/part.cpp  | 3 ---
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/app/mainwindow.cpp b/app/mainwindow.cpp
+index aee8231..181fe76 100644
+--- a/app/mainwindow.cpp
 b/app/mainwindow.cpp
+@@ -38,6 +38,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ 
+ #include 
+ #include 
+@@ -69,6 +70,8 @@ MainWindow::~MainWindow()
+ if (m_recentFilesAction) {
+ m_recentFilesAction->saveEntries(KGlobal::config()->group("Recent Files"));
+ }
++
++guiFactory()->removeClient(m_part);
+ delete m_part;
+ m_part = 0;
+ }
+diff --git a/part/part.cpp b/part/part.cpp
+index bae4882..09fe1cb 100644
+--- a/part/part.cpp
 b/part/part.cpp
+@@ -53,7 +53,6 @@
+ #include 
+ #include 
+ #include 
+-#include 
+ 
+ #include 
+ #include 
+@@ -138,8 +137,6 @@ Part::Part(QWidget *parentWidget, QObject *parent, const QVariantList& args)
+ 
+ Part::~Part()
+ {
+-factory()->removeClient(this);
+-
+ saveSplitterSizes();
+ 
+ m_extractFilesAction->menu()->deleteLater();
diff --git a/debian/patches/series b/debian/patches/series
index f3d27d5..cc77aa5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 use_libarchive_for_zip_files
 upstream_remove_part_from_KXMLGUIFactory_on_exit
+Stop-crashing-on-exit-when-being-used-solely-as-a-KPart.patch

Re: premail is marked for autoremoval from testing

2016-10-22 Thread Adrian Bunk 
On Sat, Oct 22, 2016 at 04:39:13AM +, Debian testing autoremoval watch 
wrote:
> premail 0.46-10 is marked for autoremoval from testing on 2016-11-20
> 
> It (build-)depends on packages with these RC bugs:
> 837712: xemacs21: FTBFS with bindnow and PIE enabled

Is this bogus?

I cannot see any direct or indirect (build-)depends of premail
on xemacs21.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed