Bug#842795: email-reminder: Fail to send email as release version cannot be detect

[Jack.R]

On Mon, 7 Nov 2016 08:57:58 -0800 Francois Marier 
wrote:
> On 2016-11-06 at 10:09:21, Jack.R wrote:
> > I start to suspect a right access as that part is executed as
> > email-reminder user.
> > 
> > So I try with a normal user by putting
> > my $distro = `/bin/su - alain -s /bin/sh -c "/usr/bin/lsb_release -s
> > -d"`;
> > I am prompt for the password and then it works.
> > It looks like email-reminder user has not sufficient rights to
> > run /usr/bin/lsb_release without error but currently I did not see
> > why.
> 
> What about this then?
> 
> my $distro = `/bin/su - email-reminder -s /bin/sh -c
> "/usr/bin/lsb_release -s -d"`;
> 
> Francois
> 

I am prompted for the password of email-reminder account and this
one is locked (! in second field of shadow file).

If I add a password to that account and unlock it, $distro is still
empty 

--> {} <--

instead of getting the version like when I use a normal user account:

--> {Debian GNU/Linux testing (stretch)
} <--

Code has been modified as follow for testing:
my $distro = `/bin/su - email-reminder -s /bin/sh -c "/usr/bin/lsb_release -s 
-d"`;
print "--> {$distro} <--";
chomp $distro;


-- 
Jack.R

Bug#843502: stopping with NMU

[Geert Stappers]

On Mon, Nov 07, 2016 at 06:43:16AM +0100, Geert Stappers wrote:
> In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796341#10
> is being spoken about team maintenance. That bugreport is closed,
> This new BR is a public reminder of that task.

The next upload of radvd will have me as maintainer.

The idea is stopping with Non-Maintainer-Uploads.

Maintainer Uploads is the essential task of the pkg-radvd-team ...


Groeten
Geert Stappers
-- 
Leven en laten leven


signature.asc
Description: Digital signature

Bug#843591: O: ldap2dns -- LDAP based DNS management system

[Tobias Frost]

Package: wnpp
Severity: normal

The current maintainer of ldap2dns, Igor Stroh ,
has retired.  Therefore, I orphan this package now.

Maintaining a package requires time and skills. Please only adopt this
package if you will have enough time and attention to work on it.

If you want to be the new maintainer, please see
https://www.debian.org/devel/wnpp/index.html#howto-o for detailed
instructions how to adopt a package properly.

Some information about this package:

Package: ldap2dns
Binary: ldap2dns
Version: 0.3.1-3.1
Maintainer: Igor Stroh 
Build-Depends: debhelper (>= 4.1.16), libldap2-dev (>= 2.1.22-1), links (>= 
0.98-3)
Architecture: any
Standards-Version: 3.6.1
Format: 1.0
Files:
 a4a070a9b1d2afec3e6c35a7136ab85f 1048 ldap2dns_0.3.1-3.1.dsc
 3f661468159633a8fdd843db2af97721 40760 ldap2dns_0.3.1.orig.tar.gz
 df438e6bacc0d032d113787f3649a147 6216 ldap2dns_0.3.1-3.1.diff.gz
Checksums-Sha1:
 eae51475330897f43b7b22e257302c78f7f15edd 1048 ldap2dns_0.3.1-3.1.dsc
 3fb4e126916fe3a2f80369ba94e58b5a9563990e 40760 ldap2dns_0.3.1.orig.tar.gz
 c105e3a50f8e82925f3856e9063555c7f087ee5e 6216 ldap2dns_0.3.1-3.1.diff.gz
Checksums-Sha256:
 74ff3d75cce0075b76ba4c03baeee14f00c5a9e74a7e914a1bc909202e121875 1048 
ldap2dns_0.3.1-3.1.dsc
 cf5595e9197209a3b9db63855113924ee9d574503e091ceac7c942ff83b69759 40760 
ldap2dns_0.3.1.orig.tar.gz
 c79ffa8f6bec4fd72b4b7f74ddc23de4c4546266dfdfdac6762037c2a1b9cbf1 6216 
ldap2dns_0.3.1-3.1.diff.gz
Package-List: 
 ldap2dns deb admin optional
Directory: pool/main/l/ldap2dns
Priority: source
Section: admin

Package: ldap2dns
Binary: ldap2dns
Version: 0.3.1-3.2
Maintainer: Igor Stroh 
Build-Depends: debhelper (>= 10), libldap2-dev (>= 2.1.22-1), links (>= 0.98-3)
Architecture: any
Standards-Version: 3.9.8
Format: 1.0
Files:
 a56282c18bee5a7870d26f82994e7fce 1654 ldap2dns_0.3.1-3.2.dsc
 3f661468159633a8fdd843db2af97721 40760 ldap2dns_0.3.1.orig.tar.gz
 d781a11fbe77a63fe1514cfbaee50635 6633 ldap2dns_0.3.1-3.2.diff.gz
Checksums-Sha256:
 bc924041909ccc19bb6f115d50dab1ea9e44036cf6595f12cef71b5d8ad2d6d7 1654 
ldap2dns_0.3.1-3.2.dsc
 cf5595e9197209a3b9db63855113924ee9d574503e091ceac7c942ff83b69759 40760 
ldap2dns_0.3.1.orig.tar.gz
 95e9b4fe707a5babd3a171d1ed1088b56332e2b3c557b414f77e5be6c36751ad 6633 
ldap2dns_0.3.1-3.2.diff.gz
Package-List: 
 ldap2dns deb admin optional arch=any
Directory: pool/main/l/ldap2dns
Priority: source
Section: admin

Package: ldap2dns
Binary: ldap2dns
Version: 0.3.1-3.2
Maintainer: Igor Stroh 
Build-Depends: debhelper (>= 10), libldap2-dev (>= 2.1.22-1), links (>= 0.98-3)
Architecture: any
Standards-Version: 3.9.8
Format: 1.0
Files:
 a56282c18bee5a7870d26f82994e7fce 1654 ldap2dns_0.3.1-3.2.dsc
 3f661468159633a8fdd843db2af97721 40760 ldap2dns_0.3.1.orig.tar.gz
 d781a11fbe77a63fe1514cfbaee50635 6633 ldap2dns_0.3.1-3.2.diff.gz
Checksums-Sha1:
 c1f54ccf258a58adad28faae412bb0c48e4269c7 1654 ldap2dns_0.3.1-3.2.dsc
 3fb4e126916fe3a2f80369ba94e58b5a9563990e 40760 ldap2dns_0.3.1.orig.tar.gz
 9a8f3d2f0b43aa38f6f4d96b8564bb66b931e1d8 6633 ldap2dns_0.3.1-3.2.diff.gz
Checksums-Sha256:
 bc924041909ccc19bb6f115d50dab1ea9e44036cf6595f12cef71b5d8ad2d6d7 1654 
ldap2dns_0.3.1-3.2.dsc
 cf5595e9197209a3b9db63855113924ee9d574503e091ceac7c942ff83b69759 40760 
ldap2dns_0.3.1.orig.tar.gz
 95e9b4fe707a5babd3a171d1ed1088b56332e2b3c557b414f77e5be6c36751ad 6633 
ldap2dns_0.3.1-3.2.diff.gz
Package-List: 
 ldap2dns deb admin optional arch=any
Directory: pool/main/l/ldap2dns
Priority: source
Section: admin

Package: ldap2dns
Version: 0.3.1-3.2
Installed-Size: 81
Maintainer: Igor Stroh 
Architecture: amd64
Depends: bind | bind9 | djbdns | djbdns-installer, libc6 (>= 2.7), 
libldap-2.4-2 (>= 2.4.7)
Recommends: ldap-utils (>= 2.1.22-1)
Description-en: LDAP based DNS management system
 ldap2dns is a program to create DNS (Domain Name Service) records directly
 from a LDAP directory. It can and should be used to replace the secondary
 name-server by a second primary one. ldap2dns reduces all kind of
 administration overhead: No more flat file editing, no more zone file
 editing. After having installed ldap2dns, the administrator only has to
 access the LDAP directory.
 .
 ldap2dns is designed to write ASCII data files used by tinydns from the
 djbdns package, but also may be used to write .db-files used by named as
 found in the BIND package.
Description-md5: e5935d11adb3f1cc6f5c44415284a117
Tag: interface::commandline, protocol::dns, protocol::ldap, role::program,
 scope::utility, works-with::db
Section: admin
Priority: optional
Filename: pool/main/l/ldap2dns/ldap2dns_0.3.1-3.2_amd64.deb
Size: 29606
MD5sum: 86c429be1103c2471c904e7f68dcd7b3
SHA256: cb4b4bad60d41b1668bbe4aade163c57803a44eae9a3ca4e033bae5bebf3f9e7

Package: ldap2dns
Version: 0.3.1-3.1
Installed-Size: 57
Maintainer: Igor Stroh 
Architecture: amd64
Depends: libc6 (>= 2.7), libldap-2.4-2 (>= 2.4.7), bind | bind9 | djbdns | 

Bug#843590: opendnssec: ods-migrate can't open libsqlite3.so

[Simon Ruderich]

Package: opendnssec
Version: 1:2.0.3-1
Severity: important

Hello,

I followed the update instructions for 2.0 and tried to run
ods-migrate, however it failed with the following error:

Failed to load sqlite3 library. dlerror(): libsqlite3.so: cannot open 
shared object file: No such file or directory

A temporary fix is easy (symlink libsqlite3.so.0 to
libsqlite3.so) but I think ods-migrate should be patched to link
against the correct version or at least try to dlopen the
versioned so-file.

Regards
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9


signature.asc
Description: PGP signature

Bug#842919: failed armhf build of xen 4.8.0~rc3-1 [and 1 more messages]

[Ian Jackson]

Kurt Roeckx writes ("Re: failed armhf build of xen 4.8.0~rc3-1 [and 1 more 
messages]"):
> On Mon, Nov 07, 2016 at 08:05:22PM +, Ian Jackson wrote:
> > Have I done something wrong ?  Do the buildd chroots need to be
> > updated ?
> 
> The buildd chroots are automatically generated once a week. No
> package that's installed in the chroot get upgraded without a
> reason like a Depends requiring them.

Ah.  We were unlucky then that the broken bintuils ended up cached
this way.

> I'll see about upgrading the chroots, I have no idea how to do
> this myself.

Thanks.  I do think this should be done, then, as other packages are
likely to be affected.

This probably applies to all the architectures, not just armhf and
i386.  The xen package for sid escaped the bug on amd64 because I
built it myself.

Thanks,
Ian.

Bug#843227: PTS, UDD: packages removed from testing still listed in testing

[Lucas Nussbaum]

On 05/11/16 at 11:31 +0200, Adrian Bunk wrote:
> Package: qa.debian.org
> Severity: normal
> 
> I came across an odd bug affecting both packages.qa.d.o and UDD:
> 
> https://packages.qa.debian.org/b/banshee.html
> [2016-09-01] banshee REMOVED from testing (Britney)
> testing 2.6.2-4
> 
> https://tracker.debian.org/pkg/banshee
> Correct information that the package is not in testing.
> 
> https://udd.debian.org/bugs/?release=sid_not_stretch=ign=ign=7=7=1=source=asc=html#results
> this is "bug is in unstable and not in testing, package is in testing"
> #805997 in src:banshee is listed here
> This is correct information from the BTS (bug is not in testing),
> but UDD thinks the package is still in testing.

Hi Adrian,

That's because the (source) package is still in testing, but only
because another package (in testing) was built using it:

udd=> select source,extra_source_only from sources where source='banshee' and 
release='stretch';
 source  | extra_source_only 
-+---
 banshee | t
(1 row)

For example:

Package: gnome-do-plugins
Version: 0.8.5-4
[...]
Built-Using: banshee (= 2.6.2-4)

It's not clear what to do in that case; I think that being on the safe side is
considering that the package is still in testing, because we would ship that
source. In some cases (e.g. undistributable source) it would make to go further
and really remove it completely from testing.

Lucas

Bug#843596: RFS: node-jsonparse/1.2.0-1

[Bastien ROUCARIES]

Package: sponsorship-requests
Severity: normal [important for RC bugs, wishlist for new packages]
X-Debbugs-CC :prav...@debian.org
X-Debbugs-CC :locutusofb...@debian.org


  Dear mentors,

  I am looking for a sponsor for my package "node-jsonparse"

 * Package name: node-jsonparse
   Version : 1.2.0-1
   Upstream Author :  2015-2016 Tim Caswell 
 * License : expat
   Section : web

  It builds those binary packages:

node-jsonparse - Pure javascript JSON streaming parser for node.js

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/node-jsonparse


  Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/n/node-jsonparse/node-jsonparse_1.2.0-1.dsc


  Changes since the last upload:

   * New upstream version.
  * Bump policy version (no changes).
  * Use compat 10.
  * Upgrade VCS fields.

It is needed for browserify effort so try to upload correct version


  Regards,
   bastien roucaries

Bug#843587: ITP: r-cran-randomfieldsutils -- utilities for the simulation and analysis of random fields

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: r-cran-randomfieldsutils
  Version : 0.3.3.1
  Upstream Author : Martin Schlather, Reinhard Furrer, Martin Kroll
* URL : https://cran.r-project.org/package=RandomFieldsUtils
* License : GPL-3+
  Programming Lang: GNU-R
  Description : utilities for the simulation and analysis of random fields
 Various utilities are provided that might be used in spatial statistics
 and elsewhere. It delivers a method for solving linear equations that
 checks the sparsity of the matrix before any algorithm is used.
 Furthermore, it includes the Struve functions.

Remark: This package is needed to upgrade r-cran-randomfields to the latest
version.  It is maintained by the Debian Science team at
   
svn://anonscm.debian.org/debian-science/packages/R/r-cran-randomfieldsutils/trunk

Bug#840540: dianara: Please update to v1.3.5 to allow switching qoauth to qt5

[gregor herrmann]

On Mon, 07 Nov 2016 20:41:01 +0100, Jan wrote:

> On Mon, Nov 07, 2016 at 05:44:31PM +0100, gregor herrmann wrote:
> > postInit();
> > PumpController::getInitialData() step 0
> > HMAC(SHA1) is not supported!
> > 
> 
> gregorr, looks like you need libqca-qt5-2-plugins, which contains the
> Qt5 version of the QCA openssl plugin.

I see, thank you.
But then there's a dependency problem somewhere ...
 

Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#843589: opendnssec: Files required for update missing

[Simon Ruderich]

Hello again,

Just noticed another update issue. All the paths given in the
update README are not correct on Debian. I noticed at least
/var/opendnssec vs. /var/lib/opendnssec on Debian.

Regards
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9


signature.asc
Description: PGP signature

Bug#833217: pycryptopp: Uses obsolete compressor for .deb data.tar member

[IOhannes m zmoelnig]

Package: src:pycryptopp
Followup-For: Bug #833217

Control: tags -1 pending
thanks

I've just uploaded an NMU with a fix (using gzip instead of bzip2) to DELAYED/5.

Please find the diff attached.

mfgards
IOhannes

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru pycryptopp-0.6.0.20120313/debian/changelog pycryptopp-0.6.0.20120313/debian/changelog
--- pycryptopp-0.6.0.20120313/debian/changelog	2013-08-22 23:07:55.0 +0200
+++ pycryptopp-0.6.0.20120313/debian/changelog	2016-11-07 22:43:57.0 +0100
@@ -1,3 +1,10 @@
+pycryptopp (0.6.0.20120313-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Use gzip compression for package (Closes: #833217)
+
+ -- IOhannes m zmölnig (Debian/GNU)   Mon, 07 Nov 2016 22:43:57 +0100
+
 pycryptopp (0.6.0.20120313-1) unstable; urgency=low
 
   * Update debian/watch
diff -Nru pycryptopp-0.6.0.20120313/debian/rules pycryptopp-0.6.0.20120313/debian/rules
--- pycryptopp-0.6.0.20120313/debian/rules	2013-08-22 23:07:55.0 +0200
+++ pycryptopp-0.6.0.20120313/debian/rules	2016-11-07 22:43:57.0 +0100
@@ -69,7 +69,7 @@
 	dh_shlibdeps -a
 	dh_gencontrol -a
 	dh_md5sums -a
-	dh_builddeb -a -- -Z bzip2
+	dh_builddeb -a -- -Z gzip
 
 binary-indep:
 

Bug#837485: [pkg-golang-devel] Bug#837485: Bug#837485: golang-1.6: FTBFS with bindnow and PIE enabled

[Tianon Gravi]

On 5 November 2016 at 09:00, Niels Thykier  wrote:
> Cool! :)
>
> Should I file a bug against ftp.d.o, asking them to remove golang-1.6
> from unstable? :)

If you're willing, that sounds great! (I always end up having to
re-read the docs any time I use the BTS for more than simply replying,
so I hadn't gotten around to doing so yet)


♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4

Bug#842574: transition: qtbase-opensource-src

[Emilio Pozuelo Monfort]

On 06/11/16 19:59, Dmitry Shachnev wrote:
> Hi Emilio,
> 
> On Sun, Nov 06, 2016 at 04:17:55PM +0100, Emilio Pozuelo Monfort wrote:
>>> Please also binNMU plasma-integration against the new qtbase.
>>>
>>> It links with the static library libQt5PlatformSupport.a, and should pick
>>> up the new version of it.
>>
>> Done. I wonder if this shouldn't have a stricter dependency though.
> 
> Do you mean that it should depend on qtbase-abi-5-x-y?
> 
> If yes, I would like this to be the case, but as it is a plugin which just
> implements the QPlatformTheme interface, and it does not use any Qt private
> symbols. And as there are no private symbols on it, it does not get such a
> dependency.
> 
> In this particular case, a new method was added to its (pure virtual) parent
> class (with the default implementation), and the rebuild makes sure that
> this method can be called.

I mean if changes in qtbase can break this package, then it probably needs a
stricter dependency than it currently has. But maybe it's qtbase's fault for
breaking the public ABI (if that is considered an ABI break. I'm not too
familiar with C++ ABI so I can't say). But I'll just leave this up to you.

Cheers,
Emilio

Bug#840540: dianara: Please update to v1.3.5 to allow switching qoauth to qt5

[gregor herrmann]

On Mon, 07 Nov 2016 19:18:46 -0300, Lisandro Damián Nicanor Pérez Meyer wrote:

> > > gregorr, looks like you need libqca-qt5-2-plugins, which contains the
> > > Qt5 version of the QCA openssl plugin.
> > I see, thank you.
> > But then there's a dependency problem somewhere ...
> I think that in libqoauth2, will be fixed in a few minutes.

Great, thank you Lisandro! 


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#840540: dianara: Please update to v1.3.5 to allow switching qoauth to qt5

[Jan]

On Mon, Nov 07, 2016 at 07:17:31PM -0300, Lisandro Damián Nicanor Pérez Meyer 
wrote:
> > This is a simple diff of the changes I made to make it work:
> 
> Jan: next time please use diff -Nau, that's the most used format when dealing 
> with patches.
>  

Thanks for the hint! I wanted that kind of output, but I didn't find the
switch for it. I was even tempted to use a git repo to use git diff!

> > When starting up Dianara, I get an early crash, related to the systray
> > icon, both under Plasma and under LXQt, but I imagine it has to do with
> > the Qt5.7.1 transition. It works fine under a bare Openbox+Tint2
> > session.
> 
> Mmm, need to check in fluxbox then.

At the moment, it works fine for me under current Sid's Plasma. I
haven't checked, but I imagine it will still crash under LXQt.
Under Openbox there wasn't any problem at any time (i386 machines).

If it still crashes for you, could you run it with --debug and paste the
last ~5 lines or so? =)

Cheers!


-- 
Development blog: https://jancoding.wordpress.com

Bug#843450: [pkg-lxc-devel] Bug#843450: Bug#843450: lxc: Corrupt /proc/self/cgroup / Failed to get list of controllers

[Francois Marier]

On 2016-11-07 at 13:00:31, Evgeni Golov wrote:
> Can you please try booting with
>  systemd.legacy_systemd_cgroup_controller
> and see if that fixes the issue for you for now?

It seems to work fine. Thanks for the pointer!

Should there be a versioned conflict on systemd or the kernel? Maybe a note
in NEWS.Debian?

Francois

-- 
https://fmarier.org/

Bug#837402: [htcondor-debian] Bug#837402: Fix for the Condor PIE FTBFS

[Tim Theisen]

Hello,

Thank you for this fix. We needed to add -fnoPIC because of the severe 
performance impact on the benchmarks. Adding the -fPIE as well has a 
minimal performance impact. I will apply this patch to our upstream sources.


...Tim

On 11/04/2016 06:14 AM, Adrian Bunk wrote:

Control: tags -1 patch

A fix for the Condor PIE FTBFS is attached.

cu
Adrian



___
htcondor-debian mailing list
htcondor-deb...@cs.wisc.edu
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-debian


--
Tim Theisen
Release Manager
HTCondor & Open Science Grid
Center for High Throughput Computing
Department of Computer Sciences
University of Wisconsin - Madison
4261 Computer Sciences and Statistics
1210 W Dayton St
Madison, WI 53706-1685
+1 608 265 5736

Bug#828287: dsniff: FTBFS with openssl 1.1.0

[Christoph Biedl]

Christoph Biedl wrote...

> The patch attached:

Now really attached.
diff --git a/ssh.c b/ssh.c
index bb73ff3..ee6cb58 100644
--- a/ssh.c
+++ b/ssh.c
@@ -234,6 +234,8 @@ SSH_accept(SSH *ssh)
 	u_char *p, cipher, cookie[8], msg[1024];
 	u_int32_t num;
 	int i;
+	const BIGNUM *servkey_e, *servkey_n;
+	const BIGNUM *hostkey_e, *hostkey_n;
 
 	/* Generate anti-spoofing cookie. */
 	RAND_bytes(cookie, sizeof(cookie));
@@ -243,11 +245,13 @@ SSH_accept(SSH *ssh)
 	*p++ = SSH_SMSG_PUBLIC_KEY;			/* type */
 	memcpy(p, cookie, 8); p += 8;			/* cookie */
 	num = 768; PUTLONG(num, p);			/* servkey bits */
-	put_bn(ssh->ctx->servkey->e, );		/* servkey exponent */
-	put_bn(ssh->ctx->servkey->n, );		/* servkey modulus */
+	RSA_get0_key(ssh->ctx->servkey, _n, _e, NULL);
+	put_bn(servkey_e, );		/* servkey exponent */
+	put_bn(servkey_n, );		/* servkey modulus */
 	num = 1024; PUTLONG(num, p);			/* hostkey bits */
-	put_bn(ssh->ctx->hostkey->e, );		/* hostkey exponent */
-	put_bn(ssh->ctx->hostkey->n, );		/* hostkey modulus */
+	RSA_get0_key(ssh->ctx->hostkey, _n, _e, NULL);
+	put_bn(hostkey_e, );		/* hostkey exponent */
+	put_bn(hostkey_n, );		/* hostkey modulus */
 	num = 0; PUTLONG(num, p);			/* protocol flags */
 	num = ssh->ctx->encmask; PUTLONG(num, p);	/* ciphers */
 	num = ssh->ctx->authmask; PUTLONG(num, p);	/* authmask */
@@ -298,7 +302,7 @@ SSH_accept(SSH *ssh)
 	SKIP(p, i, 4);
 
 	/* Decrypt session key. */
-	if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
+	if (BN_cmp(servkey_n, hostkey_n) > 0) {
 		rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
 		rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
 	}
@@ -318,8 +322,8 @@ SSH_accept(SSH *ssh)
 	BN_clear_free(enckey);
 
 	/* Derive real session key using session id. */
-	if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
-ssh->ctx->servkey->n)) == NULL) {
+	if ((p = ssh_session_id(cookie, hostkey_n,
+servkey_n)) == NULL) {
 		warn("ssh_session_id");
 		return (-1);
 	}
@@ -328,10 +332,8 @@ SSH_accept(SSH *ssh)
 	}
 	/* Set cipher. */
 	if (cipher == SSH_CIPHER_3DES) {
-		ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->encrypt = des3_encrypt;
-		ssh->decrypt = des3_decrypt;
+		warnx("cipher 3des no longer supported");
+		return (-1);
 	}
 	else if (cipher == SSH_CIPHER_BLOWFISH) {
 		ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
@@ -357,6 +359,8 @@ SSH_connect(SSH *ssh)
 	u_char *p, cipher, cookie[8], msg[1024];
 	u_int32_t num;
 	int i;
+	BIGNUM *servkey_n, *servkey_e;
+	BIGNUM *hostkey_n, *hostkey_e;
 
 	/* Get public key. */
 	if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
@@ -379,21 +383,23 @@ SSH_connect(SSH *ssh)
 
 	/* Get servkey. */
 	ssh->ctx->servkey = RSA_new();
-	ssh->ctx->servkey->n = BN_new();
-	ssh->ctx->servkey->e = BN_new();
+	servkey_n = BN_new();
+	servkey_e = BN_new();
+	RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
 
 	SKIP(p, i, 4);
-	get_bn(ssh->ctx->servkey->e, , );
-	get_bn(ssh->ctx->servkey->n, , );
+	get_bn(servkey_e, , );
+	get_bn(servkey_n, , );
 
 	/* Get hostkey. */
 	ssh->ctx->hostkey = RSA_new();
-	ssh->ctx->hostkey->n = BN_new();
-	ssh->ctx->hostkey->e = BN_new();
+	hostkey_n = BN_new();
+	hostkey_e = BN_new();
+	RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
 
 	SKIP(p, i, 4);
-	get_bn(ssh->ctx->hostkey->e, , );
-	get_bn(ssh->ctx->hostkey->n, , );
+	get_bn(hostkey_e, , );
+	get_bn(hostkey_n, , );
 
 	/* Get cipher, auth masks. */
 	SKIP(p, i, 4);
@@ -405,8 +411,8 @@ SSH_connect(SSH *ssh)
 	RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
 
 	/* Obfuscate with session id. */
-	if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
-ssh->ctx->servkey->n)) == NULL) {
+	if ((p = ssh_session_id(cookie, hostkey_n,
+servkey_n)) == NULL) {
 		warn("ssh_session_id");
 		return (-1);
 	}
@@ -422,7 +428,7 @@ SSH_connect(SSH *ssh)
 		else BN_add_word(bn, ssh->sesskey[i]);
 	}
 	/* Encrypt session key. */
-	if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
+	if (BN_cmp(servkey_n, hostkey_n) < 0) {
 		rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
 		rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
 	}
@@ -470,10 +476,8 @@ SSH_connect(SSH *ssh)
 		ssh->decrypt = blowfish_decrypt;
 	}
 	else if (cipher == SSH_CIPHER_3DES) {
-		ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->encrypt = des3_encrypt;
-		ssh->decrypt = des3_decrypt;
+		warnx("cipher 3des no longer supported");
+		return (-1);
 	}
 	/* Get server response. */
 	if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
diff --git a/sshcrypto.c b/sshcrypto.c
index 09a04e7..f66202d 100644
--- a/sshcrypto.c
+++ b/sshcrypto.c
@@ -28,10 +28,12 @@ struct blowfish_state {
 	u_char			iv[8];
 };
 
+#if 0
 struct des3_state {
 	des_key_schedule	k1, k2, k3;
 	des_cblock		iv1, iv2, iv3;
 };
+#endif
 
 void
 

Bug#843588: mesa: FTBFS on hurd-i386 due to PATH_MAX

[Samuel Thibault]

Source: mesa
Version: 13.0.0-1
Severity: important
Tags: upstream patch
User: debian-h...@lists.debian.org
Usertags: hurd
Control: forwarded https://bugs.freedesktop.org/show_bug.cgi?id=98632

Hello,

Just for information and upstream tracking, probably to be turned into
cherry-pick request when fixed upstream.

Thanks,
Samuel

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Samuel
 > Il [e2fsck] a bien démarré, mais il m'a rendu la main aussitot en me
 > disant "houlala, c'est pas beau à voir votre truc, je préfèrerai que
 > vous teniez vous même la tronçonneuse" (traduction libre)
 NC in Guide du linuxien pervers : "Bien configurer sa tronçonneuse."

Bug#828287: dsniff: FTBFS with openssl 1.1.0

[Christoph Biedl]

Sandro Tosi wrote...

> Hello Dug,
> in Debian we started the transition to OpenSSL 1.1.0: do you have any
> plan to port dsniff to that version?

Since I have some interest in keeping dsniff in Debian, I spent some
time on that bug.

The patch attached:
- replaces the access to struct elements with getter usage.
- disables 3des as it's no longer supported by OpenSSL.

It's pretty much untested and could also take a review.

Christoph


signature.asc
Description: Digital signature

Bug#843589: opendnssec: Files required for update missing

[Simon Ruderich]

Package: opendnssec
Version: 1:2.0.3-1
Severity: important

Hello,

First a minor issue, the path to the README mentioned in the
update notification doesn't work, the directory
/usr/share/opendnssec/1.4-2.0_db_convert is empty.

But the bigger problem is that convert_sqlite doesn't work
because "../../src/db/schema.sqlite" is not present in the debian
package.

Regards
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9


signature.asc
Description: PGP signature

Bug#799281: [Mailman-Developers] Let's try to package mailman3 in Debian!

[Pierre-Elliott Bécue]

Le lundi 07 novembre 2016 à 21:42:21+0100, Jan Luca Naumann a écrit :
> Dear Pierre-Elliott Bécue,
> 
> what is the current status of your packaging intend. Since I did not
> the WNPP-list very well I started another ITP (that I closed of course
> now) and maybe we can work together and/or I can take over some of the
> work.
> 
> Best regards,

Dear Jan,

I'd be happy to work with you.

Mostly, all parts of mailman are "pre-packaged" on my server. I met issues
with HyperKitty regarding dependencies, currently, these are not fully
solved, as the devs had to move from django-browserid (implementation of
persona protocol, by Mozilla) to another dependency offering implementation
of a still used protocol (Mozilla is dropping persona).

The second "issue" is mailman itself. It's using python3.4, but default
version of python3 in debian is 3.5 for something like 10 months. I'm
waiting mailman version 3.1, as Barry Warsaw told me it'd use python3.5.

If you wish I can give you the developper accesses on my github repositories
which contain the current packages, except hyperkitty (because of what I
mentioned before).

Cheers,

-- 
PEB


signature.asc
Description: PGP signature

Bug#837485: [pkg-golang-devel] Bug#837485: Bug#837485: golang-1.6: FTBFS with bindnow and PIE enabled

[Niels Thykier]

Tianon Gravi:
> On 5 November 2016 at 09:00, Niels Thykier  wrote:
>> Cool! :)
>>
>> Should I file a bug against ftp.d.o, asking them to remove golang-1.6
>> from unstable? :)
> 
> If you're willing, that sounds great! (I always end up having to
> re-read the docs any time I use the BTS for more than simply replying,
> so I hadn't gotten around to doing so yet)
> 
> 
> ♥,
> - Tianon
>   4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4
> 

Ack - filed as #843598.

Thanks,
~Niels

Bug#843586: evolution - cited e-mails vanish from reply e-mail while editing

[Zoltan]

Package: evolution
Version: 3.22.1 (testing)


When replying to a chain of cited e-mails, after adding a couple of
empty lines with the button [Enter] in the reply e-mail, the older e-
mails simply vanish. Undo won't restore them in the composing window.
No common-sense / user-friendly way to avoid automatic deletion of
cited older e-mails. 
SERIOUS PROBLEM. Affects core usability of the package / software. 


Using 
Debian GNU/Linux 3.22.1  (stretch)
kernel: Linux 4.7.0-1-686-pae 

Bug#842919: failed armhf build of xen 4.8.0~rc3-1 [and 1 more messages]

[Kurt Roeckx]

On Mon, Nov 07, 2016 at 08:54:49PM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Re: failed armhf build of xen 4.8.0~rc3-1 [and 1 more 
> messages]"):
> > On Mon, Nov 07, 2016 at 08:05:22PM +, Ian Jackson wrote:
> > > Have I done something wrong ?  Do the buildd chroots need to be
> > > updated ?
> > 
> > The buildd chroots are automatically generated once a week. No
> > package that's installed in the chroot get upgraded without a
> > reason like a Depends requiring them.
> 
> Ah.  We were unlucky then that the broken bintuils ended up cached
> this way.
> 
> > I'll see about upgrading the chroots, I have no idea how to do
> > this myself.
> 
> Thanks.  I do think this should be done, then, as other packages are
> likely to be affected.
> 
> This probably applies to all the architectures, not just armhf and
> i386.  The xen package for sid escaped the bug on amd64 because I
> built it myself.

I just gave back xen and set an extra depends for the fixed
version.

The chroots get updated on sunday and wednesday. It seems to be
easier to just wait for wednesday and give back those few that are
affected. It looks like all buildds actually need the new chroot.


Kurt

Bug#828252: qtcreator is marked for autoremoval from testing

[Christian Hofstaedtler]

Ondřej,

* Ondřej Surý  [161106 21:12]:
> In the end it was very easy (hopefully) - the OpenSSL module is optional
> and hopefully this won't break anything :). Ccing other botan1.10 users.
> 
> Please test with botan1.10 - 1.10.13-1 that just got uploaded to
> unstable.

Tested pdns 4.0.1-5 against the new botan1.10 1.10.13-1 and can
confirm that pdns still works (without rebuilding).

Thanks for taking care of this.

Cheers,
-- 
 ,''`.  Christian Hofstaedtler 
: :' :  Debian Developer
`. `'   7D1A CFFA D9E0 806C 9C4C  D392 5C13 D6DB 9305 2E03
  `-

Bug#818107: The future of DocOnce

[Francesco Poli]

On Mon, 7 Nov 2016 17:03:07 + Kristian Gregorius Hustad wrote:

> Version 1.0.0 is now listed at https://github.com/hplgit/doconce/releases 

That's awesome, thanks a lot!   :-)

Now I hope the Debian Python Applications Packaging Team will consider
packaging it...

-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpnKW5npr0Y6.pgp
Description: PGP signature

Bug#843584: Crash trying to change a toolbar item to be a separator

[Daniel Leidert]

Package: glade
Version: 3.20.0-2
Severity: important

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

There is a reproducible crash.

- - open glade
- - add a GtkToolbar
- - go to "right click" > Edit
- - go to tab "Hierarchy"
- - add an item (push the "+" button")
- - now try to change this item from "button" to "separator"

The crash happens all the time. I can provide a backtrace if necessary. But
because it is reproducible, ...

Regards, Daniel



- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'testing'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages glade depends on:
ii  libc6   2.24-5
ii  libcairo2   1.14.6-1.1
ii  libgdk-pixbuf2.0-0  2.36.0-1
ii  libgladeui-2-6  3.20.0-2
ii  libglib2.0-02.50.1-1
ii  libgtk-3-0  3.22.2-1
ii  libpango-1.0-0  1.40.3-3

Versions of packages glade recommends:
ii  devhelp   3.22.0-1
ii  libgtk-3-dev  3.22.2-1

glade suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIcBAEBCAAGBQJYIO0RAAoJEEvNBWfCltBd3xMQAJjg2ARfy5AinzrxF31RtBJ1
zUHDCfQxN7hPkyKbPpGTVrMUIaqIrTOS9OB7USRJ2lrfSwJUke6ftrZkoPpNsYgb
x2ehFkjsdx+dgGQRQW9zf+TKAcwfP5A4DTSTTNvXOMPydqijKSIqeJayv4MAwLHb
u168YAv1VycAIpHYHrcEiGcQrBZAyj8F+D+YG6Q8Sr1dnR0KII0kW0Z9s8pFyP8U
MkJZEp3H5ZaCesqM5YeObgKvTcoRG1yb5+iFfo2RvGKEPY7pazL76piwwYbM7pGI
vB+AZvGLGgvlGpKavd6fX4RJvsBM47cifz9or4oEcVEDagq31WPISWZhjU++O/a7
YOB50yIE3hDUFUrxiuBgP+66cyc90WpBdQTX8pYzUN4rw1E84IyAi5ayiSKVC5w5
HaRvZs2/xKt31PdL5o4Wp/2jlvZo3x7uoMN0Abs3zoYXObhD95CimbjxNSTe0mr7
NHrFJry+b/YRPWUxbD8lofAJgAd4d0aY4D0zRFC2/rxuY05nHz5Bbcb7zBBrCf0B
4AzkIIoOO4noVdv682CHZI7rJj0Dcld5+29SOPhz2Z8tzjgPtwgVokE18sTMORs2
uF70OzEkLMbV7VoaZ3Kahxm3zxJ9m626/5zHTeXnfOVnpFZRwwK/79jpPkrs3KWJ
H84c188iU+dIwloECxpK
=fHkr
-END PGP SIGNATURE-

Bug#843380: libgvc6 fail to install on stretch

[batta...@libero.it]

While checking for another bug, I found the cause of this also, libgd3 on my 
system was corrupted.After reinstalling it installation of libgvc6 has no 
problem.

Bug#811960: pulseview NMU?

[Uwe Hermann]

Hi,

On Mon, Nov 07, 2016 at 04:25:14PM +, Jonathan McDowell wrote:
> Uwe, do you have any plans for this?

Yeah, might upload some new packages soonish, but long-term
I'd be happy to hand over the full sigrok suite of packages to another
interested + active developer, so I can focus more on upstream development.


Uwe.
-- 
http://hermann-uwe.de | http://randomprojects.org | http://sigrok.org

Bug#843597: More robust capability handling

[Thomas Lange]

> On Mon, 07 Nov 2016 17:36:41 -0500, Sam Hartman  
> said:

> Currently, the sample configuration namespace has a shell script to
> restore the common capabilities found in base files; see
> scripts/DEBIAN/20-capabilities.
In this script, I'm doing the same things that are done in the
postinst script of the package.

Also there was a bug in tar which added some xattr or capabilities
even no were defined when creating the tar file. Have a look at
#819978. IIRC this was one reason to no use xattrs with tar by
default.
-- 
regards Thomas

Bug#842796: libc recently more aggressive about pthread locks in stable ?

[Lucas Nussbaum]

Hi,

On 06/11/16 at 17:41 -0200, Henrique de Moraes Holschuh wrote:
> On Sun, 06 Nov 2016, Ben Hutchings wrote:
> > It's worth noting that TSX is broken in 'Haswell' processors and is
> > supposed to be disabled via a microcode update.  I don't know whether
> > glibc avoids using it on these processors if the microcode update is
> > not applied.  (Linux doesn't appear to hide the feature flags.)
> 
> It does avoid it.  For glibc libpthreads, Debian has blacklisted Intel
> TSX use [in libpthreads] on all of Haswell and much of Broadwell.
> 
> But anything else *will* attempt to use it, people query cpuid directly
> for these things.  You need a hypervisor that filters cpuid().

How can one know what glibc does on a given CPU? (preferably without
access to the hardware)

I could try to run an archive rebuild on hardware where glibc leverages
TSX to see what happens.

Lucas

Bug#843532: dnssec-trigger: broken by OpenSSL 1.1.0

[Sebastian Andrzej Siewior]

control: tags -1 patch

On 2016-11-07 08:39:17 [-0500], Zack Weinberg wrote:
> Nov 07 08:34:17 moxana dnssec-triggerd[20281]: Nov 07 08:34:17 
> dnssec-triggerd[20281] error: could not set SSL_OP_NO_SSLv2 crypto 
> error:

could someone please check if the patch attached works? I am confident
but don't time todo it myself just now.

Sebastian
>From 05cd529e19d317b8bcc69f7d883873a27195b904 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior 
Date: Mon, 7 Nov 2016 20:59:11 +
Subject: [PATCH] dnssec-trigger: openssl 1.1.0 fixup

- SSL_OP_NO_SSLv2 / SSLv2 has been removed from openssl 1.1.0 and as
  such it can't be tested (the way it is) if disabling it worked.

- SSL_CTX_load_verify_locations() return 1 un success and 0 on failure.
  The check for the result code is bogus and has nothing to do with the
  switch to openssl 1.1.0 itself

- ERR_remove_state() and friends are NOPs in current openssl 1.1.0 due
  the threading model. This operations are nops therefore and do nothing
  and can be removed in a later version.

Signed-off-by: Sebastian Andrzej Siewior 
---
 riggerd/cfg.c  | 2 ++
 riggerd/net_help.c | 4 +++-
 riggerd/riggerd.c  | 2 ++
 riggerd/svr.c  | 2 ++
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/riggerd/cfg.c b/riggerd/cfg.c
index 03f4f73..08b2028 100644
--- a/riggerd/cfg.c
+++ b/riggerd/cfg.c
@@ -540,9 +540,11 @@ cfg_setup_ctx_client(struct cfg* cfg, char* err, size_t errlen)
 	if(!ctx)
 		return ctx_err_ret(ctx, err, errlen,
 			"could not allocate SSL_CTX pointer");
+#if OPENSSL_VERSION_NUMBER < 0x1010
 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
 		return ctx_err_ret(ctx, err, errlen, 
 			"could not set SSL_OP_NO_SSLv2");
+#endif
 	if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
 		!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
 		|| !SSL_CTX_check_private_key(ctx))
diff --git a/riggerd/net_help.c b/riggerd/net_help.c
index 21e79e7..b17486c 100644
--- a/riggerd/net_help.c
+++ b/riggerd/net_help.c
@@ -447,11 +447,13 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem)
 		return NULL;
 	}
 	/* no SSLv2 because has defects */
+#if OPENSSL_VERSION_NUMBER < 0x1010
 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		SSL_CTX_free(ctx);
 		return NULL;
 	}
+#endif
 	if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
 		log_err("error for cert file: %s", pem);
 		log_crypto_err("error in SSL_CTX use_certificate_file");
@@ -517,7 +519,7 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem)
 		}
 	}
 	if(verifypem && verifypem[0]) {
-		if(!SSL_CTX_load_verify_locations(ctx, verifypem, NULL) != 1) {
+		if(SSL_CTX_load_verify_locations(ctx, verifypem, NULL) != 1) {
 			log_crypto_err("error in SSL_CTX verify");
 			SSL_CTX_free(ctx);
 			return NULL;
diff --git a/riggerd/riggerd.c b/riggerd/riggerd.c
index 9cb6023..2490a72 100644
--- a/riggerd/riggerd.c
+++ b/riggerd/riggerd.c
@@ -393,10 +393,12 @@ int main(int argc, char *argv[])
 #ifdef HAVE_OPENSSL_CONF_H
 	CONF_modules_free();
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x1010
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_state(0);
 	ERR_free_strings();
 	RAND_cleanup();
+#endif
 
 #ifdef USE_WINSOCK
 	if(WSACleanup() != 0) {
diff --git a/riggerd/svr.c b/riggerd/svr.c
index 0b46b1d..5f232f4 100644
--- a/riggerd/svr.c
+++ b/riggerd/svr.c
@@ -162,10 +162,12 @@ static int setup_ssl_ctx(struct svr* s)
 		return 0;
 	}
 	/* no SSLv2 because has defects */
+#if OPENSSL_VERSION_NUMBER < 0x1010
 	if(!(SSL_CTX_set_options(s->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		return 0;
 	}
+#endif
 	s_cert = s->cfg->server_cert_file;
 	s_key = s->cfg->server_key_file;
 	verbose(VERB_ALGO, "setup SSL certificates");
-- 
2.10.2

Bug#840540: dianara: Please update to v1.3.5 to allow switching qoauth to qt5

[Lisandro Damián Nicanor Pérez Meyer]

On lunes, 7 de noviembre de 2016 20:41:01 ART Jan wrote:
> On Mon, Nov 07, 2016 at 05:44:31PM +0100, gregor herrmann wrote:
> > postInit();
> > PumpController::getInitialData() step 0
> > HMAC(SHA1) is not supported!
> 
> gregorr, looks like you need libqca-qt5-2-plugins, which contains the
> Qt5 version of the QCA openssl plugin.
> 
> https://packages.debian.org/sid/libqca-qt5-2-plugins

I have it installed and I'm getting a segfault :-(

-- 
Outside of a dog, a book is man's best friend.
Inside of a dog, it's too dark to read.
 -- Groucho Marx

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#843593: Please add support for ESP partitions

[Sam Hartman]

package: fai
version: 5.2
tags: patch
severity: wishlist

It's impossible to use FAI to install for a platform/system that
requires UEFI because FAI does not currently support setting up a
extended system partition as required by the UEFI spec.
This patch adds code to do that.

I did not update the documentation in this patch, because I'm not that
familiar with all the documentation I'd need to touch.
An example disk_config might look something like:

#
#

disk_config disk1 disklabel:gpt bootable:1 esp:1 fstabkey:uuid align-at:1M

primary /boot/efi 300vfat  defaults
primary /  300-  ext4  rw,barrier=0,noatime,errors=remount-ro 
tuneopts="-c 0 -i 0"


>From 06a30575b8c473da89a031587debd8f6f350ba6b Mon Sep 17 00:00:00 2001
From: Sam Hartman 
Date: Mon, 7 Nov 2016 16:41:12 -0500
Subject: [PATCH] Add support for ESP partitions

UEFI requires a special vfat partition on which the boot loader and
potentially other UEFI information lives.  Parted represents this with
an esp flag.  Add support for this in setup-storage.
---
 lib/setup-storage/Commands.pm | 2 ++
 lib/setup-storage/Parser.pm   | 8 
 2 files changed, 10 insertions(+)

diff --git a/lib/setup-storage/Commands.pm b/lib/setup-storage/Commands.pm
index 31898ca..6190343 100755
--- a/lib/setup-storage/Commands.pm
+++ b/lib/setup-storage/Commands.pm
@@ -1344,6 +1344,8 @@ sub setup_partitions {
   if ($part->{size}->{preserve} || $part->{size}->{resize});
 # set the bootable flag, if requested at all
 $flags .= ",boot" if($FAI::configs{$config}{bootable} == $part_id);
+# set the ESP flag, if requested at all
+$flags .= ",esp" if($FAI::configs{$config}{esp} == $part_id);
 # set the bios_grub flag on BIOS compatible GPT tables
 $flags .= ",bios_grub" if($FAI::configs{$config}{disklabel} eq "gpt-bios"
   && $FAI::configs{$config}{gpt_bios_part} == $part_id);
diff --git a/lib/setup-storage/Parser.pm b/lib/setup-storage/Parser.pm
index 943eaa5..d58afe9 100755
--- a/lib/setup-storage/Parser.pm
+++ b/lib/setup-storage/Parser.pm
@@ -144,6 +144,7 @@ sub init_disk_config {
 virtual=> 0,
 disklabel  => "msdos",
 bootable   => -1,
+esp=> 0,
 fstabkey   => "device",
 preserveparts => 0,
 partitions => {},
@@ -690,6 +691,13 @@ $FAI::Parser = Parse::RecDescent->new(
   ($FAI::device =~ /^PHY_(.+)$/) or
 ::internal_error("unexpected device name");
 }
+| /^esp:(\d+)/
+{
+  # specify a partition that should get the ESP flag set
+  $FAI::configs{$FAI::device}{esp} = $1;
+  ($FAI::device =~ /^PHY_(.+)$/) or
+::internal_error("unexpected device name");
+}
 | 'virtual'
 {
   # this is a configuration for a virtual disk
-- 
2.9.3

Bug#843592: RFS: node-punycode/2.0.1-1

[Bastien ROUCARIES]

Package: sponsorship-requests
Severity: normal
X-Debbugs-CC :prav...@debian.org
X-Debbugs-CC :locutusofb...@debian.org

Dear mentors,

  I am looking for a sponsor for my package "node-punycode"

 * Package name: node-punycode
   Version : 2.0.1-1
   Upstream Author : Mathias Bynens
 * URL : [fill in URL of upstreams web site]
 * License : expat
   Section : web

  It builds those binary packages:

node-punycode - Nodejs robust Punycode converter fully RFC compliant

  To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/node-punycode


  Alternatively, one can download the package with dget using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/n/node-punycode/node-punycode_2.0.1-1.dsc

  More information about hello can be obtained from https://mths.be/punycode


  Changes since the last upload:

  node-punycode (2.0.1-1) unstable; urgency=medium

  * New upstream release.
  * Bump standard version (no changes).
  * Use compat version 10.

 -- Bastien Roucariès   Mon, 07
Nov 2016 22:17:15 +0100

It is needed for browserify effort so try to upload correct version


  Regards,
   bastien roucaries

Bug#840540: dianara: Please update to v1.3.5 to allow switching qoauth to qt5

[Lisandro Damián Nicanor Pérez Meyer]

On lunes, 7 de noviembre de 2016 22:55:30 ART gregor herrmann wrote:
> On Mon, 07 Nov 2016 20:41:01 +0100, Jan wrote:
> > On Mon, Nov 07, 2016 at 05:44:31PM +0100, gregor herrmann wrote:
> > > postInit();
> > > PumpController::getInitialData() step 0
> > > HMAC(SHA1) is not supported!
> > 
> > gregorr, looks like you need libqca-qt5-2-plugins, which contains the
> > Qt5 version of the QCA openssl plugin.
> 
> I see, thank you.
> But then there's a dependency problem somewhere ...

I think that in libqoauth2, will be fixed in a few minutes.

-- 
Never attribute to malice that which is adequately explained by stupidity.
  http://en.wikipedia.org/wiki/Hanlon's_razor

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#840540: dianara: Please update to v1.3.5 to allow switching qoauth to qt5

[Lisandro Damián Nicanor Pérez Meyer]

On domingo, 6 de noviembre de 2016 13:52:08 ART Jan wrote:
> On Sat, Oct 29, 2016 at 10:10:39AM -0300, Lisandro Damián Nicanor Pérez 
Meyer wrote:
> > Already in experimental! please ping me if you need help with Dianara.
> > 
> > I don't know if you have packaged Qt5 apps before (nor did check
> > actually). In case you didn't you might want to read
> > 
> >   http://pkg-kde.alioth.debian.org/packagingqtbasedstuff.html
> > 
> > Cheers!
> 
> Hi!
> 
> I've tested this (on two i386 Sid machines) and have some feedback.
> 
> Dianara uses qmake as the buildsystem, so it relies on a oauth.prf spec
> file, which was missing in the Qt4 version of libqoauth-dev[1], but is
> present now.
> The problem is that this oauth.prf file needs some adapting.

ACK, this is true.

> This is a simple diff of the changes I made to make it work:

Jan: next time please use diff -Nau, that's the most used format when dealing 
with patches.
 
> 1c1
> < QOAUTH_INCDIR = $$[QT_INSTALL_HEADERS]
> ---
> 
> > QOAUTH_INCDIR = /usr/include  ### $$[QT_INSTALL_HEADERS]
> 
> 4,5c4,5
> < QOAUTH_INCDIR ~= s!/qt4*!!
> < QOAUTH_LIBDIR ~= s!/qt4*!!
> ---
> 
> > #QOAUTH_INCDIR ~= s!/qt4*!!
> > #QOAUTH_LIBDIR ~= s!/qt4*!!
> 
> Basically, make QOAUT_INCDIR point to /usr/include instead of using that
> variable, which points to /usr/lib/{$arch-triplet}/qt5.
> 
> Then the other two lines that would take care of removing "qt4" from the
> resulting variable, should be removed or commented out.
> 
> Or, as an alternative, libqoauth-dev should put its header files in that
> /usr/lib/{archtriplet}/qt5 path, whatever's best. I don't know how that
> would affect Choqok or other potential "users".

Headers should be installed there only if they differe from arch to arch. As 
Qt5 headers do, QT_INSTALL_HEADER follows that.

And yes, the Qt4 stuff should be removed.

I'll fix that.

> With this, Dianara builds perfectly with Qt 5. Package
> libqca-qt5-2-plugins should be a new dependency instead of
> libqca2-plugin-ossl, since apparently QCA plugins for the Qt5 version
> are all packed into that one.

Actualli libqoauth2 should depend on them, if I'm not mistaken it definitely 
needs them. I'll do this change now.
 
> When starting up Dianara, I get an early crash, related to the systray
> icon, both under Plasma and under LXQt, but I imagine it has to do with
> the Qt5.7.1 transition. It works fine under a bare Openbox+Tint2
> session.

Mmm, need to check in fluxbox then.

-- 
Geek Inside!

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#828252: qtcreator is marked for autoremoval from testing

[Lisandro Damián Nicanor Pérez Meyer]

On domingo, 6 de noviembre de 2016 21:12:14 ART Ondřej Surý wrote:
> In the end it was very easy (hopefully) - the OpenSSL module is optional
> and hopefully this won't break anything :). Ccing other botan1.10 users.
> 
> Please test with botan1.10 - 1.10.13-1 that just got uploaded to
> unstable.

Hi Ondřej! Will check for sure!


-- 
Una sola bomba nuclear puede arruinar el resto de tu día.

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#843145: files with the same name installed in / and /usr

[Martin Pitt]

Control: tag -1 grave

Martin Pitt [2016-11-04 12:14 +0200]:
> Merged /usr is the default since debootstrap 1.0.85, so this is
> possibly even RC.

It is: Installing libjson-c-dev on a freshly bootstrapped sid chroot
causes a symlink loop:

# head /lib/x86_64-linux-gnu/libjson-c.so.3
head: cannot open '/lib/x86_64-linux-gnu/libjson-c.so.3' for reading: Too many 
levels of symbolic links

Thus bumping severity. I'm happy to do an NMU if you don't have time
(I'd also fix the broken Vcs-Browse: field while I'm at it).

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

Bug#842264: Wrong OS version detected

[Трезвый Дворник]

Hi!
I am sorry for delay.

noroot@f555l:~$ apt-cache policy | grep release
 release a=now
 release
v=14.04,o=LP-PPA-keks9n-skypetab,a=trusty,n=trusty,l=SkypeTab,c=main,b=i386
 release
v=14.04,o=LP-PPA-keks9n-skypetab,a=trusty,n=trusty,l=SkypeTab,c=main,b=amd64
 release
v=15.04,o=LP-PPA-openshot.developers,a=vivid,n=vivid,l=OpenShot: Stable PPA
- Official Releases,c=main,b=i386
 release
v=15.04,o=LP-PPA-openshot.developers,a=vivid,n=vivid,l=OpenShot: Stable PPA
- Official Releases,c=main,b=amd64
 release v=15.10,o=LP-PPA-obsproject-obs-studio,a=wily,n=wily,l=OBS
Studio,c=main,b=i386
 release v=15.10,o=LP-PPA-obsproject-obs-studio,a=wily,n=wily,l=OBS
Studio,c=main,b=amd64
 release v=15.10,o=LP-PPA-noobslab-icons,a=wily,n=wily,l=Collection of
icons PPA,c=main,b=i386
 release v=15.10,o=LP-PPA-noobslab-icons,a=wily,n=wily,l=Collection of
icons PPA,c=main,b=amd64
 release v=15.10,o=LP-PPA-noobslab-themes,a=wily,n=wily,l=Themes
Collection by NoobsLab,c=main,b=i386
 release v=15.10,o=LP-PPA-noobslab-themes,a=wily,n=wily,l=Themes
Collection by NoobsLab,c=main,b=amd64
 release o=liquorix,a=unstable,n=sid,l=kernel,c=main,b=i386
 release o=liquorix,a=unstable,n=sid,l=kernel,c=main,b=amd64
 release
v=15.04,o=LP-PPA-alessandro-strada,a=vivid,n=vivid,l=google-drive-ocamlfuse,c=main,b=i386
 release
v=15.04,o=LP-PPA-alessandro-strada,a=vivid,n=vivid,l=google-drive-ocamlfuse,c=main,b=amd64
 release v=1.0,o=Google, Inc.,a=stable,n=stable,l=Google,c=main,b=amd64
 release
v=6.0.10,o=Debian,a=oldoldstable,n=squeeze,l=Debian,c=main,b=i386
 release
v=6.0.10,o=Debian,a=oldoldstable,n=squeeze,l=Debian,c=main,b=amd64
 release o=obs://
build.opensuse.org/home:Horst3180/Debian_8.0,n=Debian_8.0,l=home:Horst3180,c=
 release o=. trusty,n=trusty,l=. trusty,c=non-free,b=i386
 release o=. trusty,n=trusty,l=. trusty,c=non-free,b=amd64
 release
o=Debian,a=experimental,n=experimental,l=Debian,c=non-free,b=i386
 release
o=Debian,a=experimental,n=experimental,l=Debian,c=non-free,b=amd64
 release
o=Debian,a=experimental,n=experimental,l=Debian,c=contrib,b=i386
 release
o=Debian,a=experimental,n=experimental,l=Debian,c=contrib,b=amd64
 release o=Debian,a=experimental,n=experimental,l=Debian,c=main,b=i386
 release o=Debian,a=experimental,n=experimental,l=Debian,c=main,b=amd64
 release o=Debian,a=unstable,n=sid,l=Debian,c=non-free,b=i386
 release o=Debian,a=unstable,n=sid,l=Debian,c=non-free,b=amd64
 release o=Debian,a=unstable,n=sid,l=Debian,c=contrib,b=i386
 release o=Debian,a=unstable,n=sid,l=Debian,c=contrib,b=amd64
 release o=Debian,a=unstable,n=sid,l=Debian,c=main,b=i386
 release o=Debian,a=unstable,n=sid,l=Debian,c=main,b=amd64
 release o=Debian,a=testing,n=stretch,l=Debian,c=non-free,b=i386
 release o=Debian,a=testing,n=stretch,l=Debian,c=non-free,b=amd64
 release o=Debian,a=testing,n=stretch,l=Debian,c=contrib,b=i386
 release o=Debian,a=testing,n=stretch,l=Debian,c=contrib,b=amd64
 release o=Debian,a=testing,n=stretch,l=Debian,c=main,b=i386
 release o=Debian,a=testing,n=stretch,l=Debian,c=main,b=amd64

noroot@f555l:~$ lsb_release -sirc
Debian
6.0.10
squeeze

I added second section to my lonely preferences file

noroot@f555l:~$ cat /etc/apt/preferences.d/baobab
Package: baobab
Pin: version 2.*
Pin-Priority: 1001

Package: *
Pin: release o=Debian,n=squeeze
Pin-Priority: 1

And it works better now
noroot@f555l:~$ lsb_release -sirc
Debian
unstable
sid
noroot@f555l:~$ screenfetch -n
 noroot@f555l
 OS: Debian unstable sid
 Kernel: x86_64 Linux 4.8.0-5.2-liquorix-amd64

Can that string (optionally) be taken from hostnameclt(for systemd users)
or something like that to avoid wrong apt/preferences configuration?

Thank you!
Best regards,
Dmitri

2016-11-04 0:49 GMT+03:00 Hideki Yamane :

>  lsb-release package probably detects your system as squeeze due to
>  apt policy setting. Could you show me "apt-cache policy | grep release"?
>

Bug#843597: More robust capability handling

[Sam Hartman]

package: fai
version: 5.2

Currently, the sample configuration namespace has a shell script to
restore the common capabilities found in base files; see
scripts/DEBIAN/20-capabilities.

This approach is brittle because as new packages in the base system gain
capabilities, everyone's configuration space needs to be updated.

tar does support saving and restoring capabilities.
If base file tars are created using
tar --xattrs --xattrs-include=security.capability -cf blah blah

and restored with
tar -xf filename --xattrs --xattrs-include=security.capability

Then capabilities are directly preserved.

I understand that you may want to preserve the script in the
configuration space because you cannot guarantee how people create base
files.
However for restore of base files, please include the xattrs options.

Bug#843598: RM: golang-1.6 -- RoQA; Replaced by newer package; no rdeps left; FTBFS in sid

[Niels Thykier]

Package: ftp.debian.org
Severity: normal

Hi,

Per #837485, please remove golang-1.6 from unstable.  The last rdep
has been removed, the package FTBFS, the maintainers have replaced
it with a difference source package and agree to its removal.

Thanks,
~Niels

Bug#840540: dianara: Please update to v1.3.5 to allow switching qoauth to qt5

[Lisandro Damián Nicanor Pérez Meyer]

On martes, 8 de noviembre de 2016 00:05:06 ART Jan wrote:
[snip] 
> If it still crashes for you, could you run it with --debug and paste the
> last ~5 lines or so? =)

My plasma-integration package was out of date, now it work perfectly :)

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#473383: /usr/bin/glade-3: Cannot create a two-pages notebook

[Daniel Leidert]

Package: glade
Followup-For: Bug #473383

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

This particular issue seems to have been fixed. In the right-mouse-click-dialog
you can choose to remove or add a page. Just click on any child of GtkNotebook.
Unfortunately after removing all pages, I did not yet figure out a way to add
one again :)

Regards, Daniel



- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'testing'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages glade depends on:
ii  libc6   2.24-5
ii  libcairo2   1.14.6-1.1
ii  libgdk-pixbuf2.0-0  2.36.0-1
ii  libgladeui-2-6  3.20.0-2
ii  libglib2.0-02.50.1-1
ii  libgtk-3-0  3.22.2-1
ii  libpango-1.0-0  1.40.3-3

Versions of packages glade recommends:
ii  devhelp   3.22.0-1
ii  libgtk-3-dev  3.22.2-1

glade suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIcBAEBCAAGBQJYIOv1AAoJEEvNBWfCltBdgg8QAMie5zS3IEfsxmLkIbKkWHBn
DTE5tuzpZ9/gUoO/vgJyhTg1l5DIIKv2JXYdYSwH5xAEUr/Ub/7zB9uJHZyLiTJd
pvQbJeyACzXAKfjjLIpQpVI++4OCr8KOK5KrrSthLM/+1agpX6d1bVs9xbANq1co
dvXWkJLJltlC61blz30Uymz2Wx6WJqUR3fY8eUBbB8/v5HkyD4dbx6ZenKvJUmj/
0yFaoiFDToJYvpMX9K/TBBDuvkrnCLjPJuWwr+rM/wRblEaywY6K5QiAZCLLJSOX
Ktkiprt1ITo9k5OUYp5SnKGQuXJoXAHfabpHBec0XcH4eV32kdGzpWSL5sj0uCSI
Fdf2FY/2xAYYLSbZQNsYec8M9y1TkeRdgCSb/3tfMsMcSBoZ7UPsFK4bb2hHXIzs
3b3fUEttGiIH+ohsEZycP2C/YhHTewEXtZ66vlYfwFpwZRFL2CvWQyI+tEN/qQ0Y
4ClqeYsWax8Bi3nvxPwjtQ+0lYZy0DmndrcSBPU3xUyRKqjRWvj4+7yYhawgn5ny
YZnOS6EmSJ3odz+Id7jt0yUgGpVF/BBgyFVTdiiJaSksy5EEpuYmX3gSfnbx7bm5
RbXy8fi6U7F0eppXC7xIaMUjS7IOivWbt3Gggg4i8hSu8NJfj6pl624871wBhqzp
MOBVIgQaUj7pJ2I3sHVS
=W6RA
-END PGP SIGNATURE-

Bug#843585: GtkLinkButton has no property "Label" to edit

[Daniel Leidert]

Package: glade
Version: 3.20.0-2
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

When adding a GtkLinkButton there is no property "Label" available to change
the button label. Thus one has to edit the reasulting glade file to change the
label.

Regards, Daniel



- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'testing'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages glade depends on:
ii  libc6   2.24-5
ii  libcairo2   1.14.6-1.1
ii  libgdk-pixbuf2.0-0  2.36.0-1
ii  libgladeui-2-6  3.20.0-2
ii  libglib2.0-02.50.1-1
ii  libgtk-3-0  3.22.2-1
ii  libpango-1.0-0  1.40.3-3

Versions of packages glade recommends:
ii  devhelp   3.22.0-1
ii  libgtk-3-dev  3.22.2-1

glade suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIcBAEBCAAGBQJYIO2nAAoJEEvNBWfCltBdsjQQAK/arlQpuBbwxG5WwfQCmlFO
4eL5IS3lDwlVJu6RbwGNy2ra1z9jtgFAcKBxikYBghBr9ZeeCx6Ldthun+Z85OsT
vsRUxCVmCe1FNcCcsCvt8edL3N/lnz5vkhLTIsBHTrMTe/Eo4pxxpsJNbEzvTl2y
Kjr+/H9EFUCkvl46ecK8VNQI5xLYWgqT349VS8EET95sj5uFVNkLdRKE0ldEucAK
67cwLGWY6feKY1Ty1Bde0lCIgPdlaUBS04+CkmC1VPdb8W9WtA7dpZnyQoZuNAXN
dq7kdbrO7mNW6h6Gv5nBcivNXxaLHTRT74U9FBHk0Q2mYCDrH0O5+D98dQw9gG95
Y2i4UKFd6QEcEhQR1/sRTDJVSz7thOypw4lwDzQ6COUCFHx4wfLb4/BAwCdcwaXI
Z+XIz38sTquuAykR3/Wj/tBGHAIwoIkc9a7gXfCpnRdpUngTGIjpO6+h4UgY56a2
6KmbeV/B38xGPfhjO4nZkRFKHM+kFnzC5pEXW0VzDAPzXxtej47/KMI/VAwM12ly
Bh64DqML+5G48p73kXMOMC4t1dju3vxjnBdJrEIMIPdws7rf6QYJhWCHUaelCe+6
qm5Gt4RkeZ9PUYSv9Jxsbf94VKSYzT0FwgimT1zEVmWKao8+VxiQFvU3gXdBl6fi
dncR9ICnC6nTpNna8pbP
=OvnA
-END PGP SIGNATURE-

Bug#842721: jayway-jsonpath: FTBFS (Could not resolve all dependencies)

[Emmanuel Bourg]

Le 1/11/2016 à 07:58, 殷啟聰 a écrit :

> Here's the right link:
> 

I confirm the fix works. Do you know what triggered this error? Was this
caused by the recent changes to gradle-debian-helper?

Emmanuel Bourg

Bug#837928: Bug#837925: usrmerge: fails to merge with molly-guard installed

[Jonas Smedegaard]

Quoting Francois Marier (2016-11-07 18:38:58)
> On 2016-11-02 at 03:02:29, Jonas Smedegaard wrote:
> > I am busy getting that system to production use (yes, stretch is not yet 
> > stable, but more stable than stable on the ARM device I use), but if you 
> > have suggestions for closer inspections that might help shed some light 
> > on this issue, please shoot - fast.
> 
> I reached out to Marco about this bug but have not heard back.
> 
> I don't know how dpkg-diverts are supposed to work in a usrmerge world and I
> can't see anything obviously wrong with the way it's done in molly-guard so
> I don't have any ideas on how to fix this.

I no longer believe this issue is tied to use with the usrmerge package: 
It happens also on freshly installed systems!

It seems that on a usrmerge+systemd system /bin/reboot is a symlink.

Perhaps molly-guard (in its use of dpkg-divert) wrongly assumes that if 
/bin/reboot already exists then it is _installed_ by a package rather 
than added in a package postinst script which seems to be the case with 
systemd (just guessing here, having looked closely at it).

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Bug#843334: transition: czmq

[Luca Boccassi]

On Sun, 2016-11-06 at 10:44 +, Luca Boccassi wrote:
> On Sun, 2016-11-06 at 11:01 +0100, Emilio Pozuelo Monfort wrote:
> > On 06/11/16 00:43, Luca Boccassi wrote:
> > > On Sat, 5 Nov 2016 22:43:46 + Luca Boccassi  
> > > wrote:
> > >> Package: release.debian.org
> > >> Severity: normal
> > >> User: release.debian@packages.debian.org
> > >> Usertags: transition
> > >>
> > >> Dear release team,
> > >>
> > >> czmq 4.0.0 was released yesterday, and it breaks ABI, which was bumped
> > >> from 3 to 4.
> > >>
> > >> https://packages.qa.debian.org/c/czmq.html
> > >>
> > >> Reverse dependencies source packages:
> > >>
> > >> rsyslog
> > >>
> > >> The reverse dependency rebuild cleanly without any patches. binNMU
> > >> rebuilds should be all that's needed.
> > >>
> > >> libczmq4 is in experimental and it has rebuilt most architectures,
> > >> with the mips and armv7 queued. I built locally in qemu and it was all
> > >> fine so I do not expect trouble.
> > >>
> > >> I know it's a bit late, but given it's a very simple case I hope it
> > >> can be authorized, to avoid having to maintain an old version for many
> > >> years! Upstream will not release bug fixes for 3.0.x anymore.
> > >>
> > >> Thank you!
> > >>
> > >> Kind regards,
> > >> Luca Boccassi
> > > 
> > > Transition tracker item has been autogenerated now, here's the link:
> > > 
> > > https://release.debian.org/transitions/html/auto-czmq.html
> > 
> > Go ahead.
> > 
> > Cheers,
> > Emilio
> 
> Thank you!
> 
> Will upload tonight as I'm travelling.
> 
> Kind regards,
> Luca Boccassi

Hi,

I have uploaded czmq 4.0.0-3 to unstable:

https://packages.qa.debian.org/c/czmq/news/20161107T214955Z.html

Will rsyslog be rebuilt automatically, or manually by the ftp/release
team?

Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#843595: [lintian] Detect non free unicode code and embeded copy

[Bastien ROUCARIÈS]

Package: lintian
Version: 2.5.49
Severity: important

Detect code described here :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823100

I will do it in the few next day

signature.asc
Description: This is a digitally signed message part.

Bug#843594: ilmbase: Proprietary licence in halfExport.h

[D Haley]

Source: ilmbase
Version: 2.2.0-11
Severity: normal

Dear Maintainer,

It appears that in the current ilmbase package there is a small 
file that contains code with a proprietary licence.

Specifically Half/halfExport.h contains the following:

//  Copyright (c) 2008 Lucasfilm Entertainment Company Ltd.
//  All rights reserved.   Used under authorization.
//  This material contains the confidential and proprietary
//  information of Lucasfilm Entertainment Company and
//  may not be copied in whole or in part without the express
//  written permission of Lucasfilm Entertainment Company.
//  This copyright notice does not imply publication.


Is it possible to replace this (tiny) file, or to confirm
that this is a non-issue?

Thanks!

-- System Information:
Debian Release: stretch/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Bug#840540: dianara: Please update to v1.3.5 to allow switching qoauth to qt5

[Lisandro Damián Nicanor Pérez Meyer]

Mónica: you should now be able to drop the patch.

-- 
Only Irish coffee provides in a single glass all four essential food groups
-- alcohol, caffeine, sugar, and fat.
  Alex Levine

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#840110: ITA: jfsutils -- utilities for managing the JFS filesystem

[Laszlo Boszormenyi (GCS)]

retitle 840110 ITA: jfsutils -- utilities for managing the JFS filesystem
owner 840110 !
thanks

I still have JFS filesystems around and would like to keep it
maintained in Stretch.

Bug#843557: RM: phyml [armel mips mips64el mipsel powerpc ppc64el s390x] -- ROM; Dependency libhmsbeagle does not build on all architectures

[Andreas Tille]

Package: ftp.debian.org
Severity: normal

Hi ftpmasters,

since libhmsbeagle does not build on the architectures mentioned in the 

  
subject line also its dependency phyml needs to be removed for these

  
architectures.  

  


  
Thanks for your work as ftpmaster   

  


  
   Andreas. 

  

Bug#837928: Bug#837925: usrmerge: fails to merge with molly-guard installed

[Francois Marier]

On 2016-11-02 at 03:02:29, Jonas Smedegaard wrote:
> I am busy getting that system to production use (yes, stretch is not yet 
> stable, but more stable than stable on the ARM device I use), but if you 
> have suggestions for closer inspections that might help shed some light 
> on this issue, please shoot - fast.

I reached out to Marco about this bug but have not heard back.

I don't know how dpkg-diverts are supposed to work in a usrmerge world and I
can't see anything obviously wrong with the way it's done in molly-guard so
I don't have any ideas on how to fix this.

Francois

-- 
https://fmarier.org/

Bug#843551: konsole: Starting konsole from menu or krunner does not work anymore

[M G Berberich]

Package: konsole
Version: 4:16.08.2-1.1
Severity: important

Dear Maintainer,

starting konsole from start-menu or krunner is totaly broken.
Sometimes it starts a konsole with the last used profile instead of the default 
profile, mostly nothing happens at all.
Starting a xterm and then starting konsole from xterm works.

There exists a fix from Martin T. H. Sandsmark:
https://quickgit.kde.org/?p=konsole.git=commit=4ec9b565800b9e9bdbf45dbb5983530fb95791e7

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.5 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages konsole depends on:
ii  kio   5.27.0-2
pn  konsole-kpart 
ii  libc6 2.24-5
ii  libkf5completion5 5.27.0-1
ii  libkf5configcore5 5.27.0-1
ii  libkf5configgui5  5.27.0-1
ii  libkf5configwidgets5  5.27.0-1
ii  libkf5coreaddons5 5.27.0-1
ii  libkf5crash5  5.27.0-1
ii  libkf5dbusaddons5 5.27.0-1
ii  libkf5i18n5   5.27.0-2
ii  libkf5iconthemes5 5.27.0-1
ii  libkf5kiowidgets5 5.27.0-2
ii  libkf5notifyconfig5   5.27.0-1
ii  libkf5widgetsaddons5  5.27.0-1
ii  libkf5windowsystem5   5.27.0-1
ii  libkf5xmlgui5 5.27.0-1
ii  libqt5core5a  5.6.1+dfsg-3+b1
ii  libqt5gui55.6.1+dfsg-3+b1
ii  libqt5widgets55.6.1+dfsg-3+b1
ii  libstdc++66.2.0-10

konsole recommends no packages.

konsole suggests no packages.

-- no debconf information

Bug#843554: linux-image-3.2.0-4-kirkwood: Kernel does not load ext3, ext4, ext2 and fat modules, unable to mount disks

[George Bojanov MD]

Package: src:linux
Version: 3.2.82-1
Severity: important

Dear Maintainer,

I’ve recently upgraded my SheevaPlug Debian and as part of multiple
security updates it installed 3.2.0-4-kirkwood kernel. uname -a is:

Linux debian 3.2.0-4-kirkwood #1 Debian 3.2.57-3+deb7u2 armv5tel GNU/Linux

On reboot it looks fine, but the Plug can’t work with ext2, ext3, ext4
or vfat file systems any more. I was using my Plug for file server and
did not have any problems until this recent update. When trying to
mount a SD card and an ext3 usb external hard drive the mount -a
prints out:

mount: unknown filesystem type 'vfat'
mount: unknown filesystem type 'ext3'

There is ext3.ko module in
/lib/modules/3.2.0-4-kirkwood/kernel/fs/etx3 directory and vfat.ko in
the ../fat directory.

Trying to manually load ext3.ko results in:

ERROR: could not insert 'ext3': Unknown symbol in module, or unknown
parameter (see dmesg)

and in dmesg:

[ 2832.860659] ext3: Unknown symbol __bread_gfp (err 0)
[ 2832.865925] ext3: Unknown symbol __getblk_gfp (err 0)

Loading vfat.ko results in similar unknown symbol messages.

I would highly appreciate any help!
Thank you!


-- Package-specific info:
** Version:
Linux version 3.2.0-4-kirkwood (debian-ker...@lists.debian.org) (gcc
version 4.6.3 (Debian 4.6.3-14) ) #1 Debian 3.2.57-3+deb7u2

** Command line:
console=ttyS0,115200 ubi.mtd=2 root=ubi0:rootfs rootfstype=ubifs

** Not tainted

** Kernel log:
[11990.716551] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[11990.723303] ipv6: Unknown symbol ip_idents_reserve (err 0)
[11990.729636] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[11990.736491] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[11994.958050] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[11994.965281] ipv6: Unknown symbol ip_idents_reserve (err 0)
[11994.971115] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[11994.977962] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[11999.888300] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[11999.895529] ipv6: Unknown symbol ip_idents_reserve (err 0)
[11999.901366] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[11999.908216] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12004.340327] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12004.347561] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12004.353402] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12004.360255] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12010.820623] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12010.827883] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12010.834038] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12010.840858] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12015.352676] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12015.359905] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12015.366081] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12015.372904] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12019.578185] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12019.585412] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12019.591250] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12019.598102] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12024.163976] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12024.170735] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12024.177092] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12024.183948] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12031.058786] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12031.065995] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12031.071833] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12031.078684] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12039.726815] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12039.733566] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12039.739904] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12039.746753] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12044.044401] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12044.051153] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12044.057471] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12044.064324] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12048.316130] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12048.322882] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12048.329222] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12048.336078] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)
[12052.516904] ipv6: Unknown symbol __ip4_datagram_connect (err 0)
[12052.523662] ipv6: Unknown symbol ip_idents_reserve (err 0)
[12052.530076] ipv6: disagrees about version of symbol tcp_alloc_md5sig_pool
[12052.536928] ipv6: Unknown symbol tcp_alloc_md5sig_pool (err -22)

Bug#843555: pgloader: enum conversion fixed in upstream bites mysql conversion

[Peter Gervai]

Package: pgloader
Version: 3.3.1+dfsg-1
Severity: important
Tags: upstream

Please see https://github.com/dimitri/pgloader/issues/453

Basically you get 

2016-10-05T09:17:20.468000Z ERROR Database error 42704: type "contacts_type" 
does not exist
QUERY: DROP TYPE "contacts_type" CASCADE;
2016-10-05T09:17:20.468000Z FATAL Failed to create the schema, see above.

kind of errors for ENUMs to be converted due to missing IF EXISTS.

Bug#842576: 842576: (caja: 1599): GTK-ERROR

[Vangelis Mouhtsis]

Hi Steve,
Thanks for reply, but no, debsums gives no error. The problem
is with the transistion to GTK+3 of some libs in caja and
caja-actions.
I did speak with upstreamers about, they are informed and hopfully
will be fixed.

Regards
Vangelis (gnugr)



signature.asc
Description: OpenPGP digital signature

Bug#841853: inkscape: Mouse cursor is a white outline on PowerPC

[Steven Gawroriski]

On Mon, 7 Nov 2016 16:28:13 +
Mattia Rizzolo  wrote:

> ouch, that must be awful!

It seems to be fine now. Last Saturday (November 5th) downloading the
source package completed rather quickly (10 seconds perhaps?).

> Great!
> I also noticed that they committed the patch already in both trunk and
> 0.92.x (that, who knows, they might even release some day)
> 
> I'll see about uploading an updated debian package with this too.

That would be cool.

Thanks.

Bug#843550: vim-gtk: gvim fails to display any text

[Doron Wloschowsky]

Package: vim-gtk3
Version: 2:8.0.0022-1
Severity: grave
File: vim-gtk
Justification: renders package unusable

Dear Maintainer,

When starting gvim (vim-gtk3) it either only partially displays the text
or it does not display any text at all. None of the normal navigation
keys have any effect.

When running from the command line, the terminal displays the following
text repeatedly:

gvim:22449): Gtk-CRITICAL **: gtk_widget_set_size_request: assertion
'width >= -1' failed
*** BUG ***
In pixman_region32_init_rect: Invalid rectangle passed
Set a breakpoint on '_pixman_log_error' to debug

*** BUG ***
In pixman_region32_init_rect: Invalid rectangle passed
Set a breakpoint on '_pixman_log_error' to debug

*** BUG ***
In pixman_region32_init_rect: Invalid rectangle passed
Set a breakpoint on '_pixman_log_error' to debug

The console version of vim works perfectly

-- Package-specific info:

--- real paths of main Vim binaries ---
/usr/bin/vi is /usr/bin/vim.gtk3
/usr/bin/vim is /usr/bin/vim.gtk3
/usr/bin/gvim is /usr/bin/vim.gtk3

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages vim-gtk3 depends on:
ii  libacl1  2.2.52-3
ii  libc62.24-5
ii  libcairo21.14.6-1.1
ii  libgdk-pixbuf2.0-0   2.36.0-1
ii  libglib2.0-0 2.50.1-1
ii  libgpm2  1.20.4-6.2
ii  libgtk-3-0   3.22.2-1
ii  libice6  2:1.0.9-1+b1
ii  liblua5.2-0  5.2.4-1.1+b1
ii  libpango-1.0-0   1.40.3-3
ii  libpangocairo-1.0-0  1.40.3-3
ii  libperl5.24  5.24.1~rc3-3
ii  libpython3.5 3.5.2-7
ii  libruby2.3   2.3.1-5+b1
ii  libselinux1  2.6-3
ii  libsm6   2:1.2.2-1+b1
ii  libtcl8.68.6.6+dfsg-1
ii  libtinfo56.0+20160917-1
ii  libx11-6 2:1.6.3-1
ii  libxt6   1:1.1.5-1
ii  vim-common   2:8.0.0022-1
ii  vim-gui-common   2:8.0.0022-1
ii  vim-runtime  2:8.0.0022-1

vim-gtk3 recommends no packages.

Versions of packages vim-gtk3 suggests:
pn  cscope
ii  fonts-dejavu  2.37-1
ii  gnome-icon-theme  3.12.0-2
pn  vim-doc   

-- no debconf information

Bug#843478: RM: dnsval -- ROM; upstream (almost) orphaned

[Scott Kitterman]

On Sun, 06 Nov 2016 23:21:00 +0100 =?utf-8?b?T25kxZllaiBTdXLDvQ==?= 
 wrote:
> Package: ftp.debian.org
> Severity: normal
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Dear ftp-masters,
> 
> please remove src:dnsval as it is very poorly maintained
> or orphaned (the upstream SVN, mailing list and issue
> tracker doesn't work; no new releases in a long time;
> the web page still lists 2.1 as latest release, but in
> fact the latest release is 2.2, etc.)
> 
> I already filled a bug with src:kamailio that is the
> last r-dep.

That should be dealt with first:

Checking reverse dependencies...
# Broken Depends:
kamailio: kamailio-dnssec-modules [amd64 arm64 armel armhf i386 kfreebsd-amd64 
kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x]

# Broken Build-Depends:
kamailio: libval-dev


Please remove the moreinfo tag once this is resolved.

Scott K

Bug#823004: gplaycli: sensitive information in config file

[Lee Garrett]

Hi,

On 07/11/16 17:56, matlink wrote:
> Hi Lee,
> 
> Well the main goal for gplaycli was to provide a noconf and very easy to
> use command line for downloading apks.

I totally see the appeal, which is why I'm using it and want to see it in good
shape in Debian. :)
I'm personally working towards a way to have a phone without any google apps.

> Creating a google account is for some people not the best idea, because
> they either disagree with their ToS or they don't want to give Google
> too many infos (AFAIK Google requires a phone number).

Yes, good point.

> I am totally aware of the issues that providing default credentials
> includes. Anyway, I am tired of resetting that default credentials'
> account password because a fool changes it. It's sad to see there are
> always such persons to mess everything up.

You can probably avoid people changing the password by activating 2FA. No idea
if gplaycli still works then, needs to be tested.

> 
> The approach you give seems interesting, however the simplicity of usage
> falls down. But I'm ready to get rid of these default credentials. Maybe
> the github version could provide defaults credentials, and the debian
> one does not?

How about the following:

The updated package will ask via debconf if the user wants to provide
credentials. If confirmed, google user/pass will be accepted and an Android ID
generated. If denied, it will use your credentials, just as currently. In
non-interactive installations it'll default to your credentials.

We'll provide in a README how to generate the Android ID, in case people want
to switch to their own credentials. Ideally it should just be adding new
credentials to /etc/gplaycli/credentials.conf and then just re-run a command
to generate the Android ID.

> I will need to investigate again on how to generate an AndroidID (Racoon
> does it well, Dummy Droid too, Hans-Christoph Steiner is on the way to
> package it for debian).

I'll look around. Last time I attempted it, I spent a few hours. Apparently
many tools that achieve this have suffered bit rot due to API changes.

> To be honest, I'm out of time these days and I don't think it'll go
> better. Any help is greatly appreciated.
> 
> Regards,

Regards,
Lee


> Le 07/11/2016 à 17:11, Lee Garrett a écrit :
>> Package: gplaycli
>> Followup-For: Bug #823004
>>
>> Hi Matlink,
>>
>> the way gplaycli is shipped makes it problematic for several reasons:
>> - Sharing account passwords violates Google's ToS
>> - Someone could abuse that account for spamming via gmail, prompting Google 
>> to disable the account
>> - Everyone can change the password (just checked) breaking every 
>> installation of gplaycli
>> - It probably makes it easier to track gplaycli users
>> (probably more problems if I'd dig more)
>>
>> So the right approach must be:
>> Use debconf to ask for google account credentials (no defaults), then 
>> generate the Android ID by
>> some other means. AFAICS this currently means that another tools needs to be 
>> included/packaged to
>> generate this.
>>
>> You probably know better what the general approach is, if you could outline 
>> them I'd be more than
>> happy to help with implementing this.
>>
>> Bumping the bug severity accordingly.
>>
>> Regards,
>> Lee
>>
>> -- System Information:
>> Debian Release: stretch/sid
>>   APT prefers testing
>>   APT policy: (500, 'testing'), (101, 'unstable'), (1, 'experimental')
>> Architecture: amd64 (x86_64)
>> Foreign Architectures: i386
>>
>> Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
>> Locale: LANG=en_GB.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
>> Shell: /bin/sh linked to /bin/dash
>> Init: systemd (via /run/systemd/system)
> 

Bug#843553: assword add refers to evil key ids

[Antoine Beaupré]

Package: assword
Version: 0.8-1
Severity: normal

Running assword for the first time does this to me:

$ assword add 
OpenPGP key ID of encryption target not specified.
Please provide key ID in ASSWORD_KEYID environment variable,
or specify key ID now to save in ~/.assword/keyid file.
OpenPGP key ID: anar...@debian.org
Invalid key ID: anar...@debian.org

What is a "key ID" in this context? Is it a user identifier? A short
key identifier (8 hex characters)? A long keyid? A fingerprint?

It looks like it accepts short, 8 characters key IDs. Those have been
demonstrated as vulnerable to easily generated collisions:

https://evil32.com/

This should be a complete fingerprint or a user ID that is verified as
trusted.

A.

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable'), (1, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages assword depends on:
ii  python2.7.9-1
ii  python-gpgme  0.3-1+b1
ii  python-gtk2   2.24.0-4
ii  python-pkg-resources  28.0.0-1

Versions of packages assword recommends:
ii  python-xdo  0.2-2
ii  xclip   0.12+svn84-4

assword suggests no packages.

-- no debconf information

Bug#843185: ITP: aravis -- A vision library for genicam based cameras

[Chiara Marmo]

Hello Paul,

very nice!
Let me understand how it works and I will do it... :)

Bye,
Chiara

- Original Message -
> From: "Paul Wise" 
> To: "Chiara Marmo" , 843...@bugs.debian.org, 
> debian-de...@lists.debian.org,
> debian-as...@lists.debian.org
> Sent: Saturday, November 5, 2016 6:59:07 AM
> Subject: Bug#843185: ITP: aravis -- A vision library for genicam based cameras
> 
> On Sat, Nov 5, 2016 at 1:13 AM, Chiara Marmo  wrote:
> 
> >   Description : a vision library for genicam based cameras
> 
> It would be great if you could add some metadata about which hardware
> is supported. By doing so, you will enable users to discover your
> package when they plug in a new device supported by your package.
> Users can use the isenkram package to discover packages related to
> their hardware. If your package contains udev rules, it probably needs
> some AppStream metadata.
> 
> https://wiki.debian.org/AppStream/Guidelines#Announcing_supported_hardware
> http://people.skolelinux.org/pere/blog/Using_appstream_with_isenkram_to_install_hardware_related_packages_in_Debian.html
> 
> --
> bye,
> pabs
> 
> https://wiki.debian.org/PaulWise
> 

-- 
Chiara Marmo
Ingénieur de Recherche GEOPS - Paris Sud-11
Bât 509
Tel: +33 (0)1 69 15 49 03 

Bug#815632: Bug fixed

[nkr]

The bug has been fixed in gnubiff 
2.2.17.https://sourceforge.net/p/gnubiff/bugs/60/

Bug#843536: Setting a package on hold resets the auto flag

[Yuri D'Elia]

Package: aptitude
Version: 0.8.3-1+b1
Severity: normal

Setting a package in "iA" state on hold clears the automatic flag, but there's
no reason it should. The auto state should be preserved when putting a package
on hold, as forbid currently does.

-- Package-specific info:
Terminal: rxvt-unicode-256color
$DISPLAY is set.
which aptitude: /usr/bin/aptitude

aptitude version information:
aptitude 0.8.3
Compiler: g++ 6.2.0 20160914
Compiled against:
 apt version 5.0.0
 NCurses version 6.0
 libsigc++ version: 2.10.0
 Gtk+ support disabled.
 Qt support disabled.

Current library versions:
 NCurses version: ncurses 6.0.20160917
 cwidget version: 0.5.17
 Apt version: 5.0.0

aptitude linkage:
linux-vdso.so.1 (0x7fffa7bfe000)
libapt-pkg.so.5.0 => /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0 
(0x7f20930c3000)
libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5 
(0x7f2092e93000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 
(0x7f2092c69000)
libsigc-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libsigc-2.0.so.0 
(0x7f2092a62000)
libcwidget.so.3 => /usr/lib/x86_64-linux-gnu/libcwidget.so.3 
(0x7f2092765000)
libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 
(0x7f209245b000)
libboost_iostreams.so.1.61.0 => 
/usr/lib/x86_64-linux-gnu/libboost_iostreams.so.1.61.0 (0x7f2092243000)
libboost_filesystem.so.1.61.0 => 
/usr/lib/x86_64-linux-gnu/libboost_filesystem.so.1.61.0 (0x7f209202a000)
libboost_system.so.1.61.0 => 
/usr/lib/x86_64-linux-gnu/libboost_system.so.1.61.0 (0x7f2091e26000)
libxapian.so.30 => /usr/lib/x86_64-linux-gnu/libxapian.so.30 
(0x7f2091a18000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
(0x7f20917fb000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 
(0x7f2091478000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f2091174000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 
(0x7f2090f5d000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f2090bbf000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f20909bb000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 
(0x7f20907a4000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7f2090588000)
libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 
(0x7f2090378000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x7f2090152000)
liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 
(0x7f208ff4)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f208fd38000)
libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x7f208fb31000)
/lib64/ld-linux-x86-64.so.2 (0x55dbc2e0b000)

-- System Information:
Debian Release: stretch/sid
 APT prefers unstable
 APT policy: (900, 'unstable'), (800, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages aptitude depends on:
ii  aptitude-common0.8.3-1
ii  libapt-pkg5.0  1.3.1
ii  libboost-filesystem1.61.0  1.61.0+dfsg-3+b1
ii  libboost-iostreams1.61.0   1.61.0+dfsg-3+b1
ii  libboost-system1.61.0  1.61.0+dfsg-3+b1
ii  libc6  2.24-5
ii  libcwidget3v5  0.5.17-4+b1
ii  libgcc11:6.2.0-11
ii  libncursesw5   6.0+20160917-1
ii  libsigc++-2.0-0v5  2.10.0-1
ii  libsqlite3-0   3.15.1-1
ii  libstdc++6 6.2.0-11
ii  libtinfo5  6.0+20160917-1
ii  libxapian301.4.1-1

Versions of packages aptitude recommends:
ii  libparse-debianchangelog-perl  1.2.0-11
ii  sensible-utils 0.0.9

Versions of packages aptitude suggests:
ii  apt-xapian-index0.49
pn  aptitude-doc-en | aptitude-doc  
ii  debtags 2.1.2
pn  tasksel 

Bug#816533: [xpra] Does not start: Error starting Xvfb: [Errno 2] No such file or directory

[Bruno Kleinert]

Am Donnerstag, den 03.03.2016, 15:07 +0100 schrieb Bruno Kleinert:
> Am Donnerstag, den 03.03.2016, 08:39 +1100 schrieb Dmitry Smirnov:
> > On Wed, 2 Mar 2016 06:13:56 PM Bruno Kleinert wrote:
> > > 
> > > Severity: grave
> > 
> > Please don't panic and use correct severity levels:
> > 
> > https://www.debian.org/Bugs/Developer#severities
> 
> Well, it was unusable for using it on sid machines at the time I
> reported the bug, until I found a workaround, today :)
> 
> > > xpra fails to start for me since a couple of days:
> > 
> > There were no recent upload of Xpra so the problem is likely to be
> > somewhere 
> > else...
> 
> I noticed that and thought that one can just forward the bug report
> to
> another package that could possibly be the culprit. Unfortunately, I
> can't retrace which other package update broke xpra.
> 
> My current workaround is to install the package xvfb and start the
> xpra
> server with the following command:
> xpra start --no-daemon --xvfb="/usr/bin/Xvfb +extension  Composite
> -screen 0 3840x2560x24+32 -nolisten tcp -noreset" --
> start=/usr/bin/gnome-terminal
> 
> As far as I understood it, the standard (and intended?) way is to
> have
> xpra start an Xorg server using the void input in and dummy video
> output modules instead of Xvfb.
> 
> Cheers - Fuddl

Hi Dmitry,

a couple of days ago I used xpra and this issue has disappeared, i.e. I
could run an xpra server with its default settings and I did not have
to apply the workaround from above. From my point of view the bug is
fixed and could be closed.

Cheers - Fuddl

signature.asc
Description: This is a digitally signed message part

Bug#843538: freeorion: enable on mips64el

[James Cowgill]

Source: freeorion
Version: 0.4.6-3
Severity: wishlist

Hi,

Please enable freeorion on mips64el. Unlike mips and mipsel it doesn't
suffer from the virtual memory limitations so it should build fine.

Unfortunately there isn't a lot which can be done about the 32-bit mips
arches short of maybe disabling optimizations or messing about with some
gcc options to reduce memory usage (I have tried neither). It's an
architectural limitation, not a problem with the buildds.

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#843530: docker.io: docker broken: oci runtime error: could not synchronize with container process

[Tianon Gravi]

On 7 November 2016 at 05:34, Stef Walter  wrote:
> The docker package is unfortunately currently broken. It fails to run
> containers and instead produces the following message:
>
> rpc error: code = 2 desc = "oci runtime error: could not synchronise with 
> container process: no subsystem for mount"
>
> This can be reproduced by running something like:
>
> docker run -ti busybox /bin/sh
>
> Or any similar command.

Can you please provide the relevant log lines from the daemon?

(Either "/var/log/docker.log" or "journalctl -u docker.service")

♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4

Bug#817236: incorrect permissions on /dev/ptmx in newly created chroots break several packages’ builds (was Re: pbuilder: incorrect permissions on /dev/ptmx breaks openpty(); schroot: no access to pse

[Thorsten Glaser]

Ansgar Burchardt dixit:

>That looks like the same issue as I reported in sbuild in #817236 (which

It looks so, yes (Cc’ing now).

>severity maybe should be raised if this is an issue for more packages):

It certainly is! For example, a couple of months ago, cbmuser could
not sponsor my mksh upload because he could not get it to build, while
XTaran could do so successfully, and it took quite a while for cbmuser
to figure out the difference, which led to this explanatory commit:

https://anonscm.debian.org/cgit/collab-maint/mksh.git/diff/?id=aebc8e59054052a35e593718b99454ea94aead12=810e5b3928ea17a9d332475aadd19f6f8e14d245

See also the thread starting at:
http://lists.alioth.debian.org/pipermail/debian-ports-devel/Week-of-Mon-20160530/000185.html

>> … so I assume that something in debootstrap changed so that
>> there is now a symlink created instead of a proper device node.

>there needs to be a mount for /dev/pts to accommodate for the changes in
>debootstrap (and optionally a bind mount for /dev/ptmx if there are
>still old chroots around).

While I use only cowbuilder, I insist support for old chroots
is too important to lose. I’d r̲e̲a̲l̲l̲y̲ prefer if debootstrap
could create the device node again. AIUI it was not dropped
from an act of deliberation but merely as side effect of the
devices tarball cleanup. Other nodes (such as dev/tty) are
still created by it, so I don’t see why dev/ptmx needs to be
an exception if there are good reasons for it to not be.

Thanks,
//mirabilos
-- 
 cool ein Ada Lovelace Google-Doodle. aber zum 197. Geburtstag? Hätten
die nicht noch 3 Jahre warten können?  bis dahin gibts google nicht
mehr  ja, könnte man meinen. wahrscheinlich ist der angekündigte welt-
untergang aus dem maya-kalender die globale abschaltung von google ☺ und darum
müssen die die doodles vorher noch raushauen

Bug#544317: closed by Andreas Henriksson <andr...@fatal.se> (Re: wall: outputs "ÿ" (0xFF) as "\377")

[Phil Susi]

On 11/6/2016 2:39 PM, Bjarni Ingi Gislason wrote:
>   "These functions check whether c, which must have the value of an
> unsigned char or EOF, ...".
> 
>   When the code is compiled with "-funsigned-char" the output is correct.
> 
>   This is a fundamental flaw in the cc-standard.  The program "less" (Debian
> bug #594260 (-i)) has also shown it.

Should be easy enough to fix: first cast to an unsigned char, then cast
to an int.  You need to do this to make lint like tools happy anyhow.

Bug#843538: freeorion: enable on mips64el

[James Cowgill]

Hi,

On 07/11/16 16:14, Markus Koschany wrote:
> On 07.11.2016 16:17, James Cowgill wrote:
>> Source: freeorion
>> Version: 0.4.6-3
>> Severity: wishlist
>>
>> Hi,
>>
>> Please enable freeorion on mips64el. Unlike mips and mipsel it doesn't
>> suffer from the virtual memory limitations so it should build fine.
>>
>> Unfortunately there isn't a lot which can be done about the 32-bit mips
>> arches short of maybe disabling optimizations or messing about with some
>> gcc options to reduce memory usage (I have tried neither). It's an
>> architectural limitation, not a problem with the buildds.
> 
> Hi James,
> 
> I can enable mips64el when I package the next revision or Git snapshot.

Thanks.

> I have tried to build on mips and mipsel with "MinSizeRel" (-O0)
> optimization but it never really worked. The latest versions of
> FreeOrion require more than 4 GB of RAM and with less the build process
> becomes very slow due to swapping. The issue is somewhere in the
> ConditionParsers but I don't know how it can be optimized.

OK then. It's probably best to just leave mips and mipsel disabled until
someone can find out how to get it working.

James



signature.asc
Description: OpenPGP digital signature

Bug#843549: mitmproxy: "mitmdump -c file" does not work

[Santiago Vila]

Package: mitmproxy
Version: 0.18.1-2
Severity: important

Dear maintainer:

I do this:

mitmdump -c dump-file

and I get this:

Traceback (most recent call last):
  File "/usr/bin/mitmdump", line 11, in 
load_entry_point('mitmproxy==0.18.1', 'console_scripts', 'mitmdump')()
  File "/usr/lib/python2.7/dist-packages/mitmproxy/main.py", line 102, in 
mitmdump
master = dump.DumpMaster(server, dump_options)
  File "/usr/lib/python2.7/dist-packages/mitmproxy/dump.py", line 41, in 
__init__
self.addons.add(*builtins.default_addons())
  File "/usr/lib/python2.7/dist-packages/mitmproxy/addons.py", line 51, in add
self.startup(i)
  File "/usr/lib/python2.7/dist-packages/mitmproxy/addons.py", line 40, in 
startup
self.master.options.keys()
  File "/usr/lib/python2.7/dist-packages/mitmproxy/addons.py", line 72, in 
invoke_with_context
self.invoke(addon, name, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/mitmproxy/addons.py", line 81, in 
invoke
func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/mitmproxy/builtins/clientplayback.py", 
line 22, in configure
ctx.log.info(options.client_replay)
  File "/usr/lib/python2.7/dist-packages/mitmproxy/controller.py", line 68, in 
info
self(txt, "info")
  File "/usr/lib/python2.7/dist-packages/mitmproxy/controller.py", line 83, in 
__call__
self.master.add_log(text, level)
  File "/usr/lib/python2.7/dist-packages/mitmproxy/controller.py", line 122, in 
add_log
self.addons("log", LogEntry(e, level))
  File "/usr/lib/python2.7/dist-packages/mitmproxy/addons.py", line 85, in 
__call__
self.invoke(i, name, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/mitmproxy/addons.py", line 81, in 
invoke
func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/mitmproxy/builtins/termlog.py", line 
22, in log
err=(e.level == "error")
  File "/usr/lib/python2.7/dist-packages/click/termui.py", line 420, in secho
return echo(style(text, **styles), file=file, nl=nl, err=err, color=color)
  File "/usr/lib/python2.7/dist-packages/click/termui.py", line 393, in style
return ''.join(bits)
TypeError: sequence item 1: expected string, list found


The "dump-file" was created by "mitmproxy -w dump-file" with this same
version to discard this problem being an incompatible format change
between jessie and stretch (it already happened at least once between
wheezy and jessie and at least once between jessie and stretch).

I can attach "dump-file" to this report if you need it, but I think
this is a general problem not related to this particular file.

Thanks.

Bug#759410: Should not install /usr/bin/rm conflicting with /bin/rm (blocks /bin -> /usr/bin)

[Francois Marier]

On 2016-10-25 at 09:12:30, Sven Joachim wrote:
> >> In order to fix this while preserving safe-rm's default of automatic
> >> protection on installation, safe-rm will need to divert and replace
> >> /bin/rm.  This will require quite a bit of care to do safely; see dash's
> >> maintainer scripts for a safe procedure.
> > Merged /usr is the default since debootstrap 1.0.85, so the package
> > is uninstallable on new systems.
> 
> It's worse than that.  Because dpkg does not detect the file conflict
> between coreutils' /bin/rm and safe-rm's /usr/bin/rm, the package is
> installable but wreaks havoc, replacing the rm binary with its symlink.

I was hoping to fix 837925 first since molly-guard is already using
dpkg-divert instead of bare symlinks but I don't see what's wrong with the
way that molly-guard does things, so I don't know what's going to fix it for
safe-rm too.

Francois

-- 
https://fmarier.org/

Bug#843397: python-rdflib-jsonld: Requires python-rdflib 4.2.1 to work properly with schema.org contexts

[Andreas Tille]

Hi,

I had a look into

  https://git.debian.org/anonscm/git/collab-maint/rdflib.git

what according to Vcs-Git is the place where the package is maintained.
Olivier and Christian - if you are interested in some commits helping to
solve this bug please make sure the status of Git reflects the actual
packaging.

Thanks

  Andreas.

On Sun, Nov 06, 2016 at 01:53:14PM +0100, Michael Hanke wrote:
> Package: python-rdflib-jsonld
> Version: 0.4.0-1
> Severity: important
> 
> 
> The full protocol of the issue and resolution is here:
> 
> https://github.com/RDFLib/rdflib-jsonld/issues/42
> 
> In short: python-rdflib needs to be upgraded in order get correct http
> requests required to obtain jsonld context from schema.org
> 
> Given the prominent role of schema.org in the context of JSON-LD, I am
> setting the severity to important.
> 
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (650, 'testing')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages python-rdflib-jsonld depends on:
> ii  python-rdflib  4.1.2-3
> pn  python:any 
> 
> python-rdflib-jsonld recommends no packages.
> 
> python-rdflib-jsonld suggests no packages.
> 
> -- no debconf information
> 
> ___
> Debian-med-packaging mailing list
> debian-med-packag...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging
> 

-- 
http://fam-tille.de

Bug#835801: vboot-utils openssl110 patch

[Andreas Henriksson]

Control: reopen -1
Control: severity -1 important
Control: unblock 827061 by -1

Hello!

Reopening and adjusting severity similar to how others who've opted
to take the libssl1.0-dev build-dep route has handled their bugreports.
(The idea seems to go that this bug is not really closed until the
package in question actually builds against 1.1.0, explicitly b-d
on libssl1.0-dev only makes it non-release-critical. for now.)

You'll find a patch attached to this mail which makes vboot-utils
build against openssl 1.1.0. It has only been compile-tested
(against openssl 1.1.0 but I don't see any particular reason
why it would fail against eg. 1.0). Please review and test it.
Feel free to poke me if you find any issues that you'd like me
to look into. Please forward the patch upstream  for me if
you find it useful.

(Rather than reusing the existing BIGNUM *n in one of the files
you might want to declare a new temporary pointer which you could
make const while at it to kill off a compiler warning.)

Regards,
Andreas Henriksson
diff -urip vboot-utils-0~R52-8350.B/futility/cmd_create.c vboot-utils-0~R52-8350.B.openssl110/futility/cmd_create.c
--- vboot-utils-0~R52-8350.B/futility/cmd_create.c	2016-05-23 10:39:35.0 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/futility/cmd_create.c	2016-11-07 18:58:46.289506547 +0100
@@ -170,6 +170,7 @@ static int vb2_make_keypair()
 	enum vb2_signature_algorithm sig_alg;
 	uint8_t *pubkey_buf = 0;
 	int has_priv = 0;
+	const BIGNUM *d;
 
 	FILE *fp;
 	int ret = 1;
@@ -193,7 +194,8 @@ static int vb2_make_keypair()
 		goto done;
 	}
 	/* Public keys doesn't have the private exponent */
-	has_priv = !!rsa_key->d;
+	RSA_get0_key(rsa_key, NULL, NULL, );
+	has_priv = !!d;
 	if (!has_priv)
 		fprintf(stderr, "%s has a public key only.\n", infile);
 
diff -urip vboot-utils-0~R52-8350.B/futility/vb2_helper.c vboot-utils-0~R52-8350.B.openssl110/futility/vb2_helper.c
--- vboot-utils-0~R52-8350.B/futility/vb2_helper.c	2016-05-23 10:39:35.0 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/futility/vb2_helper.c	2016-11-07 18:59:59.107601774 +0100
@@ -216,6 +216,7 @@ int ft_show_pem(const char *name, uint8_
 	uint8_t *keyb, *digest;
 	uint32_t keyb_len;
 	int i, bits;
+	const BIGNUM *n, *d;
 
 	/* We're called only after ft_recognize_pem, so this should work. */
 	rsa_key = rsa_from_buffer(buf, len);
@@ -223,10 +224,11 @@ int ft_show_pem(const char *name, uint8_
 		DIE;
 
 	/* Use to presence of the private exponent to decide if it's public */
-	printf("%s Key file:  %s\n", rsa_key->d ? "Private" : "Public",
+	RSA_get0_key(rsa_key, , NULL, );
+	printf("%s Key file:  %s\n", d ? "Private" : "Public",
 	 name);
 
-	bits = BN_num_bits(rsa_key->n);
+	bits = BN_num_bits(n);
 	printf("  Key length:  %d\n", bits);
 
 	if (vb_keyb_from_rsa(rsa_key, , _len)) {
diff -urip vboot-utils-0~R52-8350.B/host/lib/util_misc.c vboot-utils-0~R52-8350.B.openssl110/host/lib/util_misc.c
--- vboot-utils-0~R52-8350.B/host/lib/util_misc.c	2016-05-23 10:39:35.0 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/host/lib/util_misc.c	2016-11-07 18:52:47.119194802 +0100
@@ -65,7 +65,8 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_
 	int retval = 1;
 
 	/* Size of RSA key in 32-bit words */
-	nwords = BN_num_bits(rsa_private_key->n) / 32;
+	RSA_get0_key(rsa_private_key, , NULL, NULL);
+	nwords = BN_num_bits(n) / 32;
 
 	bufsize = (2 + nwords + nwords) * sizeof(uint32_t);
 	outbuf = malloc(bufsize);
@@ -94,7 +95,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_
 	NEW_BIGNUM(B);
 #undef NEW_BIGNUM
 
-	BN_copy(N, rsa_private_key->n);
+	BN_copy(N, n);
 	BN_set_word(Big1, 1L);
 	BN_set_word(Big2, 2L);
 	BN_set_word(Big32, 32L);
diff -urip vboot-utils-0~R52-8350.B/host/lib21/host_key.c vboot-utils-0~R52-8350.B.openssl110/host/lib21/host_key.c
--- vboot-utils-0~R52-8350.B/host/lib21/host_key.c	2016-05-23 10:39:35.0 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/host/lib21/host_key.c	2016-11-07 19:00:43.492879443 +0100
@@ -544,7 +544,11 @@ int vb2_public_key_hash(struct vb2_publi
 
 enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa)
 {
-	int bits = BN_num_bits(rsa->n);
+	int bits;
+	const BIGNUM *n;
+
+	RSA_get0_key(rsa, , NULL, NULL);
+   	bits = BN_num_bits(n);
 
 	switch (bits) {
 	case 1024:
diff -urip vboot-utils-0~R52-8350.B/utility/dumpRSAPublicKey.c vboot-utils-0~R52-8350.B.openssl110/utility/dumpRSAPublicKey.c
--- vboot-utils-0~R52-8350.B/utility/dumpRSAPublicKey.c	2016-05-23 10:39:54.0 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/utility/dumpRSAPublicKey.c	2016-11-07 18:57:06.438635603 +0100
@@ -20,8 +20,13 @@
  */
 
 int check(RSA* key) {
-  int public_exponent = BN_get_word(key->e);
-  int modulus = BN_num_bits(key->n);
+  int public_exponent;
+  int modulus;
+  const BIGNUM *n, *e;
+
+  RSA_get0_key(key, , , NULL);
+  public_exponent = BN_get_word(e);
+  modulus = BN_num_bits(n);
 
   if (public_exponent != 65537) {
 fprintf(stderr, "WARNING: Public 

Bug#823004: gplaycli: sensitive information in config file

[Hans-Christoph Steiner]

dummydroid is already included in Debian :-D  I think the best way
forward for this issue is for the gplaycli package to leave out the
default credentials.  Then make it as easy as possible for people to set
up the credentials using dummydroid.

Bug#843558: squidguard: Problem in update-squidguard and tabs in squidguard.conf

[Wolfgang Hotwagner]

Package: squidguard
Version: 1.5-4
Severity: important
Tags: patch

Dear Maintainer,

I have a tab instead of a whitespace in my squidguar.conf in the following line:
dbhome  /var/lib/squidguard/db

If I call update-squidguard on Debian Jessie i'll get the following output:
root@34697f9f06a2:/# update-squidguard 
/usr/sbin/update-squidguard: 69: test: dbhome: unexpected operator
Rebuild SquidGuard database - this can take a while.

On Debian Wheezy I'll get the following:
/usr/sbin/update-squidguard: 95: /usr/sbin/update-squidguard: cannot create 
dbhome  /var/lib/squidguard/db/../dbversion: Directory nonexistent

The problem seems to be in /usr/sbin/update-squidguard at the following line:
DATADIR=$(grep ^dbhome ${CONFDIR}/${CONFFILE} | cut -d' ' -f2)

I guess we could fix the problem by changing the line into:
DATADIR=$(grep ^dbhome ${CONFDIR}/${CONFFILE} | sed 's/\t/ /' | cut -d' ' -f2)


-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-rc8 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages squidguard depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  libc6  2.19-18+deb8u6
ii  libdb5.3   5.3.28-9
ii  libldap-2.4-2  2.4.40+dfsg-1+deb8u2

Versions of packages squidguard recommends:
ii  liburi-perl  1.64-1
ii  libwww-perl  6.08-1
ii  squid3   3.4.8-6+deb8u3

Versions of packages squidguard suggests:
pn  ldap-utils  
pn  squidguard-doc  

-- debconf information:
  squidguard/dbreload: true

Bug#843556: RM: mrbayes [armel mips mips64el mipsel powerpc ppc64el s390x] -- ROM; Dependency not available on all architectures any more

[Andreas Tille]

Package: ftp.debian.org
Severity: normal

Hi ftpmasters,

since libhmsbeagle does not build on the architectures mentioned in the
subject line also its dependency mrbayes needs to be removed for these
architectures.

Thanks for your work as ftpmaster

   Andreas.

Bug#516386: hint

[Thomas Lange]

Another way wouldbe to copy /etc/fai/NFSROOT into the CS. This should
also add the packages defined in this config file to the partitial mirror.
-- 
regards Thomas

Bug#842059: cssmin: diff for NMU version 0.2.0-3.1

[Stuart Prescott]

Control: block -1 by 687900

Hi Jochen,

Before incorporating changes in multiarch headers, I'd like to have some 
documentation on what the field means and what "foreign" means. I am not 
comfortable with these changes without this information. The people who 
actually understand this stuff need to help those who do not with normative 
(and informative!) documentation, otherwise we're just accumulating a pile of 
future bugs.

regards
Stuart

-- 
Stuart Prescotthttp://www.nanonanonano.net/   stu...@nanonanonano.net
Debian Developer   http://www.debian.org/ stu...@debian.org
GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7

Bug#842526: closed by Sebastian Dröge <sl...@debian.org> (Bug#842526: fixed in gstreamer1.0 1.10.0-1)

[Sebastian Dröge]

On Mon, 2016-11-07 at 09:06 +0100, Helmut Grohne wrote:
> Control: reopen -1
> Control: found -1 gstreamer1.0/1.10.0-1
> 
> On Tue, Nov 01, 2016 at 05:09:10PM +, Debian Bug Tracking System
> wrote:
> >  gstreamer1.0 (1.10.0-1) unstable; urgency=medium
> >  .
> >    [ Helmut Grohne ]
> >    * Mark gstreamer1.0-doc Multi-Arch: foreign (Closes: #842526).
> 
> I'm not sure what went wrong here, but the current gstreamer1.0-doc
> in unstable version 1.10.0-1 is not Multi-Arch: foreign. Can you
> retry applying the patch?

debian/control was not properly updated from debian/control.in. I'll
upload a fixed version once 1.10.0-1 is in testing

The other packages all seem fine, right?

signature.asc
Description: This is a digitally signed message part

Bug#717563: reportbug: web access thru proxy not available

[Olaf Zaplinski]

Sorry, the bug still exists:

Please enter the name of your proxy server. It should only use this 
parameter if you are behind a firewall. The PROXY
argument should be formatted as a valid HTTP URL, including (if 
necessary) a port number; for example,
http://192.168.1.1:3128/. Just press ENTER if you don't have one or 
don't know.

http://user:p...@proxy.example.com:8080
Default preferences file written. To reconfigure, re-run reportbug with 
the "--configure" option.

Running 'reportbug' as root is probably insecure! Continue [y|N|q|?]? y
Please enter the name of the package in which you have found a problem, 
or type 'other' to report a more general problem. If
you don't know what package the bug is in, please contact 
debian-u...@lists.debian.org for assistance.

reportbug

*** Welcome to reportbug.  Use ? for help at prompts. ***
Note: bug reports are publicly archived (including the email address of 
the submitter).

Detected character set: UTF-8
Please change your locale if this is incorrect.

Using 'Olaf Zaplinski ' as your from address.
Getting status for reportbug...
Checking for newer versions at madison, incoming.debian.org and 
http://ftp-master.debian.org/new.html

Will send report to Debian (per lsb_release).
Querying Debian BTS for reports on reportbug (source)...
Unable to connect to Debian BTS; continue [y|N|?]?

Bug#843425: blender doesn't optimize for amd64 defaults

[Sergey Sharybin]

Hi,

>From the report it's not fully clear what parts Blender those CFLAGS
are referencing to, but because it's all within a context of #843379 i
would guess we are talking about Cycles kernel here (Cycles is the
render engine we use in Blender).

In this case you're partially correct: we are mainly ignoring default
CFLAGS but we compile 6 different CPU kernels, optimized for various
microarchitectures ("native" - no SSE2 on i686 / SSE2 on amd64, forced
SSE2, SSE3, SSE4.1, AVX and AVX2). Then during runtime we detect
current CPU microarchitecture and invoke kernel with highest
capabilities allowed on the current processor.

This is the only way we can guarantee optimal render times on amd64.
Keep in mind, AVX2 can render similar scene like 2x faster than simple
SSE2. This is something we can not ignore for our users.

That being said, if you have some tricky setup where we do not detect
capabilities correctly and Cycles tries to use unsupported kernel and
runs into ILLEGAL INSTRUCTION i'll be happy to look into and solve
that from our end.

Now, about forcing microarchitecture in rest of Blender. We do require
SSE2 on amd64 and i686, but that should be all fine as far as i know
(amd64 always have SSE2, 32bit builds will disable SSE2 automatically
if current CPU does not support it).

-- 
With best regards, Sergey Sharybin

Bug#843510: linux-image-4.8.0-rc8-amd64-unsigned: Task timeout when workstation is connected

[Alexandre]

Package: src:linux
Version: 4.8~rc8-1~exp1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

With my laptop (dell xps13 2015), when i connect a workstation to have ethernet
connection for example, i have most task kernel timeout

nov. 05 18:13:00 debian kernel: INFO: task kworker/0:1:2828 blocked for more
than 120 seconds.
nov. 05 18:13:00 debian kernel:   Tainted: G U  4.7.0-1-amd64
#1
nov. 05 18:13:00 debian kernel: "echo 0 >
/proc/sys/kernel/hung_task_timeout_secs" disables this message.
nov. 05 18:13:00 debian kernel: kworker/0:1 D 88027ec16d80 0  2828
2 0x
nov. 05 18:13:00 debian kernel: Workqueue: events rtl_work_func_t [r8152]
nov. 05 18:13:00 debian kernel:  880270f8e040 aa40d500
88027ed96df0 88027114fcb8
nov. 05 18:13:00 debian kernel:  88027115 880274816948
880274816a08 
nov. 05 18:13:00 debian kernel:   88027114fcb8
a9fd83d1 880274816898
nov. 05 18:13:00 debian kernel: Call Trace:
nov. 05 18:13:00 debian kernel:  [] ? schedule+0x31/0x80
nov. 05 18:13:00 debian kernel:  [] ? rpm_resume+0x182/0x690
nov. 05 18:13:00 debian kernel:  [] ?
wake_atomic_t_function+0x60/0x60
nov. 05 18:13:00 debian kernel:  [] ? rpm_resume+0x2e0/0x690
nov. 05 18:13:00 debian kernel:  [] ?
dequeue_entity+0x24b/0xb40
nov. 05 18:13:00 debian kernel:  [] ?
__pm_runtime_resume+0x47/0x70
nov. 05 18:13:00 debian kernel:  [] ?
usb_autopm_get_interface+0x1d/0x50 [usbcore]
nov. 05 18:13:00 debian kernel:  [] ?
rtl_work_func_t+0x6f/0x3e2 [r8152]
nov. 05 18:13:00 debian kernel:  [] ?
process_one_work+0x160/0x410
nov. 05 18:13:00 debian kernel:  [] ?
worker_thread+0x4d/0x480
nov. 05 18:13:00 debian kernel:  [] ?
process_one_work+0x410/0x410
nov. 05 18:13:00 debian kernel:  [] ? kthread+0xcd/0xf0
nov. 05 18:13:00 debian kernel:  [] ? ret_from_fork+0x1f/0x40
nov. 05 18:13:00 debian kernel:  [] ?
kthread_create_on_node+0x190/0x190

Nov  5 18:17:00 debian kernel: [ 2400.537014] INFO: task NetworkManager:2630
blocked for more than 120 seconds.
Nov  5 18:17:00 debian kernel: [ 2400.537020]   Tainted: G U
4.7.0-1-amd64 #1
Nov  5 18:17:00 debian kernel: [ 2400.537021] "echo 0 >
/proc/sys/kernel/hung_task_timeout_secs" disables this message.
Nov  5 18:17:00 debian kernel: [ 2400.537023] NetworkManager  D
88027ec96d80 0  2630  1 0x
Nov  5 18:17:00 debian kernel: [ 2400.537027]  880273653040
8802752a1000 a9ec698e 0286
Nov  5 18:17:00 debian kernel: [ 2400.537030]  88005f60
88005f5ffc48 aa4d96c4 880273653040
Nov  5 18:17:00 debian kernel: [ 2400.537033]  
aa4d96c8 a9fd83d1 aa4d96c0
Nov  5 18:17:00 debian kernel: [ 2400.537036] Call Trace:
Nov  5 18:17:00 debian kernel: [ 2400.537043]  [] ?
__kmalloc_reserve.isra.33+0x2e/0x80
Nov  5 18:17:00 debian kernel: [ 2400.537046]  [] ?
schedule+0x31/0x80
Nov  5 18:17:00 debian kernel: [ 2400.537049]  [] ?
schedule_preempt_disabled+0xa/0x10
Nov  5 18:17:00 debian kernel: [ 2400.537051]  [] ?
__mutex_lock_slowpath+0xb4/0x130
Nov  5 18:17:00 debian kernel: [ 2400.537054]  [] ?
mutex_lock+0x1b/0x30
Nov  5 18:17:00 debian kernel: [ 2400.537057]  [] ?
rtnetlink_rcv+0x15/0x30
Nov  5 18:17:00 debian kernel: [ 2400.537060]  [] ?
netlink_unicast+0x177/0x220
Nov  5 18:17:00 debian kernel: [ 2400.537062]  [] ?
netlink_sendmsg+0x2fe/0x3b0
Nov  5 18:17:00 debian kernel: [ 2400.537065]  [] ?
sock_sendmsg+0x30/0x40
Nov  5 18:17:00 debian kernel: [ 2400.537067]  [] ?
___sys_sendmsg+0x28e/0x2a0
Nov  5 18:17:00 debian kernel: [ 2400.537072]  [] ?
memzero_explicit+0xe/0x10
Nov  5 18:17:00 debian kernel: [ 2400.537075]  [] ?
extract_buf+0xf6/0x120
Nov  5 18:17:00 debian kernel: [ 2400.537078]  [] ?
dput+0xbb/0x240
Nov  5 18:17:00 debian kernel: [ 2400.537081]  [] ?
__fput+0x164/0x1e0
Nov  5 18:17:00 debian kernel: [ 2400.537084]  [] ?
__sys_sendmsg+0x51/0x90
Nov  5 18:17:00 debian kernel: [ 2400.537087]  [] ?
system_call_fast_compare_end+0xc/0x96

Nov  5 18:17:00 debian kernel: [ 2400.537098] INFO: task DNS Res~ver #11:4128
blocked for more than 120 seconds.
Nov  5 18:17:00 debian kernel: [ 2400.537100]   Tainted: G U
4.7.0-1-amd64 #1
Nov  5 18:17:00 debian kernel: [ 2400.537101] "echo 0 >
/proc/sys/kernel/hung_task_timeout_secs" disables this message.
Nov  5 18:17:00 debian kernel: [ 2400.537103] DNS Res~ver #11 D
88027ec16d80 0  4128  1 0x
Nov  5 18:17:00 debian kernel: [ 2400.537105]  8801b9178040
aa40d500 a9ec698e 0286
Nov  5 18:17:00 debian kernel: [ 2400.537108]  88018312c000
88018312bd38 aa4d96c4 8801b9178040
Nov  5 18:17:00 debian kernel: [ 2400.537110]  
aa4d96c8 a9fd83d1 aa4d96c0
Nov  5 18:17:00 debian kernel: [ 2400.537113] Call Trace:
Nov  5 18:17:00 debian kernel: [ 2400.537115]  [] ?
__kmalloc_reserve.isra.33+0x2e/0x80
Nov  5 

Bug#842526: closed by Sebastian Dröge <sl...@debian.org> (Bug#842526: fixed in gstreamer1.0 1.10.0-1)

[Helmut Grohne]

Control: reopen -1
Control: found -1 gstreamer1.0/1.10.0-1

On Tue, Nov 01, 2016 at 05:09:10PM +, Debian Bug Tracking System wrote:
>  gstreamer1.0 (1.10.0-1) unstable; urgency=medium
>  .
>[ Helmut Grohne ]
>* Mark gstreamer1.0-doc Multi-Arch: foreign (Closes: #842526).

I'm not sure what went wrong here, but the current gstreamer1.0-doc in
unstable version 1.10.0-1 is not Multi-Arch: foreign. Can you retry
applying the patch?

Helmut

Bug#842965: 4.08 regression: gaps between the xterms

[Harald Dunkel]

PS: See the comments in

https://github.com/duncs/clusterssh/pull/66

It would be very nice if you could back out pull 66 for
the Debian version.

Bug#843602: systemd service file ignores /etc/default/nfdump

[Alexander Zangerl]

Package: nfdump
Version: 1.6.15-3
Severity: normal

this version of the nfdump package includes a systemd service file
that completely ignores /etc/default/nfdump. it makes it impossible to
adjust the listener port, the database directory or any of the other common
options of the nfcapd.

most of those options are supported normally by the init script
for nfcapd/nfdump (which is also included). (not highly important but would be
nice to have: could you maybe add support for something like
-p $NETFLOW_PORT -t $DATA_ROTATE_INTERVAL ?)

please make the behaviour wrt. /etc/default/nfdump consistent across
all supported init systems.

regards
az

Bug#841248: opencfu: FTBFS: error with opencv 3.1

[Nobuhiro Iwamatsu]

Control: tags -1 patch

Hi,

I created a patch from upstream repository which revice this problem.
Could you check this patch?

Best regards,
  Nobuhiro
-- 
Nobuhiro Iwamatsu
   iwamatsu at {nigauri.org / debian.org}
   GPG ID: 40AD1FA6


opencfu.debdiff
Description: Binary data

Bug#843565: ifupdown2: Unsupported keyword (wpa-ssid) (wpa-psk) after upgrade to 1.0~git20161101-1

[Roopa Prabhu]

It appears we have enabled a config that should have been off by default for 
debian ifupdown scripts.
Please set the attribute addon_syntax_check=0 in ifupdown2.conf to disable 
syntax checking.

/etc/network/ifupdown2/ifupdown2.conf
# enable addon module syntax check:
# Python addon modules register dictionary of supported attributes.
# The syntax checker in ifupdown2 uses this dictionary for syntax
# checks in the interfaces file. This works well, when only python modules
# are used. But when a mix of scripts and modules are used (which is the
# default case), you may get false warnings for attributes supported
# by scripts
addon_syntax_check=1

we will submit a fix to set it to 0 by default 'addon_syntax_check=0' so that 
it does not break
existing deployments or files.

Thanks for the report. And please let us know if you continue seeing problems 
with addon_syntax_check=0



On 11/7/16, 4:47 PM, Julien Fortin wrote:
> Hello Jacek,
>
> Thanks for reporting this issue, I will look into it this week and get back
> to you accordingly.
>
> Regards,
> Julien.
>
> On Mon, Nov 7, 2016 at 8:34 PM, Jacek Politowski  wrote:
>
>> Package: ifupdown2
>> Version: 1.0~git20161101-1
>> Severity: important
>>
>> Dear Maintainer,
>>
>> after recent upgrade (ifupdown2:amd64 1.0~git20160525-1 ->
>> 1.0~git20161101-1)
>> my WLAN network interface stopped working. Ifupdown gives error messages
>> about
>> unsupported keywords in 'interfaces' configuration file.
>>
>> My configuration was made according to this guide:
>> https://wiki.debian.org/WiFi/HowToUse#WPA-PSK_and_WPA2-PSK
>>
>>
>> $ sudo ifup wlxABCDEFGHI
>> error: /etc/network/interfaces.d/wlxABCDEFGHI: line3: iface wlxABCDEFGHI:
>> unsupported keyword (wpa-ssid)
>> error: /etc/network/interfaces.d/wlxABCDEFGHI: line4: iface wlxABCDEFGHI:
>> unsupported keyword (wpa-psk)
>>
>>
>> I can't see anything related in changelog.Debian or similar files in
>> /usr/share/doc/ifupdown2.
>>
>> However, downgrading to version 1.0~git20160525-1 (from Stretch) brings
>> everything back to order.
>> 'ifup' doesn't complain and my ath9k works as expected.
>>
>>
>> -- System Information:
>> Debian Release: stretch/sid
>>   APT prefers unstable
>>   APT policy: (500, 'unstable'), (1, 'experimental')
>> Architecture: amd64 (x86_64)
>> Foreign Architectures: i386
>>
>> Kernel: Linux 4.8.0-1-amd64 (SMP w/2 CPU cores)
>> Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
>> Shell: /bin/sh linked to /bin/dash
>> Init: systemd (via /run/systemd/system)
>>
>> Versions of packages ifupdown2 depends on:
>> ii  init-system-helpers  1.46
>> ii  python-argcomplete   1.4.1-0.1
>> ii  python-ipaddr2.1.11-2
>> pn  python:any   
>>
>> ifupdown2 recommends no packages.
>>
>> Versions of packages ifupdown2 suggests:
>> ii  python-gvgen  0.9-2
>> ii  python-mako   1.0.4+ds1-2
>>
>> -- no debconf information
>>

Bug#843551: konsole: Starting konsole from menu or krunner does not work anymore

[Maximiliano Curia]

Control: forcemerge 841502 843551

This issue was already reported in 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841502

and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842920

I'm merging the reports.

¡Hola M!

El 2016-11-07 a las 18:43 +0100, M G Berberich escribió:
Package: konsole 
Version: 4:16.08.2-1.1 
Severity: important


starting konsole from start-menu or krunner is totaly broken. 
Sometimes it starts a konsole with the last used profile instead of the default profile, mostly nothing happens at all. 
Starting a xterm and then starting konsole from xterm works.



There exists a fix from Martin T. H. Sandsmark:
https://quickgit.kde.org/?p=konsole.git=commit=4ec9b565800b9e9bdbf45dbb5983530fb95791e7


I was testing this fix, it seems to work.

Happy hacking,
--
"If I ask another professor what he teaches in the introductory programming
course, whether he answers proudly "Pascal" or diffidently "FORTRAN," I know
that he is teaching a grammar, a set of semantic rules, and some finished
algorithms, leaving the students to discover, on their own, some process of
design."
-- Robert W. Floyd
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Bug#843506: libosinfo-1.0-0: Please bump libosinfo-l10n dependency to Depends or Recommends

[Guido Günther]

Hi Laurent,
On Mon, Nov 07, 2016 at 08:17:53AM +0100, Laurent Bigonville wrote:
> Package: libosinfo-1.0-0
> Version: 1.0.0-2
> Severity: normal
> 
> Hi,
> 
> Shouldn't the dependency against libosinfo-l10n be bumped to a Depends
> or at least a Recommends?
> 
> Suggested packages are not installed by default and I feel that
> translation might be important enough for some users

TBH I'm not sure. While icedove and firefox don't even suggest l10n
libreoffice recommends it.

Policy has not word about this so there doesn't seem to be common
practive.

There are lots of uses where l10n for libosinfo is not needed so I'm
inclined to leave it as is.
Cheers,
 -- Guido

Bug#843607: certbot: Unknown lvalue 'RandomizedDelaySec' in section 'Timer'

[Kazuhiro NISHIYAMA]

Package: certbot
Version: 0.9.3-1~bpo8+1
Severity: normal

Dear Maintainer,

After upgrade to 0.9.3-1~bpo8+1,
systemd message in log:
systemd[1]: [/lib/systemd/system/certbot.timer:6] Unknown lvalue 
'RandomizedDelaySec' in section 'Timer'

And certbot.service runs without any random sleep.

I think 'RandomizedDelaySec' is not supported by jessie's systemd.

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages certbot depends on:
ii  dialog   1.2-20140911-1
ii  init-system-helpers  1.22
ii  python   2.7.9-1
ii  python-certbot   0.9.3-1~bpo8+1
pn  python:any   

certbot recommends no packages.

Versions of packages certbot suggests:
pn  python-certbot-apache  
pn  python-certbot-doc 

-- no debconf information

Bug#843610: xscreensaver should ship a systemd user .service instead of just documenting it in xscreensaver(1)

[Daniel Kahn Gillmor]

Package: xscreensaver
Version: 5.34-2
Severity: wishlist

xscreensaver(1) says:

--
USING SYSTEMD
   If  the  above  didn't do it, and your system has systemd(1), then give
   this a try:

   1: Create a service.
  Create the file ~/.config/systemd/user/xscreensaver.service contain‐
  ing:
  [Unit]
  Description=XScreenSaver
  [Service]
  ExecStart=xscreensaver
  [Install]
  WantedBy=default.target
  2. Enable it.
  systemctl --user enable xscreensaver
  Then restart X11.
--

It would be better to ship this file as
/usr/lib/systemd/user/xscreensaver.service, and just tell the user to:

   systemctl --user enable xscreensaver

rather than making them copy and paste.

Thanks for maintaining xscreensaver for debian!

Regards,

--dkg

-- System Information:
Debian Release: stretch/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages xscreensaver depends on:
ii  libatk1.0-0  2.22.0-1
ii  libc62.24-5
ii  libcairo21.14.6-1+b1
ii  libfontconfig1   2.11.0-6.7
ii  libfreetype6 2.6.3-3+b1
ii  libgdk-pixbuf2.0-0   2.36.0-1
ii  libglade2-0  1:2.6.4-2
ii  libglib2.0-0 2.50.1-1
ii  libgtk2.0-0  2.24.31-1
ii  libice6  2:1.0.9-1+b1
ii  libpam0g 1.1.8-3.3
ii  libpango-1.0-0   1.40.3-2
ii  libpangocairo-1.0-0  1.40.3-2
ii  libpangoft2-1.0-01.40.3-2
ii  libsm6   2:1.2.2-1+b1
ii  libx11-6 2:1.6.3-1
ii  libxext6 2:1.3.3-1
ii  libxi6   2:1.7.6-1
ii  libxinerama1 2:1.1.3-1+b1
ii  libxml2  2.9.4+dfsg1-2.1
ii  libxmu6  2:1.1.2-2
ii  libxpm4  1:3.5.11-1+b1
ii  libxrandr2   2:1.5.0-1
ii  libxrender1  1:0.9.9-2
ii  libxt6   1:1.1.5-1
ii  libxxf86vm1  1:1.1.4-1
ii  xscreensaver-data5.34-2

Versions of packages xscreensaver recommends:
ii  libgnomeui-0 2.24.5-3.1
ii  libjpeg-turbo-progs [libjpeg-progs]  1:1.5.1-2
pn  perl5
ii  wamerican [wordlist] 7.1-1
ii  witalian [wordlist]  1.7.6

Versions of packages xscreensaver suggests:
ii  chromium [www-browser]  53.0.2785.143-1
ii  elinks [www-browser]0.12~pre6-12
ii  epiphany-browser [www-browser]  3.22.1-2
ii  firefox [www-browser]   49.0-5
ii  firefox-esr [www-browser]   45.4.0esr-2
ii  fortune-mod [fortune]   1:1.99.1-7
pn  gdm3 | kdm-gdmcompat
ii  links [www-browser] 2.13-1
ii  lynx [www-browser]  2.8.9dev9-1
pn  qcam | streamer 
ii  w3m [www-browser]   0.5.3-32
pn  xdaliclock  
pn  xfishtank   
pn  xscreensaver-gl 

-- no debconf information

Bug#840575: [buildd-tools-devel] Bug#840575: sbuild bpo: uses non-available option gnupg --pinentry-mode

[Daniel Kahn Gillmor]

On Thu 2016-11-03 06:56:21 -0600, Luca Falavigna wrote:
> 2016-11-03 13:41 GMT+01:00 Thomas Goirand :
>> dkg, you had the intention to upload gnupg 2.1 to backports. Is there
>> anything that's holding it?
>>
>> Lucas, could you upload a version of sbuild to BPO without this hard
>> requirement, and maybe with the fix I suggested for the keygen thing?
>> While not the definitive solution, this would fix it in the mean time.
>
> If Daniel is willing to upload gnupg2, that would be cool! Otherwise
> I'll try to see which other alternatives we have.

I'd be happy to upload gnupg2 2.1.15-8 to backports, but it's currently
not migrating to testing, i think because of the current udeb freeze (we
have gpgv-udeb).  I'm adding kibi to the cc list here to see whether
that's something he's ok with unblocking.

   --dkg


signature.asc
Description: PGP signature

Bug#842015: Merging bugs about pinentry failing without GNOME-connected d-bus

[Daniel Kahn Gillmor]

On Sun 2016-11-06 04:25:27 -0500, Vincent Lefevre  wrote:
> On 2016-11-06 01:13:53 -0500, Daniel Kahn Gillmor wrote:
>> If you want a pinentry that only speaks curses (and never tries to
>> integrate with a gnome3 session), you should install pinentry-curses and
>> either remove pinentry-gnome3, or place "pinentry-program
>> /usr/bin/pinentry-curses" in your gpg-agent.conf.
>
> I expect that the fallback to curses be automatic.

It is indeed automatic -- it falls back when it is unable to communicate
with a gnome3 prompter, which happens via d-bus.

>> One additional exacerbating factor that you're seeing is probably due to
>> the fact that pinentry-gnome3 doesn't currently respect the default
>> timeout.
>
> No, this is not a timeout issue, as a window is opened on the
> X display, while it should never do that when DISPLAY is unset.

DISPLAY has nothing to do with how pinentry-gnome3 works.
pinentry-gnome3 does not communicate with any X11 session -- it
communicates with a d-bus session.

>> Can you explain what you'd rather happen here?
>
> I don't use GNOME at all, so this isn't this scenario. But the above
> would not be OK for GNOME & SSH users anyway. IMHO, what matters is
> whether DISPLAY is set or not, and its value when it is set.

It sounds like you are expecting the beahvior of pinentry-gtk-2 (which
does indeed talk directly to an X11 display), but using pinentry-gnome3
instead (which talks instead to a d-bus session).  We could make
pinentry-gnome3 test for the presence of DISPLAY, and fall back if it is
unset, but why would we do this, if pinentry-gnome3 doesn't even assume
X11?  If a user runs gnome3 in some non-x11 environment (wayland?  i
don't know specifically), should pinentry-gnome3 fall back to curses,
even when it can provide a graphical prompt?

Perhaps you mean to be using pinentry-gtk-2?

Still at a loss as to how to resolve this bug report satisfactorily,

--dkg



signature.asc
Description: PGP signature

Bug#645334: [Pkg-libvirt-maintainers] Bug#645334: support for manipulating the command line directly

[Guido Günther]

Hi,
On Mon, Nov 07, 2016 at 11:50:33AM +0100, Odd Martin Baanrud wrote:
> Hello,
> 
> > On 07 Nov 2016, at 08:22, Guido Günther  wrote:
> > 
> > Supporting brltty would be great but we must not add hacks for that. It
> > needs to be added as a device to libvirt and can then be exposed to
> > virt-manager/virtinst which can then auto add it if the host has brltty.
> 
> I understand.
> I thaught it needed to be done that way.
> Are you able to add it in the Debian package, or does it need to be 
> implemented upstream?
> If you could make a Debian fix, it would be nice to see it in Stretch, if 
> possible.

Since this needs new domain XML we should do this upstream to not create
a incompatible domain format. In case you want to help filing an
upstream bug would already help:

https://bugzilla.redhat.com/enter_bug.cgi?product=Virtualization 
Tools=libvirt

Cheers,
 -- Guido

Bug#838176: mcabber: please update the package to the latest release

[Anatoly A. Kazantsev]

Hello,

On Tue, 11 Oct 2016 19:51:16 +1300
"Anatoly A. Kazantsev"  wrote:

> On Sun, 9 Oct 2016 09:57:21 +0200
> Franziska Lichtblau  wrote:
> 
> > My view is that I'd like to move the git to alioth[1] and make it a
> > collab-maint project[2]. This makes it much easier to give people access to
> > the git repository and push their work there. So you'd need to go and
> > create a guest account and apply for access to the collab-maint project.
> 
> I've registered on alioth under anatoly-guest name. Please send a signed 
> email to n...@debian.org as stated on [1]

Just checked my account page on alioth and I haven't been assigned to
collab-maint project yet.

It seems we got stuck again :-)

-- 
Regards,
Anatoly

Bug#841411: libkf5kface: FTBFS: error with opencv 3.1

[Maximiliano Curia]

¡Hola Nobuhiro!

El 2016-11-08 a las 12:38 +0900, Nobuhiro Iwamatsu escribió:
Thanks for your pointing. 
I worked about this on with-contrib branch, but I think this work too 
late about transiton. 
 https://anonscm.debian.org/cgit/debian-science/packages/opencv.git/log/?h=with-contrib


Thanks for adding the face module, I see that the contrib modules are 
being installed under an opencv2 directory, is that intentional?


About the timing for the transition, it shouldn't hurt to ask the release team 
about it. If all the issues raised by the opencv change have been 
addressed and you are willing to fix any ripples it might cause then it might 
be just a matter of waiting for the colliding transitions to settle.


Happy hacking,
--
"There are two ways of constructing a software design.  One way is to make it
so simple that there are obviously no deficiencies. And the other way is to
make it so complicated that there are no obvious deficiencies."
-- C.A.R. Hoare
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature