Leonardo Canducci | 4 Sep 18:21 2015

Bug#798034: RFP: miniflux -- a minimalist RSS reader web application

Package: wnpp
Severity: wishlist

* Package name    : miniflux
  Version         : 1.1.7
  Upstream Author : Name Frédéric Guillot
* URL             : https://miniflux.net/
* License         : AGPL v3
  Programming Lang: Php
  Description     : a minimalist RSS reader web application

Miniflux is a RSS reader web application you run on a server with minimal
requirements and a simple yet useful interface (responsive design, so
mobile friendly). I've been using it for a year on a small ARM dev board
and I'm very pleased with it. It's stable, simple to manage, doesn't
need a full fledged database and gets the job done. Setup is super-easy
and despite running on sqlite it supports multiple users.

I've tried Tiny Tiny RSS and for my purposes - a few feeds/no categories
- miniflux is easier to run, configure and use. I'm not a developer so
this is just a request for package.


The Wanderer | 4 Sep 18:17 2015

www.debian.org: get.debian.org rejects HTTPS connections, but redirects to HTTPS site

Package: www.debian.org
Severity: minor

Dear Maintainer,

I'm not completely positive that this is the correct place for this bug
report, but I don't know of anywhere else which would be better. Please
feel free to reassign if appropriate.

Whenever possible, I prefer to connect to Websites via HTTPS. This
includes all Debian Websites.

When I connect to http://get.debian.org/ in a Web browser, I am
redirected to https://www.debian.org/CD/, which is a HTTPS site.
However, the initial connection attempt is made over HTTP, and is
potentially subject to external observation.

When I connect to https://get.debian.org/, I get a near-instant
"connection refused" or "failed to connect" error. Firefox reports
"Unable to connect", w3m reports "Failed to load", and wget reports
"Connection refused".

Initial testing seems to indicate that the same basic behavior occurs
with cdimage.debian.org, which is the old name for the service now
provided by get.debian.org.

Please make it possible to connect to get.debian.org via HTTPS and have
the redirection function properly.

-- System Information:
(Continue reading)

Daniel Glassey | 4 Sep 18:18 2015

Bug#783880: xiphos: new version

merge 783880 783556
tags 783880 +pending


A new guy has joined the team to take care of Xiphos. Xiphos is part of a number of stdc++ related transitions
so it 
may take a while to hit unstable but it is in progress now and we may get it into experimental sooner.

Salvatore Bonaccorso | 4 Sep 18:16 2015

Bug#798032: libpgf: CVE-2015-6673: use-after-free vulnerability in Decoder.cpp

Source: libpgf
Version: 6.14.12-3
Severity: important
Tags: security upstream fixed-upstream


the following vulnerability was published for libpgf.

use-after-free vulnerability in Decoder.cpp

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-6673


Alexandre Viau | 4 Sep 18:10 2015

Bug#798027: RFS: golang-github-rainycape-unidecode

Hello Dimitry,

Can you review golang-github-rainycape-unidecode?

It is on Alioth:
 - git.debian.org:/git/pkg-go/packages/golang-github-rainycape-unidecode



Alexandre Viau
alexandre <at> alexandreviau.net

Daniel Glassey | 4 Sep 18:06 2015

Bug#797564: RM: xiphos -- RoQA; abandoned,grave-bugs,fixed-upstream


We have a new member now for the pkg-crosswire team who is going to take care of xiphos and so there is no need
the removal.

Xiphos is part of a number of transitions (sword, gtkhtml, potentially libstdc++).


Dmitry Smirnov | 4 Sep 18:04 2015

Bug#798031: influxdb: incorrectly named -dev package

Source: influxdb
Severity: minor

There is an "influxdb-dev" but it ships golang sources so it probably should 
have been named "golang-influxdb-dev". Please consider adding 

    Provides: golang-influxdb-dev

to "influxdb-dev" and/or eventually rename the latter.



All the best,
 Dmitry Smirnov
Barry Warsaw | 4 Sep 17:59 2015

Bug#798030: genshi: FTBFS with Python 3.5

Source: genshi
Severity: important
Owner: !

Hash: SHA256

genshi 0.7-3 currently FTBFS with Python 3.5.  Upstream ticket is
http://genshi.edgewall.org/ticket/602 which contains a patch, although
this doesn't completely solve the problem for me.  This is a tracking
bug as I'm currently still working on a fix.

- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.1.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Version: GnuPG v1

(Continue reading)

Tim Gokcen | 4 Sep 17:42 2015

Bug#798029: Impossible to keep gcc-4.7 after upgrade to Debian Jessie

Package: gcc-4.9-base
Version: 4.9.2-10

Debian bug 770025 added a "Breaks: gcc-4.7-base (< 4.7.3)" header to 
gcc-4.9, because it was found in bug 736607 (which relates to gcc-4.8) 
that the package manager would sometimes leave the system with an 
older-release version of gcc instead of using the version from Jessie 
(4.7.3 and up).

However, then Debian bug 765379 came around and gcc 4.7 was completely 
removed from Jessie.

As a result it is now impossible to keep gcc 4.7 installed on a Jessie 
system when upgrading from an earlier release, or to install the package 
from an older release, even though absolutely nothing would actually 
break as a result of this.

Since the original problem posed in bug 770025 (of the package manager 
failing to update gcc-4.7) has been fixed, I believe the "Breaks: 
gcc-4.7-base (<4.7.3)" clause should be removed from gcc-4.9 (and 
probably from gcc-4.8, too).

Guido Günther | 4 Sep 17:41 2015

Bug#798028: jessie-pu: package pykerberos/1.1.5-0.1+deb8u1

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org <at> packages.debian.org
Usertags: pu

I'd like to fix CVE-2015-3206 (a loack (missing KDC authenticity
verification) for jessie via a point release. The debdiff is
attached. The bug is fixed in unstable as well as squeeze-lts already.

As in squeeze-lts the KDC check is disabled by default to not break existing

 -- Guido.

-- System Information:
Debian Release: 8.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
(Continue reading)

Daniel Glassey | 4 Sep 17:34 2015

Bug#797568: RM: bibledit-gtk -- RoQA; abandoned

There is no need to remove it. I uploaded the newer version to unstable earlier in the week but forgot that my
key in the 
Debian keyring had expired so either Roberto Sanchez will do the upload or I'll do it once the keyring is updated.