Jakub Wilk | 25 May 20:28 2015
Picon

Bug#786805: RFA: y-u-no-validate -- browser extension to make security exceptions temporary by default

Package: wnpp
Severity: normal

I request an adopter for the y-u-no-validate package. (Note that RFA != 
O. Talk to me before taking over this package.)

The package description is:

y-u-no-validate is an Iceweasel extension that makes the "Permanently 
store this exception" checkbox in the "Add Security Exception" dialog 
unchecked by default.

--

-- 
Jakub Wilk

Roberto C. Sánchez | 25 May 20:16 2015

Bug#744972: Another JS false positive

I just encountered a false positive in packaging a new upstream release
of perl-doc-html (5.20.1-1):

E: perl-doc-html source: source-is-missing static/indexFAQs.js

I am overriding it for now.

Regards,

-Roberto

--

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
up201407890 | 25 May 19:51 2015
Picon

Bug#786804: hwclock(8) SUID privilege escalation

Package: util-linux
Version: 2.26.2

Actually, all versions of util-linux are affected.

Hello, Federico Bento here.

During a recent assessment I have stumbled across a system which had  
hwclock(8) setuid root

$ man hwclock | sed -n '223,231p'

Users access and setuid
        Sometimes, you need to install hwclock setuid root. If you  
want users other than the superuser to be able to display the clock  
value using the direct ISA I/O
        method,  install  it setuid root. If you have the /dev/rtc  
interface on your system or are on a non-ISA system, there's probably  
no need for users to use the
        direct ISA I/O method, so don't bother.

        In any case, hwclock will not allow you to set anything unless  
you have the superuser real uid.  (This  is  restriction  is  not   
necessary  if  you  haven't
        installed setuid root, but it's there for now).

http://sources.debian.net/src/util-linux/2.26.2-5/sys-utils/hwclock.c/#L2041
http://sources.debian.net/src/util-linux/2.26.2-5/sys-utils/hwclock.c/#L1920

  "The program is designed to run setuid superuser, since we need to be able
(Continue reading)

Miguel Landaeta | 25 May 19:59 2015
Picon

Bug#773131: Quick update

unblock 773131 by 780230 784173
thanks

It turns out you can build JRuby 1.7.19 with bnd and
maven-bundle-plugin versions available in sid right now.
Maybe is not ideal but it works OK so far.

The only blocker remaining to upload jruby 1.7.x to experimental is
jnr-posix.

--

-- 
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
"Faith means not wanting to know what is true." -- Nietzsche
David Prévot | 25 May 20:00 2015
Picon

Bug#786803: Please consider versioned Provides

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: britney

Hi,

Now that both dpkg and apt are able to use versioned Provides, it would
be nice to take it into consideration for testing migrations.

Please find attached a basic new test for britney2-tests and a simple
documentation update for britney’s dependencies.

I tried to figure out what would be needed to make that work, but
unfortunately don’t understand much Python. The last patch doesn’t do
anything useful, but at least doesn’t break the existing testsuite (I
guess there is at least something to fix around there)…

X-D-CC to the Debian PHP PEAR Maintainers team, since this issue
currently prevents migration of Symfony and many of its reverse
dependencies.

Regards

David
Axel Beckert | 25 May 19:48 2015
Picon

Bug#645828: your search.cpan.org/metacpan.org commit / Bug#645828: Fold libdatetime-astro-sunrise-perl into libdatetime-event-sunrise-perl

X-Operating-System: Linux 3.2.0-4-amd64 
X-Machine: sym2 x86_64
X-Editor: GNU Emacs 23.4.1
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAAAAAC3mUtaAAAABGdBTUEAALGPC/xhBQAAADh0RVh0U29mdHdhcmUAWFYgVmVyc2lvbiAzLjEwYSAgUmV2OiAxMi8yOS85NCAoUE5HIHBhdGNoIDEuMindFS5JAAACGElEQVQ4jXXQMU8UYRDG8f8shNjdDH4AbpfGDjAWlKiJiZ0ajL1aGCvsNCbGaCGG1koLaztaTYz6ATy+gOyehYmF3MxVxgg3FnDsHcTpJr/M+8w7Rf6nCsaVTTDqxbg9hoOXmw83H71+Eyfg4E1d7/Z2fG9rGkZbTQiu+K+3U/C+76lmkvAhJuDndnoAiftou4V84okAGclop4U/jYACZDTxrYWP0gkxVfAm/W//GLZpxIzwIN0Hn8dw0B+IWkZmQmRsj2HfhwokEklHfNCCiQCRgAR7YyhQVRVTCKCzP4Y5zBBE0t0zY3Q8oQaBqqAMlVEcgVQd9706zGirAFium8HXumlMIeMwqQCInju+2+uB6MRENupdpMt8pRlHZyuAW0F+Mb6XSIVqtxjD+iVmVqqystLEzFTGT92YqRaXpNT5eTVjeJhbALPnrTxLUZUKZsgxcNm64hAOYisT/xhF+oKTGU5RegtC3Rt6eEDi/QnIevdTx9Md2EMmYBRmCQR1026FCGQQJJExsRUqgkMGaWSbwYLnoO4T6VgpbQbdELPMBAHWWrhYrcxXnYgAsatPWygkFCBD4K62MAsOTqA6szYRPpsu6e6Y8mPiVrBMNuGIMrgwBUu4p2DgG1Ownu6hpuTv7hScefHAzAC/yRRw5U5pALMbJ4AUALvHSZhxgHPXTsHcdWD1GadAHr9avP+c0wCr7263Df8ASLwXWHWs+KIAAAAHdElNRQfYBQEBODPr
Organization: DeuxChevaux.org -- The Citroën 2CV Database

Control: tag -1 + moreinfo

Hi Karen and Gioele,

On Sun, May 24, 2015 at 03:15:28PM -0700, Karen Etheridge wrote:
> hi Axel, I saw your commit:
> https://anonscm.debian.org/cgit/pkg-perl/packages/libdatetime-astro-sunrise-perl.git/commit/?id=fda7a52
> 
> I would suggest that this distribution not be packaged at all, since it was
> never made into a stable release. This distribution looks more complete and
> supported: https://metacpan.org/pod/DateTime::Event::Sunrise

You are not the first one to notice: https://bugs.debian.org/645828

That bug report though does not take into account that the initial
team member who packaged libdatetime-astro-sunrise-perl initially
deliberately has chosen DateTime::Astro::Sunrise over
DateTime::Event::Sunrise based on the provided feature set, i.e. the
superiority of DateTime::Event::Sunrise seems questionable. See line
57 of
https://anonscm.debian.org/cgit/pkg-perl/packages/libdatetime-astro-sunrise-perl.git/tree/debian/changelog#n57

Additionally popcon (popularity statistics) are now that low (but not
high either):
(Continue reading)

Miguel Landaeta | 25 May 19:02 2015
Picon

Bug#786802: jline: Please upgrade to 2.12 or more recent release

Package: src:jline
Version: 1.0-2
Severity: wishlist

readline jruby extension build depends on a recent release of this
library, so I intend to update it soon.

-- System Information:
Debian Release: 7.8
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.13-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

--

-- 
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
"Faith means not wanting to know what is true." -- Nietzsche
Aaron M. Ucko | 25 May 18:28 2015
Picon

Bug#786801: nfstrace: FTBFS: test suite errors (esp. #60, json_analyzer)

Source: nfstrace
Version: 0.4.0-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)

Automated builds of nfstrace have been failing with test suite
errors.  Test #60 fails everywhere:

   60/63 Test #60: unit_test_json_analyzer
   ..............................................***Failed    5.36 sec
   [==========] Running 7 tests from 3 test cases.
   [----------] Global test environment set-up.
   [----------] 3 tests from JsonAnalyzerCase
   [ RUN      ] JsonAnalyzerCase.collectStatistics
   unknown file: Failure
   C++ exception with description "Binding server socket error: Address
   already in use" thrown in SetUp().
   [  FAILED  ] JsonAnalyzerCase.collectStatistics (0 ms)
   ...

However, some other tests also fail on some architectures, as detailed
at https://buildd.debian.org/status/logs.php?pkg=nfstrace&ver=0.4.0-1.

Could you please take a look?

Thanks!

Partha Pratim Mukherjee | 25 May 18:22 2015
Picon

Bug#691358: This bug is caused by tempfile from File::Temp

Hi,

As I have investigated, this bug is not caused by Config::IniFiles but
by tempfile function from File::Temp module, which is used internally
when a new ini file is created.

By default tempfile creates a new file with 0600 permission bits.

A similar bug is discussed here
https://rt.cpan.org/Public/Bug/Display.html?id=82516.

Thanks/ppm

Tim Landscheidt | 25 May 18:22 2015
Picon

Bug#786800: RFP: libmediawiki-bot-perl -- Perl high-level bot framework for interacting with MediaWiki wikis

Package: wnpp
Severity: wishlist

* Package name    : libmediawiki-bot-perl
  Version         : 5.006002
  Upstream Author : Mike.lifeguard <lifeguard <at> cpan.org>
* URL             : https://metacpan.org/module/MediaWiki::Bot
* License         : GPL
  Programming Lang: Perl
  Description     : Perl high-level bot framework for interacting with MediaWiki wikis

MediaWiki::Bot is a framework that can be used to write bots which
interface with the MediaWiki API (http://en.wikipedia.org/w/api.php).

We are using this module locally and would like to see this packaged
properly (cf. https://phabricator.wikimedia.org/T91874).

brainpower | 25 May 18:21 2015

Bug#786799: lftp cant establish data connection when using ftpes

Package: lftp
Version: 4.6.0-1+deb8u1
Severity: important

After Upgrading from wheezy to jessie I tried to upload a backup onto a
backup server using FTPES.
This failed with "425 Unable to build data connection: Operation not
permitted"

I tried a simle "ls" after that, which still failed.
Curl was able to connect successfully, so it couldn't have been the server.
After that I downloaded lftp 4.6.2-1 from stretch, installed it
and it worked correctly.

So I assume 4.6.0-1+deb8u1 does something wrong when trying to establish
the data connection, maybe something to do with SSL session reuse, since
that's the most common error that comes up when googling the error message.

Transcript and error messages attached.
--

-- 
regards,
brainpower
server:~ # lftp --debug -u u#####,################ u#####.your-backup.de
lftp u##### <at> u#####.your-backup.de:~> ls
---- Verbinde mit u#####.your-backup.de (2a01:4f8:b10:1000::##) Port 21
<--- 220 ProFTPD 1.3.5 Server (Hetzner Backup) [2a01:4f8:b10:1000::##]
---> FEAT
<--- 211-Features:
(Continue reading)


Gmane