Bug#1034430: kodi-inputstream-adaptive: crash when resuming video

[Vasyl Gello]

Hi David!

Thanks for the report!
Can you please send me specific playlist used to reproduce the bug in private 
messages?

-- 
Vasyl Gello
==
Certified SolidWorks Expert

Mob.:+380 (98) 465 66 77

E-Mail: vasek.ge...@gmail.com
==
호랑이는 죽어서 가죽을 남기고 사람은 죽어서 이름을 남긴다

Bug#1031152: system-config-printer: unlock button in system-config-printer provides no elevated permissions dialog

[Kevin Otte]

Package: system-config-printer
Version: 1.5.18-1
Followup-For: Bug #1031152

Workaround suggested by original reporter (sudo) ineffective on sway due to 
Wayland security model.

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages system-config-printer depends on:
ii  gir1.2-gdkpixbuf-2.0  2.42.10+dfsg-1+b1
ii  gir1.2-glib-2.0   1.74.0-3
ii  gir1.2-gtk-3.03.24.37-2
ii  gir1.2-handy-11.8.1-1
ii  gir1.2-notify-0.7 0.8.1-1
ii  gir1.2-packagekitglib-1.0 1.2.6-3
ii  gir1.2-pango-1.0  1.50.12+ds-1
ii  gir1.2-polkit-1.0 122-3
ii  python3   3.11.2-1+b1
ii  python3-cups  2.0.1-5+b4
ii  python3-cupshelpers   1.5.18-1
ii  python3-dbus  1.3.2-4+b1
ii  python3-gi3.42.2-3+b1
ii  system-config-printer-common  1.5.18-1

Versions of packages system-config-printer recommends:
ii  avahi-utils 0.8-9
ii  system-config-printer-udev  1.5.18-1

Versions of packages system-config-printer suggests:
pn  gnome-software  

-- no debconf information

Bug#1034195: filezilla: Workaround package build for i386 included experimental - 3.63.2.1-4

[Philip Wyett]

Hi Gert,

I have used d/rules to work around the issue by adding the C(XX)FLAGS -msse4.1 
conditionally for
the i386 build.

I will look at how this can be made available for Bookworm, but we are in 
release freeze, so may
take time.

Regards

Phil

-- 
*** Playing the game for the games own sake. ***


Associations:

* Debian Maintainer (DM)
* Fedora/EPEL Maintainer.
* Contributor member of the AlmaLinux foundation.

WWW: https://kathenas.org

Buy Me a Coffee: https://www.buymeacoffee.com/kathenasorg

Twitter: @kathenasorg

Instagram: @kathenasorg

IRC: kathenas

GPG: 724AA9B52F024C8B


signature.asc
Description: This is a digitally signed message part

Bug#1034431: FTBFS creating vof.bin when /bin/sh -> bash

[Vagrant Cascadian]

Source: qemu
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: shell ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

When /bin/sh points to bash (instead of dash), the behavior of "echo"
differs in the rendering of "\n", and so the debian/rules target for
vof.bin fails to correctly create the config.mak.

The attached patch fixes this by switching to use printf, which appears
to behave consistently regardless of the shell (at least with my quick
testing).

Thanks for maintaining qemu!

live well,
  vagrant
From 18c9ac7af5cfad59ed06978baaf1e6a741accbd2 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Fri, 14 Apr 2023 20:11:08 -0700
Subject: [PATCH] debian/rules: Use 'printf' instead of 'echo' to avoid
 differences in underlying /bin/sh implementations.

---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 28f258b8..c22fcefb 100755
--- a/debian/rules
+++ b/debian/rules
@@ -477,7 +477,7 @@ sysdata-components += skiboot
 build-vof: b/vof/vof.bin
 b/vof/vof.bin: | b
 	mkdir -p b/vof
-	echo 'CC=$${CROSS}gcc\nLD=$${CROSS}ld\nOBJCOPY=$${CROSS}objcopy\nEXTRA_CFLAGS=-m32 -mbig-endian' > b/vof/config.mak
+	printf 'CC=$${CROSS}gcc\nLD=$${CROSS}ld\nOBJCOPY=$${CROSS}objcopy\nEXTRA_CFLAGS=-m32 -mbig-endian' > b/vof/config.mak
 	${MAKE} -C b/vof CROSS=${PPC64_CROSSPFX} SRC_DIR=../../pc-bios/vof -f../../pc-bios/vof/Makefile
 install-vof: b/vof/vof.bin
 	install -m 0644 -t ${sysdataidir} $<
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1034195: upstream gcc bug

[Philip Wyett]

On Thu, 2023-04-13 at 21:47 +0200, Gert van de Kraats wrote:
> Phil
> 
> I made an upstream issue at GCC:
> 
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109504 .
> 
> Perhaps you can add other packages there, that have the same problem?

Hi Gert,

Thanks for that. Let us see what progress is made/resolution is reached.

Regards

Phil

-- 
*** Playing the game for the games own sake. ***


Associations:

* Debian Maintainer (DM)
* Fedora/EPEL Maintainer.
* Contributor member of the AlmaLinux foundation.

WWW: https://kathenas.org

Buy Me a Coffee: https://www.buymeacoffee.com/kathenasorg

Twitter: @kathenasorg

Instagram: @kathenasorg

IRC: kathenas

GPG: 724AA9B52F024C8B


signature.asc
Description: This is a digitally signed message part

Bug#1034430: kodi-inputstream-adaptive: crash when resuming video

[david s]

Package: kodi-inputstream-adaptive
Version: 20.3.2+ds-1
Severity: important
X-Debbugs-Cc: d...@fastmail.com

Dear Maintainer,

When resuming a Youtube video, Kodi will crash with the following stack
trace:

Thread 1 (Thread 0x7ff6751026c0 (LWP 100225)):
#0  0x7ff771d63ccc in  () at /lib/x86_64-linux-gnu/libc.so.6
#1  0x7ff771d14ef2 in raise () at /lib/x86_64-linux-gnu/libc.so.6
#2  0x7ff771cff472 in abort () at /lib/x86_64-linux-gnu/libc.so.6
#3  0x7ff771cff395 in  () at /lib/x86_64-linux-gnu/libc.so.6
#4  0x7ff771d0ddf2 in  () at /lib/x86_64-linux-gnu/libc.so.6
#5  0x7ff686d82a65 in webm::UnknownParser::Feed(webm::Callback*, 
webm::Reader*, unsigned long*) () at /usr/lib/x86_64-linux-gnu/libwebm.so.1
#6  0x7ff686d833f1 in webm::WebmParser::Feed(webm::Callback*, 
webm::Reader*) () at /usr/lib/x86_64-linux-gnu/libwebm.so.1
#7  0x7ff67a602558 in  () at 
/usr/lib/x86_64-linux-gnu/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2
#8  0x7ff67a5eef0d in  () at 
/usr/lib/x86_64-linux-gnu/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2
#9  0x7ff67a5eeef9 in  () at 
/usr/lib/x86_64-linux-gnu/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2
#10 0x7ff67a5f846b in  () at 
/usr/lib/x86_64-linux-gnu/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2
#11 0x7ff67a5b0189 in  () at 
/usr/lib/x86_64-linux-gnu/kodi/addons/inputstream.adaptive/inputstream.adaptive.so.20.3.2
#12 0x5650984cfb6e in CDVDDemuxClient::Read() ()
#13 0x565098552d26 in CVideoPlayer::ReadPacket(DemuxPacket*&, 
CDemuxStream*&) ()
#14 0x56509855a21d in CVideoPlayer::Process() ()
#15 0x565098809a45 in CThread::Action() ()
#16 0x56509880b46e in  ()
#17 0x56509880bfab in  ()
#18 0x7ff771ad44a3 in  () at /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#19 0x7ff771d61fd4 in  () at /lib/x86_64-linux-gnu/libc.so.6
#20 0x7ff771de266c in  () at /lib/x86_64-linux-gnu/libc.so.6


I noticed that the Debian version is patched to use a packaged libwebm
while upstream is using a much older version. Recompiling without this
patch seems to fix the issue, but more testing is needed.

I can provide further logs upon request

~ds

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kodi-inputstream-adaptive depends on:
ii  kodi [kodi-api-inputstream]  2:20.1+dfsg-1
ii  libc62.36-9
ii  libexpat12.5.0-1
ii  libgcc-s112.2.0-14
ii  libstdc++6   12.2.0-14
ii  libwebm1 1.0.0.29-1

kodi-inputstream-adaptive recommends no packages.

kodi-inputstream-adaptive suggests no packages.

-- no debconf information

Bug#1034332: Occasional garbled Chinese pdf lines

[Dan Jacobson]

OK, I now installed fonts-droid-fallback. Alas, no change.

Bug#1034429: coreutils: install: -s runs ["strip", $f] instead of ["strip", "--", $f]; should use strip from $STRIP

[наб]

Package: coreutils
Version: 8.32-4+b1
Version: 9.1-1
Severity: normal

Dear Maintainer,

-- >8 --
$ install -vs /bin/install -- q
removed 'q/install'
'/bin/install' -> 'q/install'
$ install -vs /bin/install -- -v
'/bin/install' -> '-v'
Usage: strip  in-file(s)
 Removes symbols and sections from files
 The options are:
  -I --input-target=  Assume input file is in format 
  -O --output-target= Create an output file in format 
  -F --target=Set both input and output format to 
  -p --preserve-dates  Copy modified/access timestamps to the output
  -D --enable-deterministic-archives
   Produce deterministic output when stripping 
archives (default)
  -U --disable-deterministic-archives
   Disable -D behavior
  -R --remove-section=   Also remove section  from the output
 --remove-relocationsRemove relocations from section 
  -s --strip-all   Remove all symbol and relocation information
  -g -S -d --strip-debug   Remove all debugging symbols & sections
 --strip-dwo   Remove all DWO sections
 --strip-unneeded  Remove all symbols not needed by relocations
 --only-keep-debug Strip everything but the debug information
  -M  --merge-notesRemove redundant entries in note sections 
(default)
  --no-merge-notes Do not attempt to remove redundant notes
  -N --strip-symbol= Do not copy symbol 
 --keep-section= Do not strip section 
  -K --keep-symbol=  Do not strip symbol 
 --keep-file-symbols   Do not strip file symbol(s)
  -w --wildcardPermit wildcard in symbol comparison
  -x --discard-all Remove all non-global symbols
  -X --discard-locals  Remove any compiler-generated symbols
  -v --verbose List all object files modified
  -V --version Display this program's version number
  -h --helpDisplay this output
 --infoList object formats & architectures supported
  -o Place stripped output into 
strip: supported targets: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 
pei-i386 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big elf32-little 
elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 srec symbolsrec verilog tekhex 
binary ihex plugin
install: strip process terminated abnormally
-- >8 --

Probably don't do that.


It would also be nice for $STRIP to provide a default if -S isn't set;
the usefulness of install -s is doubtful if
  install -s binary $DESTDIR/bin
only works if binary happens to match the host arch.


Best,
наб

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-20-amd64 (SMP w/24 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages coreutils depends on:
ii  libacl1  2.2.53-10
ii  libattr1 1:2.4.48-6
ii  libc62.31-13+deb11u5
ii  libgmp10 2:6.2.1+dfsg-1+deb11u1
ii  libselinux1  3.1-3

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1034428: unblock: vmdb2/0.27-1

[Gunnar Wolf]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: vm...@packages.debian.org
Control: affects -1 + src:vmdb2

Please unblock package vmdb2

[ Reason ]

The main driver for uploading this vmdb release is bug #1031364:
Generating a system image with vmdb2 for x86, consisting of a Debian
release <= Bullseye (or other Linux systems with similar GRUB
releases), will result in a system that fails to boot due to GRUB not
understanding two of e2fsprogs' now-default options.

I am, however, uploading the upstream author's full new version, not
just a fix targetting this specific issue. This is because the issues
this release fixes are all reliability-related (three of them are in
fact GRUB-related).

The debdiff might seem a bit large, at 900 lines, but it is partly due
to upstream having included a patch we used to apply at build time.

[ Impact ]

If Bookworm ships with 0.26-2, all generated systems will ship with
filesystems that cannot be booted with the currently immediately
previous version of GRUB. This is quite major, in our opinion.

[ Tests ]

We have built several systems, targetting both ARM and x86 systems,
and they work successfully.

[ Risks ]

vmdb2 is a leaf package. The code changes are quite minor. While there
are several alternatives to vmdb2 in Debian, switching from one image
generating system to another might be quite heavy for the users.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]

Regardless of the outcome, thanks a lot for your work!

unblock vmdb2/0.27-1

-- 

diff -Nru vmdb2-0.26/amd64-uefi.vmdb vmdb2-0.27/amd64-uefi.vmdb
--- vmdb2-0.26/amd64-uefi.vmdb  2021-08-26 11:25:28.0 -0500
+++ vmdb2-0.27/amd64-uefi.vmdb  2023-04-11 12:01:15.0 -0600
@@ -30,15 +30,11 @@
 
   - mount: /
 
-  # Using the virtual-filesystems plugin here upsets qemu-debootstrap,
-  # which ends up unable to create /dev/fd within the chroot, causing
-  # the qemu-debootstrap phase to fail. Until we get to the bottom
-  # that, don't enable the plugin.
-  #- virtual-filesystems: /
+  - virtual-filesystems: /
 
   - unpack-rootfs: /
 
-  - qemu-debootstrap: buster
+  - debootstrap: buster
 arch: amd64
 mirror: http://deb.debian.org/debian
 target: /
diff -Nru vmdb2-0.26/amd64.vmdb vmdb2-0.27/amd64.vmdb
--- vmdb2-0.26/amd64.vmdb   2021-08-26 11:25:28.0 -0500
+++ vmdb2-0.27/amd64.vmdb   2023-04-11 12:01:15.0 -0600
@@ -23,7 +23,7 @@
 
   - unpack-rootfs: /
 
-  - qemu-debootstrap: buster
+  - debootstrap: buster
 arch: amd64
 mirror: http://deb.debian.org/debian
 target: /
diff -Nru vmdb2-0.26/ansible.vmdb vmdb2-0.27/ansible.vmdb
--- vmdb2-0.26/ansible.vmdb 2021-08-26 11:25:28.0 -0500
+++ vmdb2-0.27/ansible.vmdb 2023-04-11 12:01:15.0 -0600
@@ -15,10 +15,10 @@
 tag: /
 
   - kpartx: "{{ output }}"
-
+
   - mkfs: ext4
 partition: /
-
+
   - mount: /
 
   - unpack-rootfs: /
diff -Nru vmdb2-0.26/arm64-uefi.vmdb vmdb2-0.27/arm64-uefi.vmdb
--- vmdb2-0.26/arm64-uefi.vmdb  2021-08-26 11:25:28.0 -0500
+++ vmdb2-0.27/arm64-uefi.vmdb  2023-04-11 12:01:15.0 -0600
@@ -3,7 +3,7 @@
 
 steps:
   - mkimg: "{{ output }}"
-size: 4G
+size: 1G
 
   - mklabel: gpt
 device: "{{ output }}"
@@ -11,12 +11,12 @@
   - mkpart: primary
 device: "{{ output }}"
 start: 0%
-end: 1G
+end: 20M
 tag: efi
 
   - mkpart: primary
 device: "{{ output }}"
-start: 1G
+start: 20M
 end: 100%
 tag: /
 
@@ -30,26 +30,35 @@
 
   - mount: /
 
-  # Using the virtual-filesystems plugin here upsets qemu-debootstrap,
-  # which ends up unable to create /dev/fd within the chroot, causing
-  # the qemu-debootstrap phase to fail. Until we get to the bottom
-  # that, don't enable the plugin.
-  #- virtual-filesystems: /
-
   - unpack-rootfs: /
 
-  - qemu-debootstrap: buster
+  - debootstrap: bullseye
+variant: minbase
 arch: arm64
 mirror: http://deb.debian.org/debian
 target: /
 unless: rootfs_unpacked
 
+  - chroot: /
+shell: apt-get clean
+
   - apt: install
 packages:
+  - wget
+  - iproute2
   - linux-image-arm64
+  - systemd-sysv
 fs-tag: /
 unless: rootfs_unpacked
 
+  - copy-file: /etc/systemd/network/eth0.network
+src: eth0.network
+unless: rootfs_unpacked
+
+  - chroot: /
+shell: systemctl enable systemd-networkd
+unless: rootfs_unpacked
+
   - cache-rootfs: /
 unless: rootfs_unpacked
 
@@ -61,3 +70,6 @@
   - grub: uefi
 tag: /
 efi: efi
+console: serial
+
+# vim: ft=yaml
diff -Nru vmdb2-0.26/armhf-uefi.vmdb vmdb2-0.27/armhf-uefi.vmdb
--- vmdb2-0.26/armhf-uefi.vmdb  2021-08-26 11:25:28.0 -0500
+++ vmdb2-0.27/armhf-uefi.vmdb  2023-04-11 12:01:15.0 -0600
@@ -30,15 +30,11 @@
 
   - mount: /
 
-  # 

Bug#1004135: plantuml: please update to a newer upstream version

[Henrik Christian Grove]

Another reason to package an updated version: the version currently in 
stable (it's the same in testing and unstable) doesn't generate correct 
diagrams.


If I take the "seasons" example of:
@startuml
concise "Season" as S
'30 days is scaled to 50 pixels
scale 2592000 as 50 pixels

@2000/11/01
S is "Winter"

@2001/02/01
S is "Spring"

@2001/05/01
S is "Summer"

@2001/08/01
S is "Fall"
@enduml

from https://plantuml.com/timing-diagram, and run it through plantuml I 
get a diagram without labels on the x-axis.


.Henrik

Bug#1034426: unblock: a2ps/1:4.14-8

[Boyuan Yang]

Package: release.debian.org
Control: affects -1 + src:a2ps
X-Debbugs-Cc: a...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: by...@debian.org
Severity: normal

Please unblock package a2ps with 1:4.14-8.

The a2ps/1:4.14-8 upload specifically fixes Debian bug
https://bugs.debian.org/1008579 .

[ Reason ]
The a2ps/1:4.14-8 upload specifically fixes Debian bug
https://bugs.debian.org/1008579 . The fix cherry-picks an
upstream patch to fix the invocation of ghostscript in
/usr/bin/fixps.

[ Impact ]
Users who call /usr/bin/fixps will fail due to error raised
by ghostscript.

[ Tests ]
Manual tests with the related tool.

[ Risks ]
Minimal risk; patch tested by upstream as well. Even if
the fix is flawed, the condition will not be worse because
the tool is already broken.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

Thanks,
Boyuan Yang

unblock a2ps/1:4.14-8
diff -Nru a2ps-4.14/debian/changelog a2ps-4.14/debian/changelog
--- a2ps-4.14/debian/changelog	2021-02-09 10:52:04.0 -0500
+++ a2ps-4.14/debian/changelog	2023-04-13 22:44:48.0 -0400
@@ -1,3 +1,12 @@
+a2ps (1:4.14-8) unstable; urgency=medium
+
+  * debian/patches/:
++ 0017-fixps-use-GhostScript-ps2write-device-not-defunct-ps.patch:
+  Apply upstream patch to fix broken GhostScript invocation in
+  /usr/bin/fixps. (Closes: #1008579)
+
+ -- Boyuan Yang   Thu, 13 Apr 2023 22:44:48 -0400
+
 a2ps (1:4.14-7) unstable; urgency=high
 
   * QA upload.
diff -Nru a2ps-4.14/debian/patches/0017-fixps-use-GhostScript-ps2write-device-not-defunct-ps.patch a2ps-4.14/debian/patches/0017-fixps-use-GhostScript-ps2write-device-not-defunct-ps.patch
--- a2ps-4.14/debian/patches/0017-fixps-use-GhostScript-ps2write-device-not-defunct-ps.patch	1969-12-31 19:00:00.0 -0500
+++ a2ps-4.14/debian/patches/0017-fixps-use-GhostScript-ps2write-device-not-defunct-ps.patch	2023-04-13 22:44:03.0 -0400
@@ -0,0 +1,37 @@
+From: Boyuan Yang 
+Date: Thu, 13 Apr 2023 22:43:16 -0400
+Subject: fixps: use GhostScript ps2write device, not defunct pswrite device
+
+Applied-Upstream: https://git.savannah.gnu.org/cgit/a2ps.git/commit/?id=985b15ceafc1021ee1690f499cc6ae341e31a000
+Bug-Debian: https://bugs.debian.org/1008579
+---
+ contrib/fixps.in | 2 +-
+ contrib/fixps.m4 | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/contrib/fixps.in b/contrib/fixps.in
+index 6c06825..16bcf12 100644
+--- a/contrib/fixps.in
 b/contrib/fixps.in
+@@ -389,7 +389,7 @@ if test $task != check; then
+   	eval "$command" ;;
+   gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=ps2write -sOutputFile=- -c save pop -f $file ;;
+ esac
+   )
+ fi
+diff --git a/contrib/fixps.m4 b/contrib/fixps.m4
+index 84d4178..169f7cd 100644
+--- a/contrib/fixps.m4
 b/contrib/fixps.m4
+@@ -307,7 +307,7 @@ if test $task != check; then
+   	eval "$command" ;;
+   gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=ps2write -sOutputFile=- -c save pop -f $file ;;
+ esac
+   )
+ fi
diff -Nru a2ps-4.14/debian/patches/series a2ps-4.14/debian/patches/series
--- a2ps-4.14/debian/patches/series	2020-12-29 23:01:09.0 -0500
+++ a2ps-4.14/debian/patches/series	2023-04-13 22:44:03.0 -0400
@@ -14,3 +14,4 @@
 etcmakefile.-pass-arguments-to-date-to-s.patch
 manmakefile.-patch-to-use-the-system-hel.patch
 doca2ps.texi-remove-dates-from-generated.patch
+0017-fixps-use-GhostScript-ps2write-device-not-defunct-ps.patch


signature.asc
Description: This is a digitally signed message part

Bug#1034425: openssh: incorrection in changelog date

[Peter Samuelson]

Source: openssh
Version: 1:9.1p1-2
Severity: minor

I have no idea what possessed you to fix the dates on those
20-year-old changelog entries, but since you care ... 1:3.0.2p1-2 is
still wrong.

The correct fix was not s/Sat/Sun/ but s/2003/2002/.

Bug#1034406: chromium: Chromium doesn't start, just exists with this message: `trap' para punto de parada/seguimiento

[Andres Salomon]

On Fri, Apr 14 2023 at 08:47:28 PM -03:00:00, acula...@ffyb.uba.ar 
wrote:
Yes, I'm willing to try. And also, yes I know that I'm a weirdo that 
uses 32 bit PAE kernel linux, but I'm running it in a rather old 
(2010) machine with 4 GB ram, so i prefer 32 bits.


Thanks for your time.



It sounds like the following will fix the issue:

chromium --disable-features=MojoIpcz

There's another chromium release happening on Tuesday, so I'll include 
the fix in that upload.

Bug#1034361: haveged: autopkgtest fails on bookworm kernel: service fails to start

[Danny van Heumen]

Hi,

I looked into haveged a while back because I ran into some issue. (Don't 
remember exactly what.)

Apparently, the upstream systemd-service contains a conditional to only start 
on old kernels. The strategies that haveged performed are apparently 
incorporated into the kernel. That makes haveged an optional "extra" 
contribution to entropy, but no longer necessary.

A issue on either haveged's github or Qubes-OS's discussed pros/cons for use in 
VMs and IIRC the benefits are doubtful due to depending on healthy input 
entropy and characteristics of VMs (as opposed to actual machines).

Running haveged as userspace tool only has uses because applications/scripts 
can use it as an API to randomness. However, the issue for running haveged 
userspace while the systemd-service is running, was broken for a while. (Not 
sure what the status is now.)

You would need to investigate in detail, as I am not knowledgeable on this 
subject, but from my understanding one would run haveged service on newer 
kernels solely for an overabundance of caution, rather than a necessity to seed 
the entropy pool.

There is an explanation with references on the haveged homepage. The issue 
should be that *if* the service is running, *then* userspace cannot start.

 Original Message 
On Apr 14, 2023, 9:47 PM, Cyril Brulebois < k...@debian.org> wrote:
Paul Gevers (2023-04-13): > The release team has announced [1] that failing 
autopkgtest on amd64 and > arm64 are considered RC in testing. [Release Team 
member hat on] Because > we're currently in the hard freeze for bookworm, I 
have marked this bug as > bookworm-ignore, however, I have a strong suspicion 
that it points out that > the package is broken. Targeted fixes are still 
welcome. The daemon starts just fine in d-i. The daemon starts just fine from 
the service unit on baremetal. I'd like extreme caution to be used before 
considering removing this package. After the 5.4 announce, trying to drop it 
from the installer didn't go quite well[1]. Maybe that's indeed better after 
5.6, but I really don't want to investigate dropping it from the installer for 
Bookworm. 1. https://lists.debian.org/debian-boot/2020/03/msg00182.html and 
replies. Cheers, -- Cyril Brulebois (k...@debian.org) D-I release manager -- 
Release team member -- Freelance Consultant

Bug#1034389: installation-reports: bookworm cannot install base system

[Pascal Hambourg]

Hello,

On 14/04/2023 at 15:16, Steve Witt wrote:


/var/log/syslog attached as requested.


Thank you. According to the following messages:


sd 0:0:0:0: [sda] 7700480 512-byte logical blocks: (3.94 GB/3.67 GiB)
sda: p1 size 7758432 extends beyond EOD, truncated


It seems that the USB drive capacity is slightly smaller than the ISO 
image size.


USB drive capacity: 7700480 sectors / 3.94 GB / 3.67 GiB
DVD-1 image size:   7758432 sectors / 3.97 GB / 3.70 GiB

The DVD image size is slightly lower than 4 GB to fit into most 4-GB USB 
drives but unfortunately there are USB drives whose actual capacity is 
significantly lower than the rated capacity.


You may try with a bigger USB drive or a smaller ISO image (e.g. netinst 
if you have a good network connection).


Didn't it trigger an error when writing the image to the USB drive ?

Bug#1034424: buildd.debian.org: Please use predictible build paths

[Vagrant Cascadian]

Source: buildd.debian.org
Severity: wishlist
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath toolchain
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Thanks for maintaining buildd.debian.org, which consistently cranks out
countless builds of packages that I and many others use!


We had a bit of a discussion in in the #reproduciblebuilds channel about
build paths, and it occurred to me that if buildd.debian.org used a
predictible build path.

Build paths are one of the larger sources sources of reproducibility
issues(~10% of the archive are still affected), and while the workaround
is relatively simple (build in a chroot with the same build path), not
having to do so would be very helpful!

For example, a build of 0ad uses a randomized string in the Build-Path:

  https://buildinfos.debian.net/buildinfo-pool/0/0ad/0ad_0.0.26-3_i386.buildinfo

  Build-Path: /build/0ad-al23I5/0ad-0.0.26

If this were instead a build path such as:

  Build-Path: /build/0ad-0.0.26-3_i386

I understand that the build path is randomized a bit in order to avoid
collisions with concurrent builds of the same package version.

Just the fact that it is recorded in the .buildinfo is certainly helpful
and makes it possible to reproduce a build after the fact, but being
able to predict the used build-path would allow performing builds
concurrently (assuming they were pulling from the same package mirrors).

At least some sbuild backends (unshare mode) can provide an independent
/build directory for each build, avoiding the risk of collisions. My
understanding is buildd.debian.org uses a variant of sbuild?

I think I could probably come up with a way in sbuild to configure a
unique /build directory using bind-mounts to a randomized directory, if
that would be helpful. Other approaches might involve using mount
namespaces?


live well,
  vagrant


signature.asc
Description: PGP signature

Bug#1034406: chromium: Chromium doesn't start, just exists with this message: `trap' para punto de parada/seguimiento

[miketwebster]

It launches ok then:

build@test:~/Downloads$ chromium --disable-features=MojoIpcz
[6055:6055:0414/172309.532655:ERROR:chrome_browser_cloud_management_con
troller.cc(162)] Cloud management controller initialization aborted as
CBCM is not enabled.
MESA-LOADER: failed to retrieve device information
MESA-LOADER: failed to retrieve device information
MESA-LOADER: failed to retrieve device information
[6087:6087:0414/172309.814857:ERROR:gbm_wrapper.cc(255)] Failed to
export buffer to dma_buf: No such file or directory (2)
[6087:6087:0414/172309.815090:ERROR:gbm_wrapper.cc(255)] Failed to
export buffer to dma_buf: No such file or directory (2)
...
repeats...
...
...
[6087:6087:0414/172309.819456:ERROR:gbm_wrapper.cc(255)] Failed to
export buffer to dma_buf: No such file or directory (2)
[6087:6087:0414/172309.819572:ERROR:gbm_wrapper.cc(255)] Failed to
export buffer to dma_buf: No such file or directory (2)
Fontconfig error: Cannot load default config file
*** stack smashing detected ***: terminated
[0414/172410.222418:ERROR:file_io_posix.cc(144)] open
/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or
directory (2)
[0414/172410.222496:ERROR:file_io_posix.cc(144)] open
/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or
directory (2)
*** stack smashing detected ***: terminated
[0414/172410.311841:ERROR:file_io_posix.cc(144)] open
/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or
directory (2)
[0414/172410.311869:ERROR:file_io_posix.cc(144)] open
/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or
directory (2)
*** stack smashing detected ***: terminated

This is running in a virtual machine so I imagine some of the warnings
may be caused by that.


On Fri, 14 Apr 2023 16:57:29 -0400 Andres Salomon 
wrote:
> Thanks for that. What happens if you run chromium with the command
line 
> argument  '--disable-features=MojoIpcz' (without the quotes)?
> 
> 
> 
> On Fri, Apr 14 2023 at 03:52:23 PM -04:00:00, miketwebs...@gmail.com 
> wrote:
> > To add a bit (not the Debian official version but the same build
and
> > architecture):
> > 
> > Starting program: /usr/lib/chromium/chromium --single-process
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib/i386-linux-
> > gnu/libthread_db.so.1".
> > [Detaching after fork from child process 5623]
> > [New Thread 0xb23fdb40 (LWP 5628)]
> > [Detaching after fork from child process 5629]
> > [Detaching after fork from child process 5630]
> > [Detaching after fork from child process 5631]
> > [New Thread 0xb1bfcb40 (LWP 5634)]
> > 
> > Thread 1 "chromium" received signal SIGTRAP, Trace/breakpoint trap.
> > 0x05fe44f7 in mojo::core::Init(mojo::core::Configuration const&) ()
> > (gdb) bt
> > #0  0x05fe44f7 in mojo::core::Init(mojo::core::Configuration
const&) 
> > ()
> > #1  0x050c6352 in content::InitializeMojoCore() ()
> > #2  0x0180088c in
> >
ChromeMainDelegate::PostEarlyInitialization(absl::variant > entMainDelegate::InvokedInBrowserProcess,
> > content::ContentMainDelegate::InvokedInChildProcess>) ()
> > #3  0x050c9241 in
> >
content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams,

> > bool) ()
> > #4  0x050c8eea in content::ContentMainRunnerImpl::Run() ()
> > #5  0x050c5af7 in
> > content::RunContentProcess(content::ContentMainParams,
> > content::ContentMainRunner*) ()
> > #6  0x050c6208 in content::ContentMain(content::ContentMainParams)
()
> > #7  0x018001e8 in ChromeMain ()
> > #8  0x017fffdf in main ()
> > (gdb) thread apply all bt
> > 
> > Thread 3 (Thread 0xb1bfcb40 (LWP 5634) "chromium"):
> > #0  0xb7fd2559 in __kernel_vsyscall ()
> > #1  0xb66f97c3 in __GI___wait4 (usage=0x0, options=0,
> > stat_loc=0xb1bfbce8, pid=5631) at 
> > ../sysdeps/unix/sysv/linux/wait4.c:27
> > #2  __GI___wait4 (pid=5631, stat_loc=0xb1bfbce8, options=0,
usage=0x0)
> > at ../sysdeps/unix/sysv/linux/wait4.c:24
> > #3  0xb66f9736 in __GI___waitpid (pid=5631, stat_loc=0xb1bfbce8,
> > options=0) at waitpid.c:38
> > #4  0x05caa8e7 in
> > base::Process::WaitForExitWithTimeout(base::TimeDelta, int*) const
()
> > #5  0x05caac58 in base::Process::WaitForExit(int*) const ()
> > #6  0x05caa58c in base::(anonymous
> > namespace)::BackgroundReaper::ThreadMain() ()
> > #7  0x05c86ff3 in base::(anonymous namespace)::ThreadFunc(void*) ()
> > #8  0xb7f880b4 in start_thread (arg=) at
> > pthread_create.c:477

Bug#1034417: samba: Samba can no longer authenticate users via Kerberos from a standalone KDC

[Daniel Lakeland]

On 4/14/23 10:59, Michael Tokarev wrote:

Control: tag -1 + moreinfo

Hello!

14.04.2023 20:49, Daniel Lakeland wrote:

Package: samba
Version: Installed: 2:4.17.7+dfsg-1
Severity: important
Tags: upstream
X-Debbugs-Cc: dlake...@street-artists.org


..
Please see discussions on the samba mailing list in the thread 
starting here:


https://lists.samba.org/archive/samba/2023-April/244842.html


Yeah, I've seen this thread, watched it with great interest.

But I have a question for you, as the reporter of this bug:
What do you expect us the debian samba maintainers to do with it?
I definitely will not change samba in a way not approved by the
upstream. Also, I wont try to find out what the problem is and
how to deal with it as I don't have neither enough experience
in that area nor time nor motivation. If this bugreport stays
here for years, what good will it serve? I can immediately
think about a downside: it will keep my attention constantly
drawn away when I look for bugs to triage, so I'll have less
resources for other bugs I can possible fix.



Hi Michael, my concern is mainly to document the existence of this 
problem for others who might use this similar config. I'm 100% sure I'm 
not the only one in the world. There are debian bugs going back a while 
where others have this kind of set up and had issues. I'll continue to 
try to figure out the work around, and then document the method I came 
up with here, and then we can close the bug so it's preserved for others 
with similar issues?


Agreed that you won't make changes they don't approve, but it's possible 
they'll realize that they've done something unintended and make some 
changes based on my concerns etc. Or not. Let's not make this bug be a 
thorn in your side for a long time, but let's leave it open for 
documenting the issue and its resolution or non-resolution for a 
sufficiently long time that it's clear whether this is permanently 
unsupported, or only temporarily or requires some specific config. 
Googling debian bugs can be an amazingly helpful way to figure out the 
solutions to problems for others.

Bug#1034406: chromium: Chromium doesn't start, just exists with this message: `trap' para punto de parada/seguimiento

[Andres Salomon]

Thanks for that. What happens if you run chromium with the command line 
argument  '--disable-features=MojoIpcz' (without the quotes)?




On Fri, Apr 14 2023 at 03:52:23 PM -04:00:00, miketwebs...@gmail.com 
wrote:

To add a bit (not the Debian official version but the same build and
architecture):

Starting program: /usr/lib/chromium/chromium --single-process
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-
gnu/libthread_db.so.1".
[Detaching after fork from child process 5623]
[New Thread 0xb23fdb40 (LWP 5628)]
[Detaching after fork from child process 5629]
[Detaching after fork from child process 5630]
[Detaching after fork from child process 5631]
[New Thread 0xb1bfcb40 (LWP 5634)]

Thread 1 "chromium" received signal SIGTRAP, Trace/breakpoint trap.
0x05fe44f7 in mojo::core::Init(mojo::core::Configuration const&) ()
(gdb) bt
#0  0x05fe44f7 in mojo::core::Init(mojo::core::Configuration const&) 
()

#1  0x050c6352 in content::InitializeMojoCore() ()
#2  0x0180088c in
ChromeMainDelegate::PostEarlyInitialization(absl::variant) ()
#3  0x050c9241 in
content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams,
bool) ()
#4  0x050c8eea in content::ContentMainRunnerImpl::Run() ()
#5  0x050c5af7 in
content::RunContentProcess(content::ContentMainParams,
content::ContentMainRunner*) ()
#6  0x050c6208 in content::ContentMain(content::ContentMainParams) ()
#7  0x018001e8 in ChromeMain ()
#8  0x017fffdf in main ()
(gdb) thread apply all bt

Thread 3 (Thread 0xb1bfcb40 (LWP 5634) "chromium"):
#0  0xb7fd2559 in __kernel_vsyscall ()
#1  0xb66f97c3 in __GI___wait4 (usage=0x0, options=0,
stat_loc=0xb1bfbce8, pid=5631) at 
../sysdeps/unix/sysv/linux/wait4.c:27

#2  __GI___wait4 (pid=5631, stat_loc=0xb1bfbce8, options=0, usage=0x0)
at ../sysdeps/unix/sysv/linux/wait4.c:24
#3  0xb66f9736 in __GI___waitpid (pid=5631, stat_loc=0xb1bfbce8,
options=0) at waitpid.c:38
#4  0x05caa8e7 in
base::Process::WaitForExitWithTimeout(base::TimeDelta, int*) const ()
#5  0x05caac58 in base::Process::WaitForExit(int*) const ()
#6  0x05caa58c in base::(anonymous
namespace)::BackgroundReaper::ThreadMain() ()
#7  0x05c86ff3 in base::(anonymous namespace)::ThreadFunc(void*) ()
#8  0xb7f880b4 in start_thread (arg=) at
pthread_create.c:477
#9  0xb6733296 in clone () at
../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 2 (Thread 0xb23fdb40 (LWP 5628) "sandbox_ipc_thr"):
#0  0xb7fd2559 in __kernel_vsyscall ()
#1  0xb6728333 in __GI___poll (timeout=-1, nfds=2, fds=0xb23fcd08) at
../sysdeps/unix/sysv/linux/poll.c:29
#2  __GI___poll (fds=0xb23fcd08, nfds=2, timeout=-1) at
../sysdeps/unix/sysv/linux/poll.c:26
#3  0x04346bfd in content::SandboxIPCHandler::Run() ()
#4  0x05c6f05a in base::DelegateSimpleThread::Run() ()
#5  0x05c6ed85 in base::SimpleThread::ThreadMain() ()
#6  0x05c86ff3 in base::(anonymous namespace)::ThreadFunc(void*) ()
#7  0xb7f880b4 in start_thread (arg=) at
pthread_create.c:477
#8  0xb6733296 in clone () at
../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 1 (Thread 0xb36bccc0 (LWP 5622) "chromium"):
#0  0x05fe44f7 in mojo::core::Init(mojo::core::Configuration const&) 
()

#1  0x050c6352 in content::InitializeMojoCore() ()
#2  0x0180088c in
ChromeMainDelegate::PostEarlyInitialization(absl::variant) ()
#3  0x050c9241 in
content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams,
bool) ()
#4  0x050c8eea in content::ContentMainRunnerImpl::Run() ()
#5  0x050c5af7 in
content::RunContentProcess(content::ContentMainParams,
content::ContentMainRunner*) ()
#6  0x050c6208 in content::ContentMain(content::ContentMainParams) ()
#7  0x018001e8 in ChromeMain ()
#8  0x017fffdf in main ()
(gdb)

Bug#1034423: php8.2: reproducible-builds: Paths to sed in php-config8.2 and and phpize8.2

[Vagrant Cascadian]

Source: php8.2
Severity: serious
Justification: TC resolution #994388
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The paths to sed are embedded in two scripts shipped in /usr/bin:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/php8.2.html

  /usr/bin/php-config8.2

  SED="/bin/sed"
  vs.
  SED="/usr/bin/sed"

It appears this was attempted to be fixed in an earlier php package, but
the fix was either never effective, or has for some reason become
ineffective:

  https://bugs.debian.org/1015188

The attached patch fixes this by explicitly specifying the /usr/bin
path, which is compatible with both usrmerge and non-usrmerge systems.

Other approaches would be to adapt configure to be able to override the
autodetection of the path for SED, or perhaps ideal would be to specify
SED without any path, assuming it is always run in an environment where
PATH is set correctly.

Unfortunately, there are other outstanding issues and this patch is not
sufficient to make php8.2 reproducible, but it should reduce the
differences.

Thanks for maintaining php8.2!

live well,
  vagrant
From 830b885bf5495bd079bf698c7a3352ccf7a38633 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Thu, 13 Apr 2023 15:59:57 -0700
Subject: [PATCH] scripts/php*.in: Explicitly define the path to sed.

The full path is detected by configure, resulting in a different build
depending on if it is built on a usrmerge or non-usrmerge system.

Since usrmerge systems contain compatibility symlinks for the
non-usrmerge paths, use the non-usrmerge path which is compatible in
both systems.

https://tests.reproducible-builds.org/debian/issues/bookworm/paths_vary_due_to_usrmerge_issue.html
---
 scripts/php-config.in | 2 +-
 scripts/phpize.in | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/php-config.in b/scripts/php-config.in
index 45a07597..05307ee3 100644
--- a/scripts/php-config.in
+++ b/scripts/php-config.in
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-SED="@SED@"
+SED="/bin/sed"
 prefix="@prefix@"
 datarootdir="@datarootdir@"
 exec_prefix="@exec_prefix@"
diff --git a/scripts/phpize.in b/scripts/phpize.in
index 0dcfe21d..0d71e795 100644
--- a/scripts/phpize.in
+++ b/scripts/phpize.in
@@ -7,7 +7,7 @@ exec_prefix="`eval echo @exec_prefix@`"
 phpdir="$prefix/lib/php/@DEBIAN_PHP_API@/build"
 includedir="$prefix/include/php/@DEBIAN_PHP_API@"
 builddir="`pwd`"
-SED="@SED@"
+SED="/bin/sed"
 
 libtool_version=$(dpkg-query -f'${Version}' -W libtool)
 aclocaldir="$prefix/share/aclocal"
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1034396: file-roller: File-Roller fails to create 7z- and ZIP-archives from folders selected in Nemo

[Karel van Gruiten]

Three additional information that might be helpful here:

1) I recently (about a week ago) updated my system from a fully patched 
Bullseye to Bookworm.

2) About one or two month ago the same scenario (select directories in homedir 
and create a ZIP via contextmenu) worked without any problems.
3) It isn‘t mentioned in the lis of installed softwarecomponents created by 
bugreport, but I also have the (new) package 7zip installed.

Bug#1034416: coreutils: stat.1: are there any shells which actually provide stat as a built-in?

[Pádraig Brady]

On 14/04/2023 18:25, наб wrote:

Package: coreutils
Version: 9.1-1
Severity: minor

Dear Maintainer,

Quoth stat(1):
-- >8 --
NOTE: your shell may have its own version of stat, which usually 
supersedes the version described here.  Please
refer to your shell's documentation for details about the options it 
supports.
-- >8 --

An apt list | grep sh/unstable filtered to "is a shell" gives me
-- >8 --
bash/unstable,now 5.2.15-2+b1 x32 [installed]
csh/unstable 20110502-7 x32
dash/unstable,now 0.5.12-2 x32 [installed]
fish/unstable 3.6.0-3 x32
mksh/unstable 59c-27 x32
posh/unstable 0.14.1 x32
rush/unstable 2.3-1 x32
sash/unstable 3.8-5+b9 x32
tcsh/unstable 6.24.07-1 x32
yash/unstable 2.52-2 x32
zsh/unstable 5.9-4 x32
-- >8 --

and
$ for sh in bash dash fish mksh posh sash tcsh yash zsh; do echo $sh; $sh -c 
'type stat'; done
bash
stat is /bin/stat
dash
stat is /bin/stat
fish
stat is /bin/stat
mksh
stat is a tracked alias for /bin/stat
yash
stat: an external command at /bin/stat
zsh
stat is /bin/stat

csh and tcsh
Don't have type, strace says "stat ." execs stat.

posh
No type, no stat builtin.

sash
No type; has a lot of stuff built in, not stat tho.

rush
idk; source doesn't have "stat" anywhere so probably no


I thought this was either ancient bash or ksh tech,
but it's not in 1.14.4-2 or as far back as the illumos-gate ksh goes.

Probably axe it?


Maybe.
The warning was added in 2005 without mentioning specific shells:
https://github.com/coreutils/coreutils/commit/d209b0f75

I see zsh has a stat module:
https://zsh.sourceforge.io/Doc/Release/Zsh-Modules.html#The-zsh_002fstat-Module

I also see a bash stat loadable:
http://git.savannah.gnu.org/gitweb/?p=bash.git;a=blob;f=examples/loadables/stat.c;hb=HEAD

Though if we're considering loadables,
then that would cover most commands.

It might be best to remove this warning indeed.

cheers,
Pádraig

Bug#1034421: coreutils: install(1): says -v only notes directory creation, but also writes regular file creation

[Pádraig Brady]

On 14/04/2023 20:23, наб wrote:

Package: coreutils
Version: 8.32-4+b1
Version: 9.1-1
Severity: minor

Dear Maintainer,

Quoth install(1):
-- >8 --
-v, --verbose
 print the name of each directory as it is created
-- >8 --

Compare:
-- >8 --
$ install -v $(command -v install) .
'/bin/install' -> './install'


Yes I already fixed that upstream actually as part of:
https://github.com/coreutils/coreutils/commit/d899f9e33

  $ src/ginstall --help | grep -- --verbose
  -v, --verbose   print the name of each created file or directory

cheers,
Pádraig

Bug#1034406: chromium: Chromium doesn't start, just exists with this message: `trap' para punto de parada/seguimiento

[miketwebster]

To add a bit (not the Debian official version but the same build and
architecture):

Starting program: /usr/lib/chromium/chromium --single-process
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-
gnu/libthread_db.so.1".
[Detaching after fork from child process 5623]
[New Thread 0xb23fdb40 (LWP 5628)]
[Detaching after fork from child process 5629]
[Detaching after fork from child process 5630]
[Detaching after fork from child process 5631]
[New Thread 0xb1bfcb40 (LWP 5634)]

Thread 1 "chromium" received signal SIGTRAP, Trace/breakpoint trap.
0x05fe44f7 in mojo::core::Init(mojo::core::Configuration const&) ()
(gdb) bt
#0  0x05fe44f7 in mojo::core::Init(mojo::core::Configuration const&) ()
#1  0x050c6352 in content::InitializeMojoCore() ()
#2  0x0180088c in
ChromeMainDelegate::PostEarlyInitialization(absl::variant) ()
#3  0x050c9241 in
content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams,
bool) ()
#4  0x050c8eea in content::ContentMainRunnerImpl::Run() ()
#5  0x050c5af7 in
content::RunContentProcess(content::ContentMainParams,
content::ContentMainRunner*) ()
#6  0x050c6208 in content::ContentMain(content::ContentMainParams) ()
#7  0x018001e8 in ChromeMain ()
#8  0x017fffdf in main ()
(gdb) thread apply all bt

Thread 3 (Thread 0xb1bfcb40 (LWP 5634) "chromium"):
#0  0xb7fd2559 in __kernel_vsyscall ()
#1  0xb66f97c3 in __GI___wait4 (usage=0x0, options=0,
stat_loc=0xb1bfbce8, pid=5631) at ../sysdeps/unix/sysv/linux/wait4.c:27
#2  __GI___wait4 (pid=5631, stat_loc=0xb1bfbce8, options=0, usage=0x0)
at ../sysdeps/unix/sysv/linux/wait4.c:24
#3  0xb66f9736 in __GI___waitpid (pid=5631, stat_loc=0xb1bfbce8,
options=0) at waitpid.c:38
#4  0x05caa8e7 in
base::Process::WaitForExitWithTimeout(base::TimeDelta, int*) const ()
#5  0x05caac58 in base::Process::WaitForExit(int*) const ()
#6  0x05caa58c in base::(anonymous
namespace)::BackgroundReaper::ThreadMain() ()
#7  0x05c86ff3 in base::(anonymous namespace)::ThreadFunc(void*) ()
#8  0xb7f880b4 in start_thread (arg=) at
pthread_create.c:477
#9  0xb6733296 in clone () at
../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 2 (Thread 0xb23fdb40 (LWP 5628) "sandbox_ipc_thr"):
#0  0xb7fd2559 in __kernel_vsyscall ()
#1  0xb6728333 in __GI___poll (timeout=-1, nfds=2, fds=0xb23fcd08) at
../sysdeps/unix/sysv/linux/poll.c:29
#2  __GI___poll (fds=0xb23fcd08, nfds=2, timeout=-1) at
../sysdeps/unix/sysv/linux/poll.c:26
#3  0x04346bfd in content::SandboxIPCHandler::Run() ()
#4  0x05c6f05a in base::DelegateSimpleThread::Run() ()
#5  0x05c6ed85 in base::SimpleThread::ThreadMain() ()
#6  0x05c86ff3 in base::(anonymous namespace)::ThreadFunc(void*) ()
#7  0xb7f880b4 in start_thread (arg=) at
pthread_create.c:477
#8  0xb6733296 in clone () at
../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 1 (Thread 0xb36bccc0 (LWP 5622) "chromium"):
#0  0x05fe44f7 in mojo::core::Init(mojo::core::Configuration const&) ()
#1  0x050c6352 in content::InitializeMojoCore() ()
#2  0x0180088c in
ChromeMainDelegate::PostEarlyInitialization(absl::variant) ()
#3  0x050c9241 in
content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams,
bool) ()
#4  0x050c8eea in content::ContentMainRunnerImpl::Run() ()
#5  0x050c5af7 in
content::RunContentProcess(content::ContentMainParams,
content::ContentMainRunner*) ()
#6  0x050c6208 in content::ContentMain(content::ContentMainParams) ()
#7  0x018001e8 in ChromeMain ()
#8  0x017fffdf in main ()
(gdb) 

Bug#1034361: haveged: autopkgtest fails on bookworm kernel: service fails to start

[Cyril Brulebois]

Paul Gevers  (2023-04-13):
> The release team has announced [1] that failing autopkgtest on amd64 and
> arm64 are considered RC in testing. [Release Team member hat on] Because
> we're currently in the hard freeze for bookworm, I have marked this bug as
> bookworm-ignore, however, I have a strong suspicion that it points out that
> the package is broken. Targeted fixes are still welcome.

The daemon starts just fine in d-i.

The daemon starts just fine from the service unit on baremetal.

I'd like extreme caution to be used before considering removing this
package. After the 5.4 announce, trying to drop it from the installer
didn't go quite well[1]. Maybe that's indeed better after 5.6, but I
really don't want to investigate dropping it from the installer for
Bookworm.

 1. https://lists.debian.org/debian-boot/2020/03/msg00182.html
and replies.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1034352: golang-github-azure-go-autorest: autopkgtest regression on arm64: request header doesn't match

[Paul Gevers]

Hi,

On 13-04-2023 19:22, Paul Gevers wrote:

On 13-04-2023 18:17, Shengjing Zhu wrote:

Maybe you haven't rebuilt the lxc image with the new timezone, so it
still uses UTC+8.


That's what I thought so later too. Let's see what tomorrow brings.


So, the testsing container was rebuild on Apr 14 06:29 (UTC) and I just 
ran the golang-github-azure-go-autorest test: 
https://ci.debian.net/data/autopkgtest/testing/arm64/g/golang-github-azure-go-autorest/32898818/log.gz


It still fails.

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034422: distro-info(-data) should respect SOURCE_DATE_EPOCH

[Holger Levsen]

package: distro-info
severity: wishlist
x-debbugs-cc: reproducible-bui...@lists.alioth.debian.org
affects: extrepo-data, developers-reference

hi!

On Fri, Apr 14, 2023 at 12:24:52PM -0700, Vagrant Cascadian wrote:
> On 2023-04-14, Holger Levsen wrote:
> > i'm wondering whether distro-info should respect SOURCE_DATE_EPOCH: 
> > src:developers-reference builds different content based on the build
> > date, due to using distro-info and distro-info knows that in 398 days
> >  trixie will be released :))) 
> > see  
> > https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/arm64/diffoscope-results/developers-reference.html
> >
> > (src:developers-reference is "my" package using sphinx.)
> 
> This also recently came up for extrepo-data:
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020648#15
> Porbably should file a bug on distro-info and then mark as affecting
> extrepo-data and developers-reference, and any other relevent
> packages. Maybe also we should create an issue for it in
> reproducible-notes.git.

thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If you want to forget all about Covid...just keep getting it.


signature.asc
Description: PGP signature

Bug#1032557: libvcflib breaks freebayes autopkgtest: Error: signal 11

[Paul Gevers]

Control: reassign -1 src:libvcflib 1.0.9+dfsg-1
Control: affects -1 src:freebayes
Control: retitle -1 libvcflib breaks ABI without SONAME bump
Control: tags -1 - bookworm-ignore

On Wed, 12 Apr 2023 17:05:47 -0700 Steve Langasek 
 wrote:

This implies that libvcflib has actually broken ABI without
changing its SONAME, and that this is what is causing the segfault.  So I
don't consider it correct to mark this bug as "fixed" in freebayes, as
libvcflib1 needs a rename to block the new library being loaded by old
binaries.


Reassigning to the right package then.

Paul
PS: tille, if you want a bug marked -ignore, please contact 
the release team and don't tag it yourself.


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034332: Occasional garbled Chinese pdf lines

[Jonas Smedegaard]

Do you have fonts-droid-fallback installed?  If not, please try install
it and see if it improves ḿatters.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1034420: grub-efi-amd64: Package update fails with error: installation script subprocess returned error exit status 128

[Andrea Palazzi]

Package: grub-efi-amd64
Version: 2.06-8
Severity: important
X-Debbugs-Cc: palazziand...@yahoo.it

Dear Maintainer,
   * What led up to the situation?
updating the system with apt update && apt upgrade

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
apt-update && apt-upgrade

   * What was the outcome of this action?
Setting up grub-efi-amd64 (2.06-8) ...
dpkg: error processing package grub-efi-amd64 (--configure):
 installed grub-efi-amd64 package post-installation script subprocess returned 
error exit status 128
dpkg: dependency problems prevent configuration of grub-efi:
 grub-efi depends on grub-efi-amd64 (= 2.06-8); however:
  Package grub-efi-amd64 is not configured yet.

dpkg: error processing package grub-efi (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 grub-efi-amd64
 grub-efi
E: Sub-process /usr/bin/dpkg returned an error code (1)

   * What outcome did you expect instead?
An update without errors.

-- Package-specific info:

*** BEGIN /proc/mounts
/dev/sda2 /boot/efi vfat 
rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro
 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod zfs
set root='hd2,gpt3'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd2,gpt3 
--hint-efi=hd2,gpt3 --hint-baremetal=ahci2,gpt3  --hint-bios=hd6,gpt3 
--hint-efi=hd6,gpt3 --hint-baremetal=ahci6,gpt3  --hint-bios=hd5,gpt3 
--hint-efi=hd5,gpt3 --hint-baremetal=ahci5,gpt3  --hint-bios=hd4,gpt3 
--hint-efi=hd4,gpt3 --hint-baremetal=ahci4,gpt3  --hint-bios=hd0,gpt3 
--hint-efi=hd0,gpt3 --hint-baremetal=ahci0,gpt3  --hint-bios=hd1,gpt3 
--hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3  1f9ee6c758e35b0b
else
  search --no-floppy --fs-uuid --set=root 1f9ee6c758e35b0b
fi
font="/BOOT/debian@/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=it_IT
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod zfs
set root='hd2,gpt3'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd2,gpt3 
--hint-efi=hd2,gpt3 --hint-baremetal=ahci2,gpt3  --hint-bios=hd6,gpt3 
--hint-efi=hd6,gpt3 --hint-baremetal=ahci6,gpt3  --hint-bios=hd5,gpt3 
--hint-efi=hd5,gpt3 --hint-baremetal=ahci5,gpt3  --hint-bios=hd4,gpt3 
--hint-efi=hd4,gpt3 --hint-baremetal=ahci4,gpt3  --hint-bios=hd0,gpt3 
--hint-efi=hd0,gpt3 --hint-baremetal=ahci0,gpt3  --hint-bios=hd1,gpt3 
--hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3  1f9ee6c758e35b0b
else
  search --no-floppy --fs-uuid --set=root 1f9ee6c758e35b0b
fi
insmod png
if background_image /BOOT/debian@/grub/.background_cache.png; then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu 
--class os $menuentry_id_option 

Bug#1034421: coreutils: install(1): says -v only notes directory creation, but also writes regular file creation

[наб]

Package: coreutils
Version: 8.32-4+b1
Version: 9.1-1
Severity: minor

Dear Maintainer,

Quoth install(1):
-- >8 --
   -v, --verbose
 print the name of each directory as it is created
-- >8 --

Compare:
-- >8 --
$ install -v $(command -v install) .
'/bin/install' -> './install'
-- >8 --

наб

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-20-amd64 (SMP w/24 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages coreutils depends on:
ii  libacl1  2.2.53-10
ii  libattr1 1:2.4.48-6
ii  libc62.31-13+deb11u5
ii  libgmp10 2:6.2.1+dfsg-1+deb11u1
ii  libselinux1  3.1-3

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1034406: chromium: Chromium doesn't start, just exists with this message: `trap' para punto de parada/seguimiento

[Andres Salomon]

Control: tags -1 bullseye
Control: retitle -1 chromium: fails to start on i386 with trap error

I don't have a good environment for testing this. If I built chromium 
v113 for bullseye and put it online somewhere, would you be willing to 
try it out?



On Fri, Apr 14 2023 at 10:51:03 AM -03:00:00, Andres Culasso 
 wrote:

Package: chromium
Version: 112.0.5615.49-2~deb11u2
Severity: important
X-Debbugs-Cc: acula...@ffyb.uba.ar

Dear Maintainer,

  After updating chromium to version 112.0.5615.49-2 it dosen't run 
anymore. Instead it throw a message "`trap' para punto de 
parada/seguimiento" and no window is shown.
  I've check the permissions of /usr/lib/chromium/chrome-sandbox 
(that is 4755) as suggested by some threads in forums regarding to 
the function of some webapps that fails to run with chrome/chromium.

  Instead of the message I expected the chromium window to pop up.


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), 
(500, 'stable')

Architecture: i386 (i686)

Kernel: Linux 5.10.0-21-686-pae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_AR:es

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chromium depends on:
ii  chromium-common 
112.0.5615.49-2~deb11u2

ii  libasound2  1.2.4-1.1
ii  libatk-bridge2.0-0  2.38.0-1
ii  libatk1.0-0 2.36.0-2
ii  libatomic1  10.2.1-6
ii  libatspi2.0-0   2.38.0-4
ii  libbrotli1  1.0.9-2+b2
ii  libc6   
2.31-13+deb11u5

ii  libcairo2   1.16.0-5
ii  libcups2
2.3.3op2-3+deb11u2
ii  libdbus-1-3 
1.12.24-0+deb11u1

ii  libdouble-conversion3   3.1.5-6.1
ii  libdrm2 2.4.104-1
ii  libevent-2.1-7  
2.1.12-stable-1
ii  libexpat1   
2.2.10-2+deb11u5
ii  libflac8
1.3.3-2+deb11u1

ii  libfontconfig1  2.13.1-4.2
ii  libfreetype6
2.10.4+dfsg-1+deb11u1

ii  libgbm1 20.3.5-1
ii  libglib2.0-02.66.8-1
ii  libgtk-3-0  
3.24.24-4+deb11u2

ii  libjpeg62-turbo 1:2.0.6-4
ii  libjsoncpp241.9.4-4
ii  liblcms2-2  2.12~rc1-2
ii  libminizip1 1.1-8+b1
ii  libnspr42:4.29-1
ii  libnss3 
2:3.61-1+deb11u3

ii  libopenjp2-72.4.0-3
ii  libopus01.3.1-0.1
ii  libpango-1.0-0  1.46.2-3
ii  libpng16-16 1.6.37-3
ii  libpulse0   14.2-2
ii  libre2-9
20210201+dfsg-1

ii  libsnappy1v51.1.8-1
ii  libstdc++6  10.2.1-6
ii  libwebp60.6.1-2.1
ii  libwebpdemux2   0.6.1-2.1
ii  libwebpmux3 0.6.1-2.1
ii  libwoff11.0.2-1+b1
ii  libx11-62:1.7.2-1
ii  libxcb1 1.14-3
ii  libxcomposite1  1:0.4.5-1
ii  libxdamage1 1:1.1.5-2
ii  libxext62:1.3.3-1.1
ii  libxfixes3  1:5.0.3-2
ii  libxkbcommon0   1.0.3-2
ii  libxml2 
2.9.10+dfsg-6.7+deb11u3
ii  libxnvctrl0 
470.141.03-1~deb11u1

ii  libxrandr2  2:1.5.1-1
ii  libxslt1.1  
1.1.34-4+deb11u1

ii  xdg-desktop-portal-gtk [xdg-desktop-portal-backend  1.8.0-1
ii  zlib1g  
1:1.2.11.dfsg-2+deb11u2

Bug#1034349: bedtools: autopkgtest fails on bookworm kernel: ulimit: error setting limit (Operation not permitted)

[Paul Gevers]

Hi Andreas,

On 14-04-2023 07:33, Andreas Tille wrote:

Does this mean you want me to revert the change?


Whatever works best for you.

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1028055: closed by Debian FTP Masters (reply to Gürkan Myczko ) (Bug#1028055: fixed in ciso 1.0.0-1)

[KOLANICH]

Thank you.
 
 

Bug#1028615: tracker.debian.org: tracker.d.o should display results of reproducible rebuilds, not just reproducible CI results

[Holger Levsen]

On Fri, Jan 13, 2023 at 06:49:48PM +0100, Holger Levsen wrote:
> since some years, tracker.d.o is thankfully showing results from
> https://tests.reproducible-builds.org/debian - which was and is awesome!
> However, these are just continious integration test results and
> not based on the binaries we publish on ftp.debian.org
[...]
> The data is available in json format here:
> - https://rebuild.notset.fr/debian/results/debian_unstable.json
> - https://rebuild.notset.fr/debian/results/debian_bookworm.json
> - https://rebuild.notset.fr/debian/results/debian_bullseye.json
> It would be great, if tracker.d.o could display both kind of results, CI *and*
> rebuild results.

friendly ping on this. Also if there's anything we can do...!?!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The mark of a civilized man is the ability to look at a column of numbers and
weep. (Bertrand Russell)


signature.asc
Description: PGP signature

Bug#1034419: bugs.debian.org: Printing Fails To Allow 0.0" Margins

[Roger]

Package: bugs.debian.org
Severity: important
X-Debbugs-Cc: slow_sp...@att.net

Dear Maintainer,



   * What led up to the situation?
Tried to print borderless (full-bleed) in various programs, but print dialog
always has minimal border.

Bug#1034417: samba: Samba can no longer authenticate users via Kerberos from a standalone KDC

[Michael Tokarev]

Control: tag -1 + moreinfo

Hello!

14.04.2023 20:49, Daniel Lakeland wrote:

Package: samba
Version: Installed: 2:4.17.7+dfsg-1
Severity: important
Tags: upstream
X-Debbugs-Cc: dlake...@street-artists.org


..

Please see discussions on the samba mailing list in the thread starting here:

https://lists.samba.org/archive/samba/2023-April/244842.html


Yeah, I've seen this thread, watched it with great interest.

But I have a question for you, as the reporter of this bug:
What do you expect us the debian samba maintainers to do with it?
I definitely will not change samba in a way not approved by the
upstream. Also, I wont try to find out what the problem is and
how to deal with it as I don't have neither enough experience
in that area nor time nor motivation. If this bugreport stays
here for years, what good will it serve? I can immediately
think about a downside: it will keep my attention constantly
drawn away when I look for bugs to triage, so I'll have less
resources for other bugs I can possible fix.

You've been offered a workaround, too, in some way.


The situation appears to be that samba moved to using winbindd to do 
authentication, and this
combination samba + winbindd can't imagine a scenario in which there is a KDC 
which is not an AD DC.

What I want, and has worked for 15 years, and clearly has been done by plenty 
of other people in the
past based on google searches, is that a client gets a ticket from the KDC and 
uses it to authenticate
to a standalone samba server which is not a part of an AD DC but IS a part of 
an MIT Kerberos KDC realm.

It appears that this is an upstream "bug" in which a particular use case simply 
did not get considered
when rearchitecting the samba security system, and hence disappeared. However 
it affects Debian users
who have been using this technique such as myself, and certainly others.


FWIF, you're the only user in this world who uses this configuration,
it looks like. Because the version where this configuration broke is
quite old, unsupported for a long time, and has many bugs including
easy triggerable security issues.

So I'm not sure for the severity of this bugreport.  I'd move it
to "wontfix" severity..

Thanks,

/mjt

Bug#1034418: util-linux: fstrim.timer not enabled for upgraded systems

[Matt Taggart]

Package: util-linux
Version: 2.36.1-8+deb11u1

I recently noticed on my existing bullseye systems that fstrim.timer is 
not enabled by default:


===
# systemctl status fstrim.timer
● fstrim.timer - Discard unused blocks once a week
 Loaded: loaded (/lib/systemd/system/fstrim.timer; disabled; vendor 
preset: enabled)

 Active: inactive (dead)
Trigger: n/a
   Triggers: ● fstrim.service
   Docs: man:fstrim

# systemctl list-timers fstrim.timer
NEXT LEFT LAST PASSED UNIT ACTIVATES

0 timers listed.
Pass --all to see loaded but inactive timers, too.
===

Here's what it looks like when I enable it:
===
# systemctl enable --now fstrim.timer
Created symlink /etc/systemd/system/timers.target.wants/fstrim.timer → 
/lib/systemd/system/fstrim.timer


# systemctl status fstrim.timer
● fstrim.timer - Discard unused blocks once a week
 Loaded: loaded (/lib/systemd/system/fstrim.timer; enabled; vendor 
preset: enabled)

 Active: active (waiting) since Fri 2023-04-14 16:39:49 UTC; 19s ago
Trigger: Mon 2023-04-17 00:23:13 UTC; 2 days left
   Triggers: ● fstrim.service
   Docs: man:fstrim

Apr 14 16:39:49 foo systemd[1]: Started Discard unused blocks once a week.

# systemctl list-timers fstrim.timer
NEXTLEFTLAST PASSED UNIT ACTIVATES
Mon 2023-04-17 00:23:13 UTC 2 days left n/a  n/afstrim.timer 
fstrim.service


1 timers listed.
Pass --all to see loaded but inactive timers, too.
===

It looks this way on all my bullseye systems that were older and 
dist-upgraded to bullseye. I only have one system that was installed 
directly with bullseye and it appeared to be running there (but maybe I 
enabled it by hand at some point and forgot?). I have not checked on 
testing/unstable (fresh install or dist-upgrade).


Looking in the Debian changelog I see in the 2.35.1-2 entry:

"* Enable fstrim.timer by default"

and that seems to correspond to this commit:

https://salsa.debian.org/debian/util-linux/-/commit/b0f405a45b6ea0608ecb51e8b8d68ec1715a83e7

which adds:

  dh_installsystemd --package=util-linux fstrim.timer

Here is the generated section from postinst:
===
# End automatically added section
# Automatically added by dh_installsystemd/13.3.4
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = 
"abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then

# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'fstrim.timer' >/dev/null || true

# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'fstrim.timer'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'fstrim.timer' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), 
which need to be

# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'fstrim.timer' 
>/dev/null || true

fi
fi
===

So I guess if fstrim.timer was installed at some point but not enabled, 
upgrades would "update-state" but not enable the service?


Was fstrim.timer delivered in buster but not enabled?

This behavior might follow the principle of least surprise, but I think 
for SSD based systems it is losing out on the benefits of TRIM/discard 
(improved i/o latency, flash wear). Given that it only runs once a week, 
I think also there is minimal risk (but it might cause a multiple 
seconds decrease in i/o speed depending on drive).


Can you think of a way this could be enabled for upgraded systems as well?

Thanks,

--
Matt Taggart
m...@lackof.org

Bug#1034417: samba: Samba can no longer authenticate users via Kerberos from a standalone KDC

[Daniel Lakeland]

Package: samba
Version: Installed: 2:4.17.7+dfsg-1
Severity: important
Tags: upstream
X-Debbugs-Cc: dlake...@street-artists.org

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

For 15 years I've been using samba in a situation where the server is 
standalone, 
and has users provided by LDAP and a kerberos KDC. The server uses sssd and 
works fine for ssh, 
login, and every other kerberos enabled thing.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Upgraded samba from previous version, not sure which version but would have 
been 4.8 ish


   * What was the outcome of this action?

samba no longer works with Kerberos unless it is joined to a full 
Microsoft Active Directory Domain Controller.

Please see discussions on the samba mailing list in the thread starting here:

https://lists.samba.org/archive/samba/2023-April/244842.html

The situation appears to be that samba moved to using winbindd to do 
authentication, and this 
combination samba + winbindd can't imagine a scenario in which there is a KDC 
which is not an AD DC.

What I want, and has worked for 15 years, and clearly has been done by plenty 
of other people in the 
past based on google searches, is that a client gets a ticket from the KDC and 
uses it to authenticate
to a standalone samba server which is not a part of an AD DC but IS a part of 
an MIT Kerberos KDC realm.

It appears that this is an upstream "bug" in which a particular use case simply 
did not get considered
when rearchitecting the samba security system, and hence disappeared. However 
it affects Debian users
who have been using this technique such as myself, and certainly others.

This is probably related to previous bugs and other users have corroborated 
having related issues: 

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001053

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899269

Bug#1034416: coreutils: stat.1: are there any shells which actually provide stat as a built-in?

[наб]

Package: coreutils
Version: 9.1-1
Severity: minor

Dear Maintainer,

Quoth stat(1):
-- >8 --
   NOTE: your shell may have its own version of stat, which usually 
supersedes the version described here.  Please
   refer to your shell's documentation for details about the options it 
supports.
-- >8 --

An apt list | grep sh/unstable filtered to "is a shell" gives me
-- >8 --
bash/unstable,now 5.2.15-2+b1 x32 [installed]
csh/unstable 20110502-7 x32
dash/unstable,now 0.5.12-2 x32 [installed]
fish/unstable 3.6.0-3 x32
mksh/unstable 59c-27 x32
posh/unstable 0.14.1 x32
rush/unstable 2.3-1 x32
sash/unstable 3.8-5+b9 x32
tcsh/unstable 6.24.07-1 x32
yash/unstable 2.52-2 x32
zsh/unstable 5.9-4 x32
-- >8 --

and
$ for sh in bash dash fish mksh posh sash tcsh yash zsh; do echo $sh; $sh -c 
'type stat'; done
bash
stat is /bin/stat
dash
stat is /bin/stat
fish
stat is /bin/stat
mksh
stat is a tracked alias for /bin/stat
yash
stat: an external command at /bin/stat
zsh
stat is /bin/stat

csh and tcsh
Don't have type, strace says "stat ." execs stat.

posh
No type, no stat builtin.

sash
No type; has a lot of stuff built in, not stat tho.

rush
idk; source doesn't have "stat" anywhere so probably no 


I thought this was either ancient bash or ksh tech,
but it's not in 1.14.4-2 or as far back as the illumos-gate ksh goes.

Probably axe it?

Best,
наб


-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: amd64, i386

Kernel: Linux 6.1.0-2-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages coreutils depends on:
ii  libacl1  2.3.1-3
ii  libattr1 1:2.5.1-4
ii  libc62.36-9
ii  libgmp10 2:6.2.1+dfsg1-1.1
ii  libselinux1  3.4-1+b5

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1034415: rush: Default configuration has errors ("unknown limit: 10r20")

[наб]

Package: rush
Version: 2.3-1
Severity: normal

Dear Maintainer,

When running rush, freshly installed, I get this:
-- >8 --
Apr 14 18:59:10 szarotka rush[848]: parsing legacy configuration file 
/etc/rush.rc
Apr 14 18:59:10 szarotka rush[848]: debug level set to 1
Apr 14 18:59:10 szarotka rush[848]: /etc/rush.rc:34: unknown limit: 10r20
-- >8 --

Best,
наб

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: amd64, i386

Kernel: Linux 6.1.0-2-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages rush depends on:
ii  libc6  2.36-9

rush recommends no packages.

Versions of packages rush suggests:
pn  xinetd | inetutils-inetd  

-- no debconf information


signature.asc
Description: PGP signature

Bug#1034414: libspectra-dev: libspectra-dev should be Multi-Arch:foreign

[Dima Kogan]

Package: libspectra-dev
Version: 1.0.1-2
Severity: normal
X-Debbugs-Cc: Dima Kogan 

Ading the "Multi-Arch:foreign" to this package would allow
cross-building for packages that depend on it. I'm hitting this when
trying to cross-build the gtsam package (not in Debian yet, but in
progress).

Bug#973894: rr: Improve reproducibility

[Bernhard Übelacker]

Hello,
upstream uses now macro-prefix-map, therefore e.g.
source files using __FILE__ should no longer
contain absolute paths.

So there are still the *.S files embedding their absolute paths.
In the long run maybe dpkg-buildflags might help there [1], [2].

But there is also mentioned to "just" feed c-flags into asm-flags.
(See patch below.)
This produces from different build directories a deb file with
the same md5sum.

Kind regards,
Bernhard


[1] https://salsa.debian.org/debian/debhelper/-/merge_requests/50
[2] 
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/scripts/Dpkg/BuildFlags.pm?id=ce5af1eeb795c6fa8ce122b801930ccd7adc8516


--- rr-5.6.0.orig/CMakeLists.txt
+++ rr-5.6.0/CMakeLists.txt
@@ -50,6 +50,9 @@ configure_file(
   ${CMAKE_BINARY_DIR}/git_revision.h
 )
 
+# For reproducibility, e.g. -ffile-prefix-map

+set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} ${CMAKE_C_FLAGS}")
+
 set(FLAGS_COMMON "-D__USE_LARGEFILE64 -pthread")
 set(supports32bit true)
 set(x86ish false)

Bug#1034413: xorg-server: present-Check-for-NULL-to-prevent-crash.patch not needed anymore

[Chema Casanova]

Source: xorg-server
Version: 2:21.1.7-2
Severity: minor
Tags: patch

Dear Maintainer,

I've been testing the xorg-server debian package for bookworm. I realized
that although patch "present-Check-for-NULL-to-prevent-crash.patch" applies
after some Hunk fixes, the result is incorrect because the patch
is already available upstream.

chema@bookworm:~/package/xorg-server-debian/xorg-server-21.1.7/debian$ quilt
push
Applying patch present-Check-for-NULL-to-prevent-crash.patch
patching file present/present_scmd.c
Hunk #1 succeeded at 161 with fuzz 1 (offset 3 lines).
Hunk #2 succeeded at 205 with fuzz 1 (offset 6 lines).

Now at patch present-Check-for-NULL-to-prevent-crash.patch

So I recommend to remove this patch for bookworm and newer versions
of the xserver 21.1.7 already includes the path and is available on
21.1 branch since 21.1.4

The result at the final debian source does not harm but it is not
really nice as it is repeating the same validation:

static RRCrtcPtr
present_scmd_get_crtc(present_screen_priv_ptr screen_priv, WindowPtr window)
{
if (!screen_priv->info)
return NULL;

if (!screen_priv->info->get_crtc)
return NULL;

> if (!screen_priv->info->get_crtc)
> return NULL;

return (*screen_priv->info->get_crtc)(window);
}

--

static void
present_flush(WindowPtr window)
{
ScreenPtr screen = window->drawable.pScreen;
present_screen_priv_ptr screen_priv = present_screen_priv(screen);

if (!screen_priv)
return;

if (!screen_priv->info)
return;

> if (!screen_priv->info->flush)
> return;

if (!screen_priv->info->flush)
return;

(*screen_priv->info->flush) (window);
}

-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-21-amd64 (SMP w/12 CPU threads)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#1034412: release-notes: Information about manpages-l10n for bookworm release notes

[Helge Kreutzmann]

Package: release-notes
Severity: wishlist

Please add something along the following to the release notes:

Greatly expanded translations of man pages (e.g. complete translation
of systemd user pages into German) and various new languages (Czech,
Danish, Greek, Finnish, Indonesian, Macedonian, Norwegian, Russian,
Serbian, Swedish, Ukranian and Vietnamesian).

-- 
  Dr. Helge Kreutzmann deb...@helgefjell.de
   Dipl.-Phys.   http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
   Help keep free software "libre": http://www.ffii.de/


signature.asc
Description: PGP signature

Bug#1034411: unblock: manpages-l10n/4.18.1-1

[Helge Kreutzmann]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: manpages-l...@packages.debian.org
Control: affects -1 + src:manpages-l10n

Please unblock package manpages-l10n

[ Reason ]
manpages-l10n is a (set of) pure documentation packages. It works by
downloading the current version of the man pages from the target
distribution (here Debian) related to ~ 100 upstream packages. Then
the translators update the translations of theses man pages.

To be current, this process needs to be performed as late as possible,
so that man pages within Debian change as little as possible in this
time frame, i.e. the latest version scheduled for Bookworm are used.

Due to large scale changes in some upstreams (especially manpages) not
all translators were able to perform as much translations as possible
in the last version (e.g. Spanish). Also a rather nasty confusion was 
resolved in German and two translation bugs from the BTS are fixed
(#1032881,#1033438). Also other translators (e.g. UK or FR) worked on 
further translations and updates.

Therefor upstream suggested to prepare a minor (last) release
targetting bookworm (i.e. 1.18.1).

[ Impact ]
If the unblock is *not* granted then non-english speakers will see
some outdated translations and some missing translations. Especially
for less maintained languages the difference is bigger as upstream
works hard to keep the translations shipped by performing trivial
unfuzzy and translations. But also active teams like french and german
are constantily improving the translations. Also German users will
have a nasty confusion around the terms NULL/NUL/Zero.

[ Tests ]
First of all the entire man pages are build daily in a private build
setting (automatically), uncovering syntax errors. Closer to the
release, additional manually initiated builds are added. All builds
are reviewed for (potential) errors.

Secondly, the Debian build system (full builds done locally!) also
uncovers potential problems, like missing files or directories.

Thirdly, linitian checks the entire set of man pages for errors. These
linitian errors are mostly harmless, but regularly reviewed as well
(and fixed, if possible with reasonable effort).

Finally, some random man pages are manually reviewed. However, for
languages I don't speak (most of them) this is of limited value.

Additionally, I read the upstream git log and sometimes run a git diff
if I suspect suspicious changes and interact with most of the
translators on them.

I'd love to add non superficial auto packaging tests, I'm just a
little bit lost which make sense.

[ Risks ]
The risk is low. This is pure documentation. The new packages are a
little bit larger than the old ones on average, but no programm/code
works differently because of them. It is also a leaf package and the
user can decide to read the english original at any time, e.g. by
running

LC_ALL=C man command

As the set of actual Debian (upstream) packages we translate was not
changed sind the last version, changes for new undetected file conflicts
are very low. In the higly unlikey case something would be discovered,
I can quickly exclude those files and prepare another upload. However,
this is not expected at all.

Note that upstream started including (but not shipping!) korean
translations. They are only in the source and hence pose no problem.
Except for this, the entire infrastructure is unchanged since
4.18.0-1.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  See above, the content (translation) I cannot actually review,
  as I don't speak Danish, Hungarian, French, Swedish, …

  [x] attach debdiff against the package in testing
  The debdiff is *huge*, for example because the reference for
  some other distribution was changed (irrelevant for Debian) and
  even small changes cause rewarpping of (long) paragraphs.

  You can pick up the full debdiff here:
  https://helgefjell.de/data/manpages-l10n-18.0-18.1.debdiff

  Or a reduced (still large) version here:
  https://helgefjell.de/data/manpages-l10n-18.0-18.1.r1.debdiff

  Or a very reduced version here:
  https://helgefjell.de/data/manpages-l10n-18.0-18.1.r2.debdiff

  The smallest one excludes the actual translation part (po files)
  but gives you an idea about the changes which happend.

[ Other info ]
Do not hesitate to contact me for any question regarding the update,
e.g. if the above description is too brief.

In case the release is less then ~15 days ahead, I would appreciate a
little aging as well.


unblock manpages-l10n/4.18.1-1

-- 
  Dr. Helge Kreutzmann deb...@helgefjell.de
   Dipl.-Phys.   http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
   Help keep free software "libre": http://www.ffii.de/


signature.asc

Bug#1034370: Not network-manager-gnome problem

[Sebastian Galla]

I had to step back to Bullseye, because I had to have the possibility
today. I will also stay on Bullseye for the next time, because of this.

What I can say: I do now believe that this is not the problem of
network-manager or network-manager-gnome because I installed
network-manager now from Bullseye-backports and it's now the same
version as in Bookworm and all things work as expected.

Bug#1034250: ITS: libsml - offering to take over maintainership

[Andreas Moog]

Am 11/04/2023 um 16:55 schrieb Joachim Zobel:
> Dear Maintainer.
>
> There has been no reply to my bug #1028076 and the following 
conditions are

> met.
>
> 1. There is no visible activity regarding the package for six months.
> 2. The last upload was an NMU and there was no maintainer upload 
within one

> year (Met according to the version number 0.1.1+git20180125-1.1)
> 3. Bugs exist for more than one major missing upstream version and 
the first
> bug is older than one year (#946525 was reported on Tue, 10 Dec 
2019).

>
> Therefore the package is in my opinion eligible for package salvaging 
and I am

> offering to take over maintenance.

I am very sorry for not replying sooner and caring for my obligations.
Please take over the maintainership of this package.

Thanks.

Best regards, Andreas


OpenPGP_0x61F3442674DE6624.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034410: qt6-3d FTCBFS: does not pass QT_HOST_PATH

[Helmut Grohne]

Source: qt6-3d
Version: 6.4.2+dfsg-2
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

qt6-3d fails to cross build from source, because it does not pass
QT_HOST_PATH. I'm attaching a patch for your convenience.

Helmut
diff --minimal -Nru qt6-3d-6.4.2+dfsg/debian/changelog 
qt6-3d-6.4.2+dfsg/debian/changelog
--- qt6-3d-6.4.2+dfsg/debian/changelog  2023-02-04 11:18:40.0 +0100
+++ qt6-3d-6.4.2+dfsg/debian/changelog  2023-04-12 20:44:28.0 +0200
@@ -1,3 +1,10 @@
+qt6-3d (6.4.2+dfsg-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Pass QT_HOST_PATH. (Closes: #-1)
+
+ -- Helmut Grohne   Wed, 12 Apr 2023 20:44:28 +0200
+
 qt6-3d (6.4.2+dfsg-2) unstable; urgency=medium
 
   [ Patrick Franz ]
diff --minimal -Nru qt6-3d-6.4.2+dfsg/debian/rules 
qt6-3d-6.4.2+dfsg/debian/rules
--- qt6-3d-6.4.2+dfsg/debian/rules  2022-12-30 16:46:01.0 +0100
+++ qt6-3d-6.4.2+dfsg/debian/rules  2023-04-12 20:44:26.0 +0200
@@ -3,13 +3,19 @@
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all optimize=+lto
 
+extra_cmake_args=
+ifneq ($(DEB_BUILD_ARCH),$(DEB_HOST_ARCH))
+extra_cmake_args += -DQT_HOST_PATH=/usr
+endif
+
 %:
dh $@ --with pkgkde_symbolshelper --buildsystem=cmake+ninja
 
 override_dh_auto_configure:
dh_auto_configure -- \
--log-level=STATUS \
-   -DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH)
+   -DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH) \
+   $(extra_cmake_args)
 
 execute_after_dh_auto_install:
# Reproducible builds: remove build paths from .prl files

Bug#1034409: Boot from removable media path fails after changing secure boot validation because MOK Manager is not found

[Pascal Hambourg]

Package: src:shim
Version: 15.7-1

Dear maintainer,

I have an HP Elitebook 2570p laptop with flawed UEFI firmware which 
ignores EFI boot variables in NVRAM for booting and boots from the 
removable media path by default. So I installed a copy of GRUB in the 
removable media path with:


# grub-install --force-extra-removable

Secure boot is enabled in UEFI/BIOS settings.
For a test I wanted to disable secure boot validation in shim with:

# mokutil --disable-validation

and rebooted. At boot, the following error is displayed:

  Failed to open mmx64.efi - Not Found
  Failed to load image: Not Found
  Failed to start MOK Manager : Not Found

and the laptop shut down after a couple of seconds.
Indeed /EFI/BOOT on the EFI system partition contains only BOOTX64.EFI, 
grubx64.efi and fbx64.efi.
Now the same happens every time I reboot from the removable media path, 
either on the hard disk or on a USB drive with a Debian installation image.


Not sure which software is to blame here.

- grub-install which does not install the MOK manager into the removable 
media path ?
- shim which shuts down the laptop instead of just ignoring the 
validation change request if it does not find the MOK Manager ?

Bug#1034408: ITP: python-argparse-addons -- Additional Python argparse types and actions

[Sebastian Ramacher]

Package: wnpp
Severity: wishlist
Owner: Sebastian Ramacher 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: python-argparse-addons
  Version : 0.12.0
  Upstream Author : Erik Moqvist
* URL : https://github.com/eerimoq/argparse_addons
* License : MIT
  Programming Lang: Python
  Description : Additional Python argparse types and actions

Required by python-bincopy

Cheers
-- 
Sebastian Ramacher

Bug#1034363: firefox: Non-default fonts no longer work

[Andras Korn]

Hi,

possibly related: since upgrading to 112.0, some custom fonts set by websites 
are no longer rendered.

For example, on https://www.teletal.hu/etlap/16, there is supposed to be a 
leftmost column of row labels in the table, saying "RE1", "RE2", "A1", "A2" and 
so on.

If the setting "Allow pages to choose their own fonts, instead of your 
selections above" (browser.display.use_document_fonts) is enabled, these labels 
are invisible (you can select them and their space will be highlighted, but the 
letters are not rendered).

Disabling use_document_fonts causes the labels to be rendered correctly (in the 
font chosen in the preferences).

The same problem occurs with most text on facebook.com and messenger.com as 
well.

I was able to replicate this with a blank new browser profile, using firefox 
112.0-1 and up to date sid as of today.

András

-- 
 I ? Unicode.

Bug#1034406: chromium: Chromium doesn't start, just exists with this message: `trap' para punto de parada/seguimiento

[Andres Culasso]

Package: chromium
Version: 112.0.5615.49-2~deb11u2
Severity: important
X-Debbugs-Cc: acula...@ffyb.uba.ar

Dear Maintainer,

  After updating chromium to version 112.0.5615.49-2 it dosen't run anymore. 
Instead it throw a message "`trap' para punto de parada/seguimiento" and no 
window is shown.
  I've check the permissions of /usr/lib/chromium/chrome-sandbox (that is 4755) 
as suggested by some threads in forums regarding to the function of some 
webapps that fails to run with chrome/chromium.
  Instead of the message I expected the chromium window to pop up.


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 5.10.0-21-686-pae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_AR:es
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chromium depends on:
ii  chromium-common 112.0.5615.49-2~deb11u2
ii  libasound2  1.2.4-1.1
ii  libatk-bridge2.0-0  2.38.0-1
ii  libatk1.0-0 2.36.0-2
ii  libatomic1  10.2.1-6
ii  libatspi2.0-0   2.38.0-4
ii  libbrotli1  1.0.9-2+b2
ii  libc6   2.31-13+deb11u5
ii  libcairo2   1.16.0-5
ii  libcups22.3.3op2-3+deb11u2
ii  libdbus-1-3 1.12.24-0+deb11u1
ii  libdouble-conversion3   3.1.5-6.1
ii  libdrm2 2.4.104-1
ii  libevent-2.1-7  2.1.12-stable-1
ii  libexpat1   2.2.10-2+deb11u5
ii  libflac81.3.3-2+deb11u1
ii  libfontconfig1  2.13.1-4.2
ii  libfreetype62.10.4+dfsg-1+deb11u1
ii  libgbm1 20.3.5-1
ii  libglib2.0-02.66.8-1
ii  libgtk-3-0  3.24.24-4+deb11u2
ii  libjpeg62-turbo 1:2.0.6-4
ii  libjsoncpp241.9.4-4
ii  liblcms2-2  2.12~rc1-2
ii  libminizip1 1.1-8+b1
ii  libnspr42:4.29-1
ii  libnss3 2:3.61-1+deb11u3
ii  libopenjp2-72.4.0-3
ii  libopus01.3.1-0.1
ii  libpango-1.0-0  1.46.2-3
ii  libpng16-16 1.6.37-3
ii  libpulse0   14.2-2
ii  libre2-920210201+dfsg-1
ii  libsnappy1v51.1.8-1
ii  libstdc++6  10.2.1-6
ii  libwebp60.6.1-2.1
ii  libwebpdemux2   0.6.1-2.1
ii  libwebpmux3 0.6.1-2.1
ii  libwoff11.0.2-1+b1
ii  libx11-62:1.7.2-1
ii  libxcb1 1.14-3
ii  libxcomposite1  1:0.4.5-1
ii  libxdamage1 1:1.1.5-2
ii  libxext62:1.3.3-1.1
ii  libxfixes3  1:5.0.3-2
ii  libxkbcommon0   1.0.3-2
ii  libxml2 2.9.10+dfsg-6.7+deb11u3
ii  libxnvctrl0 470.141.03-1~deb11u1
ii  libxrandr2  2:1.5.1-1
ii  libxslt1.1  1.1.34-4+deb11u1
ii  xdg-desktop-portal-gtk [xdg-desktop-portal-backend  1.8.0-1
ii  zlib1g  1:1.2.11.dfsg-2+deb11u2

Versions of packages chromium recommends:
ii  chromium-sandbox  112.0.5615.49-2~deb11u2

Versions of packages chromium suggests:
pn  chromium-driver  
pn  chromium-l10n
pn  chromium-shell   

Versions of packages chromium-common depends on:
ii  libc6  2.31-13+deb11u5
ii  libdouble-conversion3  3.1.5-6.1
ii  libgcc-s1  10.2.1-6

Bug#1034407: ITP: python-bincopy -- Mangling of various file formats that conveys binary information (Motorola S-Record, Intel HEX and binary files)

[Sebastian Ramacher]

Package: wnpp
Severity: wishlist
Owner: Sebastian Ramacher 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: python-bincopy
  Version : 17.14.5
  Upstream Author : Erik Moqvist
* URL : http://www.example.org/
* License : MIT
  Programming Lang: Python
  Description : Mangling of various file formats that conveys binary 
information (Motorola S-Record, Intel HEX and binary files)

Required for python-mboot

Cheers
-- 
Sebastian Ramacher

Bug#1034405: ITP: python-easy-enum -- User friendly implementation of documented Enum type for Python language

[Sebastian Ramacher]

Package: wnpp
Severity: wishlist
Owner: Sebastian Ramacher 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: python-easy-enum
  Version : 0.3.0
  Upstream Author : Martin Olejar
* URL : https://pypi.org/project/easy-enum/
* License : BSD-3-clause
  Programming Lang: Python
  Description : User friendly implementation of documented Enum type for 
Python language

Dependency of python-mboot.

Cheers
-- 
Sebastian Ramacher

Bug#1034404: unblock: google-android-installers/1675172737

[Fab Stz]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: fabstz...@yahoo.fr

Please unblock package google-android-installers

This version adds a Binary dependency that was missing.
It fixes #1033729

[ Reason ]
Fix bug, add missing binary package dependency.

[ Impact ]
Users that install google-android-cmdline-tools*-installers packages 
will have
to manually install the google-android-build-tools-*-installer also (and 
find

by themselves that they are required)

[ Tests ]
Manual test that the required dependencies are installed.

[ Risks ]
No big risk since it is just about specifying a dependency inside the same
source package.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
(Anything else the release team should know.)
N/A

unblock google-android-installers/1675172737diff -Nru google-android-installers-1675172735/debian/changelog 
google-android-installers-1675172737/debian/changelog
--- google-android-installers-1675172735/debian/changelog   2023-02-08 
11:36:58.0 +0100
+++ google-android-installers-1675172737/debian/changelog   2023-04-09 
22:31:58.0 +0200
@@ -1,3 +1,15 @@
+google-android-installers (1675172737) unstable; urgency=medium
+
+  * cmdline-tools: set Architecture to 'amd64 i386'
+
+ -- Fab Stz   Sun, 09 Apr 2023 22:31:58 +0200
+
+google-android-installers (1675172736) unstable; urgency=medium
+
+  * cmdline-tools: add dependency to build-tools packages. Closes: #1033729
+
+ -- Fab Stz   Mon, 03 Apr 2023 18:25:39 +0200
+
 google-android-installers (1675172735) unstable; urgency=medium
 
   * New upstream update
diff -Nru google-android-installers-1675172735/debian/cmdline-tools.control.in 
google-android-installers-1675172737/debian/cmdline-tools.control.in
--- google-android-installers-1675172735/debian/cmdline-tools.control.in
2023-02-08 11:36:58.0 +0100
+++ google-android-installers-1675172737/debian/cmdline-tools.control.in
2023-04-09 22:31:58.0 +0200
@@ -1,7 +1,8 @@
 Package: google-android-cmdline-tools-%VER%-installer
-Architecture: all
+Architecture: amd64 i386
 Depends: default-jre-headless,
  google-android-licenses (= ${source:Version}),
+ ${googleAndroidCmdlineToolsInstallers:Depends},
  ${googleAndroidInstallers:Depends},
  ${misc:Depends}
 #Provides: apkanalyzer, avdmanager, lint, profgen, retrace, screenshot2, 
sdkmanager,
diff -Nru 
google-android-installers-1675172735/debian/cmdline-tools.substvars.in 
google-android-installers-1675172737/debian/cmdline-tools.substvars.in
--- google-android-installers-1675172735/debian/cmdline-tools.substvars.in  
1970-01-01 01:00:00.0 +0100
+++ google-android-installers-1675172737/debian/cmdline-tools.substvars.in  
2023-04-09 22:31:58.0 +0200
@@ -0,0 +1 @@
+googleAndroidCmdlineToolsInstallers:Depends=
diff -Nru google-android-installers-1675172735/debian/control 
google-android-installers-1675172737/debian/control
--- google-android-installers-1675172735/debian/control 2023-02-08 
11:36:58.0 +0100
+++ google-android-installers-1675172737/debian/control 2023-04-09 
22:31:58.0 +0200
@@ -2133,9 +2133,10 @@
  available at developer.android.com.
 
 Package: google-android-cmdline-tools-1.0-installer
-Architecture: all
+Architecture: amd64 i386
 Depends: default-jre-headless,
  google-android-licenses (= ${source:Version}),
+ ${googleAndroidCmdlineToolsInstallers:Depends},
  ${googleAndroidInstallers:Depends},
  ${misc:Depends}
 #Provides: apkanalyzer, avdmanager, lint, screenshot2, sdkmanager,
@@ -2162,9 +2163,10 @@
  Agreement of this binary package is available at developer.android.com.
 
 Package: google-android-cmdline-tools-2.1-installer
-Architecture: all
+Architecture: amd64 i386
 Depends: default-jre-headless,
  google-android-licenses (= ${source:Version}),
+ ${googleAndroidCmdlineToolsInstallers:Depends},
  ${googleAndroidInstallers:Depends},
  ${misc:Depends}
 #Provides: apkanalyzer, avdmanager, lint, screenshot2, sdkmanager,
@@ -2191,9 +2193,10 @@
  Agreement of this binary package is available at developer.android.com.
 
 Package: google-android-cmdline-tools-3.0-installer
-Architecture: all
+Architecture: amd64 i386
 Depends: default-jre-headless,
  google-android-licenses (= ${source:Version}),
+ ${googleAndroidCmdlineToolsInstallers:Depends},
  ${googleAndroidInstallers:Depends},
  ${misc:Depends}
 #Provides: apkanalyzer, avdmanager, lint, screenshot2, sdkmanager,
@@ -2220,9 +2223,10 @@
  Agreement of this binary package is available at developer.android.com.
 
 Package: google-android-cmdline-tools-4.0-installer
-Architecture: all
+Architecture: amd64 i386
 Depends: default-jre-headless,
  

Bug#1034403: php-sparkline: missing (unversioned) Breaks+Replaces: libsparkline-php

[Andreas Beckmann]

Package: php-sparkline
Version: 2.2.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'stable'.
It installed fine in 'stable', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

This test intentionally skipped 'testing' to find file overwrite
problems before packages migrate from 'unstable' to 'testing'.

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../php-sparkline_2.2.0-1_all.deb ...
  Unpacking php-sparkline (2.2.0-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/php-sparkline_2.2.0-1_all.deb (--unpack):
   trying to overwrite '/usr/share/php/sparkline/Sparkline.php', which is also 
in package libsparkline-php 0.2-7
  Errors were encountered while processing:
   /var/cache/apt/archives/php-sparkline_2.2.0-1_all.deb

The predecessor package libsparkline-php only existed up to
bullseye, therefore the Breaks+Replaces can be unversioned.


cheers,

Andreas


libsparkline-php=0.2-7_php-sparkline=2.2.0-1.log.gz
Description: application/gzip

Bug#1034369: C++ help needed

[Aaron M. Ucko]

tags 1034369 + patch
thanks

Andreas Tille  writes:

> I guess the fix will boil down to a type casting in this line
>
>   
> https://salsa.debian.org/med-team/libcereal/-/blob/master/unittests/map.hpp#L65
> 
>  o_esplmap.insert({random_value(gen),  { random_value(gen), 
> random_value(gen) }});
>
> unfortunately my C++ knowledge is too limited to know whether it is
> really that simple nor how exactly this line needs to be fixed.  The fix
> should be tested at least on arm64 (since the test passes on amd64).

#1034369 looks very similar to #1021394, which worked around
corresponding build-time errors by disabling -Werror but I see left the
autopkgtest's cmake invocation as is; there may be merit in disabling
-Werror on that front too.  At any rate, I would recommend properly
addressing the compiler's concerns by changing random_value to
random_value here and in the other unittests/*map.hpp headers to
match the corresponding containers' declarations, per the attached
patch.  The relevant platform difference is whether plain char is
signed, as it notably is on x86 but not arm*.  (There are other
architectures in each camp.)

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Index: b/unittests/map.hpp
===
--- a/unittests/map.hpp
+++ b/unittests/map.hpp
@@ -62,7 +62,7 @@ void test_map()
 
 std::map o_esplmap;
 for(int j=0; j<100; ++j)
-  o_esplmap.insert({random_value(gen),  { random_value(gen), random_value(gen) }});
+  o_esplmap.insert({random_value(gen),  { random_value(gen), random_value(gen) }});
 
 std::ostringstream os;
 {
Index: b/unittests/multimap.hpp
===
--- a/unittests/multimap.hpp
+++ b/unittests/multimap.hpp
@@ -71,7 +71,7 @@ void test_multimap()
 std::multimap o_esplmultimap;
 for(int j=0; j<100; ++j)
 {
-  auto key = random_value(gen);
+  auto key = random_value(gen);
   o_esplmultimap.insert({key,  { random_value(gen), random_value(gen) }});
   o_esplmultimap.insert({key,  { random_value(gen), random_value(gen) }});
 }
Index: b/unittests/unordered_map.hpp
===
--- a/unittests/unordered_map.hpp
+++ b/unittests/unordered_map.hpp
@@ -54,7 +54,7 @@ void test_unordered_map()
 
 std::unordered_map o_esplunordered_map;
 for(int j=0; j<100; ++j)
-  o_esplunordered_map.insert({random_value(gen),  { random_value(gen), random_value(gen) }});
+  o_esplunordered_map.insert({random_value(gen),  { random_value(gen), random_value(gen) }});
 
 std::ostringstream os;
 {
Index: b/unittests/unordered_multimap.hpp
===
--- a/unittests/unordered_multimap.hpp
+++ b/unittests/unordered_multimap.hpp
@@ -71,7 +71,7 @@ void test_unordered_multimap()
 std::unordered_multimap o_esplunordered_multimap;
 for(int j=0; j<100; ++j)
 {
-  auto key = random_value(gen);
+  auto key = random_value(gen);
   o_esplunordered_multimap.insert({key,  { random_value(gen), random_value(gen) }});
   o_esplunordered_multimap.insert({key,  { random_value(gen), random_value(gen) }});
 }

Bug#1034402: ITP: python-mboot -- Python based library for communication with NXP MCU Bootloader

[Sebastian Ramacher]

Package: wnpp
Severity: wishlist
Owner: Sebastian Ramacher 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: python-mboot
  Version : 0.3.0
  Upstream Author : Martin Olejar
* URL : https://pypi.org/project/mboot/
* License : BSD-3-clause
  Programming Lang: Python
  Description : Python based library for communication with NXP MCU 
Bootloader

pyMBoot is an Open Source python based library for configuring and
upgrading the firmware in NXP Microcontrolers via embedded MCUBOOT (MCU
Bootloader).

Cheers
-- 
Sebastian Ramacher

Bug#1034389: installation-reports: bookworm cannot install base system

[Steve Witt]

On 04/14, Cyril Brulebois wrote:
> Control: severity -1 important
> Control: tag -1 - d-i
> 
-- snip --
> 
> We'll need more details…
> 
> Please attach /var/log/syslog (compressed) from the installer
> environment.
> 

/var/log/syslog attached as requested.

Thanks...


syslog.gz
Description: application/gzip

Bug#1034401: clementine: No tray icon under bookworm + Cinnamon

[Keith Edmunds]

Package: clementine
Version: 1.4.0~rc1+git867-g9ef681b0e+dfsg-1
Severity: minor

Dear Maintainer,

After upgrade to bookworm, Cinnamon DE, the Clementine icon no longer appears 
in the system tray (it is enabled in Preferences, Behaviour).

This may be related to bug #1029650 - it's not clear from that bug report if 
this is the same thing.

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-security')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages clementine depends on:
ii  gstreamer1.0-plugins-base   1.22.0-3
ii  gstreamer1.0-plugins-good   1.22.0-5
ii  gstreamer1.0-plugins-ugly   1.22.0-2
ii  libasound2  1.2.8-1+b1
ii  libc6   2.36-8
ii  libcdio19   1:2.1.0-dmo3
ii  libchromaprint1 1:1.5.0-dmo1
ii  libfftw3-double33.3.10-1
ii  libgcc-s1   12.2.0-14
ii  libglib2.0-02.74.6-1
ii  libgpod40.8.3-17+b1
ii  libgstreamer-plugins-base1.0-0  1.22.0-3
ii  libgstreamer1.0-0   1.22.0-2
ii  liblastfm5-11.1.0-5
ii  libmtp9 1.1.20-1
ii  libmygpo-qt5-1  1.1.0-4
ii  libprotobuf32   3.21.12-1+b2
ii  libpulse0   16.1+dfsg1-2+b1
ii  libqt5concurrent5   5.15.8+dfsg-3
ii  libqt5core5a5.15.8+dfsg-3
ii  libqt5dbus5 5.15.8+dfsg-3
ii  libqt5gui5  5.15.8+dfsg-3
ii  libqt5network5  5.15.8+dfsg-3
ii  libqt5sql5  5.15.8+dfsg-3
ii  libqt5sql5-sqlite   5.15.8+dfsg-3
ii  libqt5widgets5  5.15.8+dfsg-3
ii  libqt5x11extras55.15.8-2
ii  libsqlite3-03.40.1-2
ii  libstdc++6  12.2.0-14
ii  libtag1v5   1.13-2
ii  libx11-62:1.8.4-2
ii  zlib1g  1:1.2.13.dfsg-1

Versions of packages clementine recommends:
ii  gstreamer1.0-alsa1.22.0-3
ii  gstreamer1.0-pulseaudio  1.22.0-5

Versions of packages clementine suggests:
ii  gstreamer1.0-plugins-bad  1.22.0-4

-- no debconf information

Bug#1034310: [digikam] [Bug 466170] Digikam 7.9.0 (and 7.8.0) crashes on startup

[Rainer Dorsch]

Thanks Marco, that is a good link.

I provided a backtrace and upstream acknowledged the bug to be fixed in 8.1.0:

Am Freitag, 14. April 2023, 13:33:51 CEST schrieben Sie:
> https://bugs.kde.org/show_bug.cgi?id=466170
> 
> --- Comment #6 from Maik Qualmann  ---
> Thanks for the interesting backtrace. We have had these strange crashes in
> connection with the splash screen before, especially with macOS. It's a race
> condition. I'll fix it tonight. The patch will only be officially included
> in digiKam-8.1.0. Alternatively, you could already test it by setting the
> entry "Show Splash=true" to "Show Splash=false" in the digikamrc.
> 
> Maik



-- 
Rainer Dorsch
http://bokomoko.de/

Bug#1033812: Security of systemd service file should be improved

[Patrick Matthäi]

Hello Sergio,

Am 02.04.2023 um 06:38 schrieb Sergio Durigan Junior:

Source: znc
Version: 1.8.2-3
Severity: important

Hello,

I noticed that ZNC's service file comes with just a few settings that
improve security:

--8<---cut here---start->8---
...
PrivateTmp=true
ProtectSystem=full
ProtectHome=no
PrivateDevices=true
LimitNOFILE=1024
...
--8<---cut here---end--->8---

IMHO, these settings should be improved.  Here's what I recommend:

1) "ProtectHome=yes", because ZNC's $HOME is not located inside /home,
so it's OK to make /home, /root and /run/user inaccessible.
Thank you for testing this. ProtectHome is the only thing with a 
question mark for me. I think most users are using znc under a normal 
user inside home, because running it as a "normal" service was just 
added three years ago with 1.7.4-2. So people still running it with an 
user inside /home could get problems, if they just adopt the new service 
file or using documentations copying this file and using it for their 
own user.

What do you think?

--
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: https://www.linux-dev.org/
E-Mail: pmatth...@debian.org
patr...@linux-dev.org
*/

Bug#1034370: [Pkg-utopia-maintainers] Bug#1034370: network-manager-gnome: Unable to (re)establish mobile broadband connection (that worked in version before)

[Michael Biebl]

Control: tags -1 + moreinfo

Am 13.04.23 um 20:11 schrieb sebastian:

Package: network-manager-gnome
Version: 1.30.0-2
Severity: important
X-Debbugs-Cc: dasebast...@wvnet.at

Dear Maintainer,

after upgrading from Bullseye to Bookworm I cannot (re)establish an already 
used mobile broadband connection to/from my cellphone (yes, the ones with keys) 
via an USB-Cable.

The connection to this specific device worked like a charm under Buster and Bullseye, I 
plugged the cellphone via USB-cable in, choose "New mobile broadband 
connection", answered a few questions - established and ready to work.

It makes no difference now, wheter I use the "old" connection or delete it and 
try to make a new one - the connection just fails.

Have I (my cellphone) got "sorted out"?



Please provide a verbose debug log.






OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034400: unblock: debian-edu-config/2.12.32

[Holger Levsen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-config, which is a key package and thus
needs unblocking. All autopkgtests are successful and the package has been
in unstable since 17 days.

The update fixes one bug affecting the use with blueray disks.

This is the full debdiff:

$ debdiff debian-edu-config_2.12.31.dsc debian-edu-config_2.12.32.dsc
diff -Nru debian-edu-config-2.12.31/debian/changelog 
debian-edu-config-2.12.32/debian/changelog
--- debian-edu-config-2.12.31/debian/changelog  2023-02-26 10:10:43.0 
+0100
+++ debian-edu-config-2.12.32/debian/changelog  2023-03-27 20:40:47.0 
+0200
@@ -1,3 +1,10 @@
+debian-edu-config (2.12.32) unstable; urgency=medium
+
+  * debian-edu-ltsp-install: fix failure with absent BD iso images. Patch
+thanks to Wolfgang Schweer. Closes: #1033451.
+
+ -- Holger Levsen   Mon, 27 Mar 2023 20:40:47 +0200
+
 debian-edu-config (2.12.31) unstable; urgency=medium
 
   * sbin/debian-edu-pxeinstall: adjust for memtest86+ 6.10-4, thanks to
diff -Nru debian-edu-config-2.12.31/sbin/debian-edu-ltsp-install 
debian-edu-config-2.12.32/sbin/debian-edu-ltsp-install
--- debian-edu-config-2.12.31/sbin/debian-edu-ltsp-install  2022-11-13 
14:55:57.0 +0100
+++ debian-edu-config-2.12.32/sbin/debian-edu-ltsp-install  2023-03-27 
20:36:55.0 +0200
@@ -18,7 +18,7 @@
 # Licence: GPL2+
 # first edited:2019-11-21
 
-version=2021-11-18
+version=2023-03-25
 
 set -e
 
@@ -598,7 +598,7 @@
mkdir -p /srv/ltsp/dlw
chmod 755 /srv/ltsp/dlw
# Use BD-ISO if available.
-   if ! mountpoint -q /media/cdrom ; then
+   if [ "true" == "$BD_ISO" ] && ! mountpoint -q /media/cdrom ; then
mount /media/cdrom
fi
if grep -q BD /etc/apt/sources.list && [ -f /media/cdrom/.disk/info ] ; 
then





unblock debian-edu-config/2.12.32

Thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Just 100 companies are responsible for 71% of global emissions.
https://www.theguardian.com/sustainable-business/2017/jul/10/100-fossil-fuel-companies-investors-responsible-71-global-emissions-cdp-study-climate-change


signature.asc
Description: PGP signature

Bug#984623: fixed 1.0.4

[Alexey Kuznetsov]

Fixed in 1.0.4

--
AK

Bug#1034077: debian-security-support: Lots of noise about DEBIAN_VERSION 12 being invalid when upgrading bullseye→bookworm

[Holger Levsen]

Hi,

I forgot to mention one thing: this will be better in future, because
since 3 weeks debian/README.source contains this:

# ToDo list for a new Debian release

At the beginning of each new Debian release cycle, these steps need to be done:

- create a new git branch for the old release
- increase the epoch in debian/changelog
- create security-support-ended.debX based on the previous release
- debian/rules: increase NEXT_VERSION_ID
- check-support-status.in:
  - increase DEB_NEXT_VER_ID
  - increase DEB_LOWEST_VER_ID and drop security-support-ended.debY
- update links with release codenames in security-support-limited



Which I obviously plan to append with the result of this bug. :)

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Homelessness exists not because the housing systemn is not working, but because
this is the way it works. - Peter Marcuse.


signature.asc
Description: PGP signature

Bug#1034077: debian-security-support: Lots of noise about DEBIAN_VERSION 12 being invalid when upgrading bullseye→bookworm

[Holger Levsen]

Hi Stuart, 

On Sun, Apr 09, 2023 at 12:45:13AM +1000, Stuart Prescott wrote:
> Following up the conversation in #d-release...

thank you for that!

> Looking at some released versions of /usr/bin/check-support-status:
> - buster (10.13, 1:10+2022.08.23) has DEB_NEXT_VER_ID=11
> - bullseye (11.6, 1:11+2022.08.23) has DEB_NEXT_VER_ID=11=11
> - bookworm (to be 12.0, 1:12+2023.03.17) has DEB_NEXT_VER_ID=12

nods

> Looking at older releases (prior to the change in versioning scheme) is a
> bit harder; the value of DEB_NEXT_VER_ID also seems to increment several
> times during the life of a release, which perhaps muddies the analysis.
> Backporting the entire package and incrementing that number during the life
> of the release would also be why this has not been seen in the past, I
> guess.

TBH I think this is because the debian-security-support package was
somewhat neglected for many years.

> Based on the comment "# Version ID for next Debian stable", my assumption is
> that this should be the version number of the release that follows the
> stable release in which d-s-s is found. That is to say, the comment and code
> makes it look like DEB_NEXT_VER_ID=12 would have been right for bullseye and
> DEB_NEXT_VER_ID=13 would be right for bookworm.

right, that makes sense.

> Incrementing to DEB_NEXT_VER_ID=12 in the next bullseye point release seems
> reasonable to me; also incrementing in bookworm to DEB_NEXT_VER_ID=13 would
> be logical.

I'll ponder about this is a bit more before doing such uploads. Like for
2 or 48h or so. Please do ping me if I forget.

> Rather than having base-files predepend on d-s-s, I suspect apt could be
> convinced to upgrade them in the right order by having base-files conflict
> (or perhaps break?) the 1:11+2022.08.23 version of d-s-s, with a fixed
> version in bullseye or the upgraded version in bookworm both being OK.

would you suggest to do this instead of in in addtion of increasing 
DEB_NEXT_VER_ID to 12 for bullseye and to 13 for bookworm?

> I haven't looked at the code paths to check if this warning is 'only'
> cosmetic or if it also causes d-s-s to stop working.

nods.

thanks!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Friendly reminder, that we are all closer to being climate refugees than
billionaires.


signature.asc
Description: PGP signature

Bug#1034399: python3-pyocd: not compatible with Python version in Debian

[Adrian Friedli]

Package: python3-pyocd
Version: 0.13.1+dfsg-2
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: a...@koalatux.ch

Dear Maintainer,

pyOCD does not run with Python version 3.10 or greater.

The last few output lines of simply calling pyocd-gdbserver:

|   File "/usr/lib/python3/dist-packages/pyocd/utility/sequencer.py", line 17, 
in 
| from collections import (OrderedDict, Callable)
| ImportError: cannot import name 'Callable' from 'collections' 
(/usr/lib/python3.11/collections/__init__.py)

While this specific error should be easy to fix (Callable needs to be
imported from collections.abc instead of collections), I wonder if it
makes sense to release Debian 12 with such an old version of pyOCD.

Regards,
Adi


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 
'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-pyocd depends on:
ii  python33.11.2-1+b1
ii  python3-colorama   0.4.6-2
ii  python3-future 0.18.2-6
ii  python3-intelhex   2.3.0-2
ii  python3-intervaltree   3.0.2-1.1
ii  python3-pkg-resources  66.1.1-1
ii  python3-pyelftools 0.29-1
ii  python3-six1.16.0-4
ii  python3-usb1.2.1-2
ii  python3-websocket  1.2.3-1
ii  python3-yaml   6.0-3+b2

python3-pyocd recommends no packages.

python3-pyocd suggests no packages.

-- no debconf information

Bug#1034369: libcereal: autopkgtest regression on non x86: cc1plus: all warnings being treated as errors

[Michael R. Crusoe]

Control: forwarded -1 https://github.com/USCiLab/cereal/issues/787

I opened an issue upstream

--
Michael R. Crusoe



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034398: ccze: Project homepage on github no longer exists / abandoned upstream?

[Michael Prokop]

Package: ccze
Version: 0.2.1-7
Severity: normal

Hi,

https://github.com/madhouse/ccze throws a 404,
maybe https://git.madhouse-project.org/archive/ccze
is the proper place to refer to nowadays, but it looks like the
project was abandoned / is unmaintained from upstream?

regards
-mika-

Bug#1034397: yubikey-agent: New upstream available: v0.1.6

[Ludovic Rousseau]

Package: yubikey-agent
Version: 0.1.4-2+b7
Severity: wishlist

A new upstream version 0.1.6 is available since December 2022.
Version 0.1.4 was released from April 2021 (2 years ago).

I need the new upstream version because it allows to use a yubikey on a laptop
with an internal smart card reader.
See https://github.com/FiloSottile/yubikey-agent/pull/130


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages yubikey-agent depends on:
ii  init-system-helpers  1.65.2
ii  libc62.36-8
ii  libpcsclite1 1.9.9-1

yubikey-agent recommends no packages.

yubikey-agent suggests no packages.

-- no debconf information

Bug#1034363: firefox: Non-default fonts no longer work

[marillat]

On Thu, 13 Apr 2023 10:11:16 -0700 Rishi Cutchin  
wrote:

[...]

> Updated firefox, no longer able to render Terminus font that I was using
> before and I am forced to switch to the default. When loading Firefox
> with Terminus set gives this error.
> 
> "[ERROR glean_core] Error setting metrics feature config:
> Json(Error("EOF while parsing a value", line: 1, column: 0))"
> 
> Some testing with other fonts appeared to replicate the behavior.

I see the same.

Christian

Bug#1034396: file-roller: File-Roller fails to create 7z- and ZIP-archives from folders selected in Nemo

[Karel]

Package: file-roller
Version: 43.0-1
Severity: important
X-Debbugs-Cc: karel-...@tutanota.com

Dear Maintainer,
I tried to create an archive ba selecting various folders in my homedirectory 
and then selecting "compress" in context menu.
In the appearing file-roller-box I selected to create a 7z- or ZIP-archive 
without further archivingoptions.
The archiving-process begins and a hidden folder is created during this. After 
this is completed the tempfolder is deleted, but no 7z or ZIP-archive is 
created.
I tried exactly the same using tar.gz and rar (which I have also installed and 
registered) as target archive formats and these produce the expected archives.

I hope these additional facts (some target formats are working, some not) helps 
pinpointing the error!

Thanks for investigating and correcting!

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages file-roller depends on:
ii  bzip21.0.8-5+b1
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  libarchive13 3.6.2-1
ii  libc62.36-8
ii  libcairo21.16.0-7
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.74.6-1
ii  libgtk-3-0   3.24.37-2
ii  libhandy-1-0 1.8.1-1
ii  libjson-glib-1.0-0   1.6.6-1
ii  libnautilus-extension4   43.2-1
ii  libpango-1.0-0   1.50.12+ds-1
ii  p7zip-full   16.02+dfsg-8

Versions of packages file-roller recommends:
ii  gvfs  1.50.3-1
ii  yelp  42.2-1

Versions of packages file-roller suggests:
ii  arj  3.10.22-26
ii  lhasa [lha]  0.3.1-4+b1
ii  lzip 1.23-5
ii  lzop 1.04-2
pn  ncompress
pn  rpm2cpio 
pn  rzip 
pn  sharutils
pn  squashfs-tools   
pn  unace
pn  unalz
pn  unar 
ii  unzip6.0-28
ii  xz-utils [lzma]  5.4.1-0.2
ii  zip  3.0-13
pn  zoo  

-- no debconf information

Bug#1034395: libkf5kcmutils-dev: need fix incorrect symlink

[antonio]

Package: libkf5kcmutils-dev
Version: 5.104.0-1
Severity: normal
X-Debbugs-Cc: antde...@gmail.com

Dear Maintainer,
Se compilo pacchetto "Plasma-NM" dalla sorgente (dpkg-Buildpackage) ricevo
questo messaggio di errore:

/bin/sh: 1: /usr/lib/x86_64-linux-gnu/libexec/kf5/kcmdesktopfilegenerator:
Permission denied
make[2]: *** [kcm/CMakeFiles/kcm_networkmanagement-kcm-desktop-
gen.dir/build.make:70: kcm/CMakeFiles/kcm_networkmanagement-kcm-desktop-gen]
Errore 126
make[1]: *** [CMakeFiles/Makefile2:1413: kcm/CMakeFiles/kcm_networkmanagement-
kcm-desktop-gen.dir/all] Errore 2
make: *** [Makefile:146: all] Errore 2

This depends on the Symlink "/USR/Lib/X86_64-Linux
-gn/Libec/Kf5/Kcmdesktopfilegenerator generated by the" Libkf5kcmutils-Dev
"package.

BEFORE (OK):

$ ls -ll /usr/lib/x86_64-linux-gnu/libexec/kf5/kcmdesktopfilegenerator

lrwxrwxrwx 1 root root 71 14 apr 11.12 /usr/lib/x86_64-linux-
gnu/libexec/kf5/kcmdesktopfilegenerator ->
../../../../libexec/kf5/kcmdesktopfilegenerator/kcmdesktopfilegenerator

AFTER:

To reproduce the problem:

$ apt purge libkf5kcmutils-dev

$ apt install -t experimental libkf5kcmutils-dev

$ ls -ll /usr/lib/x86_64-linux-gnu/libexec/kf5/kcmdesktopfilegenerator

lrwxrwxrwx 1 root root 47 15 mar 16.10 /usr/lib/x86_64-linux-
gnu/libexec/kf5/kcmdesktopfilegenerator ->
../../../../libexec/kf5/kcmdesktopfilegenerator

NEED fix with:

$ ln -sfn
../../../../libexec/kf5/kcmdesktopfilegenerator/kcmdesktopfilegenerator
/usr/lib/x86_64-linux-gnu/libexec/kf5/kcmdesktopfilegenerator

$ ls -ll /usr/lib/x86_64-linux-gnu/libexec/kf5/kcmdesktopfilegenerator

lrwxrwxrwx 1 root root 71 14 apr 11.14 /usr/lib/x86_64-linux-
gnu/libexec/kf5/kcmdesktopfilegenerator ->
../../../../libexec/kf5/kcmdesktopfilegenerator/kcmdesktopfilegenerator

Thanks,
Antonio


-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (700, 'unstable'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.2.11-3-liquorix-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to it_IT.UTF-8), LANGUAGE=it
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libkf5kcmutils-dev depends on:
ii  libkf5configwidgets-dev  5.104.0-1
ii  libkf5itemviews-dev  5.104.0-1
ii  libkf5kcmutils-bin   5.104.0-1
ii  libkf5kcmutils5  5.104.0-1
ii  libkf5kcmutilscore5  5.104.0-1
ii  libkf5service-dev5.104.0-1
ii  libkf5xmlgui-dev 5.104.0-1

Versions of packages libkf5kcmutils-dev recommends:
ii  libkf5kcmutils-doc  5.104.0-1

libkf5kcmutils-dev suggests no packages.

-- no debconf information

Bug#1029628: pkgconf: add testsuite from old pkg-config

[Gianfranco Costamagna]

On Thu, 13 Apr 2023 13:13:10 +0200 Gianfranco Costamagna 
 wrote:

Hello,

What about starting with a really simple and easy basic testsuite?
(we can also maybe require build to make sure a other packages are not 
regressing the build testsuite!)

Tests: basic
Depends: libsdl2-dev, @builddeps@
Restrictions: build-needed


cat debian/tests/basic
#!/bin/sh

set -eux

if [ -n "${DEB_HOST_GNU_TYPE:-}" ]; then
 CROSS_COMPILE="$DEB_HOST_GNU_TYPE-"
else
 CROSS_COMPILE=
fi

"${CROSS_COMPILE}pkg-config" --cflags --libs sdl2



Hello Andrej!

This is what I came up.
Basically I tweak upstream testsuite to run against installed package, what do 
you think?

$ cat debian/tests/control
Tests: testsuite
Depends: kyua, pkg-config, pkgconf-bin, @builddeps@

Tests: basic
Depends: libsdl2-dev

$ cat debian/tests/basic
#!/bin/sh

set -eu

if [ -n "${DEB_HOST_GNU_TYPE:-}" ]; then
CROSS_COMPILE="$DEB_HOST_GNU_TYPE-"
else
CROSS_COMPILE=
fi

"${CROSS_COMPILE}pkg-config" --cflags --libs sdl2

$ cat debian/tests/testsuite
#!/bin/sh

cp * $AUTOPKGTEST_TMP -R
cd $AUTOPKGTEST_TMP

DEB_HOST_GNU_TYPE=$(dpkg-architecture -qDEB_HOST_GNU_TYPE)

autoreconf -fi 2> /dev/null
./configure 2> /dev/null

pcpath=$(cat /usr/share/pkgconfig/personality.d/$DEB_HOST_GNU_TYPE.personality |grep 
DefaultSearchPaths |cut -f 2 -d " ")
sed s#pcpath=.*#pcpath="$pcpath"#g -i tests/test_env.sh

rm -rf pkgconf pkg-config
cp /usr/bin/pkgconf .
cp /usr/bin/pkg-config .

kyua --config=none test --kyuafile=Kyuafile --build-root=.



This is the autopkgtest result

autopkgtest [19:51:01]: test basic: [---
-I/usr/include/SDL2 -D_REENTRANT -lSDL2
autopkgtest [19:51:02]: test basic: ---]
autopkgtest [19:51:03]: test basic:  - - - - - - - - - - results - - - - - - - 
- - -
basicPASS
autopkgtest [19:51:04]:  summary
testsuitePASS
basicPASS


Please let me know if we can upload!
I think this makes the package really stronger for us.

G.

Bug#1034389: installation-reports: bookworm cannot install base system

[Cyril Brulebois]

Control: severity -1 important
Control: tag -1 - d-i

Hi Steve,

Steve Witt  (2023-04-13):
> Tried installing in both expert mode, and normal mode. After
> partitioning the disks went to the 'Install the base system' step. It
> failed with the text: Cannot install base system. The installer cannot
> figure out how to install the base system. If found no installable
> image, and no valid mirror was configured.

We'll need more details…

> Please make sure that any installation logs that you think would
> be useful are attached to this report. Please compress large
> files using gzip.

Please attach /var/log/syslog (compressed) from the installer
environment.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1033570: unblock: kdenlive/22.12.3-2

[Patrick Matthäi]

Hello Paul,

Am 12.04.2023 um 21:09 schrieb Paul Gevers:

Control: tags -1 moreinfo

Hi Patrick

On 27-03-2023 17:06, Patrick Matthäi wrote:
as mentioned in my unblock #1033554 for mlt I were a bit too stupid 
to read the
freeze policy correctly. I would like to see kdenlive 22.12.3-2 in 
bookworm,
it just fixes some upstream bugs and two Debian bugs (missing 
dependencies).


Can you please elaborate? It appears that this is a bug fix only 
release, can you confirm? What's the upstream policy for such 
releases? I didn't spot any upstream changelog, can you describe what 
the changes are supposed to achieve?


Yes, normaly the minor versions just contains bugfixes. Here are the 
release notes: https://kdenlive.org/de/2023/03/kdenlive-22-12-3/






The debdiff is - except of the translation files - small.


Might have been nice to filter them out :).


Attached :)




Fixing annoying upstream bugs and missing dependencies in the packaging.


Any pointers to which bugs those are?


 * Fix subtitle scrolling. Commit.
   
 * Fix language model combobox too small. Commit.
   
Fixes
   bug #465787 
 * Scroll timeline when moving a subtitle. Related to #1634. Commit.
   
 * Fix subtitles overlap on import. Commit.
   
 * Fix subtitle move regression. Commit.
   
 * Fix subtitle offset on group move. Commit.
   
 * Fix subtitles snapping. Commit.
   
 * Fix compilation. Commit.
   
 * Fix crash and offset when moving a group with subtitle. Commit.
   






[ Risks ]
If mlt is not allowed to enter bookworm the "risk" would be that I 
would like

to request a upload of this kdenlive version directly to testing?


You may have guessed from the silence (see also our FAQ [1]) that 
we're not enthusiastic about mlt. I'm currently leaning towards the 
tpu route for kdenlive.


Paul

[1] https://release.debian.org/testing/FAQ.html


Yes especially for the mlt case it is understandable for me.

--
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog:https://www.linux-dev.org/
E-Mail:pmatth...@debian.org
patr...@linux-dev.org
*/
diff -Nru kdenlive-22.12.2/debian/changelog kdenlive-22.12.3/debian/changelog
--- kdenlive-22.12.2/debian/changelog   2023-02-03 09:49:23.0 +0100
+++ kdenlive-22.12.3/debian/changelog   2023-03-10 09:43:45.0 +0100
@@ -1,3 +1,19 @@
+kdenlive (22.12.3-2) unstable; urgency=medium
+
+  * Add missing dependency on qml-module-org-kde-newstuff.
+Closes: #1032470
+
+ -- Patrick Matthäi   Fri, 10 Mar 2023 09:43:45 +0100
+
+kdenlive (22.12.3-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Add dependency on qml-module-org-kde-kcm.
+Closes: #1030782
+  * Update signing-key.asc.
+
+ -- Patrick Matthäi   Tue, 07 Mar 2023 09:13:27 +0100
+
 kdenlive (22.12.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru kdenlive-22.12.2/debian/control kdenlive-22.12.3/debian/control
--- kdenlive-22.12.2/debian/control 2023-02-03 09:49:23.0 +0100
+++ kdenlive-22.12.3/debian/control 2023-03-10 09:43:45.0 +0100
@@ -60,6 +60,8 @@
  qml-module-qtquick-dialogs,
  qml-module-qtquick-layouts,
  qml-module-qtquick-window2,
+ qml-module-org-kde-kcm,
+ qml-module-org-kde-newstuff,
  breeze,
  breeze-icon-theme (>= 4:5.83.0),
  kinit,
diff -Nru kdenlive-22.12.2/debian/upstream/signing-key.asc 
kdenlive-22.12.3/debian/upstream/signing-key.asc
--- kdenlive-22.12.2/debian/upstream/signing-key.asc2023-02-03 
09:49:23.0 +0100
+++ kdenlive-22.12.3/debian/upstream/signing-key.asc2023-03-10 
09:43:45.0 +0100
@@ -11,19 +11,147 @@
 P0B3l1E4Ccw1ne2/O1BdsnXeUaI3YVYz9aZkVlL7ywda3h/goRKxc1b18bmgu/Ed
 QmcTEMj29B3szMpetWNt1ZbaMJzfDw+z+SiQ3toOTUiqMuWq+l+JK0dVUzOvpGhG
 VHv5m9CtJFP671ivEc4it0hJRH5kdW9aNbeG0g9TxHQqQMJIpeLvRq5WKwARAQAB
-tCFBbGJlcnQgQXN0YWxzIENpZCA8YWFjaWRAa2RlLm9yZz6JAlQEEwEIAD4CGwMF
-CwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQTKJixsg95NL7KKMyo6ak24Oeqm1wUC
-Yv52/wUJDRPXIAAKCRA6ak24Oeqm1zksD/95HdsLbCMlQWImftxAY0wUNVLTvt7+
-9rjpt/unyCqdtD9uS7J6Tfldmd2zPxIJFxpDx3AK5gJGAl8hBuARBTG6mzDSyohy
-0ldLAroab2zKn/hGfnAlxZtsa8DGmNhKKb8zEyKraM2grdc2bCF/sQ5yKmC0THAQ
-wMBjLHoszKYV+y/R34o1nZZaufPrNWMPd3hmiyCl5vzmRDQJatmkDvueYyPMt3Ff
-JovWtixWFHsdnQ72l2kelkhpNc51RpgZ6lCm9ghWWTLvOEPhR5tpYQ+CykPatmzh

Bug#1034233: tlp: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

[Raphaël Halimi]

Control: fixed -1 1.5.0-2
Control: thanks

Forgot to mention the closed bug in the changelog.

--
Raphaël Halimi

Bug#1034394: unblock: zabbix/1:6.0.14+dfsg-1

[Dmitry Smirnov]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Affects: -1 zabbix
 
Dear release team, 

Please consider unblocking "zabbix/1:6.0.14+dfsg-1"
in order to fix PHP-8.2 compatibility issues (#1033241).

Thank you.

-- 
Best wishes,
 Dmitry Smirnov
 GPG key : 4096R/52B6BBD953968D1B

---

To suppress free speech is a double wrong. It violates the rights of the
hearer as well as those of the speaker. It is just as criminal to rob a man
of his right to speak and hear as it would be to rob him of his money...
 -- Frederick Douglass


signature.asc
Description: This is a digitally signed message part.

Bug#1034393: connman: CVE-2023-28488

[Salvatore Bonaccorso]

Source: connman
Version: 1.41-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for connman.

CVE-2023-28488[0]:
| client.c in gdhcp in ConnMan through 1.41 could be used by network-
| adjacent attackers (operating a crafted DHCP server) to cause a stack-
| based buffer overflow and denial of service, terminating the connman
| process.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-28488
https://www.cve.org/CVERecord?id=CVE-2023-28488
[1] 
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1034392: tomcat9: jstack/jcmd broken for non-root users with tomcat9+jdk11 or greater

[Per Lundberg]

Package: tomcat9
Version: 9.0.43-2~deb11u6
Severity: normal
X-Debbugs-Cc: sebastian.lovd...@hibox.tv

Hi,

We noticed while rolling out JDK 17 support for our in-house application
that the following command is "broken" (moral-martin is an LXD container
in my examples below, PID 4108 is the tomcat9 java process):

root@moral-martin:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Debian GNU/Linux 11 (bullseye)
Release:11
Codename:   bullseye

root@moral-martin:~# sudo -u tomcat jstack 4108
4108: Unable to open socket file /proc/4108/root/tmp/.java_pid4108: target 
process 4108 doesn't respond within 10500ms or HotSpot VM not loaded

...when all following conditions are met:

* tomcat9 is running from systemd, _and_
* the JDK is of version 11 or greater, _and_
* the systemd unit (/lib/systemd/system/tomcat9.service) sets
  AmbientCapabilities=CAP_NET_BIND_SERVICE (which is done by the Debian
  package)

We have spent a significant amount of time debugging this and I'll try
to do my best to summarize our findings here:

The problem is that the way jstack and similar tools work have changed
from JDK8 to JDK11. In JDK8, it simply uses /tmp to try and communicate
with the target process:
https://github.com/AdoptOpenJDK/openjdk-jdk8u/blob/master/jdk/src/solaris/classes/sun/tools/attach/LinuxVirtualMachine.java#L40-L45
and 
https://github.com/AdoptOpenJDK/openjdk-jdk8u/blob/master/jdk/src/solaris/classes/sun/tools/attach/LinuxVirtualMachine.java#L293

In newer JDK versions (JDK 17 as an example), the code has been made
"smarter" to support mount namespaces:
https://github.com/openjdk/jdk17u/blob/master/src/jdk.attach/linux/classes/sun/tools/attach/VirtualMachineImpl.java#L299-L302

_However_... bear with me, this is where it gets interesting: this
presumes that the calling process can access /proc//root/tmp. When
AmbientCapabilities=CAP_NET_BIND_SERVICE is set in the systemd unit,
this is not the case:

root@moral-martin:~# sudo -u tomcat ls -l /proc/4108/root
ls: cannot read symbolic link '/proc/4108/root': Permission denied
lrwxrwxrwx 1 tomcat tomcat 0 Apr 13 12:55 /proc/4108/root

We have tested this and concluded that:

1. This happens whever _any_ capability is set in the systemd unit; it's
   not limited to CAP_NET_BIND_SERVICE. (Note: I haven't tested adding
   all possible capabilities yet; I believed I had but when writing this
   bug report I realize that my attempt at setting all of them didn't
   actually list all of them in `getpcaps pid`; will test this a bit
   more and see if it makes any difference)

2. When you remove AmbientCapabilities or set it to AmbientCapabilities=
   (empty string), it also works correctly.

I honestly don't know if tomcat9 is the correct package to report this
to; it can also be seen as a bug in the JDK. (We will work with the JDK
maintainers to get this reported to them as well.) Feel free to reassign
the bug report to another package.

With JDK 8, this works correctly. Some of our tooling/monitoring is
dependent on being able to connect to Tomcat (running on JDK 8 or 17) at
runtime. That's why this is imporant for us.

Workaround

What we have seen that on JDK 17, running `jstack` as root works; this
will connect to the target process correctly. However, this does _not_
work on JDK 8 and doesn't seem to work properly on JDK 11 either (I
think this has been fixed upstream in JDK for more recent JDK versions,
which is why it behaves differently on JDK 17). 

Our application supports both JDK 8 and 17 for now, and running `jstack`
as root *does not* work on JDK 8. Hence, having to run it as root with
our JDK 17-based installations (only) makes things unnecessarily
complex.

Conclusions

It puzzles me why setting the ambient capabilities for a process breaks
this. It's uncertain whether this is a "feature" by the kernel or
elsewhere. We have tried to find more details about this by studying the
systemd and dbus code to a certain extent, but have yet been unable to
find anything. If anyone reading this knows the prctl and cap_set_proc
semantics by heart, your help would be greatly appreciated.

Best regards,
Per

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages tomcat9 depends on:
ii  lsb-base11.6
ii  systemd [systemd-tmpfiles]  252.6-1
ii  sysvinit-utils [lsb-base]   3.06-2
pn  tomcat9-common  
ii  ucf 3.0043+nmu1

Versions of packages tomcat9 recommends:
ii  

Bug#905166: Enable support for Opus

[Itaï BEN YAACOV]

Package: sox
Version: 14.4.2+git20190427-3.5
Followup-For: Bug #905166

Dear Maintainer,

I second this request.  Right now I need to have my own recompiled version
of sox for this.   I can confirm that enabling opus is both easy and, for
some users, useful.

Cheers,
Itaï


-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (600, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sox depends on:
ii  libc6 2.36-9
ii  libsox-fmt-base   14.4.2+git20190427-3.5
ii  libsox-fmt-pulse  14.4.2+git20190427-3.5
ii  libsox3   14.4.2+git20190427-3.5

sox recommends no packages.

Versions of packages sox suggests:
pn  libsox-fmt-all  

-- debconf-show failed