Bug#1010573: marked as done (node-yaml: Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './types' is not defined by "exports" in /usr/share/node_modules/yaml/package.json)

2022-05-05 Thread Debian Bug Tracking System 
Your message dated Fri, 06 May 2022 05:03:50 +
with message-id 
and subject line Bug#1010573: fixed in node-tap-parser 11.0.1+~cs2.1.2-5
has caused the Debian Bug report #1010573,
regarding node-yaml: Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath 
'./types' is not defined by "exports" in 
/usr/share/node_modules/yaml/package.json
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1010573: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010573
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-modern-syslog
Version: 1.2.0-3
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: sramac...@debian.org

https://buildd.debian.org/status/fetch.php?pkg=node-modern-syslog=mipsel=1.2.0-3%2Bb1=1651678779=0

gyp info ok 
make[1]: Leaving directory '/<>'
   dh_auto_test --buildsystem=nodejs -a
mkdir -p node_modules
ln -s ../. node_modules/modern-syslog
/bin/sh -ex debian/tests/pkg-js/test
+ tap --no-cov test/test-compat.js test/test-core.js test/test-openlog.js 
test/test-setmask.js test/test-stream.js test/test-syslog.js
node:internal/modules/cjs/loader:488
  throw e;
  ^

Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './types' is not defined 
by "exports" in /usr/share/node_modules/yaml/package.json
at new NodeError (node:internal/errors:371:5)
at throwExportsNotFound (node:internal/modules/esm/resolve:453:9)
at packageExportsResolve (node:internal/modules/esm/resolve:731:3)
at resolveExports (node:internal/modules/cjs/loader:482:36)
at Function.Module._findPath (node:internal/modules/cjs/loader:522:31)
at Function.Module._resolveFilename 
(node:internal/modules/cjs/loader:919:27)
at Function.Module._load (node:internal/modules/cjs/loader:778:27)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object. (/usr/share/nodejs/tap-yaml/lib/types/index.js:1:15) {
  code: 'ERR_PACKAGE_PATH_NOT_EXPORTED'
}
dh_auto_test: error: /bin/sh -ex debian/tests/pkg-js/test returned exit code 1
make: *** [debian/rules:13: binary-arch] Error 25


Cheers
-- 
Sebastian Ramacher
--- End Message ---
--- Begin Message ---
Source: node-tap-parser
Source-Version: 11.0.1+~cs2.1.2-5
Done: Yadd 

We believe that the bug you reported is fixed in the latest version of
node-tap-parser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd  (supplier of updated node-tap-parser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 06 May 2022 06:38:56 +0200
Source: node-tap-parser
Built-For-Profiles: nocheck
Architecture: source
Version: 11.0.1+~cs2.1.2-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Yadd 
Closes: 1010573
Changes:
 node-tap-parser (11.0.1+~cs2.1.2-5) unstable; urgency=medium
 .
   * Team upload
 .
   [ Jérémy Lal ]
   * watch: use new tapjs/tap-parser url
 .
   [ Yadd ]
   * Transition: embed yaml@1.10 (Closes:#1010573)
Checksums-Sha1: 
 860f68b8a9cb7ce12ac4adfb43ce419152993b43 2890 
node-tap-parser_11.0.1+~cs2.1.2-5.dsc
 e4a6b96f2e8abd48f86356c3b09bcefbb4b25e97 44312 
node-tap-parser_11.0.1+~cs2.1.2-5.debian.tar.xz
Checksums-Sha256: 
 f5fe13f14a90c6765e3fb3a92eefc9002d44253fd66a7cc315c20877339f15fc 2890 
node-tap-parser_11.0.1+~cs2.1.2-5.dsc
 78e3ee06ca90f82dad2228aa9e5f41fa2f1fc8421d0d5c94b645af1333e247bf 44312 
node-tap-parser_11.0.1+~cs2.1.2-5.debian.tar.xz
Files: 
 54f59a56e663b1e604840110a7228e58 2890 javascript optional 
node-tap-parser_11.0.1+~cs2.1.2-5.dsc
 d7aa473edf615bce3f5079510beb4e44 44312 javascript optional 
node-tap-parser_11.0.1+~cs2.1.2-5.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmJ0ptAACgkQ9tdMp8mZ
7umJqA//RqfYKOQNTUgkj90GGnVLMgc2ir1PGqJSk+fhKvsIongFPdtW/MoADkAy
vtYsMzvO2RdxnNfoXfhL6DD4QdJVSlfixX0rpOPEpEjuDytHIZ7WeW3XxycznqqK
mmH8t2b/L1JbOIcwHHjNYEuCjRLEpP4+4ZehqW5BsbU+XnPsqoHGDi89wS8h9MQi

Bug#1005502: marked as done (ublock-origin: FTBFS: src/lib/lz4/lz4-block-codec.wat:71:5: error: unexpected token get_local, expected ).)

2022-05-05 Thread Debian Bug Tracking System 
Your message dated Fri, 06 May 2022 02:34:55 +
with message-id 
and subject line Bug#1005502: fixed in ublock-origin 1.42.0+dfsg-1
has caused the Debian Bug report #1005502,
regarding ublock-origin: FTBFS: src/lib/lz4/lz4-block-codec.wat:71:5: error: 
unexpected token get_local, expected ).
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1005502: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ublock-origin
Version: 1.40.2+dfsg-1
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20220212 ftbfs-bookworm

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.


Relevant part (hopefully):
> make[1]: Entering directory '/<>'
> # Compile the WebAssembly code from source
> find . -name "*.wasm" -delete
> wat2wasm src/lib/lz4/lz4-block-codec.wat -o src/lib/lz4/lz4-block-codec.wasm
> src/lib/lz4/lz4-block-codec.wat:71:5: error: unexpected token get_local, 
> expected ).
> get_local $ilen
> ^
> src/lib/lz4/lz4-block-codec.wat:78:5: error: unexpected token get_local.
> get_local $ilen
> ^
> make[1]: *** [debian/rules:9: override_dh_auto_build] Error 1


The full build log is available from:
http://qa-logs.debian.net/2022/02/12/ublock-origin_1.40.2+dfsg-1_unstable.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

If you reassign this bug to another package, please marking it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects

If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.


--- End Message ---
--- Begin Message ---
Source: ublock-origin
Source-Version: 1.42.0+dfsg-1
Done: Markus Koschany 

We believe that the bug you reported is fixed in the latest version of
ublock-origin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1005...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated ublock-origin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 06 May 2022 03:17:53 +0200
Source: ublock-origin
Architecture: source
Version: 1.42.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Mozilla Extension Maintainers 

Changed-By: Markus Koschany 
Closes: 1005502
Changes:
 ublock-origin (1.42.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.42.0+dfsg.
 - Fix FTBFS unexpected token get_local. (Closes: #1005502)
Checksums-Sha1:
 8cdf6fa1f3060296615d6f1408391ff0b479da83 2500 ublock-origin_1.42.0+dfsg-1.dsc
 f10a1e33676e70e7222d033e7e5c67cbe5abb7df 15705088 
ublock-origin_1.42.0+dfsg.orig.tar.xz
 468df68429ae0639e8e5621fed96859d584baef8 48476 
ublock-origin_1.42.0+dfsg-1.debian.tar.xz
 d7231f1f6f31d4e2cf2cd4b8cd4ee911c06d1f7c 7629 
ublock-origin_1.42.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 d181d9d9c17e9ab9c4397d9df84dcffd2e9d85ed67705711c7c7f914b0a02e87 2500 
ublock-origin_1.42.0+dfsg-1.dsc
 b51792acce8810aa8074771ab319afe8116dbc2bb726020218daadc59d1f77fc 15705088 
ublock-origin_1.42.0+dfsg.orig.tar.xz
 bf10cefe65c6b5e18994ff191686c4bbe6b935e0f9e9f99eec9cbd0a5ce1452c 48476 
ublock-origin_1.42.0+dfsg-1.debian.tar.xz
 1f26468cd4f0621cac0843da9bb9c72401d23138424fea28ca9f5d7bdaa1d474 7629 
ublock-origin_1.42.0+dfsg-1_amd64.buildinfo
Files:
 189b05970f0319ad11f235a6d4ca89f9 2500 web optional 
ublock-origin_1.42.0+dfsg-1.dsc
 cbd2aeb68a0b7253f40b128a432d7945 15705088 web optional 
ublock-origin_1.42.0+dfsg.orig.tar.xz
 0cf5f3c2db34ef2e2c06def7519460a9 48476 web optional 
ublock-origin_1.42.0+dfsg-1.debian.tar.xz
 a056ca01906d23263965a8956c7d8bb8 7629 web optional 
ublock-origin_1.42.0+dfsg-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmJ0f7NfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD

Bug#1008354: fossil: FTBFS: ./conftest__.c:3: undefined reference to `sqlite3_open'

2022-05-05 Thread Nobuhiro Ban 
Thank you for your reply.
Understood.  I will wait for the next release.

2022年5月5日(木) 17:14 Barak A. Pearlmutter :
>
> Yes.
>
> I patched over the issue for now by just using the internal sqlite3
> library, so I think it can wait until the next official release to
> pick up the proper bug fix and go back to using the system sqlite3
> library.

Processed: fixed 1010641 21.11.1-1

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> fixed 1010641 21.11.1-1
Bug #1010641 {Done: Luca Boccassi } [src:dpdk] dpdk: 
CVE-2021-3839 and CVE-2022-0669
The source 'dpdk' and version '21.11.1-1' do not appear to match any binary 
packages
Marked as fixed in versions dpdk/21.11.1-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1010641: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010641
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: close 1010641

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> fixed 1010641 20.11.5-1~deb11u1
Bug #1010641 [src:dpdk] dpdk: CVE-2021-3839 and CVE-2022-0669
Marked as fixed in versions dpdk/20.11.5-1~deb11u1.
> fixed 1010641 20.11.5-1
Bug #1010641 [src:dpdk] dpdk: CVE-2021-3839 and CVE-2022-0669
Marked as fixed in versions dpdk/20.11.5-1.
> close 1010641
Bug #1010641 [src:dpdk] dpdk: CVE-2021-3839 and CVE-2022-0669
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1010641: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010641
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1010641: dpdk: CVE-2021-3839 and CVE-2022-0669

2022-05-05 Thread Luca Boccassi 
Source: dpdk
Version: 20.11-1
Severity: serious
Tags: security upstream

DPDK from version 19.11 onward is affected by CVE-2021-3839 and
CVE-2022-0669 in the vhost driver:

https://bugzilla.redhat.com/show_bug.cgi?id=2025882
https://bugzilla.redhat.com/show_bug.cgi?id=2055793

Fixed in upstream version 20.11.5.

Bug#986590: Patch

2022-05-05 Thread Anton Gladky 
As I mentioned before the patch does not solve the problem.
Increasing the "Session time" sometimes causes very long
test-times. So we have here definitely the deadlock.

If somebody has more experience in glib, it would be really
helpful to investigate an issue.

Best regards

Anton

Bug#1010639: beep: Doesn't beep - could not open any device

2022-05-05 Thread Richard Z 
Package: beep
Version: 1.4.9-1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: r...@linux-m68k.org

Dear Maintainer,

installed the beep package and tried beep without any arguments and it does not
work.

$ BEEP_LOG_LEVEL=999 beep
beep-log: Verbose: log_constructor
beep-log: Verbose: beep_driver_console_constructor
beep-log: Verbose: beep_drivers_register 0x5658c6a0 (console)
beep-log: Verbose: beep_driver_evdev_constructor
beep-log: Verbose: beep_drivers_register 0x5658c6e0 (evdev)
beep: Verbose: evdev driver_detect 0x5658c6e0 (nil)
beep: Verbose: b-lib: could not open(2) /dev/input/by-path/platform-pcspkr-
event-spkr: Permission denied
beep: Verbose: console driver_detect 0x5658c6a0 (nil)
beep: Verbose: b-lib: could not open(2) /dev/tty0: Permission denied
beep: Verbose: b-lib: could not stat(2) /dev/vc/0: No such file or directory
beep: Error: Could not open any device


Regards
Richard


-- System Information:
Debian Release: 11.3
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable'), (100, 'testing')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 5.10.0-14-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages beep depends on:
ii  libc6  2.31-13+deb11u3

beep recommends no packages.

beep suggests no packages.

Bug#1010619: rsyslog: CVE-2022-24903: Potential heap buffer overflow in TCP syslog server (receiver) components

2022-05-05 Thread Michael Biebl 

Am 05.05.22 um 17:10 schrieb Salvatore Bonaccorso:

Source: rsyslog
Version: 8.2204.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for rsyslog. Filling for now
as grave, but we might downgrade. Probably affected configurations are
not that common if I understood correctly, the advisory has some
comments about it as well[1].


Yeah, I think this feature is obscure enough (and not enabled by 
default) that non-RC severity is fine.






OpenPGP_signature
Description: OpenPGP digital signature

Processed: found 1010619 in 8.2102.0-2, found 1010619 in 8.1901.0-1+deb10u1, found 1010619 in 8.1901.0-1

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 1010619 8.2102.0-2
Bug #1010619 [src:rsyslog] rsyslog: CVE-2022-24903: Potential heap buffer 
overflow in TCP syslog server (receiver) components
Marked as found in versions rsyslog/8.2102.0-2.
> found 1010619 8.1901.0-1+deb10u1
Bug #1010619 [src:rsyslog] rsyslog: CVE-2022-24903: Potential heap buffer 
overflow in TCP syslog server (receiver) components
Marked as found in versions rsyslog/8.1901.0-1+deb10u1.
> found 1010619 8.1901.0-1
Bug #1010619 [src:rsyslog] rsyslog: CVE-2022-24903: Potential heap buffer 
overflow in TCP syslog server (receiver) components
Marked as found in versions rsyslog/8.1901.0-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1010619: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010619
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#903374: tracker : flaky autopkgtest: ERROR: tracker-monitor-test - Bail out!

2022-05-05 Thread Paul Gevers 

Control: tags -1 patch

On 22-09-2021 22:30, Paul Gevers wrote:

Since the beginning of September 2021, the autopkgtest of tracker
started to fail consistently.

Can you please look into this?


I prepared a fix
https://salsa.debian.org/elbrus/tracker/-/commit/2dffe8c7dd19ea263c7d951b8234fb659b1d9d3a

I'm not sure if the --no-parallel is really needed, but I found that in 
debian/rules, so at least that's not unheard off.


As the git tree has moved on with the work for experimental, I wasn't 
sure how to propose an MR.


Paul

diff --git a/debian/tests/unit-tests b/debian/tests/unit-tests
index e1191fef1..3d7ac668f 100644
--- a/debian/tests/unit-tests
+++ b/debian/tests/unit-tests
@@ -16,4 +16,4 @@ LOCPATH=${AUTOPKGTEST_TMP}/locale \
 HOME=${AUTOPKGTEST_TMP} \
 LANG=en_US.utf8 \
 LC_ALL=en_US.utf8 \
-dbus-run-session -- dh_auto_test 2> >(grep -vE 
'^(Activating|Successfully activated)')>&2
+dbus-run-session -- dh_auto_test --no-parallel 2> >(grep -vE 
'^(Activating|Successfully activated)')>&2

diff --git a/tests/functional-tests/cli.py b/tests/functional-tests/cli.py
index 1318e754e..6e4475d56 100644
--- a/tests/functional-tests/cli.py
+++ b/tests/functional-tests/cli.py
@@ -37,6 +37,7 @@ class TestCli(fixtures.TrackerCommandLineTestCase):
 expected_version_line = 'Tracker %s' % 
configuration.tracker_version()

 self.assertEqual(version_line, expected_version_line)

+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_create_local_database(self):
 """Create a database using `tracker3 endpoint` for local 
testing"""


@@ -53,6 +54,7 @@ class TestCli(fixtures.TrackerCommandLineTestCase):
 ['tracker3', 'sparql', '--database', tmpdir,
  '--query', 'ASK { ?u a rdfs:Resource }'])

+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_export(self):
 """Export contents of a Tracker database."""

@@ -69,6 +71,7 @@ class TestCli(fixtures.TrackerCommandLineTestCase):
 self.run_cli(
 ['tracker3', 'export', '--database', tmpdir, 
'--show-graphs']);


+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_import(self):
 """Import a Turtle file into a Tracker database."""

@@ -83,6 +86,7 @@ class TestCli(fixtures.TrackerCommandLineTestCase):
 self.run_cli(
 ['tracker3', 'import', '--database', tmpdir, testdata]);

+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_http_endpoint(self):
 """Create a HTTP endpoint for local testing"""

diff --git a/tests/functional-tests/portal.py 
b/tests/functional-tests/portal.py

index 2dbbd66c8..b52352e53 100644
--- a/tests/functional-tests/portal.py
+++ b/tests/functional-tests/portal.py
@@ -32,6 +32,7 @@ import configuration
 import fixtures

 class TestPortal(fixtures.TrackerPortalTest):
+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_01_forbidden(self):
 self.start_service('org.freedesktop.Inaccessible')
 self.assertRaises(
@@ -39,6 +40,7 @@ class TestPortal(fixtures.TrackerPortalTest):
 'org.freedesktop.Inaccessible',
 'select ?u { BIND (1 AS ?u) }')

+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_02_allowed(self):
 self.start_service('org.freedesktop.PortalTest')
 res = self.query(
@@ -47,6 +49,7 @@ class TestPortal(fixtures.TrackerPortalTest):
 self.assertEqual(len(res), 1)
 self.assertEqual(res[0][0], '1')

+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_03_graph_access(self):
 self.start_service('org.freedesktop.PortalTest')
 self.update(
@@ -61,6 +64,7 @@ class TestPortal(fixtures.TrackerPortalTest):
 self.assertEqual(len(res), 1)
 self.assertEqual(res[0][0], 'b')

+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_04_rows_cols(self):
 self.start_service('org.freedesktop.PortalTest')
 res = self.query(
@@ -95,6 +99,7 @@ class TestPortal(fixtures.TrackerPortalTest):
 self.timeout_id = 0
 self.loop.quit()

+@unittest.skipIf (1, "It errors on ci.d.n")
 def test_05_local_connection_notifier(self):
 self.start_service('org.freedesktop.PortalTest')



OpenPGP_signature
Description: OpenPGP digital signature

Processed: Re: tracker : flaky autopkgtest: ERROR: tracker-monitor-test - Bail out!

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 patch
Bug #903374 [src:tracker] tracker: autopkgtest regressed in September 2021
Added tag(s) patch.

-- 
903374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903374
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004107: meson: flaky autopkgtest on armhf: dictionary changed size during iteration -> timeout

2022-05-05 Thread Paul Gevers 

Hi Jussi,

On 21-01-2022 19:17, Paul Gevers wrote:

Running tests with 160 workers


It just occurred to me that it may be useful to try and reduce the 
number of concurrent running tests to something you would expect on a 
more normal computer (under conditions where the framework is better 
tested). Our armel host has 160 cores, similar, our amd64 ci-worker13 
host has 56.


Paul

https://sources.debian.org/src/meson/0.62.1-1/run_project_tests.py/#L1542

https://sources.debian.org/src/meson/0.62.1-1/run_project_tests.py/#L1552


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1010269: marked as done (crashes immediately at start)

2022-05-05 Thread Debian Bug Tracking System 
Your message dated Thu, 05 May 2022 19:06:23 +
with message-id 
and subject line Bug#1010269: fixed in wine-development 6.23~repack-2
has caused the Debian Bug report #1010269,
regarding crashes immediately at start
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1010269: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010269
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: wine-development
Version: 6.23~repack-1

Whenever I run any wine-development command, for example 
`wine-development winecfg`, even in a new, empty, WINEPREFIX, I get a 
crash immediately:


% wine-development winecfg
err:environ:read_nls_file failed to load 10/0
zsh: segmentation fault  wine-development winecfg

with more verbose logging:

% WINEDEBUG=+all wine-development winecfg
err:environ:read_nls_file failed to load 10/0
trace:virtual:NtAllocateVirtualMemory 0x 0x7ffe 1000 
3000 0002

trace:virtual:dump_view View: 0x7ffe - 0x7ffe0fff (valloc)
trace:virtual:dump_view   0x7ffe - 0x7ffe0fff c-r--
trace:virtual:NtAllocateVirtualMemory 0x (nil) 0020 102000 
0004

trace:virtual:map_view got mem in reserved area 0x3fe0-0x4000
trace:virtual:dump_view View: 0x3fe0 - 0x3fff (valloc)
trace:virtual:dump_view   0x3fe0 - 0x3fff --rw-
trace:virtual:NtAllocateVirtualMemory 0x 0x3ffe 0002 
1000 0004

trace:virtual:dump_view View: 0x3fe0 - 0x3fff (valloc)
trace:virtual:dump_view   0x3fe0 - 0x3ffd --rw-
trace:virtual:dump_view   0x3ffe - 0x3fff c-rw-
sock_init: shutdown() causes EOF
wineserver: starting (pid=1315093)
0020: *fd* 02e1 -> 23
0024: *fd* 7 <- 23
0024: *fd* 9 <- 24
0024: init_first_thread( unix_pid=1315091, unix_tid=1315091, 
debug_level=1, reply_fd=7, wait_fd=9 )
0024: init_first_thread() = 0 { pid=0020, tid=0024, 
server_start=1d85a3ae26eac84 (-0.630), session_id=0001, 
info_size=0, machines={8664,014c} }
0024: open_mapping( access=000f001f, attributes=, rootdir=, 
name=L"\\KernelObjects\\__wine_user_shared_data" )

0024: open_mapping() = 0 { handle=0004 }
0024: get_handle_fd( handle=0004 )
0024: *fd* 0004 -> 20
0024: get_handle_fd() = 0 { type=1, cacheable=1, access=000f001f, 
options=0020 }

0024: close_handle( handle=0004 )
0024: close_handle() = 0
3189712.026:0020:0024:trace:ntdll:init_cpu_info <- CPU arch 0, level 23, 
rev 28928, features 0xebf9bfff
3189712.026:0020:0024:trace:ntdll:NtQueryInformationToken 
(0xfffa,1,0xffc6efd4,76,0xffc6efb0)

0024: get_token_sid( handle=fffa, which_sid=0001 )
0024: get_token_sid() = 0 { sid_len=28, sid={S-1-5-21-0-0-0-1000} }
3189712.027:0020:0024:trace:reg:NtCreateKey 
((nil),L"\\Registry\\User\\S-1-5-21-0-0-0-1000\\Software\\Wine",,0,f003f,0xffc6f360)
0024: create_key( access=000f003f, options=, 
objattr={rootdir=,attributes=0040,sd={},name=L"\\Registry\\User\\S-1-5-21-0-0-0-1000\\Software\\Wine"}, 
class=L"" )

0024: create_key() = OBJECT_NAME_NOT_FOUND { hkey=, created=0 }
3189712.027:0020:0024:trace:reg:NtCreateKey <- (nil)
3189712.027:0020:0024:trace:file:find_drive_rootA "/tmp/plop-262610" -> 
drive Z:, root="/", name="/tmp/plop-262610"

0024: *killed* exit_code=0
zsh: segmentation fault  WINEDEBUG=+all wine-development winecfg
--- End Message ---
--- Begin Message ---
Source: wine-development
Source-Version: 6.23~repack-2
Done: Michael Gilbert 

We believe that the bug you reported is fixed in the latest version of
wine-development, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert  (supplier of updated wine-development 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 05 May 2022 18:09:14 +
Source: wine-development
Architecture: source
Version: 6.23~repack-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Wine Party 
Changed-By: Michael Gilbert 
Closes: 1010269
Changes:
 wine-development (6.23~repack-2) unstable; urgency=medium
 .
   * Correct shift-overflow flag for clang on arm64.
   * Add

Processed: slurm-wlm: CVE-2022-29500

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> found -1 20.11.7+really20.11.4-2
Bug #1010634 [src:slurm-wlm] slurm-wlm: CVE-2022-29500
Marked as found in versions slurm-wlm/20.11.7+really20.11.4-2.

-- 
1010634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1010634: slurm-wlm: CVE-2022-29500

2022-05-05 Thread Salvatore Bonaccorso 
Source: slurm-wlm
Version: 21.08.7-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 20.11.7+really20.11.4-2

Hi,

The following vulnerability was published for slurm-wlm.

CVE-2022-29500[0]:
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control
| that leads to Information Disclosure.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-29500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29500
[1] https://lists.schedmd.com/pipermail/slurm-announce/2022/72.html
[2] 
https://github.com/SchedMD/slurm/commit/500787548cf3da22cc69ca2111ce51f77543849b
 

Regards,
Salvatore

Bug#1010633: slurm-wlm: CVE-2022-29501

2022-05-05 Thread Salvatore Bonaccorso 
Source: slurm-wlm
Version: 21.08.7-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 20.11.7+really20.11.4-2

Hi,

The following vulnerability was published for slurm-wlm.

CVE-2022-29501[0]:
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control
| that leads to Escalation of Privileges and code execution.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-29501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29501
[1] https://lists.schedmd.com/pipermail/slurm-announce/2022/72.html
[2] 
https://github.com/SchedMD/slurm/commit/863c763c241db46039c27c4b7438ef5d33defb12

Regards,
Salvatore

Processed: slurm-wlm: CVE-2022-29501

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> found -1 20.11.7+really20.11.4-2
Bug #1010633 [src:slurm-wlm] slurm-wlm: CVE-2022-29501
Marked as found in versions slurm-wlm/20.11.7+really20.11.4-2.

-- 
1010633: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010633
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1010632: slurm-wlm: CVE-2022-29502

2022-05-05 Thread Salvatore Bonaccorso 
Source: slurm-wlm
Version: 21.08.7-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for slurm-wlm.

CVE-2022-29502[0]:
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control
| that leads to Escalation of Privileges.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-29502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29502
[1] https://lists.schedmd.com/pipermail/slurm-announce/2022/72.html
[2] 
https://github.com/SchedMD/slurm/commit/351669e7db3b5bc84b5791dc3626d683b8abe18e

Regards,
Salvatore

Processed (with 4 errors): only printers that announce fax devices are in some cases affected

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> forwarded 1009188 https://github.com/OpenPrinting/ipp-usb/issues/48
Bug #1009188 [ipp-usb] ipp-usb is not ready for this device
Set Bug forwarded-to-address to 
'https://github.com/OpenPrinting/ipp-usb/issues/48'.
> severity 1009188 normal
Bug #1009188 [ipp-usb] ipp-usb is not ready for this device
Severity set to 'normal' from 'grave'
> This bug affects only printers that announce itself as having a fax device
Unknown command or malformed arguments to command.
> but use some kind of internet2fax service and that have no or just a flaky
Unknown command or malformed arguments to command.
> network connection.
Unknown command or malformed arguments to command.
> At the moment this only relates to some devices made by HP.
Unknown command or malformed arguments to command.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1009188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: [bts-link] source package src:gammapy

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:gammapy
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #1000613 (http://bugs.debian.org/1000613)
> # Bug title: gammapy FTBFS on !amd64: test failures
> #  * https://github.com/gammapy/gammapy/issues/3662
> #  * remote status changed: open -> closed
> #  * closed upstream
> tags 1000613 + fixed-upstream
Bug #1000613 [src:gammapy] gammapy FTBFS on !amd64: test failures
Added tag(s) fixed-upstream.
> usertags 1000613 - status-open
Usertags were: status-open.
There are now no usertags set.
> usertags 1000613 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1000613: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000613
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: [bts-link] source package src:webkit2gtk

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:webkit2gtk
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #1010166 (http://bugs.debian.org/1010166)
> # Bug title: webkit2gtk: 2.36.1-1 apparent regression seen in devhelp 
> autopkgtest
> #  * https://bugs.webkit.org/show_bug.cgi?id=239767
> #  * remote status changed: NEW -> RESOLVED
> #  * remote resolution changed: (?) -> FIXED
> #  * closed upstream
> tags 1010166 + fixed-upstream
Bug #1010166 [src:webkit2gtk] webkit2gtk: 2.36.1-1 apparent regression seen in 
devhelp autopkgtest
Added tag(s) fixed-upstream.
> usertags 1010166 - status-NEW
Usertags were: status-NEW.
There are now no usertags set.
> usertags 1010166 + status-RESOLVED resolution-FIXED
There were no usertags set.
Usertags are now: resolution-FIXED status-RESOLVED.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1010166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010166
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Should vmtk be removed?

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 1008792 normal
Bug #1008792 [src:vmtk] Should vmtk be removed?
Severity set to 'normal' from 'serious'
> reassign 1008792 ftp.debian.org
Bug #1008792 [src:vmtk] Should vmtk be removed?
Bug reassigned from package 'src:vmtk' to 'ftp.debian.org'.
No longer marked as found in versions vmtk/1.3+dfsg-2.3.
Ignoring request to alter fixed versions of bug #1008792 to the same values 
previously set
> retitle 1008792 RM: vmtk -- RoM; Depends on Python 2, unmaintained
Bug #1008792 [ftp.debian.org] Should vmtk be removed?
Changed Bug title to 'RM: vmtk -- RoM; Depends on Python 2, unmaintained' from 
'Should vmtk be removed?'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1008792: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008792
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1008792: Should vmtk be removed?

2022-05-05 Thread Moritz Mühlenhoff 
severity 1008792 normal
reassign 1008792 ftp.debian.org
retitle 1008792 RM: vmtk -- RoM; Depends on Python 2, unmaintained
thanks

Reassigning for removal

Bug#1008704: Sould astk be removed?

2022-05-05 Thread Moritz Mühlenhoff 
severity 1008704 normal
reassign 1008704 ftp.debian.org
retitle 1008704 RM: astk -- RoM; depends on Python 2, unmaintained
thanks

Reassigning for removal.

Processed: Re: Should sortsmill-tools be removed?

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 1008703 normal
Bug #1008703 [src:sortsmill-tools] Should sortsmill-tools be removed?
Severity set to 'normal' from 'serious'
> reassign 1008703 ftp.debian.org
Bug #1008703 [src:sortsmill-tools] Should sortsmill-tools be removed?
Bug reassigned from package 'src:sortsmill-tools' to 'ftp.debian.org'.
No longer marked as found in versions sortsmill-tools/0.4-2.
Ignoring request to alter fixed versions of bug #1008703 to the same values 
previously set
> retitle 1008703 RM: sortsmill-tools -- RoM; Depends on Python 2, unmaintained
Bug #1008703 [ftp.debian.org] Should sortsmill-tools be removed?
Changed Bug title to 'RM: sortsmill-tools -- RoM; Depends on Python 2, 
unmaintained' from 'Should sortsmill-tools be removed?'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1008703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Should geda-gaf be removed?

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 1008700 normal
Bug #1008700 [src:geda-gaf] Should geda-gaf be removed?
Severity set to 'normal' from 'serious'
> reassign 1008700 ftp.debian.org
Bug #1008700 [src:geda-gaf] Should geda-gaf be removed?
Bug reassigned from package 'src:geda-gaf' to 'ftp.debian.org'.
No longer marked as found in versions geda-gaf/1:1.8.2-11.
Ignoring request to alter fixed versions of bug #1008700 to the same values 
previously set
> retitle 1008700 RM: geda-gaf -- RoM; Depends on Python 2, replacement exists
Bug #1008700 [ftp.debian.org] Should geda-gaf be removed?
Changed Bug title to 'RM: geda-gaf -- RoM; Depends on Python 2, replacement 
exists' from 'Should geda-gaf be removed?'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1008700: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008700
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Sould astk be removed?

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 1008704 normal
Bug #1008704 [src:astk] Sould astk be removed?
Severity set to 'normal' from 'serious'
> reassign 1008704 ftp.debian.org
Bug #1008704 [src:astk] Sould astk be removed?
Bug reassigned from package 'src:astk' to 'ftp.debian.org'.
No longer marked as found in versions astk/1.13.1-2.1.
Ignoring request to alter fixed versions of bug #1008704 to the same values 
previously set
> retitle 1008704 RM: astk -- RoM; depends on Python 2, unmaintained
Bug #1008704 [ftp.debian.org] Sould astk be removed?
Changed Bug title to 'RM: astk -- RoM; depends on Python 2, unmaintained' from 
'Sould astk be removed?'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1008704: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008704
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1008700: Should geda-gaf be removed?

2022-05-05 Thread Moritz Mühlenhoff 
severity 1008700 normal
reassign 1008700 ftp.debian.org
retitle 1008700 RM: geda-gaf -- RoM; Depends on Python 2, replacement exists
thanks

Reassigning for removal.

Bug#1008703: Should sortsmill-tools be removed?

2022-05-05 Thread Moritz Mühlenhoff 
severity 1008703 normal
reassign 1008703 ftp.debian.org
retitle 1008703 RM: sortsmill-tools -- RoM; Depends on Python 2, unmaintained
thanks

Reassigning for removal

Bug#1010623: linux-image-amd64: Missing Crypto Modules

2022-05-05 Thread Dick Middleton 
Package: linux-image-amd64
Version: 5.10.106-1
Severity: serious
Justification: 4

Dear Maintainer,

Upgrading Stable to Bullseye no longer can access encrypted root file system. 
Prevents booting. 

Needed to add crypto modules ecb and ccm (although I'm not sure which or both 
were needed) to initrd as both were missing.

Was using dracut to build initrd.

-- System Information:
Debian Release: 11.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-13-amd64 (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-amd64 depends on:
ii  linux-image-5.10.0-13-amd64  5.10.106-1

linux-image-amd64 recommends no packages.

linux-image-amd64 suggests no packages.

-- debconf-show failed

Bug#1010619: rsyslog: CVE-2022-24903: Potential heap buffer overflow in TCP syslog server (receiver) components

2022-05-05 Thread Salvatore Bonaccorso 
Source: rsyslog
Version: 8.2204.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for rsyslog. Filling for now
as grave, but we might downgrade. Probably affected configurations are
not that common if I understood correctly, the advisory has some
comments about it as well[1].

CVE-2022-24903[0]:
| Potential heap buffer overflow in TCP syslog server (receiver)
| components

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-24903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24903
[1] 
https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1010597: closing 1010597, closing 1010597, closing 1010597

2022-05-05 Thread Salvatore Bonaccorso 
close 1010597 11.0.15+10-1
# pending in upcoming DSA
close 1010597 11.0.15+10-1~deb11u1
close 1010597 11.0.15+10-1~deb10u1
thanks

Processed: has patch

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 897975 patch
Bug #897975 [gdm3] gdm3: restarts in a loop: IceLockAuthFile fail: Already 
exists (race condition?)
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
897975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: closing 1010597, closing 1010597, closing 1010597

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 1010597 11.0.15+10-1
Bug #1010597 [openjdk-11-jdk] openjdk-11-jdk: CVE-2022-21476 unfixed for weeks
Marked as fixed in versions openjdk-11/11.0.15+10-1.
Bug #1010597 [openjdk-11-jdk] openjdk-11-jdk: CVE-2022-21476 unfixed for weeks
Marked Bug as done
> # pending in upcoming DSA
> close 1010597 11.0.15+10-1~deb11u1
Bug #1010597 {Done: Salvatore Bonaccorso } [openjdk-11-jdk] 
openjdk-11-jdk: CVE-2022-21476 unfixed for weeks
There is no source info for the package 'openjdk-11-jdk' at version 
'11.0.15+10-1~deb11u1' with architecture ''
Unable to make a source version for version '11.0.15+10-1~deb11u1'
Marked as fixed in versions 11.0.15+10-1~deb11u1.
Bug #1010597 {Done: Salvatore Bonaccorso } [openjdk-11-jdk] 
openjdk-11-jdk: CVE-2022-21476 unfixed for weeks
Bug 1010597 is already marked as done; not doing anything.
> close 1010597 11.0.15+10-1~deb10u1
Bug #1010597 {Done: Salvatore Bonaccorso } [openjdk-11-jdk] 
openjdk-11-jdk: CVE-2022-21476 unfixed for weeks
There is no source info for the package 'openjdk-11-jdk' at version 
'11.0.15+10-1~deb10u1' with architecture ''
Unable to make a source version for version '11.0.15+10-1~deb10u1'
Marked as fixed in versions 11.0.15+10-1~deb10u1.
Bug #1010597 {Done: Salvatore Bonaccorso } [openjdk-11-jdk] 
openjdk-11-jdk: CVE-2022-21476 unfixed for weeks
Bug 1010597 is already marked as done; not doing anything.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1010597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010597
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: chise-base: diff for NMU version 0.3.0-2.2

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> tags 965454 + patch
Bug #965454 [src:chise-base] chise-base: Removal of obsolete debhelper compat 5 
and 6 in bookworm
Added tag(s) patch.
> tags 965454 + pending
Bug #965454 [src:chise-base] chise-base: Removal of obsolete debhelper compat 5 
and 6 in bookworm
Added tag(s) pending.

-- 
965454: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965454
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#965454: chise-base: diff for NMU version 0.3.0-2.2

2022-05-05 Thread Guilherme de Paula Xavier Segundo 
Control: tags 965454 + patch
Control: tags 965454 + pending


Dear maintainer,

I've prepared an NMU for chise-base (versioned as 0.3.0-2.2) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.

Regards.

diff -u chise-base-0.3.0/debian/changelog chise-base-0.3.0/debian/changelog
--- chise-base-0.3.0/debian/changelog
+++ chise-base-0.3.0/debian/changelog
@@ -1,3 +1,14 @@
+chise-base (0.3.0-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Using new DH level format. Consequently:
+  - debian/compat: removed.
+  - debian/control: changed from 'debhelper' to 'debhelper-compat' in
+Build-Depends field and bumped level to 13.
+  - Closes: #965454
+
+ -- Guilherme de Paula Xavier Segundo   Fri, 22 Apr 2022 13:29:50 -0300
+
 chise-base (0.3.0-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
reverted:
--- chise-base-0.3.0/debian/compat
+++ chise-base-0.3.0.orig/debian/compat
@@ -1 +0,0 @@
-5
diff -u chise-base-0.3.0/debian/control chise-base-0.3.0/debian/control
--- chise-base-0.3.0/debian/control
+++ chise-base-0.3.0/debian/control
@@ -2,7 +2,7 @@
 Priority: optional
 Section: devel
 Maintainer: NIIBE Yutaka 
-Build-Depends: debhelper (>= 5.0.0), libdb-dev (>= 4.8)
+Build-Depends: debhelper-compat (= 13), libdb-dev (>= 4.8)
 Standards-Version: 3.8.4
 
 Package: chise-db
diff -u chise-base-0.3.0/libchise/config.guess chise-base-0.3.0/libchise/config.guess
--- chise-base-0.3.0/libchise/config.guess
+++ chise-base-0.3.0/libchise/config.guess
@@ -1,14 +1,14 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
-#   Free Software Foundation, Inc.
+#   Copyright 1992-2022 Free Software Foundation, Inc.
 
-timestamp='2009-06-10'
+# shellcheck disable=SC2006,SC2268 # see below for rationale
+
+timestamp='2022-01-09'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful, but
@@ -17,26 +17,30 @@
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program; if not, see .
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
 # configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-
-# Originally written by Per Bothner .
-# Please send patches to .  Submit a context
-# diff and a properly formatted ChangeLog entry.
+# the same distribution terms that you use for the rest of that
+# program.  This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
 #
-# This script attempts to guess a canonical system name similar to
-# config.sub.  If it succeeds, it prints the system name on stdout, and
-# exits with 0.  Otherwise, it exits with 1.
+# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
 #
-# The plan is that this can be called by configure scripts if you
-# don't specify an explicit build system type.
+# You can get the latest version of this script from:
+# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
+#
+# Please send patches to .
+
+
+# The "shellcheck disable" line above the timestamp inhibits complaints
+# about features and limitations of the classic Bourne shell that were
+# superseded or lifted in POSIX.  However, this script identifies a wide
+# variety of pre-POSIX systems that do not have POSIX shells at all, and
+# even some reasonably current systems (Solaris 10 as case-in-point) still
+# have a pre-POSIX /bin/sh.
+
 
 me=`echo "$0" | sed -e 's,.*/,,'`
 
@@ -45,7 +49,7 @@
 
 Output the configuration name of the system \`$me' is run on.
 
-Operation modes:
+Options:
   -h, --help print this help, then exit
   -t, --time-stamp   print date of last modification, then exit
   -v, --version  print version number, then exit
@@ -56,8 +60,7 @@
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
-2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+Copyright 1992-2022 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A

Bug#1009466: marked as done (openlp: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.10 returned exit code 13)

2022-05-05 Thread Debian Bug Tracking System 
Your message dated Thu, 5 May 2022 16:31:51 +0200
with message-id <4972573a-8963-698c-e2d5-30970cacc...@debian.org>
and subject line Re: openlp: FTBFS: dh_auto_test: error: pybuild --test 
--test-pytest -i python{version} -p 3.10 returned exit code 13
has caused the Debian Bug report #1009466,
regarding openlp: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i 
python{version} -p 3.10 returned exit code 13
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1009466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009466
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openlp
Version: 2.9.4-1
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20220412 ftbfs-bookworm

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.


Relevant part (hopefully):
> make[1]: Entering directory '/<>'
> QT_QPA_PLATFORM=offscreen dh_auto_test
> I: pybuild base:239: cd /<>/.pybuild/cpython3_3.10_openlp/build; 
> python3.10 -m pytest -k-test_load_settings_position_invalid
> /usr/lib/python3/dist-packages/_pytest/mark/__init__.py:264: 
> PytestDeprecationWarning: The `-k '-expr'` syntax to -k is deprecated.
> Use `-k 'not expr'` instead.
>   deselect_by_keyword(items, config)
> 
> = test session starts 
> ==
> platform linux -- Python 3.10.4, pytest-6.2.5, py-1.10.0, pluggy-1.0.0
> PyQt5 5.15.6 -- Qt runtime 5.15.2 -- Qt compiled 5.15.2
> rootdir: /<>
> plugins: qt-4.0.2
> collected 1937 items / 1 deselected / 2 skipped / 1934 selected
> 
> tests/openlp_core/test_app.py .  [  
> 0%]
> tests/openlp_core/test_server.py .   [  
> 0%]
> tests/openlp_core/test_state.py ...  [  
> 1%]
> tests/openlp_core/test_threading.py .[  
> 2%]
> tests/openlp_core/test_version.py ...[  
> 2%]
> tests/openlp_core/api/test_deploy.py ... [  
> 3%]
> tests/openlp_core/api/test_main.py . [  
> 3%]
> tests/openlp_core/api/test_tab.py .  [  
> 3%]
> tests/openlp_core/api/test_websockets.py ..  [  
> 3%]
> tests/openlp_core/api/test_zeroconf.py   [  
> 3%]
> tests/openlp_core/api/endpoint/test_controller.py    [  
> 4%]
> tests/openlp_core/api/http_server/test_http.py ..[  
> 4%]
> tests/openlp_core/api/http_server/test_init.py ...   [  
> 4%]
> tests/openlp_core/api/v2/test_controller.py  [  
> 6%]
>  [  
> 6%]
> tests/openlp_core/api/v2/test_core.py .. [  
> 6%]
> tests/openlp_core/api/v2/test_plugins.py ..  [  
> 7%]
> tests/openlp_core/api/v2/test_service.py [  
> 7%]
> tests/openlp_core/common/test_actions.py ..  [  
> 8%]
> tests/openlp_core/common/test_applocation.py ..F..   [  
> 8%]
> tests/openlp_core/common/test_db.py ..   [  
> 8%]
> tests/openlp_core/common/test_httputils.py ..[  
> 9%]
> tests/openlp_core/common/test_i18n.py    [ 
> 10%]
> tests/openlp_core/common/test_init.py .. [ 
> 12%]
> ..   [ 
> 13%]
> tests/openlp_core/common/test_json.py .. [ 
> 14%]
> tests/openlp_core/common/test_mixins.py  [ 
> 14%]
> tests/openlp_core/common/test_network_interfaces.py ..   [ 
> 14%]
> tests/openlp_core/common/test_path.py ...[ 
> 15%]
> tests/openlp_core/common/test_registry.py .. [ 
> 15%]
> tests/openlp_core/common/test_settings.py .. [ 
> 16%]
> tests/openlp_core/common/test_utils.py ...   [ 
> 17%]
> tests/openlp_core/display/test_render.py ..  [ 
> 17%]
> tests/openlp_core/display/test_screens.py .. [ 
> 18%]
> tests/openlp_core/display/test_window.py [ 
> 19%]

Processed: Re: Bug#952692: xcffib test timeout on s390x.

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 important
Bug #952692 [src:xcffib] xcffib: tests sometimes timeout on s390x
Severity set to 'important' from 'serious'

-- 
952692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952692
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#952692: xcffib test timeout on s390x.

2022-05-05 Thread Paul Gevers 

Control: severity -1 important

Hi,

On Sat, 23 May 2020 15:11:52 +0300 Adrian Bunk  wrote:

> A new try succeeded. It seems something in the testsuite is flaky, and it
> doesn't seem to be specific to this version. Adjusting to version info to
> allow this version to migrate.


With version 0.11.1-2, this package is now arch:all and normally isn't 
built on s390x, so lowering the severity to non-RC level.


On ci.debian.net we haven't seen the timeout yet (but the package hasn't 
been tested a lot yet on that arch). If we're seeing the timeout there 
regularly, I'll raise the severity again, as we consider flaky tests RC.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1010608: openldap: Flaky test test063-delta-multiprovider

2022-05-05 Thread Quanah Gibson-Mount 




--On Thursday, May 5, 2022 3:54 PM +0300 Adrian Bunk  
wrote:



Source: openldap
Version: 2.5.11+dfsg-1
Severity: seriou
Tags: ftbfs
X-Debbugs-Cc: Philipp Kern 

https://buildd.debian.org/status/fetch.php?pkg=openldap=amd64=2.
5.12%2Bdfsg-1=1651720566=0
https://tests.reproducible-builds.org/debian/rbuild/unstable/i386/openlda
p_2.5.11+dfsg-1.rbuild.log.gz

...

Starting test063-delta-multiprovider for mdb...

running defines.sh
Initializing server configurations...
Starting server 1 on TCP/IP port 9011...
Using ldapsearch to check that server 1 is running...
Using ldapadd for context on server 1...
Starting server 2 on TCP/IP port 9012...
Using ldapsearch to check that server 2 is running...
Starting server 3 on TCP/IP port 9013...
Using ldapsearch to check that server 3 is running...
Starting server 4 on TCP/IP port 9014...
Using ldapsearch to check that server 4 is running...
Using ldapadd to populate server 1...
Waiting 7 seconds for syncrepl to receive changes...
Using ldapsearch to read all the entries from server 1...
Using ldapsearch to read all the entries from server 2...
Using ldapsearch to read all the entries from server 3...
Using ldapsearch to read all the entries from server 4...
Comparing retrieved entries from server 1 and server 2...
Comparing retrieved entries from server 1 and server 3...
Comparing retrieved entries from server 1 and server 4...
Using ldapadd to populate server 2...
Using ldapsearch to read all the entries from server 1...
Using ldapsearch to read all the entries from server 2...
Using ldapsearch to read all the entries from server 3...
Using ldapsearch to read all the entries from server 4...
Comparing retrieved entries from server 1 and server 2...
Comparing retrieved entries from server 1 and server 3...
test failed - server 1 and server 3 databases differ

test063-delta-multiprovider failed for mdb after 28 seconds



The test suite is heavily timing dependent.  If you're building in a 
resource constrainted environment, you'll need to adjust the timers 
accordingly.


--Quanah

Processed: reopening 986070

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> reopen 986070
Bug #986070 {Done: Emmanuel Bourg } [protobuf2] protobuf2: 
unsuitable for release
Bug reopened
Ignoring request to alter fixed versions of bug #986070 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
986070: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986070
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1009452: libgit2-glib: FTBFS: gir1.2-ggit-1.0 missing files: usr/lib/python3*/*-packages/gi/overrides

2022-05-05 Thread Peter Green 

This issue is related to https://bugs.debian.org/1009097


Bug 1009097 has been marked as fixed in meson 0.62.1-1, but according to
"reproducible builds" libgit2-glib still FTBFS with the same error.

https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/libgit2-glib.html

Processed: severity 950182 important

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 950182 important
Bug #950182 [puppet] Puppet 5.5 EOL in November 2020
Severity set to 'important' from 'serious'
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
950182: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950182
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1010526: marked as done (libxml2: CVE-2022-29824: integer overflows in xmlBuf and xmlBuffer)

2022-05-05 Thread Debian Bug Tracking System 
Your message dated Thu, 05 May 2022 13:03:54 +
with message-id 
and subject line Bug#1010526: fixed in libxml2 2.9.14+dfsg-1
has caused the Debian Bug report #1010526,
regarding libxml2: CVE-2022-29824: integer overflows in xmlBuf and xmlBuffer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1010526: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libxml2
Version: 2.9.13+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libxml2.

CVE-2022-29824[0]:
| In libxml2 before 2.9.14, several buffer handling functions in buf.c
| (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows.
| This can result in out-of-bounds memory writes. Exploitation requires
| a victim to open a crafted, multi-gigabyte XML file. Other software
| using libxml2's buffer functions, for example libxslt through 1.1.35,
| is affected as well.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-29824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
[1] 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.9.14+dfsg-1
Done: Mattia Rizzolo 

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mattia Rizzolo  (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 05 May 2022 14:43:51 +0200
Source: libxml2
Architecture: source
Version: 2.9.14+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group 
Changed-By: Mattia Rizzolo 
Closes: 1010526
Changes:
 libxml2 (2.9.14+dfsg-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 2.9.14+dfsg.
 + Integer overflows in xmlBuf/xmlBuffer.  CVE-2022-29824 Closes: #1010526
Checksums-Sha1:
 8429b8bb146e769de5ddde76604625c0cadc3238 2915 libxml2_2.9.14+dfsg-1.dsc
 b41615e638174b4e36845c68d4b305dd6a6b541f 2351200 
libxml2_2.9.14+dfsg.orig.tar.xz
 6f34e85ab2a7a69939d63f114508355792d19772 28664 
libxml2_2.9.14+dfsg-1.debian.tar.xz
 77585c2c8ef6d57131de7d21d64b7c33b3840c96 9305 
libxml2_2.9.14+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 560b526a9b445b239eedac460cb7554e4e9aeaea5cf6a7c669dae08e3d4c14a5 2915 
libxml2_2.9.14+dfsg-1.dsc
 4fe913dec8b1ab89d13b489b419a8203176ea39e931eaa0d25b17eafb9c279e9 2351200 
libxml2_2.9.14+dfsg.orig.tar.xz
 6d563feb4a3f79c5e704703264bc4c06afd6fb30176a85afaba3549e3bef2a28 28664 
libxml2_2.9.14+dfsg-1.debian.tar.xz
 09a9c90e2a5c94ac5985cdb739e08db298bbaa7daec8554e33d4c306abc14800 9305 
libxml2_2.9.14+dfsg-1_amd64.buildinfo
Files:
 b2eb0a3aa5ad7ee9d22c42e93c9c48f6 2915 libs optional libxml2_2.9.14+dfsg-1.dsc
 bbcae2f48d1c9b1413ef953ce87e9346 2351200 libs optional 
libxml2_2.9.14+dfsg.orig.tar.xz
 d36d0dc977d8564c7a6945cc2eeaff3c 28664 libs optional 
libxml2_2.9.14+dfsg-1.debian.tar.xz
 2be9224d463dde28a3ff31527930dd26 9305 libs optional 
libxml2_2.9.14+dfsg-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmJzyMIACgkQCBa54Yx2
K60+RA/+NZc4vKOcYMorlMrbJOXj9ywJZEIZFi4LjEtyCBfMG8m8hJxhtDrmCydL
e9Y65rry1g1C39chSM1VrW9ckUkZ9CgokOa0V8gKM/A7EIDfyLjxx4dWHKAJ0rPM
vd8hY3LGOxb5WCjHG4PNE4TAR8ZbB1hIJyUboGvBREfAbN7P+NQ0p0pF41JzDCG2
bLze03Wcc5bGWKRBwuptsHfQJBYuwHC1ut1tnizwGzU24/eol66xdsuj30bLaCKd
VFyLMsQ9DDQH5Jn/03+mKQKx7sYeWrO5ZRfe+heJ+Lpwr1wVepvgk4whJt7ZseS3
BWdK0DwKimKre+Ntm2/Oe2W70NFE39SWET1Rnayr9zGTIoDEnkLUMLvgekUAJs+v
PUtuSQavQaWUoAu+KmeqKPvX6x8VgQPLYG4PvOrN3aAi1X2K6BE7Yl3wcXbRpW6P
PpyzWIVDB8CokVTwJvTIwZn5NU6ztTOY3IQNT22jzkzy82tZBuHZp5zORrxoUrTc

Bug#1010526: [xml/sgml-pkgs] Bug#1010526: libxml2: CVE-2022-29824: integer overflows in xmlBuf and xmlBuffer

2022-05-05 Thread Mattia Rizzolo 
On Tue, May 03, 2022 at 05:43:50PM +0200, Salvatore Bonaccorso wrote:
> CVE-2022-29824[0]:
> | In libxml2 before 2.9.14,

I'm uploading 2.9.14 in a few minutes, taking care of this for unstable
and bookworm, but if you believe this bug deserves to be fixed through
-security, I'd ask if you can take care of that yourselves.

Otherwise I'll submit a pu next week.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#929983: bug 929983: ipxe-qemu: virtio booting no longer works after upgrade to buster

2022-05-05 Thread Michael Tokarev 

05.05.2022 13:47, Paul Gevers wrote:

Hi all,

[CC-ing src:debian-edu and src:qemu as they pull in src:ipxe-qemu into the key 
package set, so I consider them stakeholders in this RC bug.]

On Fri, 12 Mar 2021 19:29:55 +0100 (CET) Thorsten Glaser  
wrote:

So we now know without fail that there’s a change in the ipxe-qemu
binary package, introduced between jessie and stretch, that breaks
netbooting on virtio NICs for at least some qemu machine models in
use by libvirt guests.


Is there any progress on this front? It would be a shame if we have to 
-ignore the bug again for bookworm.


Well, there's no progress in there, -
I weren't aware of this issue is still occurs on bookworm.

I don't have a netboot environment handy to test it, either.

Help?

/mjt

Processed: severity of 1010608 is serious

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 1010608 serious
Bug #1010608 [src:openldap] openldap: Flaky test test063-delta-multiprovider
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1010608: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010608
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: closing 986070

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 986070
Bug #986070 [protobuf2] protobuf2: unsuitable for release
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
986070: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986070
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: closing 1010446

2022-05-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 1010446
Bug #1010446 [nodejs] nodejs 14.19 hangs on mipsel/mips64el when building 
qtwebengine frontend with rollup and terser plugin
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1010446: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010446
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#929983: bug 929983: ipxe-qemu: virtio booting no longer works after upgrade to buster

2022-05-05 Thread Paul Gevers 

Hi all,

[CC-ing src:debian-edu and src:qemu as they pull in src:ipxe-qemu into 
the key package set, so I consider them stakeholders in this RC bug.]


On Fri, 12 Mar 2021 19:29:55 +0100 (CET) Thorsten Glaser  
wrote:

So we now know without fail that there’s a change in the ipxe-qemu
binary package, introduced between jessie and stretch, that breaks
netbooting on virtio NICs for at least some qemu machine models in
use by libvirt guests.


Is there any progress on this front? It would be a shame if we have to 
-ignore the bug again for bookworm.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1010307: user-mode-linux: FTBFS in bookworm as it Build-Depends on removed linux-source-5.16"

2022-05-05 Thread Ritesh Raj Sarraf 
Control: tag -1 done

On Thu, 2022-04-28 at 16:52 +0200, Paul Gevers wrote:
> Recently your package showed up there because it Build-Depends on
> linux-source-5.16 which has been removed from bookworm. Versioned
> linux packages are moving targets. Are you aware of the unversioned
> linux-source instead, such that you don't need to update the BD every
> time the linux kernel updates?

This was uploaded this week on Monday.

Thank you for mentioning about the linux-source package. I wasn't aware
of it. I'll try to see if that fits the build requirements.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System


signature.asc
Description: This is a digitally signed message part

Processed: Re: golang-github-libgit2-git2go-v32: missing Build-Depends: tzdata

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 important
Bug #1003789 [src:golang-github-libgit2-git2go-v32] 
golang-github-libgit2-git2go-v32: missing Build-Depends: tzdata
Severity set to 'important' from 'serious'

-- 
1003789: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003789
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1010509: [Pkg-javascript-devel] Bug#1010509: nodejs: add more info about build fail on riscv64

2022-05-05 Thread Aurelien Jarno 
On 2022-05-05 11:36, Jérémy Lal wrote:
> Hi,
> 
> Le jeu. 5 mai 2022 à 11:12, Bo YU  a écrit :
> >
> >  ```
> >
> > Error: Unrecognized type: 'string\[]'.
> > Please, edit the type or update
> 'file:///<>/debian/doc-generator/type-parser.mjs'.
> > at file:///<>/debian/doc-generator/type-parser.mjs:297:15
> > ```
> 
> That's the documentation generator, non-fatal, just ignore it.
> 
> 
> > But it should no harm to build riscv64 packages from result at last.
> >
> > So maybe the rv-osuosl-02[0] machines has different with the real
> hardware?
> 
> Yes, maybe. CC-ing riscv64 porters about that.

rv-rr44-01 and rv-mullvad-0x are Unleashed boards
rv-osuosl-0x are Unmatched boards
Other are QEMU VMs.

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#1010597: openjdk-11-jdk: CVE-2022-21476 unfixed for weeks

2022-05-05 Thread Sascha Girrulat 

Dear Maintainer,

i saw that the CVE is already fixed for sid. I'm unsure if we have to 
try to create a bullseye backport of the 11.0.15+10-1 for ourself or if 
we have to wait a bit longer until it's fixed for bullseye too. We are 
using the container images of debian with this openjdk-jre for our 
services and we are looking forward to an update.


Cheers
Sascha

On Thu, 05 May 2022 10:45:26 +0200 Michael Kesper  wrote:

Package: openjdk-11-jdk
Version: 11.0.14+9-1~deb11u1
Severity: critical
Tags: security
Justification: causes serious data loss
X-Debbugs-Cc: mkes...@web.de, t...@security.debian.org, Debian Security Team 


Dear Maintainer,

since weeks, there is a known undisputed CVE for all openjdk versions in Debian,
https://security-tracker.debian.org/tracker/CVE-2022-21476
described as easily exploitable for unauthenticated attackers resulting in 
access to data.

However, there seems to be no security issue handling of this CVE, instead a fix
is only made available to unstable.

Please include a fix for Debian stable at least.

Best regards
Michael

-- System Information:
Debian Release: 11.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable'), (100, 'bullseye-fasttrack'), (100, 
'bullseye-backports-staging')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-14-amd64 (SMP w/6 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openjdk-11-jdk depends on:
ii  libc62.31-13+deb11u3
ii  openjdk-11-jdk-headless  11.0.14+9-1~deb11u1
ii  openjdk-11-jre   11.0.14+9-1~deb11u1

Versions of packages openjdk-11-jdk recommends:
ii  libxt-dev  1:1.2.0-1

Versions of packages openjdk-11-jdk suggests:
pn  openjdk-11-demo
pn  openjdk-11-source  
pn  visualvm   

-- no debconf information

Bug#864423: Software RAID is not activated at boot time

2022-05-05 Thread Paul Gevers 

Hi kibi,

On Thu, 10 Dec 2020 12:28:53 +0100 Paul Gevers  wrote:

Hi fellow Release team member, and Cyril specifically,

On Fri, 29 Mar 2019 19:18:43 +0100 Ivo De Decker  wrote:
> Removing it for buster is
> not realistic because d-i depends on it.

If we want to remove this from bullseye, now is a good moment. I
*assume* that the last comment of Ivo still holds. So, Cyril, what do
you think?


What would you say about this? Even if d-i would not need it anymore, we 
would need work to drop the dependency chain via 
libblockdev/udisks2/gnome-control-center.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1010509: [Pkg-javascript-devel] Bug#1010509: nodejs: add more info about build fail on riscv64

2022-05-05 Thread Jérémy Lal 
Hi,

Le jeu. 5 mai 2022 à 11:12, Bo YU  a écrit :
>
>  ```
>
> Error: Unrecognized type: 'string\[]'.
> Please, edit the type or update
'file:///<>/debian/doc-generator/type-parser.mjs'.
> at file:///<>/debian/doc-generator/type-parser.mjs:297:15
> ```

That's the documentation generator, non-fatal, just ignore it.


> But it should no harm to build riscv64 packages from result at last.
>
> So maybe the rv-osuosl-02[0] machines has different with the real
hardware?

Yes, maybe. CC-ing riscv64 porters about that.

It's not a surprise to see those two test failures related to cpu profiling,
those features depend a lot on the architecture and are only used for
benchmark/debugging.
I'll mark those tests as flaky on riscv64 for next upload, preferably after
migration to testing,
and report to upstream if needed.

Jérémy

Bug#1008818: #1008818: needrestart: creates root-owned .rpmdb in non-root user $HOME, possibly corrupting existing one

2022-05-05 Thread Ian Jackson 
Control: severity -1 important

Hi.  This bug report has been on my radar since it was filed, because
it is RC and I maintain a package that (very indirectly) depends on
rpm.

I think a more accurate summary of the issue is:

  rpm honours $HOME, and writes db files there, even when uid==0

I think this is correct behaviour by rpm.  Programs (assuming they're
net setuid, which rpm isn't) ought to trust and honour the environment
variables provided by their callers.

It is up to the caller to make sure the program is called in a
reasonable way.  I this case, sudo by default arranges for the
environment and the uid to match.  That is how sudo discharges that
responsibility.

But here the sysadmin has overridden that sudo setting.  I think the
system administrator who does this ought to expect the behaviour
exhibited by rpm, and gets to keep all the resulting pieces.

Overall, running things like apt as root but with a personal HOME (and
other personal environment variables) is likely to cause many
different kinds of lossage, of which the issue described here is only
one.


Incidentally, I do not use sudo.  I wrote my own tool (available in
chiark-really.deb), which does not adjust the environment at all.  So
I get to run as root but with my own usual personal environment.

However, I do not start daemons, or do package management operations,
in this environment.  My personal environment variables including HOME
are not appropriate for systemwide "production" activities.

I discovered this many years ago the hard way: I had done some package
upgrades without resetting my environment.  One of the packages was
cron.  cron, and all of its children, therefore inherited my personal
environment.  This caused some quite strange behaviours in some cron
jobs.  When I discovered this, it became obvious to me that none of
this was the fault of cron, or apt, or of the cron jobs.  It was my
own fault for running apt with my personal environment.


I am going to downgrade this bug report.  Personally I think it ought
to be closed, but I will limit my intervention to that necessary to
get my own package off the autoremoval list.

Thanks,
Ian.

-- 
Ian JacksonThese opinions are my own.  

Pronouns: they/he.  If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

Processed: #1008818: needrestart: creates root-owned .rpmdb in non-root user $HOME, possibly corrupting existing one

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 important
Bug #1008818 [rpm] needrestart: creates root-owned .rpmdb in non-root user 
$HOME, possibly corrupting existing one
Severity set to 'important' from 'grave'

-- 
1008818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008818
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1010509: nodejs: add more info about build fail on riscv64

2022-05-05 Thread Bo YU 
Package: nodejs
Version: 16.14.2+dfsg-5
Tags: patch, ftbfs
Followup-For: Bug #1010509
User: debian-ri...@lists.debian.org
Usertags: riscv64
X-Debbugs-Cc: debian-ri...@lists.debian.org

Hi,

I noticed the buildd log on riscv64:

https://buildd.debian.org/status/fetch.php?pkg=nodejs=riscv64=16.14.2%2Bdfsg-5=1651638439=0

So I want to try build nodejs on riscv64 locally with
`sbuild -d sid-riscv64-sbuild` on real riscv64 hardware(Unmatched boards):

It seems ok:

```
...

I: Lintian run was successful.

+--+
| Post Build   |
+--+


+--+
| Cleanup  |
+--+

Purging /<>
Not cleaning session: cloned chroot in use

+--+
| Summary  |
+--+

Build Architecture: riscv64
Build Type: binary
Build-Space: 17568828
Build-Time: 35693
Distribution: sid-riscv64-sbuild
Host Architecture: riscv64
Install-Time: 101
Job: /home/vimer/05/12_nodejs/nodejs_16.14.2+dfsg-5.dsc
Lintian: warn
Machine Architecture: riscv64
Package: nodejs
Package-Time: 35915
Source-Version: 16.14.2+dfsg-5
Space: 17568828
Status: successful
Version: 16.14.2+dfsg-5

Finished at 2022-05-05T08:17:57Z
Build needed 09:58:35, 17568828k disk space
...

```
except:

```
...
if [ -x /<>/./node ] && [ -e /<>/./node ]; then 
/<>/./node  debian/doc-generator/versions.mjs 
out/previous-doc-versions.json; elif [ -x `command -v node` ] && [ -e `command 
-v node` ] && [ `command -v node` ]; then `command -v node`  
debian/doc-generator/versions.mjs out/previous-doc-versions.json; else echo "No 
available node, cannot run \"node  debian/doc-generator/versions.mjs 
out/previous-doc-versions.json\""; exit 1; fi;
if [ -x /<>/./node ] && [ -e /<>/./node ]; then 
/<>/./node  debian/doc-generator/apilinks.mjs 
out/doc/apilinks.json lib/_http_agent.js lib/_http_client.js 
lib/_http_common.js lib/_http_incoming.js lib/_http_outgoing.js 
lib/_http_server.js lib/_stream_duplex.js lib/_stream_passthrough.js 
lib/_stream_readable.js lib/_stream_transform.js lib/_stream_wrap.js 
lib/_stream_writable.js lib/_tls_common.js lib/_tls_wrap.js lib/assert.js 
lib/async_hooks.js lib/buffer.js lib/child_process.js lib/cluster.js 
lib/console.js lib/constants.js lib/crypto.js lib/dgram.js 
lib/diagnostics_channel.js lib/dns.js lib/domain.js lib/events.js lib/fs.js 
lib/http.js lib/http2.js lib/https.js lib/inspector.js lib/module.js lib/net.js 
lib/os.js lib/path.js lib/perf_hooks.js lib/process.js lib/punycode.js 
lib/querystring.js lib/readline.js lib/repl.js lib/stream.js 
lib/string_decoder.js lib/sys.js lib/timers.js lib/tls.js lib/trace_events.js 
lib/tty.js lib/url.js lib/util.js lib/v8.js lib/vm.js lib/wasi.js 
lib/worker_threads.js lib/zlib.js; elif [ -x `command -v node` ] && [ -e 
`command -v node` ] && [ `command -v node` ]; then `command -v node`  
debian/doc-generator/apilinks.mjs out/doc/apilinks.json lib/_http_agent.js 
lib/_http_client.js lib/_http_common.js lib/_http_incoming.js 
lib/_http_outgoing.js lib/_http_server.js lib/_stream_duplex.js 
lib/_stream_passthrough.js lib/_stream_readable.js lib/_stream_transform.js 
lib/_stream_wrap.js lib/_stream_writable.js lib/_tls_common.js lib/_tls_wrap.js 
lib/assert.js lib/async_hooks.js lib/buffer.js lib/child_process.js 
lib/cluster.js lib/console.js lib/constants.js lib/crypto.js lib/dgram.js 
lib/diagnostics_channel.js lib/dns.js lib/domain.js lib/events.js lib/fs.js 
lib/http.js lib/http2.js lib/https.js lib/inspector.js lib/module.js lib/net.js 
lib/os.js lib/path.js lib/perf_hooks.js lib/process.js lib/punycode.js 
lib/querystring.js lib/readline.js lib/repl.js lib/stream.js 
lib/string_decoder.js lib/sys.js lib/timers.js lib/tls.js lib/trace_events.js 
lib/tty.js lib/url.js lib/util.js lib/v8.js lib/vm.js lib/wasi.js 
lib/worker_threads.js lib/zlib.js; else echo "No available node, cannot run 
\"node  debian/doc-generator/apilinks.mjs out/doc/apilinks.json 
lib/_http_agent.js lib/_http_client.js lib/_http_common.js 
lib/_http_incoming.js lib/_http_outgoing.js lib/_http_server.js 
lib/_stream_duplex.js lib/_stream_passthrough.js lib/_stream_readable.js 
lib/_stream_transform.js lib/_stream_wrap.js lib/_stream_writable.js 
lib/_tls_common.js lib/_tls_wrap.js lib/assert.js lib/async_hooks.js 
lib/buffer.js lib/child_process.js lib/cluster.js lib/console.js 
lib/constants.js lib/crypto.js lib/dgram.js

Processed: Re: undefined symbol extract_begin

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 +patch
Bug #1010556 [qpdfview-pdf-mupdf-plugin] undefined symbol extract_begin
Added tag(s) patch.

-- 
1010556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010556
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1010556: undefined symbol extract_begin

2022-05-05 Thread Sven Bartscher 

Control: tag -1 +patch

On Wed, 4 May 2022 12:57:46 -0400 
=?UTF-8?Q?Louis-Philippe_V=c3=a9ronneau?=  wrote:

Thanks for reporting this bug. I confirm I can reproduce it on my system
running unstable. Never caught it since I was running the poppler plugin.


Understandable. I discovered this while trying to see what the 
differences between poppler and mupdf would be. After this I will 
probably go back to poppler myself.



I'll have a closer look at this in the coming days.


Since the fix was relatively simple, I opened a merge request on salsa[1].

Regards
Sven

[1]: https://salsa.debian.org/pollo/qpdfview/-/merge_requests/1


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1010597: openjdk-11-jdk: CVE-2022-21476 unfixed for weeks

2022-05-05 Thread Michael Kesper 
Package: openjdk-11-jdk
Version: 11.0.14+9-1~deb11u1
Severity: critical
Tags: security
Justification: causes serious data loss
X-Debbugs-Cc: mkes...@web.de, t...@security.debian.org, Debian Security Team 


Dear Maintainer,

since weeks, there is a known undisputed CVE for all openjdk versions in Debian,
https://security-tracker.debian.org/tracker/CVE-2022-21476
described as easily exploitable for unauthenticated attackers resulting in 
access to data.

However, there seems to be no security issue handling of this CVE, instead a fix
is only made available to unstable.

Please include a fix for Debian stable at least.

Best regards
Michael

-- System Information:
Debian Release: 11.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable'), (100, 'bullseye-fasttrack'), (100, 
'bullseye-backports-staging')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-14-amd64 (SMP w/6 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openjdk-11-jdk depends on:
ii  libc62.31-13+deb11u3
ii  openjdk-11-jdk-headless  11.0.14+9-1~deb11u1
ii  openjdk-11-jre   11.0.14+9-1~deb11u1

Versions of packages openjdk-11-jdk recommends:
ii  libxt-dev  1:1.2.0-1

Versions of packages openjdk-11-jdk suggests:
pn  openjdk-11-demo
pn  openjdk-11-source  
pn  visualvm   

-- no debconf information

Bug#938921: Debian Issue #1008285

2022-05-05 Thread Puskás János 

Hi all,

This email is regarding the issue in subject.

We are in a process of re-writing our code, which will address (among 
others) the problems listed in the issue. However it will take quite 
some time so our estimation is about Autumn 2022 (Oct) when we will get 
there.


Is the possible not to remove our package from Debian repository and 
close this case so that we do not need to go through the process again 
to get it back there later on?


Thanks and Regards

Janos

Bug#1008354: fossil: FTBFS: ./conftest__.c:3: undefined reference to `sqlite3_open'

2022-05-05 Thread Barak A. Pearlmutter 
Yes.

I patched over the issue for now by just using the internal sqlite3
library, so I think it can wait until the next official release to
pick up the proper bug fix and go back to using the system sqlite3
library.

Processed: Please make xsimd available on all platforms

2022-05-05 Thread Debian Bug Tracking System 
Processing control commands:

> affects -1 src:pythran src:skimage
Bug #1010595 [src:xsimd] Please make xsimd available on all platforms
Added indication that 1010595 affects src:pythran and src:skimage
> block 1009431 by -1
Bug #1009431 [src:skimage] skimage: FTBFS: dh_auto_test: error: pybuild --test 
-i python{version} -p "3.9 3.10" returned exit code 13
1009431 was not blocked by any bugs.
1009431 was not blocking any bugs.
Added blocking bug(s) of 1009431: 1010595
> block 1010430 by -1
Bug #1010430 [src:skimage] tifffile breaks skimage autopkgtest: asarray() got 
an unexpected keyword argument 'multifile'
1010430 was not blocked by any bugs.
1010430 was not blocking any bugs.
Added blocking bug(s) of 1010430: 1010595

-- 
1009431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009431
1010430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010430
1010595: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010595
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems