Bug#983083: Acknowledgement (chromium: cannot hide bookmarks bar)

[Jean-René Dantin Ph . D .]

ow...@bugs.debian.org

Dear Owner,

would it be possible to remove

Message #10 
received at 983...@bugs.debian.org, Date: Fri, 19 Feb 2021 08:52:15 +0100, 
which I sent from my Gmail address? I did not understand that it would be 
publicly available.


Thanks!

Stay safe.

From: Debian Bug Tracking System 
Sent: Friday, February 19, 2021 08:45
To: Jon Dantin 
Subject: Bug#983083: Acknowledgement (chromium: cannot hide bookmarks bar)

Thank you for filing a new Bug report with Debian.

You can follow progress on this Bug here: 983083: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983083.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

As you requested using X-Debbugs-CC, your message was also forwarded to
  pc-x...@outlook.com, t...@security.debian.org
(after having been given a Bug report number, if it did not have one).

Your message has been sent to the package maintainer(s):
 Debian Chromium Team 

If you wish to submit further information on this problem, please
send it to 983...@bugs.debian.org.

Please do not send mail to ow...@bugs.debian.org unless you wish
to report a problem with the Bug-tracking system.

--
983083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983083
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#958934: bind9: named fails to start after upgrade to 9.16.2

[duck]

Quack,

I had a similar problem just now when migrating from 
1:9.11.5.P4+dfsg-5.1+deb10u2 to 1:9.16.11-2~bpo10+1.


Aside from the similar permission errors I also had this output:
# aa-status | grep -E '^[0-9]+|named'
34 profiles are loaded.
18 profiles are in enforce mode.
   /usr/sbin/named
   named

This means there's two conflicting profiles loaded.

Btw `journalctl -k -b0 | grep -F apparmor` does not catch apparmor 
messages in my case, but they are available in /var/log/audit/audit.log 
(I have auditd installed but no specific rules).


So I looked at the rules:
# rgrep /usr/sbin/named /etc/apparmor*
/etc/apparmor.d/apparmor-profile:/usr/sbin/named {
/etc/apparmor.d/apparmor-profile:  /usr/sbin/named mr,
/etc/apparmor.d/usr.sbin.named:profile named /usr/sbin/named 
flags=(attach_disconnected) {

/etc/apparmor.d/usr.sbin.named:  /usr/sbin/named mr,

I have no idea where apparmor-profile comes from but it's not of my 
doing:

# dlocate /etc/apparmor.d/apparmor-profile
bind9: /etc/apparmor.d/apparmor-profile

I did not find in which version it came from though, maybe some previous 
bpo; it's dated 2007 and a very basic profile (I can paste it if one 
wants to look at it).


A reload of apparmor was not sufficient but this worked:
apparmor_parser -R /etc/apparmor.d/apparmor-profile
rm /etc/apparmor.d/apparmor-profile
apparmor_parser -r /etc/apparmor.d/usr.sbin.named
systemctl restart named

Hope this helps.
\_o<

--
Marc Dequènes

Bug#959174: php-fpm and others init systems

[PICCORO McKAY Lenz]

what is the status of this? when i disabled the systemd and try to use
php-fpm it breaks and does not run..

> ... we feel important to urge the php-fpm maintainers to work constructively 
> to find a suitable way to describe the needed dependencies so that php-fpm 
> can be installed in a containerized system without a full init system.

is clear the hostile response since the first mensaje and the amount
of users there that respons!



Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

Bug#983002: plocate: updatedb fails with "/var/lib/plocate/: Operation not supported"

[Daniel Lewart]

Steinar,

> Are you in a position to try latest git?

Yes ...

plocate - Debian Package Tracker:
https://tracker.debian.org/pkg/plocate says:
says "VCS: unknown".
Could you add Vcs fields to the control file?

I downloaded and built the following snapshots from git.sesse.net:
  * plocate-e60bf48 - Operation not supported
  * plocate-2ce489a - Good!
  * plocate-967b90d - Good!

Thank you!
Dan
Urbana, Illinois

Bug#983160: dput-ng: --override doesn't override profile parameters

[Louis-Philippe Véronneau]

Package: dput-ng
Version: 1.32

Dear maintainers,

It seems the `--override` option in dput-ng doesn't really override
parameters in profiles.

I've added the `check-debs` hook to my test profile and added the
following default values:

"check-debs": {
"enforce": "source",
"skip": false
},

To debug this issue, I also made `dput/uploader.py` print the values of
`args.override` and `profile` right before `run_pre_hooks(changes,
profile)` is ran:

foo@bar:/usr/lib/python3/dist-packages/dput# diff -C 3 uploader.py
new_uploader.py
*** uploader.py 2021-02-20 02:09:11.222489435 -0500
--- new_uploader.py 2021-02-20 02:09:05.314403878 -0500
***
*** 310,315 
--- 310,317 

  if changes.get_changes_file().endswith(".changes"):
  if 'hooks' in profile:
+ print("Printing overrides:\n", args.override) ## NEW
+ print("Printing profile:\n", profile)  ## NEW
  run_pre_hooks(changes, profile)
  else:
  logger.trace(profile)

Here's the result:

foo@bar:$ dput --override "check-debs.enforce=debs" --override
"check-debs.skip=true" test foo_1.0.0-1_amd64.changes

Uploading foo using ftp to test (host: test.org; directory:
/pub/UploadQueue/)
Printing overrides:
 {'check-debs': {'enforce': [['debs']], 'skip': [['true']]}}
Printing profile:
 {'name': 'test', 'allow_dcut': True, 'allow_unsigned_uploads': False,
'allowed_distributions': '(?!UNRELEASED)', 'default_host_main': 'test',
'full_upload_log': False, 'hash': 'md5', 'interface': 'cli', 'login':
'anonymous', 'meta': 'debian', 'method': 'ftp', 'passive_ftp': True,
'post_upload_command': '', 'pre_upload_command': '', 'run_lintian':
False, 'scp_compress': False, 'allowed-distribution':
{'codename-groups': ['general', 'backport', 'rm-managed']}, 'codenames':
'debian', 'hooks': ['allowed-distribution', 'protected-distribution',
'check-debs', 'checksum', 'suite-mismatch', 'gpg'], 'run_dinstall':
False, 'check_version': False, 'fqdn': 'test.org', 'incoming':
'/pub/UploadQueue/', 'check-debs': {'enforce': 'source', 'skip': False},
'valid_commands': ['break-the-archive', 'cancel', 'dm', 'reschedule',
'rm', 'upload']}
running allowed-distribution: check whether a local profile permits
uploads to the target distribution
running protected-distribution: warn before uploading to distributions
where a special policy applies
running check-debs: makes sure the upload contains a binary package
There are .debs in this upload, and enforcing they don't exist.

As you can see, the proper overrides are passed to `args.override`, but
they don't seem to be merged with the `profile` variable, which is the
one passed to the `run_pre_hooks(changes, profile)` command.

This makes it impossible to actually override any profile variables :(

I've put this in on my TODO list, but I'm not sure I'll have time to
send a patch anytime soon.

If someone else wants to have a go at this bug, please be my guest :)

-- 
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄

Bug#982797: too much preference for apache2

[PICCORO McKAY Lenz]

the offending part is :;

> For this we will add "Recommends: libapache2-mod-php (= X) | php-fpm (= X) | 
> php-cgi (= X)" to the php package. X is here the binary version of the 
> package which is easy as they are all built from the same source package.

this has at first the "libapache2-mod-php" that is incompatible with
php-fpm the demanding today preferred and well agnostic with all the
webservers..

in almos all of the php package the apache2 module is first and
"prefered" but its almost the less used! we are in the 21th century
and fpm is the demanding now! lighttpd and ningx is the rule! and h2o
is comming


Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

Bug#983002: plocate: updatedb fails with "/var/lib/plocate/: Operation not supported"

[Daniel Lewart]

Steinar,

> Aha. So overlayfs simply does not support O_TMPFILE?
> I have a workaround for FreeBSD that can probably
> be reused, but it has the usual concerns of not
> going away if the process is forcibly interrupted.

openat(2):
https://manpages.debian.org/testing/manpages-dev/openat.2.en.html
says:
  "O_TMPFILE requires support by the underlying filesystem; only a
subset of Linux filesystems provide that support. In the initial
implementation, support was provided in the ext2, ext3, ext4, UDF,
Minix, and shmem filesystems. Support for other filesystems has
subsequently been added as follows: XFS (Linux 3.15); Btrfs (Linux
3.16); F2FS (Linux 3.16); and ubifs (Linux 4.9)"

Below is some more detail.
The lowerdir is squashfs and the upperdir and workdir are tmpfs.

Since writing to /tmp (tmpfs) works, I would expect that writing to
/var/lib/plocate would too, since upper/work dir are tmpfs.
Perhaps this is a bug in overlayfs?

Thank you!
Dan
Urbana, Illinois
---
$ df -hT /var/lib/plocate /tmp
Filesystem Type Size  Used Avail Use% Mounted on
overlayoverlay  2.0G  316M  1.7G  17% /
tmpfs  tmpfs2.0G   72K  2.0G   1% /tmp

$ findmnt -P /
TARGET="/" SOURCE="overlay" FSTYPE="overlay"
OPTIONS="rw,noatime,
lowerdir=/run/live/rootfs/filesystem.squashfs/,
upperdir=/run/live/overlay/rw,
workdir=/run/live/overlay/work"
###

Bug#980739: gnome-terminal: Maximizing a window and restoring results in a smaller window

[Mitchell]

Package: gnome-terminal
Version: 3.38.2-1
Followup-For: Bug #980739

Dear Maintainer,

I can confirm that this bug still exists for Xorg. It's not an issue for 
Wayland.

-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-3-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-terminal depends on:
ii dbus-user-session [default-dbus-session-bus] 1.12.20-1
ii dbus-x11 [dbus-session-bus] 1.12.20-1
ii dconf-gsettings-backend [gsettings-backend] 0.38.0-2
ii gnome-terminal-data 3.38.2-1
ii gsettings-desktop-schemas 3.38.0-2
ii libatk1.0-0 2.36.0-2
ii libc6 2.31-9
ii libdconf1 0.38.0-2
ii libglib2.0-0 2.66.7-1
ii libgtk-3-0 3.24.24-1
ii libpango-1.0-0 1.46.2-3
ii libuuid1 2.36.1-7
ii libvte-2.91-0 0.62.2-1
ii libx11-6 2:1.7.0-2

Versions of packages gnome-terminal recommends:
ii gvfs 1.46.2-1
ii nautilus-extension-gnome-terminal 3.38.2-1
ii yelp 3.38.2-1

gnome-terminal suggests no packages.

-- no debconf information
Thank you for using reportbug

Bug#983159: asterisk: CVE-2021-26906

[Salvatore Bonaccorso]

Source: asterisk
Version: 1:16.15.1~dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for asterisk, filling as RC
but this might not be warranted, if you feel otherwise please
downgrade. I made it such because of the unauthenticated vector.

CVE-2021-26906[0]:
| An issue was discovered in res_pjsip_session.c in Digium Asterisk
| through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through
| 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through
| 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote
| server to potentially crash Asterisk by sending specific SIP responses
| that cause an SDP negotiation failure.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-26906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906
[1] https://downloads.asterisk.org/pub/security/AST-2021-005.html

Please adjust the affected versions in the BTS as needed.

Regards,
salvatore

Bug#983158: asterisk: CVE-2020-35776

[Salvatore Bonaccorso]

Source: asterisk
Version: 1:16.15.1~dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for asterisk.

CVE-2020-35776[0]:
| A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk
| versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker
| to crash Asterisk by deliberately misusing SIP 181 responses.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-35776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776
[1] https://downloads.asterisk.org/pub/security/AST-2021-001.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#983157: asterisk: CVE-2021-26717

[Salvatore Bonaccorso]

Source: asterisk
Version: 1:16.15.1~dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for asterisk.

CVE-2021-26717[0]:
| An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x
| before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before
| 16.8-cert6. When re-negotiating for T.38, if the initial remote
| response was delayed just enough, Asterisk would send both audio and
| T.38 in the SDP. If this happened, and the remote responded with a
| declined T.38 stream, then Asterisk would crash.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-26717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717
[1] https://downloads.asterisk.org/pub/security/AST-2021-002.html

Regards,
Salvatore

Bug#983107: os-prober: generic subvolume support for btrfs

[Cyril Brulebois]

loop += Nicholas, who has been working on btrfs integration.

Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


Osamu Aoki  (2021-02-20):
> Hi,
> 
> Knowing bulleseye 11 release is near and this issue may stay, people
> may need to work around this issue of btrfs subvolume as root
> partition.  Here is my WORKAROUND suggestion.
> 
> (Please note that my patch proposal in my original bug report is not-
> yet tested well.)
> 
> The current Debian Grub2 code at /etc/grub.d/30_os-prober requires to
> access some root partion contents from the btrfs ID 5 (FS_TREE) to
> function well.  (subvol=/)  
> 
> If you want to use timeshift (Ubuntu origin?) or snapper (Suse origin
> ?), they seem to use non-ID-5 subvol for the system install, i.e.,
> root-FS.  People use these tools on Debian too.
> 
> https://qa.debian.org/popcon-graph.php?packages=timeshift+snapper+snapper-gui+btrbk+btrfsmaintenance+duperemove_installed=on_legend=on_ticks=on_date=_date=_date=_fmt=%25Y-%25m=1
> 
> 
> === WORKAROUND ===
> 
> Let's suppose your another linux installation on another formatted in
> btrfs at partion "/dev/nvme1n1p1" has its root-FS content in
> "subvol=@", please perform followings:
> 
> -
> $ sudo mount -t btrfs -o subvol=/,defaults /dev/nvme1n1p1 /mnt
> $ cd /mnt
> $ sudo ln -sf @/boot boot
> $ sudo ln -sf @/etc  etc
> $ sudo ln -sf @/usr  usr
> $ sudo ln -sf @/lib  lib
> $ sudo ln -sf @/initrd.img initrd.img
> $ sudo ln -sf @/vmlinuzvmlinuz
> $ sudo ln -sf @/initrd.img.old initrd.img.old
> $ sudo ln -sf @/vmlinuz.oldvmlinuz.old
> $ sudo btrfs subvol set-default /mnt/@
> $ cd /
> $ sudo umount /mnt
> -
> 
> This assumes you do not have conflicting contents in subvol=/.
> 
> If you happen to use other subvol for the root-FS content, replace its
> subvol name in place of "@".
> 
> 
> === Additional Tips ===
> 
> You can convert a system from EXT2/3/4 to btrfs as follows by booting
> system from another system on the multiboot set-up.
> 
> File system conversion is trivial as described in
> https://btrfs.wiki.kernel.org/index.php/Conversion_from_Ext3
> 
> -
> $ sudo fsck.ext3 -f /dev/xxx
> $ sudo btrfs-convert /dev/xxx
> $ sudo mount -t btrfs /dev/xxx /mnt
> -
> 
> You need to make some adjustment to cope with new filesystem ant its
> new blkid by adjustng at least /etc/fstab and /boot/grub/grub.cfg .
> 
> Please note UUID of partition changes after btrfs-convert.
> Please check 
> 
> -
> --- fstab.orig  2021-02-19 14:49:32.768895933 +0900
> +++ fstab   2021-02-19 14:49:19.860921576 +0900
> @@ -6,6 +6,6 @@
>  #
>  #
>  # / was on /dev/nvme1n1p1 during installation
> -UUID=491a357c-822f-4f38-b56e-b998baea81a5  /   ext4 
> errors=remount-ro 0   1
> +UUID=9be0d928-5892-4cdd-a647-1e8cce937b2e  /   btrfs defaults
> 0   1
>  # /boot/efi was on /dev/nvme0n1p1 during installation
> -
> 
> 
> Also, you need to update many relevant parts of grub.cfg, too.  Roughly
> as ...
> -
> --- grub.cfg-orig   2021-02-17 09:32:35.855910912 +0900
> +++ grub.cfg2021-02-19 14:26:12.728005239 +0900
> ...
> -insmod ext2
> +insmod btrfs
> ...
> -  search --no-floppy --fs-uuid --set=root  491a357c-822f-4f38-b56e-
> b998baea81a5
> +  search --no-floppy --fs-uuid --set=root  9be0d928-5892-4cdd-a647-
> 1e8cce937b2e
> ...
> -   linux   /boot/vmlinuz-5.10.0-3-amd64 root=UUID=491a357c-822f-
> 4f38-b56e-b998baea81a5 ro  quiet
> +   linux   /boot/vmlinuz-5.10.0-3-amd64 root=UUID=9be0d928-5892-
> 4cdd-a647-1e8cce937b2e ro  quiet
> ...
> -
> 
> The UUID change to the "linux ..." line is important since it will
> affect how this alternative partion update is grub configuration.
> 
> If you wish to move all this nely migrated system to a subvolume, just
> snapshot it to "@" or anything you like using "btrfs subvolume snapshot
> /mnt /@" command.
> 
> Of course, if your new system is at subvol=@, you need to adjust
> /etc/fstab as;
> 
> -
> --- fstab.orig  2021-02-19 14:49:32.768895933 +0900
> +++ fstab   2021-02-19 14:49:19.860921576 +0900
> @@ -6,6 +6,6 @@
>  #
>  #
>  # / was on /dev/nvme1n1p1 during installation
> -UUID=491a357c-822f-4f38-b56e-b998baea81a5  /   ext4 
> errors=remount-ro 0   1
> +UUID=9be0d928-5892-4cdd-a647-1e8cce937b2e  /   btrfs
> subvol=@,defaults 0   1
>  # /boot/efi was on /dev/nvme0n1p1 during installation
> -
> 
> And then move on to use WORKAROUND as described in the above.
> 
> On Fri, 2021-02-19 at 14:12 +, Debian Bug Tracking System wrote:
> > ...
> > You can follow progress on this Bug here: 983107:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983107.


signature.asc
Description: PGP signature

Bug#962485: Please revert CONFIG_MIPS_O32_FP64_SUPPORT change mipsel

[YunQiang Su]

https://lore.kernel.org/linux-mips/20210220061635.9976-1-yunqiang...@cipunited.com/T/#u
This patch for kernel can fix this problem.

Let's wait for the reply of kernel upstream community.

Bastian Blank  于2021年2月11日周四 下午2:57写道：
>
> Moin
>
> On Thu, Feb 11, 2021 at 10:15:02AM +0800, YunQiang Su wrote:
> > > Could the mips porters comment on this? Given that we're close to the 
> > > release
> > > of bullseye, I'm not convinced it's a good idea to change this now.
>
> This option is also a dependency of several types of CPU support.  So it
> might not be feasable to disable.
>
> > Yes. It will be a problem to run with buster's golang program on
> > bullseys's kernel.
> > Let's have another way to get this problem sloved without revert this 
> > changes.
>
> Sure, by discontinuing support for go on mips for example.
>
> > Maybe detect the golang applications and run them in FP32 mode?
>
> The kernel already does.  But it seems go decided to set the FPXX marker
> on it's objects.  See https://github.com/golang/go/issues/39435
>
> Bastian
>
> --
> Captain's Log, star date 21:34.5...
>

Bug#983107: os-prober: generic subvolume support for btrfs

[Osamu Aoki]

Hi,

Knowing bulleseye 11 release is near and this issue may stay, people
may need to work around this issue of btrfs subvolume as root
partition.  Here is my WORKAROUND suggestion.

(Please note that my patch proposal in my original bug report is not-
yet tested well.)

The current Debian Grub2 code at /etc/grub.d/30_os-prober requires to
access some root partion contents from the btrfs ID 5 (FS_TREE) to
function well.  (subvol=/)  

If you want to use timeshift (Ubuntu origin?) or snapper (Suse origin
?), they seem to use non-ID-5 subvol for the system install, i.e.,
root-FS.  People use these tools on Debian too.

https://qa.debian.org/popcon-graph.php?packages=timeshift+snapper+snapper-gui+btrbk+btrfsmaintenance+duperemove_installed=on_legend=on_ticks=on_date=_date=_date=_fmt=%25Y-%25m=1


=== WORKAROUND ===

Let's suppose your another linux installation on another formatted in
btrfs at partion "/dev/nvme1n1p1" has its root-FS content in
"subvol=@", please perform followings:

-
$ sudo mount -t btrfs -o subvol=/,defaults /dev/nvme1n1p1 /mnt
$ cd /mnt
$ sudo ln -sf @/boot boot
$ sudo ln -sf @/etc  etc
$ sudo ln -sf @/usr  usr
$ sudo ln -sf @/lib  lib
$ sudo ln -sf @/initrd.img initrd.img
$ sudo ln -sf @/vmlinuzvmlinuz
$ sudo ln -sf @/initrd.img.old initrd.img.old
$ sudo ln -sf @/vmlinuz.oldvmlinuz.old
$ sudo btrfs subvol set-default /mnt/@
$ cd /
$ sudo umount /mnt
-

This assumes you do not have conflicting contents in subvol=/.

If you happen to use other subvol for the root-FS content, replace its
subvol name in place of "@".


=== Additional Tips ===

You can convert a system from EXT2/3/4 to btrfs as follows by booting
system from another system on the multiboot set-up.

File system conversion is trivial as described in
https://btrfs.wiki.kernel.org/index.php/Conversion_from_Ext3

-
$ sudo fsck.ext3 -f /dev/xxx
$ sudo btrfs-convert /dev/xxx
$ sudo mount -t btrfs /dev/xxx /mnt
-

You need to make some adjustment to cope with new filesystem ant its
new blkid by adjustng at least /etc/fstab and /boot/grub/grub.cfg .

Please note UUID of partition changes after btrfs-convert.
Please check 

-
--- fstab.orig  2021-02-19 14:49:32.768895933 +0900
+++ fstab   2021-02-19 14:49:19.860921576 +0900
@@ -6,6 +6,6 @@
 #
 #
 # / was on /dev/nvme1n1p1 during installation
-UUID=491a357c-822f-4f38-b56e-b998baea81a5  /   ext4 
errors=remount-ro 0   1
+UUID=9be0d928-5892-4cdd-a647-1e8cce937b2e  /   btrfs defaults
0   1
 # /boot/efi was on /dev/nvme0n1p1 during installation
-


Also, you need to update many relevant parts of grub.cfg, too.  Roughly
as ...
-
--- grub.cfg-orig   2021-02-17 09:32:35.855910912 +0900
+++ grub.cfg2021-02-19 14:26:12.728005239 +0900
...
-insmod ext2
+insmod btrfs
...
-  search --no-floppy --fs-uuid --set=root  491a357c-822f-4f38-b56e-
b998baea81a5
+  search --no-floppy --fs-uuid --set=root  9be0d928-5892-4cdd-a647-
1e8cce937b2e
...
-   linux   /boot/vmlinuz-5.10.0-3-amd64 root=UUID=491a357c-822f-
4f38-b56e-b998baea81a5 ro  quiet
+   linux   /boot/vmlinuz-5.10.0-3-amd64 root=UUID=9be0d928-5892-
4cdd-a647-1e8cce937b2e ro  quiet
...
-

The UUID change to the "linux ..." line is important since it will
affect how this alternative partion update is grub configuration.

If you wish to move all this nely migrated system to a subvolume, just
snapshot it to "@" or anything you like using "btrfs subvolume snapshot
/mnt /@" command.

Of course, if your new system is at subvol=@, you need to adjust
/etc/fstab as;

-
--- fstab.orig  2021-02-19 14:49:32.768895933 +0900
+++ fstab   2021-02-19 14:49:19.860921576 +0900
@@ -6,6 +6,6 @@
 #
 #
 # / was on /dev/nvme1n1p1 during installation
-UUID=491a357c-822f-4f38-b56e-b998baea81a5  /   ext4 
errors=remount-ro 0   1
+UUID=9be0d928-5892-4cdd-a647-1e8cce937b2e  /   btrfs
subvol=@,defaults 0   1
 # /boot/efi was on /dev/nvme0n1p1 during installation
-

And then move on to use WORKAROUND as described in the above.

On Fri, 2021-02-19 at 14:12 +, Debian Bug Tracking System wrote:
> ...
> You can follow progress on this Bug here: 983107:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983107.

Bug#983156: debci: user debci in qemu testbed is a system user while it is not in lxc testbed

[Ryutaroh Matsumoto]

Package: debci
Version: 2.15
Severity: important
Tags: bullseye sid

Dear Maintainer,

I built a qemu testbed with
debci setup -f -b qemu -s sid -a amd64
with debci and autopkgtest in Sid.

Then I run test of reportbug as

/usr/bin/autopkgtest --timeout-factor=10 -U -B -u debci -o 
/var/tmp/log15/reportbug-amd64-1613798173 reportbug -- qemu -d 
--timeout-reboot=600 --ram-size=3072 -c 2 /var/lib/debci/qemu/sid-amd64.img

The above command runs test scripts under user "debci".
But "runner" test in reportbug failed with runner-stderr as

Running 'reportbug' as an administrative user is probably not a good idea!
Continue [y|N|q|?]? 

/usr/share/debci/backends/qemu/customize.sh creates user "debci" with --system,
while /usr/share/debci/backends/lxc/create-testbed creates it without --system.

The above difference causes reportbug test passes on lxc testbed,
while it fails on qemu testbed.
I believe they should produce the same result, and this seems an important bug.
Log is attached.


Best regards, Ryutaroh Matsumoto



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.16-preempt (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debci depends on:
ii  adduser 3.118
ii  amqp-tools  0.10.0-1
ii  curl7.74.0-1
ii  dctrl-tools 2.24-3+b1
ii  debian-archive-keyring  2019.1
ii  debootstrap 1.0.123
ii  devscripts  2.20.5
ii  distro-info 1.0
ii  fonts-font-awesome  5.0.10+really4.7.0~dfsg-4
ii  jq  1.6-2.1
ii  libjs-bootstrap 3.4.1+dfsg-2
ii  libjs-jquery3.5.1+dfsg+~3.5.5-7
ii  libjs-jquery-flot   4.2.1+dfsg-5
ii  moreutils   0.65-1
ii  netcat-traditional  1.10-46
ii  parallel20161222-1.1
ii  patchutils  0.4.2-1
ii  retry   1.0.4-2
ii  rsync   3.2.3-4
ii  ruby1:2.7+2
ii  ruby-activerecord   2:6.0.3.4+dfsg-3
ii  ruby-bunny  2.14.4-4
ii  ruby-erubi  1.9.0-1
ii  ruby-kaminari-activerecord  1.2.1-1
ii  ruby-pg 1.2.3-1+b1
ii  ruby-sinatra2.0.8.1-2
ii  ruby-sinatra-contrib2.0.8.1-2
ii  ruby-sqlite31.4.2-2+b3
ii  ruby-thor   1.0.1-1
ii  sudo1.9.5p2-2

Versions of packages debci recommends:
ii  systemd-timesyncd [time-daemon]  247.3-1

Versions of packages debci suggests:
pn  apt-cacher-ng  

-- no debconf information


reportbug-autopkgtest.tar.xz
Description: application/xz

Bug#983155: Include some basic documentation so the program is usable offline

[積丹尼 Dan Jacobson]

Package: gpredict
Version: 2.3-72-gc596101-1
Severity: wishlist

gpredict is a great program. Alas with 100% of the documentation online,
and 0% offline, "When Johnny unwraps it for Christmas, he still can't
use it, because his parents have to go back to the store to get the
owners' manual. But the store is closed, because it is Christmas." etc.
etc.

Or perhaps Recommend a separate -doc package. 

Bug#983154: Say what each program does

[積丹尼 Dan Jacobson]

Package: pluto-lunar
Version: 0.0~git20180825.e34c1d1-1+b1
Severity: wishlist

Maybe include one line descriptions of what each program does.

Currently all the user can do is "run it to find out."

And usually that still doesn't tell him.

OK it is great that this is part of a greater package.

And in that greater package there probably is documentation.

But perhaps that part of the documentation that concerns these programs,
could be packaged instead in this package, not the greater package.

Bug#983153: calendar: Segmentation fault

[積丹尼 Dan Jacobson]

Package: pluto-lunar
Version: 0.0~git20180825.e34c1d1-1+b1
File: /usr/lib/pluto/lunar/calendar

$ /usr/lib/pluto/lunar/calendar
Segmentation fault

I didn't test the rest.

Bug#983152: Put alternative warnings in package Description

[積丹尼 Dan Jacobson]

Package: python3-ephem
Version: 3.7.7.1-1+b3
File: /usr/lib/python3/dist-packages/ephem/doc/index.rst

We read in this file warnings that the user should use Two Alternatives.
OK perhaps mention that in the Package Description, lest the user become
highly invested in this package, great as it may be, before learning
that it has been superseded.

Bug#983150: Include HTML docs

[積丹尼 Dan Jacobson]

Package: python3-ephem
Version: 3.7.7.1-1+b3
Severity: wishlist
File: /usr/lib/python3/dist-packages/ephem/doc/index.rst

We notice these files are apparently templates to make HTML docs.
OK, perhaps include the HTML docs too in the package.

Bug#983151: Author name misspelled

[積丹尼 Dan Jacobson]

Package: python3-ephem
Version: 3.7.7.1-1+b3
Severity: minor
File: /usr/share/doc/python3-ephem/copyright

Copyright: 2008, 2009 Brandon Craig Rhodes
 1990-2009 Dr. Craig A. Counterman
 1986-1990 Robert Berger (N3EMO)
 Elwood Charled Downey
  ^s

Bug#983149: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[積丹尼 Dan Jacobson]

Package: python3-ephem
Version: 3.7.7.1-1+b3
Severity: minor
File: /usr/lib/python3/dist-packages/ephem/doc/quick.rst

OK, I ran the example, but got a warning.

$ cat /tmp/p
from ephem import *
m = Mars('1970')
print(constellation(m))

$ python3 /tmp/p
/tmp/p:3: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  print(constellation(m))
('Aqr', 'Aquarius')

Bug#983148: wxmaxima: reproducible builds: Embeds date in manpage dependent on timezone

[Vagrant Cascadian]

Source: wxmaxima
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps timezone
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The timezone affects the date embedded in the wxmaxima.1 manpages:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/wxmaxima.html

  wxmaxima.1

  .TH·"WXMAXIMA"·"1"·"2020-12-27"·"wxMaxima·20.12.1"
  vs.
  .TH·"WXMAXIMA"·"1"·"2020-12-29"·"wxMaxima·20.12.1"

The attached patch fixes this by setting the timestamp to use the UTC
timezone.


Thanks for maintaining wxmaxima!


live well,
  vagrant
From 4e3d8e6f9fafa983dfbe0b0fcb07499696d1fb4d Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sat, 20 Feb 2021 03:35:09 +
Subject: [PATCH] data/CMakeLists.txt: Use UTC timestamp.

While cmake respects SOURCE_DATE_EPOCH, the timezone may still change
the date stamp used.

https://reproducible-builds.org/docs/source-date-epoch/
---
 data/CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/CMakeLists.txt b/data/CMakeLists.txt
index 992cdc2..62120a6 100644
--- a/data/CMakeLists.txt
+++ b/data/CMakeLists.txt
@@ -19,7 +19,7 @@ set(PIXMAPS
 if(WIN32)
 add_subdirectory(fonts)
 else()
-string(TIMESTAMP CURRENTDATE "%Y-%m-%d")
+string(TIMESTAMP CURRENTDATE "%Y-%m-%d" UTC)
 # the config file is ~/.wxMaxima if wxWidgets < 3.1.1
 #~/.config/wxMaxima.conf if wxWidgets >= 3.1.1 (XDG Specification)
 if(wxWidgets_VERSION_STRING VERSION_GREATER_EQUAL "3.1.1")
-- 
2.20.1



signature.asc
Description: PGP signature

Bug#983143: ITA: blag-fortune

[tous]

Package: wnpp
Severity: normal

Bug#983146: sponsorship-requests: Backup next generation (bung)

[Charles]

Dear Maintainer,

Please change the email address on this bug report from 
send_only.aurin...@auroville.org.in to b...@charlesmatkinson.org


Best

Charles Atkinson

On 20/02/2021 08:34, Charles Atkinson wrote:

Package: sponsorship-requests
Severity: normal

Dear Maintainer,

bung has been developed over eight years as a campus backup utility, running
on Debian and a few Ubuntu systems.  It is known to be used on more than 100
computers

Documentation includes man pages and, available from
https://redmine.auroville.org.in/projects/bung/wiki/Bung_technology
user and programmer guides

Selected text from that page follows

bung is a set of wrapper scripts for several backup utilities:

* OpenLDAP (slapcat and tar)
* mysqldump
* pgdump
* rsync

bung also has:

* A "sysinfo" facility to generate system information reports
* Templated backups allowing custom backup commands.  Example templates are
   provided for Cisco switches and MikroTik routers

bung features:

* Automated backup to hotplug devices when they are plugged in with on-screen
   notifications to both character terminals and X displays
* Backup to remote file systems via ssh
* Custom commands (hooks) to run before and after the backup itself
* File system hierarchy standard (FHS) compliant installation under /opt. For
   cron jobs, documentation, the logcheck filter file and man pages, symlinks
   are created in the conventional places with targets under /opt. Fori
   convenience, /etc/opt/bung and /var/log/bung are created for configuration
   and logs
* GPLv2
* Logging designed to ease production support
* LVM snapshots
* man pages
* Mounting and unmounting local file systems
* Remote ssh command validation

Best

Charles Atkinson

Bug#983147: armagetronad: reproducible builds: Embeds date in version string

[Vagrant Cascadian]

Source: armagetronad
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The current Reproducible Builds patch appears to be ineffective,
possibly due to checking for the presence of the debian/changelog when
it is not necessarily run from the top level source directory:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/armagetronad.html

  /usr/games/armagetronad-dedicated.real

  0.2.9.1_alpha20210219
  vs.
  0.2.9.1_alpha20220325

Two patches are attached, one that could possibly be applied upstream,
and another that is a patch-on-patch applying the changes to
debian/patches.


Thanks for maintaining armagetronad!


live well,
  vagrant
From bac143a46de8763ec8a5ef05a3ec37e8f3ef5255 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sat, 20 Feb 2021 02:54:04 +
Subject: [PATCH 1/2] batch/make/version: Use SOURCE_DATE_EPOCH to set date.

The minor_version may have a date string appended.

https://reproducible-builds.org/docs/source-date-epoch/
---
 batch/make/version | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/batch/make/version b/batch/make/version
index adc1c4a..3910d1c 100755
--- a/batch/make/version
+++ b/batch/make/version
@@ -15,7 +15,10 @@ fi
 # set version parts to defaults for CVS snapshot
 major_version=`cat ${srcdir}/major_version`
 minor_version_proto=`cat ${srcdir}/minor_version`
-DATE=`date +%Y%m%d`
+# Set DATE from SOURCE_DATE_EPOCH to enable reproducible builds:
+# https://reproducible-builds.org/docs/source-date-epoch/
+DATE_FMT='+%Y%m%d'
+DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}"  2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
 
 #echo $major_version
 #echo $minor_version
-- 
2.30.1

From e7c32fed8c8efec8e61d47224f82cee834222786 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sat, 20 Feb 2021 02:59:26 +
Subject: [PATCH 2/2] Update reproducible build patch.

---
 debian/patches/reproducible_build.patch | 42 -
 1 file changed, 27 insertions(+), 15 deletions(-)

diff --git a/debian/patches/reproducible_build.patch b/debian/patches/reproducible_build.patch
index c140622..784e4f9 100644
--- a/debian/patches/reproducible_build.patch
+++ b/debian/patches/reproducible_build.patch
@@ -1,19 +1,31 @@
-Description: Make the build reproducible
-Author: Chris Lamb 
-Last-Update: 2020-11-16
+From bac143a46de8763ec8a5ef05a3ec37e8f3ef5255 Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian 
+Date: Sat, 20 Feb 2021 02:54:04 +
+Subject: [PATCH] batch/make/version: Use SOURCE_DATE_EPOCH to set date.
 
 armagetronad-0.2.9.0.1.orig/batch/make/version
-+++ armagetronad-0.2.9.0.1/batch/make/version
-@@ -12,6 +12,12 @@ if test "${CI_COMMIT_REF_PROTECTED}" = "
- exit 0
- fi
- 
-+# if we're building from a Debian package, that is our version
-+if test -f debian/changelog; then
-+dpkg-parsechangelog -SVersion
-+exit 0
-+fi
-+
+The minor_version may have a date string appended.
+
+https://reproducible-builds.org/docs/source-date-epoch/
+---
+ batch/make/version | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/batch/make/version b/batch/make/version
+index adc1c4a..3910d1c 100755
+--- a/batch/make/version
 b/batch/make/version
+@@ -15,7 +15,10 @@ fi
  # set version parts to defaults for CVS snapshot
  major_version=`cat ${srcdir}/major_version`
  minor_version_proto=`cat ${srcdir}/minor_version`
+-DATE=`date +%Y%m%d`
++# Set DATE from SOURCE_DATE_EPOCH to enable reproducible builds:
++# https://reproducible-builds.org/docs/source-date-epoch/
++DATE_FMT='+%Y%m%d'
++DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}"  2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
+ 
+ #echo $major_version
+ #echo $minor_version
+-- 
+2.30.1
+
-- 
2.30.1



signature.asc
Description: PGP signature

Bug#983146: sponsorship-requests: Backup next generation (bung)

[Charles Atkinson]

Package: sponsorship-requests
Severity: normal

Dear Maintainer,

bung has been developed over eight years as a campus backup utility, running
on Debian and a few Ubuntu systems.  It is known to be used on more than 100 
computers

Documentation includes man pages and, available from
https://redmine.auroville.org.in/projects/bung/wiki/Bung_technology 
user and programmer guides

Selected text from that page follows

bung is a set of wrapper scripts for several backup utilities:

* OpenLDAP (slapcat and tar)
* mysqldump
* pgdump
* rsync

bung also has:

* A "sysinfo" facility to generate system information reports
* Templated backups allowing custom backup commands.  Example templates are 
  provided for Cisco switches and MikroTik routers

bung features:

* Automated backup to hotplug devices when they are plugged in with on-screen
  notifications to both character terminals and X displays
* Backup to remote file systems via ssh 
* Custom commands (hooks) to run before and after the backup itself
* File system hierarchy standard (FHS) compliant installation under /opt. For 
  cron jobs, documentation, the logcheck filter file and man pages, symlinks
  are created in the conventional places with targets under /opt. Fori
  convenience, /etc/opt/bung and /var/log/bung are created for configuration
  and logs
* GPLv2
* Logging designed to ease production support
* LVM snapshots
* man pages
* Mounting and unmounting local file systems
* Remote ssh command validation

Best

Charles Atkinson

Bug#982879: Acknowledgement (Artifacts in x2go rendering connecting to testing from a buster client)

[Mike Gabriel]

Control: clone -1 -2
Control: reassign -1 marco
Control: reassign -2 xfwm

Hi,

On  Do 18 Feb 2021 20:39:19 CET, Sven Geuer wrote:


Hi Francesco,

On Thu, 2021-02-18 at 13:47 +0100, Francesco P. Lovergine wrote:

On Thu, Feb 18, 2021 at 11:22:27AM +0100, Francesco P. Lovergine wrote:
> On Thu, Feb 18, 2021 at 10:56:04AM +0100, Francesco P. Lovergine wrote:
> > Update: I tested also with a vagrant installation of a testing64 vm
> > (from scratch), under a virtualbox provider. It gives exactly the
> > same result. IMHO this bug should be raised to important or grave
> > because could render unusable the x2goserver in bullseye for many
> > (if not most) use cases :-( I still did not check the use of
> > bullseye from a bullseye client or other platforms.
> >
>
> ... and it gives the same artifacts using a bullseye client (which
> works perfectly while connecting a buster x2go server). So this is
> definitively an issue of the x2goserver in bullseye.
>

Ok, workaround: disable composite rendering, which could be done in  
both xfce

and mate settings, for instance.



Looks like xfce4 and mate started to make use of the composite X
extension. This extension is not supported by the NX libs used with
x2go as documented on the project's home page [1].

For mate and tightvncserver on bullseye I observed the identical issue
a few days ago, and tightvncserver also lacks the composite extension.

Seems as if you have to live with the workaround.

Sven


This issue actually is to be amended in xfwm and marco (and possibly  
other window managers).


Those window manager need to test, whether the Composite extension is  
available in the Xserver being used or not.


Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpCl7CTfK7Nf.pgp
Description: Digitale PGP-Signatur

Bug#982050: [htcondor-debian] Bug#982050: There are fresh upstream releases (8.9.11 ATM) which address security and other issues

[Diane Trout]

On Fri, 2021-02-19 at 18:31 -0600, Tim Theisen wrote:
> I have HTCondor 8.8.12 ready to upload to salsa. The condor
> repository is moving from the neurodebian team to the HPC. I have
> been waiting for the repository to move before my upload.
> Debian follows the stable release series (8.8 right now). The
> development series (8.9) can be changing and that is counter to
> Debian goal for stability.
> I will upload changes to the neurodebian project this weekend.
> As for the security issues, they were introduced in 8.9.2 and 8.9.7
> and so are not in the current version that is in Debian.
> ...Tim


Thank you!

I'm in the Debian Python, Med & Science teams and have HTCondor
deployed on our labs cluster. I might be able to provide some
assistance if you need.

Is there any chance the Python bindings might get re-enabled in the new
release?

Diane


signature.asc
Description: This is a digitally signed message part

Bug#983145: listadmin: the file debian/watch is checking the wrong repo

[Johnny A. Solbu]

Package: listadmin
Version: 2.42

Hi.
As the upstream listadmin maintainer I have noticed that debian is using an old 
version of listadmin.
I think the reason is that the debian/watch file is checking the old deleted 
release location.

From 2016 listadmin is maintained on Sourceforge, where also the release 
tarballs are hosted.
I also believe some of the existing Debian bugs are fixed in the official 
release.

Debian sid still has the old version 2.42 from 2016, whereas Current upstream 
version is 2.72 (just released).

-- 
Johnny A. Solbu - upstream listadmin maintainer
web site,   https://www.solbu.net
PGP key ID: 0x4F5AD64DFA687324


signature.asc
Description: This is a digitally signed message part.

Bug#982050: [htcondor-debian] Bug#982050: There are fresh upstream releases (8.9.11 ATM) which address security and other issues

[Tim Theisen]

I have HTCondor 8.8.12 ready to upload to salsa. The condor repository
is moving from the neurodebian team to the HPC. I have been waiting for
the repository to move before my upload.

Debian follows the stable release series (8.8 right now). The
development series (8.9) can be changing and that is counter to Debian
goal for stability.

I will upload changes to the neurodebian project this weekend.

As for the security issues, they were introduced in 8.9.2 and 8.9.7 and
so are not in the current version that is in Debian.

...Tim

On 2/19/21 6:16 PM, Yaroslav Halchenko wrote:
> There are updated packages floating around... BCCing someone who might
> facilitate pinging etc.  I bet if changes pushed somewhere, should be
> easy to get updated package finalized etc
>
> On Fri, 19 Feb 2021, Diane Trout wrote:
>
>> I had been wondering if the htcondor package is effectively orphaned.
>> There hasn't been any activity in quite some time.
>
> ___
> htcondor-debian mailing list
> htcondor-deb...@cs.wisc.edu
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-debian

-- 
Tim Theisen
Release Manager
HTCondor & Open Science Grid
Center for High Throughput Computing
Department of Computer Sciences
University of Wisconsin - Madison
4261 Computer Sciences and Statistics
1210 W Dayton St
Madison, WI 53706-1685
+1 608 265 5736

Bug#983116: im-config: does not work under wayland and zsh as login shell

[Gunnar Hjalmarsson]

Thanks for your report!

On 2021-02-19 18:34, Yao Wei (魏銘廷) wrote:

When using wayland, /etc/profile.d/im-config_wayland.sh is used to
execute script /etc/X11/Xsession.d/70im-config_launch , but if the
user sets /usr/bin/zsh as login shell, it uses /etc/zsh/zprofile
instead of /etc/profile, and in turn scripts under /etc/profile.d are
not executed.


I'm guilty of putting the hook script in /etc/profile.d, and have to 
admit that I didn't think of the Wayland + zsh combo. One reason for the 
choice of location was that im-config needs to check a couple of 
environment variables during the configuration.


I don't see any obvious generic solution offhand. Ideas are most welcome.


My workaround is to add `export SHELL="/usr/bin/zsh"` in user's
~/.profile, and the shell in terminal windows under the user is zsh
while using bash as login shell.


I looked around a bit, and putting

emulate sh -c 'source /etc/profile'

in /etc/zsh/zprofile is often mentioned.

--
Gunnar Hjalmarsson
https://launchpad.net/~gunnarhj



OpenPGP_signature
Description: OpenPGP digital signature

Bug#982567: openms build-depends on removed package.

[Michael R. Crusoe]

On Fri, Feb 19, 2021, 22:33 Michael R. Crusoe  wrote:

> On Thu, 11 Feb 2021 22:54:54 + peter green 
> wrote:
> > Package: openms
> > Version: 2.6.0+cleaned1-2
> > Severity: serious
> >
> > openms build-depends on seqan-dev which was built by the sequan source
> > package, which was removed from unstable and testing recently. The person
> > requesting the removal stated that "There are no other users of seqan 1.x
> > in Debian." but it seems this was not correct.
>
> I'm very sorry for this. I don't know why my search didn't reveal that
> openms had never upgraded to SeqAn 2 or 3.
>

I see what happened now: openms was removed from testing on 2020-12-29

https://tracker.debian.org/news/1207327/openms-removed-from-testing/

I filed the package removal request for seqan-dev on 2021-01-22 . I did a
build-rdeps search against testing, not unstable, so that is why I missed
openms.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980798

Openms re-entered testing on 2021-02-05

https://tracker.debian.org/news/1228287/openms-260cleaned1-2-migrated-to-testing/

The seqan-dev package was removed from unstable on 2021-02-08 and from
testing on 2021-02-10

https://tracker.debian.org/news/1229820/removed-142dfsg-4-from-unstable/

https://tracker.debian.org/news/1230571/seqan-removed-from-testing/

Bug#924040: #924040 ITP: archivebox -- open source self-hosted web archive

[Dmitry Smirnov]

Hi Martin, Antoine,

I've updated ArchiveBox to the latest release and it seems to work
well. Could you have a look and provide your feedback please?

  https://salsa.debian.org/debian/archivebox

Thanks.

-- 
Best wishes,
 Dmitry Smirnov
 GPG key : 4096R/52B6BBD953968D1B

---

There are occasions when it pays better to fight and be beaten than not to
fight at all.
-- George Orwell

---

A study on infectivity of asymptomatic SARS-CoV-2 carriers, concludes weak
transmission. "The median contact time for patients was four days and that
for family members was five days."
-- https://pubmed.ncbi.nlm.nih.gov/32513410/


signature.asc
Description: This is a digitally signed message part.

Bug#983144: unknown-horizons crash

[Phil Morrell]

Control: reopen -1 !
Control: notforwarded -1
Control: tags -1 -a11y
thanks

I guess clone wasn't the right thing to do, and unfortunate crossing of
streams with Markus didn't help. This is the upstream fixing commit:

https://github.com/unknown-horizons/unknown-horizons/commit/7f6f613826aef9810999c1599c8354e8a78fbdb4.patch


signature.asc
Description: PGP signature

Bug#978657: unknown-horizons: Crash on startup

[Phil Morrell]

Control: tags -1 +patch
Control: clone -1 -2
Control: retitle -2 unknown-horizons: Crash with unexpected keyword argument 
'encoding'
Control: reassign -2 unknown-horizons
thanks

I can confirm that this has been fixed upstream:

https://github.com/fifengine/fifengine/commit/cf295fd98a8fba080f6305c27be56d10ab7ce94d.patch

However, now the crash is in unknown-horizons itself, encoding has been
ignored since 3.1 so should simply be removed.

Discovered old settings file, auto-upgrading: 1 -> 38
Traceback (most recent call last):
  File "/usr/games/unknown-horizons", line 381, in 
main()
  File "/usr/games/unknown-horizons", line 122, in main
ret = horizons.main.start(options)
  File "/usr/lib/python3/dist-packages/horizons/main.py", line 179, in start
Entities.load(horizons.globals.db, load_now=False) # create all 
references
  File "/usr/lib/python3/dist-packages/horizons/entities.py", line 64, in 
load
cls.load_grounds(db, load_now)
  File "/usr/lib/python3/dist-packages/horizons/entities.py", line 77, in 
load_grounds
tile_sets = TileSetLoader.get_sets()
  File 
"/usr/lib/python3/dist-packages/horizons/util/loaders/tilesetloader.py", line 
72, in get_sets
cls.load()
  File 
"/usr/lib/python3/dist-packages/horizons/util/loaders/tilesetloader.py", line 
65, in load
cls.tile_sets = JsonDecoder.load(PATHS.TILE_SETS_JSON_FILE)
  File 
"/usr/lib/python3/dist-packages/horizons/util/loaders/jsondecoder.py", line 40, 
in load
return json.load(f, encoding="ascii", object_hook=_decode_dict)
  File "/usr/lib/python3.9/json/__init__.py", line 293, in load
return loads(fp.read(),
  File "/usr/lib/python3.9/json/__init__.py", line 359, in loads
return cls(**kw).decode(s)
TypeError: __init__() got an unexpected keyword argument 'encoding'


signature.asc
Description: PGP signature

Bug#879147: debian-ports and unreleased packages

[Samuel Thibault]

Hello,

For information, I submitted a couple of fixes for the unreleased
distribution in debian-cd, it now behaves fine when setting UNRELEASED=1
in CONF.sh: it includes packages from the unreleased distribution in the
sid distribution of the CD. Also, I switched to using LOCAL=1,
LOCALDEBS and UPDATE_LOCAL=1, which is indeed enough to select any few
packages from unreleased for the bootstrap part.

Samuel

Bug#910508: lxde-common: closed bug #760971 still not fixed on debian 9.5 and lxde-common 0.99.2-3

[Andriy Grytsenko]

Thank you for reporting that issue. I would like to ask you for few more
details if that is possible. First od all I would like to see output of
the command (when issue happens):

ls -lR $HOME/.config/lxpanel/

Another this I would like to know is content of few environment variables
such as XDG_CONFIG_DIRS and XDG_CURRENT_DESKTOP

And last one thing I would ask you if your panel uses default command
line options from installed file, please.

Bug#982436: procps: Please allow overriding protect-links.conf settings via /etc/sysctl.conf

[Craig Small]

On Fri, 19 Feb 2021 at 19:21, intrigeri  wrote:

> I confirm this problem does not happen when I use "sysctl --system".
> However, this problem does happen with procps 2:3.3.17-4 after
> a reboot (or more simply, after restarting procps.service).
>
I'm really not sure why this would matter after 3.3.17-4 as 3.3.16-1 is
where the file moved from /etc to /usr/lib but its been protect-links.conf
for a while.


> My understanding is that when using systemd, what matters is what
> systemd-sysctl does, not what "sysctl --system" does: procps.service
>
Right, you're talking about what the systemd-sysctl does, not the procps
sysctl. However the protect-links.conf is in the procps package, hence the
bug report is here.

So, ignoring the version bit (its the same file) and knowing its the
systemd binary makes this a lot clearer.

I'll have to look into what happens with changing the name of this file.
It's not strictly speaking a conffile but if someone had put a
/etc/sysctl.d/protect-links.conf its not going to match anymore.
It might be just a matter of putting something into the NEWS as for most
people nothing will change.  If you (or someone else reading this) has some
precedent where a sysctl file in /usr/lib is renamed then I'm happy to hear
about it.

 - Craig

Bug#982050: There are fresh upstream releases (8.9.11 ATM) which address security and other issues

[Yaroslav Halchenko]

There are updated packages floating around... BCCing someone who might
facilitate pinging etc.  I bet if changes pushed somewhere, should be
easy to get updated package finalized etc

On Fri, 19 Feb 2021, Diane Trout wrote:

> I had been wondering if the htcondor package is effectively orphaned.
> There hasn't been any activity in quite some time.

-- 
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
WWW:   http://www.linkedin.com/in/yarik



signature.asc
Description: PGP signature

Bug#982530: libpam-modules: unable to login when using pam_tally2 after upgrade to libpam-modules >1.4.0

[Martin Schurz]

It looks like Steve had an explicit reason for disabling pam_tally here
and I don't want to go second guess that.
(Steve, if I'm wrong, please chime in).
In particular, Steve kept pam_cracklib, which also requires an extra
option, but did not keep pam_tally.


Oh, sorry there was some detail missing. The config option 
--enable-tally

was added in linux-pam from version 1.4.0 to soft deprecate this module.
So when we re-enable it with this option, it should build the pam_tally
module like it was the case up to 1.3.x.

see: https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0

also see this commit 
https://github.com/linux-pam/linux-pam/commit/f49166c7d8f3ae2c9d337154f7e5dc50d41ab6bf
and 
https://github.com/linux-pam/linux-pam/commit/ae2ccf5053b171dff644dd339338b0fde00f83a2


I did not do further srcutiny here, but I think the actual module code
was unaffected by this change. Most of the code for pam_tally in
linux-pam is more than a few years old without further change. With
the version 1.4.0 they just declared to not build these modules by
default and added options to enable them. With linux-pam 1.5.0 the
tally modules are completely removed from the codebase.

PS: pam_cracklib is also be deleted from 1.5.0, so we face the same
problem there too. Maybe we can solve this in one go. :)

Bug#983074: task-gnome-desktop: Please consider recommending synaptic again

[Holger Wansing]

Hi,

gagz  wrote (Fri, 19 Feb 2021 00:54:33 +0100):
> Package: task-gnome-desktop
> Version: 3.63
> Severity: normal
> Tags: d-i
> 
> Hello maintainers of task-gnome-desktop,
> 
> Synaptic used to be recommended by task-gnome-desktop (and other
> task-*-desktop), until it was removed from Buster (#889897), due to it
> not functionning correctly under Wayland.
> 
> Under GNOME, users have been left with gnome-software to install
> packages, but gnome-software only shows packages shipping AppStream
> metadata, thus most packages don't show up there, such as mat2,
> nautilus-wipe, sm and many more.
> Installing packages not available in gnome-software nowadays requires
> the use of a terminal, or gnome-packagekit, which is also not installed
> by default.
> 
> Gnome-packagekit does the job and has a prettier interface, but its
> developpment is much slower than synaptic's (regarding commits in the
> last 2 years).
> 
> Shipping synaptic by default in Debian Bullseye with GNOME, XFCE, LXDE,
> Mate and Cinnamon would be a great (re)improvement in user experience,
> giving users more control without the need of mastering terminal usage.

Adding debian-gtk-gnome to the loop:
What do Gnome people prefer?
Synaptic or gnome-packagekit?


Holger

-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#981466: kiwix: switch data feed and download URLs to https

[Kunal Mehta]

On 2/14/21 8:15 PM, Paul Wise wrote:

On Sun, 2021-02-14 at 20:11 -0800, Kunal Mehta wrote:


I'm going to cherry-pick the upstream fix for this and upload its
hortly so it'll be in bullseye.


Thanks.


Uploaded with 2.0.5-3.


The catalog is used by other devices, and apparently some older
Android devices didn't have the correct certs for Let's Encrypt? I'll
continue following up with upstream on this, but I'm going to mark
this bug as closed by the first change since this latter part
shouldn't require any fixes/adjustments to the Kiwix code once the
catalog is updated.


I think extra code will be needed to try https for each domain and then
upgrade all future http connections where https works on the domain.


I was thinking it would just wait until the catalog itself uses HTTPS 
for all links, but your suggestion also works, so I'll leave this open then.


-- Kunal

Bug#983142: circlator: reproducible builds: Generated tarball includes file mode

[Vagrant Cascadian]

Source: circlator
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: umask
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The generated tarball /usr/share/doc/circlator/examples/data.tar.xz
includes the file mode of the archived files:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/circlator.html

  drwxr-xr-x···0000·2019-07-30·14:50:30.00·data/
  vs.
  drwxrwxr-x···0000·2019-07-30·14:50:30.00·data/

  
-rw-r--r--···0000·2019-07-30·14:50:30.00·data/assemble_test.dummy_reads.fa
  vs.
  
-rw-rw-r--···0000·2019-07-30·14:50:30.00·data/assemble_test.dummy_reads.fa


The attached patch fixes this by passing the --mode argument to the tar
command used in debian/rules. Patch attached.


Thanks for maintaining circlator!


live well,
  vagrant
From a40da2a3fea821f2461a8977a17707e57e81cc1f Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Fri, 19 Feb 2021 23:06:38 +
Subject: [PATCH] debian/rules: Pass mode to tar when creating examples
 tarball.

---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index fedee22..9801148 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,4 +15,4 @@ endif
 
 override_dh_installexamples:
 	dh_installexamples
-	cd debian/$(DEB_SOURCE)/usr/share/doc/$(DEB_SOURCE)/examples && tar caf data.tar.xz data --owner=0 --group=0 --numeric-owner --sort=name && rm -rf data
+	cd debian/$(DEB_SOURCE)/usr/share/doc/$(DEB_SOURCE)/examples && tar caf data.tar.xz data --owner=0 --group=0 --numeric-owner --sort=name --mode=a+rX,og-w && rm -rf data
-- 
2.20.1



signature.asc
Description: PGP signature

Bug#983141: libkf5kiocore5: Error loading '/usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kio/http.so'

[Urs Ganse]

Package: libkf5kiocore5
Version: 5.78.0-4
Severity: important

Dear Maintainer,

when running korganizer and trying to fetch the discoverable collections
of a CalDav calendar, korganizer pops up an error window saying "There
was a problem with the request HTTP error (0)".

At the same time, the akonadi server prints:
kf.kio.core: couldn't create slave: "klauncher said: Error loading 
'/usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kio/http.so'."

(without any further information as to why the loading failed).
ldd output of /usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kio/http.so
shows no missing library dependencies.

-- System Information:
Debian Release: 10.8
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libkf5kiocore5 depends on:
ii  libacl12.2.53-4
ii  libc6  2.31-9
ii  libkf5authcore55.78.0-2
ii  libkf5configcore5  5.78.0-4
ii  libkf5coreaddons5  5.78.0-2
ii  libkf5crash5   5.78.0-3
ii  libkf5dbusaddons5  5.78.0-2
ii  libkf5i18n55.78.0-2
ii  libkf5service-bin  5.54.0-1
ii  libkf5service5 5.78.0-2
ii  libqt5core5a   5.15.2+dfsg-4
ii  libqt5dbus55.15.2+dfsg-4
ii  libqt5network5 5.15.2+dfsg-4
ii  libqt5xml5 5.15.2+dfsg-4
ii  libstdc++6 10.2.1-6

libkf5kiocore5 recommends no packages.

libkf5kiocore5 suggests no packages.

-- no debconf information

Bug#983117: dxvk: failure to apply on a clean prefix, due to a symlink creation issue

[Antoine Le Gonidec]

After a bit more thinking it probably makes more sense to assign this bug to 
wine-development, as this is a wine-development update that broke dxvk.

Severity should probably be adjusted too, as this does not make 
wine-development unusable but still breaks dxvk, a related package.
But I am not sure what severity level would be appropriate for such an issue.



OpenPGP_signature
Description: OpenPGP digital signature

Bug#982530: libpam-modules: unable to login when using pam_tally2 after upgrade to libpam-modules >1.4.0

[Sam Hartman]

It looks like Steve had an explicit reason for disabling pam_tally here
and I don't want to go second guess that.
(Steve, if I'm wrong, please chime in).
In particular, Steve kept pam_cracklib, which also requires an extra
option, but did not keep pam_tally.


I also think there is another wrinkle here.
I don't know if the pam_tally from libpam-modules 1.3.x works with the
libpam0g from 1.4.x.
I'll need to test that.
By the time the preinst script runs for libpam-modules, the new pam
libraries will already be unpacked.

I'd much rather bring back pam_tally for a release cycle than add a
preinst script to a pseudo-essential library like libpam0g.
I realize that libpam-modules is also psuedo-essential, but it already
has a preinst script.

--Sam

Bug#891340: pssh: Update upstream to forked maintained repo

[Hilmar Preuße]

Am 24.02.2018 um 18:01 teilte Tj mit:

Hi Jochen,

Sorry, late response!


* What led up to the situation?

Upstream source was originally moved to code.google.com which was
discontinued. Original authors seem to have stopped caring around 2013.
A forked new upstream is at https://github.com/lilydjwg/pssh and
contains many bug fixes and improvements.


In #930780 you said:


parallel-ssh seems to be a Python library and different code base, so I 
would rather go with the Github fork mentioned in #891340. But there are 
no new releases, so it's probably easiest to pull in the patches via 
debian/patches. There is a discussion to make it upstream, so I would 
propose to ask for a release after that is cleared:


https://github.com/lilydjwg/pssh/issues/110#issuecomment-580609871


Shortly after that a new release (2.3.4) was created by lilydjwg and 
lilydjwg seems to be quite active. So I'd say we declare 
https://github.com/lilydjwg to be the new upstream and base our work on 
that.


Hilmar
--
sigfault






OpenPGP_signature
Description: OpenPGP digital signature

Bug#983140: ansible: Does not detect correct python interpreter on bullseye target

[Dominic Hargreaves]

Package: ansible
Version: 2.9.16+dfsg-1.1
Severity: important

I set up a fresh bullseye host (upgraded from a base buster
installation) and it has python3.7 and python3.9 installed. I think that
python3.7 is left over from buster and should probably be removed from
the host (apt-get autoremove does so). However, I expect this is a common
scenario after an upgrade.

if I run my base playbook in check mode it tells me to install
python3-apt, but that is already installed on the target. The reason is
that python3-apt in bullseye only provides the module for python3.9,
but ansible tries to run python3.7.

The following patch fixes this:

--- /usr/lib/python3/dist-packages/ansible/config/base.yml.bak  2021-02-19 
22:34:00.363529032 +
+++ /usr/lib/python3/dist-packages/ansible/config/base.yml  2021-02-19 
22:34:08.987398189 +
@@ -1462,6 +1462,7 @@
   name: Ordered list of Python interpreters to check for in discovery
   default:
   - /usr/bin/python
+  - python3.9
   - python3.7
   - python3.6
   - python3.5

Something similar is available upstream:


Please consider applying this fix in the version of ansible shipped
with bullseye so that bullseye hosts can manage bullseye hosts out of the
box.

(I'd also suggest moving /usr/bin/python3 up that list so that this
doesn't recur for future python 3 releases.)

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ansible depends on:
ii  openssh-client1:8.4p1-3
ii  python3   3.9.1-1
ii  python3-cryptography  3.3.1-1
ii  python3-distutils 3.9.1-2
ii  python3-dnspython 2.0.0-1
ii  python3-httplib2  0.18.1-3
ii  python3-jinja22.11.2-1
ii  python3-netaddr   0.7.19-4
ii  python3-paramiko  2.7.2-1
ii  python3-yaml  5.3.1-3+b1

Versions of packages ansible recommends:
pn  python3-argcomplete  
pn  python3-jmespath 
pn  python3-kerberos 
pn  python3-libcloud 
pn  python3-selinux  
pn  python3-winrm
pn  python3-xmltodict

Versions of packages ansible suggests:
pn  cowsay   
ii  sshpass  1.09-1+b1

-- no debconf information

Bug#983138: ypserv: path to "bash" varies on usrmerge system

[Vagrant Cascadian]

Source: ypserv
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: usrmerge shell
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The configure script sets the BASH variable to /bin/sh when run on a
usrmerge system, resulting in the pwupdate script differing between
builds:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/ypserv.html

  ./usr/lib/yp/pwupdate
  
  #!/bin/bash
  vs.
  #!/bin/sh


Patch attached which passes BASH=/bin/bash to configure, to ensure a
consistent build regardless of if it is built on a usrmerge system.


Thanks for maintaining ypserv!


live well,
  vagrant
From 4e0d9081842ed5b89c6be333ef0c14fce16503c4 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Fri, 19 Feb 2021 22:28:16 +
Subject: [PATCH 2/2] debian/rules: Pass BASH variable to configure.

The configure script records the path to "bash" as /bin/sh when built
on a usrmerge system. Consistently use /bin/bash as this is the most
compatible path and avoids assumptions about the shell.

https://tests.reproducible-builds.org/debian/issues/paths_vary_due_to_usrmerge_issue.html
---
 debian/rules | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 48637c1..ffe1fca 100755
--- a/debian/rules
+++ b/debian/rules
@@ -28,7 +28,8 @@ gen-manpages:
 	dh $@
 
 override_dh_auto_configure:
-	dh_auto_configure
+	# Ensure BASH variable consistently is /bin/bash
+	dh_auto_configure -- BASH=/bin/bash
 	for f in `find $(CURDIR) -name '*.8.xml'`; \
 		do d=`dirname $$f`; n=`basename $$f .xml`; [ -f $(CURDIR)/$$d/$$n ] || cp -f $(CURDIR)/debian/man/$$n $$d/.; done 
 
-- 
2.20.1



signature.asc
Description: PGP signature

Bug#983117: dxvk: failure to apply on a clean prefix, due to a symlink creation issue

[vv221]

Package: dxvk
Version: 1.7.3+ds1-1
Severity: grave
Justification: renders package unusable

Trying to apply dxvk patches on a clean WINE prefix fails with the
following output:

installing dxvk-wine64-development in the wine prefix...
[1/2] Creating override for dxgi
The operation completed successfully
[2/2] Creating link link to dxgi
ln: failed to create symbolic link 
'/tmp/dxvk/wine/dosdevices/c:/windows'$'\r''/system32/dxgi.dll': No such file 
or directory

This issue is systematic since I upgraded wine-development to
repository-provided 5.6-1. It did not happen with the previously
packaged 5.5 version.

The failure happens on both win32 and win64 WINE prefixes.

Installing dxvk using repository-provided winetricks does not seem to be
a valid workaround, as it tries to install DXVK 1.8, that is not
compatible with WINE versions lower than 5.8.

These extra packages versions are probably relevant information:

ii  libwine-development:amd645.6-1amd64Windows API 
implementation - library
ii  libwine-development:i386 5.6-1i386 Windows API 
implementation - library
ii  wine-development 5.6-1all  Windows API 
implementation - standard suite
ii  wine32-development:i386  5.6-1i386 Windows API 
implementation - 32-bit binary loader
ii  wine64-development   5.6-1amd64Windows API 
implementation - 64-bit binary loader

I tried reverting to wine-development 5.5-9 packages, from the snapshots
archive: https://snapshot.debian.org/package/wine-development/5.5-9/
With wine-development 5.5-9, the symlink creation failure does not
happen, and DXVK patches are applied cleanly.

A temporary workaround follows, for other users facing this issue on a
Debian Sid (all commands as root):

cat > /etc/apt/sources.list.d/snapshot-20201026T024334Z.list << EOF
# wine-development 5.5-9
# cf. https://snapshot.debian.org/package/wine-development/5.5-9/
deb [check-valid-until=no] 
https://snapshot.debian.org/archive/debian/20201026T024334Z/ sid main
EOF
apt update
apt install 
{libwine-development:{amd64,i386},wine32-development:i386,wine64-development,wine-development}=5.5-9

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'stable-debug'), (500, 'oldstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-1-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dxvk depends on:
ii  dxvk-wine32-development  1.7.3+ds1-1
ii  dxvk-wine64-development  1.7.3+ds1-1

Versions of packages dxvk recommends:
ii  dxvk-wine32-development  1.7.3+ds1-1
ii  dxvk-wine64-development  1.7.3+ds1-1

dxvk suggests no packages.

-- no debconf information

Bug#983136: init.c: add missing braces around initializer

[Bjarni Ingi Gislason]

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From 409e79fa03fb04a8dadb9480ce75ca3dc49bc932 Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason 
>Date: Fri, 19 Feb 2021 21:53:28 +
>Subject: [PATCH] init.c: add missing braces around initializer

  Warning from the compiler:

init.c:315:34: warning: missing braces around initializer
[-Wmissing-braces]

Signed-off-by: Bjarni Ingi Gislason 
---
 init.c | 101 +
 1 file changed, 51 insertions(+), 50 deletions(-)

diff --git a/init.c b/init.c
index f90349f..676bc85 100644
--- a/init.c
+++ b/init.c
@@ -314,56 +314,57 @@ static struct alt_commands {
 int alt_type;
 }   alt_commands[] = {
 
-"admin", 5, 0,
-"bug", 3, 0,
-"cd", 2, 1,
-"compile", 7, 0,
-"coredump", 8, 0,
-"cost", 4, 0,
-"decode", 6, 0,
-"define", 6, 0,
-"help", 4, 2,
-"load", 4, 0,
-"local", 5, 3,
-"lock", 4, 3,
-"make", 4, -1,
-"make map ", 9, -2,
-"man", 3, 0,
-"map", 3, 4,
-"mkdir", 5, 1,
-"motd", 4, 0,
-"patch", 5, 0, /* QUICK HACK */
-"post", 4, 0,  /* QUICK HACK */
-"print", 5, -3,/* QUICK HACK */
-"print-variables", 15, 0,
-"pwd", 3, 0,
-"rmail", 5, 0,
-"set", 3, 3,
-"show", 4, -1,
-"show config", 11, 0,
-"show groups", 11, -1,
-"show groups all", 15, 0,
-"show groups subscr", 18, 0,
-"show groups total", 17, 0,
-"show groups unsub", 17, 0,
-"show kill", 9, 0,
-"show map", 8, -1,
-"show map #", 10, 0,
-"show map key", 12, 0,
-"show map menu", 13, 0,
-"show map show", 13, 0,
-"show rc ", 8, 0,
-"sort", 4, -1,
-"sort arrival", 12, 0,
-"sort date", 9, 0,
-"sort lexical", 12, 0,
-"sort sender", 11, 0,
-"sort subject", 12, 0,
-"toggle", 6, 3,
-"unread", 6, 0,
-"unset", 5, 3,
-"unshar", 6, 0,/* QUICK HACK */
-NULL, 0, 0
+{"admin", 5, 0},
+{"bug", 3, 0},
+{"cd", 2, 1},
+{"compile", 7, 0},
+{"coredump", 8, 0},
+{"cost", 4, 0},
+{"decode", 6, 0},
+{"define", 6, 0},
+{"help", 4, 2},
+{"load", 4, 0},
+{"local", 5, 3},
+{"lock", 4, 3},
+{"make", 4, -1},
+{"make map ", 9, -2},
+{"man", 3, 0},
+{"map", 3, 4},
+{"mime", 4, 0},/* QUICK HACK */
+{"mkdir", 5, 1},
+{"motd", 4, 0},
+{"patch", 5, 0},   /* QUICK HACK */
+{"post", 4, 0},/* QUICK HACK */
+{"print", 5, -3},  /* QUICK HACK */
+{"print-variables", 15, 0},
+{"pwd", 3, 0},
+{"rmail", 5, 0},
+{"set", 3, 3},
+{"show", 4, -1},
+{"show config", 11, 0},
+{"show groups", 11, -1},
+{"show groups all", 15, 0},
+{"show groups subscr", 18, 0},
+{"show groups total", 17, 0},
+{"show groups unsub", 17, 0},
+{"show kill", 9, 0},
+{"show map", 8, -1},
+{"show map #", 10, 0},
+{"show map key", 12, 0},
+{"show map menu", 13, 0},
+{"show map show", 13, 0},
+{"show rc ", 8, 0},
+{"sort", 4, -1},
+{"sort arrival", 12, 0},
+{"sort date", 9, 0},
+{"sort lexical", 12, 0},
+{"sort sender", 11, 0},
+{"sort subject", 12, 0},
+{"toggle", 6, 3},
+{"unread", 6, 0},
+{"unset", 5, 3},
+{"unshar", 6, 0},  /* QUICK HACK */
+{NULL, 0, 0}
 };
 
 int
-- 
2.30.0


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason

Bug#982050: There are fresh upstream releases (8.9.11 ATM) which address security and other issues

[Diane Trout]

Hello,

I had been wondering if the htcondor package is effectively orphaned.
There hasn't been any activity in quite some time.

It looks like the wusc.edu developer stopped in 2018.
https://contributors.debian.org/contributor/ttheisen-guest@alioth/

It looks like the Debian developer Michael Hanke is still around as of
2020 though.
https://contributors.debian.org/contributor/mih/

Diane

Bug#983135: autopkgtest: test suite can cause autopkgtest to crash by removing /tmp/autopkgtest*

[Antonio Terceiro]

Package: autopkgtest
Version: 5.16
Severity: normal

8<8<8<-
$ cat debian/tests/control
Test-Command: rm -rf /tmp/autopkgtest*
8<8<8<-
$ autopkgtest -B . -- null
autopkgtest [18:27:57]: starting date: 2021-02-19
autopkgtest [18:27:57]: version 5.16
autopkgtest [18:27:57]: host lemur; command line: /usr/bin/autopkgtest -B . -- 
null
autopkgtest [18:27:57]: testbed dpkg architecture: amd64
autopkgtest [18:27:57]: testbed running kernel: Linux 5.10.0-3-amd64 #1 SMP 
Debian 5.10.13-1 (2021-02-06)
autopkgtest [18:27:57]:  built-tree .
autopkgtest [18:27:57]: test command1: preparing testbed
autopkgtest [18:27:57]: test command1: rm -rf /tmp/autopkgtest*
autopkgtest [18:27:57]: test command1: [---
autopkgtest [18:27:57]: test command1: ---]
Unexpected error:
Traceback (most recent call last):
  File "/usr/share/autopkgtest/lib/VirtSubproc.py", line 739, in mainloop
command()
  File "/usr/share/autopkgtest/lib/VirtSubproc.py", line 668, in command
r = f(c, ce)
  File "/usr/share/autopkgtest/lib/VirtSubproc.py", line 606, in cmd_copyup
copyupdown(c, ce, True)
  File "/usr/share/autopkgtest/lib/VirtSubproc.py", line 490, in copyupdown
copyupdown_internal(ce[0], c[1:], upp)
  File "/usr/share/autopkgtest/lib/VirtSubproc.py", line 515, in 
copyupdown_internal
copyup_shareddir(sd[0], sd[1], dirsp, downtmp_host)
  File "/usr/share/autopkgtest/lib/VirtSubproc.py", line 429, in 
copyup_shareddir
shutil.copy(tb, host)
  File "/usr/lib/python3.9/shutil.py", line 418, in copy
copyfile(src, dst, follow_symlinks=follow_symlinks)
  File "/usr/lib/python3.9/shutil.py", line 264, in copyfile
with open(src, 'rb') as fsrc, open(dst, 'wb') as fdst:
FileNotFoundError: [Errno 2] No such file or directory: 
'/tmp/autopkgtest.KE7LcE/command1-stdout'
autopkgtest [18:27:57]: ERROR: testbed failure: cannot send to testbed: [Errno 
32] Broken pipe
8<8<8<-


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages autopkgtest depends on:
ii  apt-utils   2.2.0
ii  libdpkg-perl1.20.7.1
ii  procps  2:3.3.17-4
ii  python3 3.9.1-1
ii  python3-debian  0.1.39

Versions of packages autopkgtest recommends:
ii  autodep8  0.24

Versions of packages autopkgtest suggests:
ii  lxc   1:4.0.6-1
pn  lxd   
ii  ovmf  2020.11-2
ii  qemu-efi-aarch64  2020.11-2
ii  qemu-efi-arm  2020.11-2
ii  qemu-system   1:5.2+dfsg-6
ii  qemu-utils1:5.2+dfsg-6
ii  schroot   1.6.10-11+b1
ii  vmdb2 0.22-1

-- no debconf information


signature.asc
Description: PGP signature

Bug#982567: openms build-depends on removed package.

[Michael R. Crusoe]

On Thu, 11 Feb 2021 22:54:54 + peter green  wrote:
> Package: openms
> Version: 2.6.0+cleaned1-2
> Severity: serious
>
> openms build-depends on seqan-dev which was built by the sequan source
> package, which was removed from unstable and testing recently. The person
> requesting the removal stated that "There are no other users of seqan 1.x
> in Debian." but it seems this was not correct.

I'm very sorry for this. I don't know why my search didn't reveal that
openms had never upgraded to SeqAn 2 or 3.


> I tried removing the build-dependency as there did not appear to be
> a corresponding runtime depedency, but that made configure fail.
>
> I then tried with libseqan3-dev but that also made configure fail
>
> I then tried with libseqan2-dev, in that case configure succeeded
> but the build failed with

There is no smooth upgrade path between major SeqAn versions, so I don't
recommend trying that further.

I suggest adding the parts of SeqAn needed to debian/ as a quick(er) fix.


--
Michael R. Crusoe

Bug#983134: buster-pu: package python3.7/3.7.3-2+deb10u3

[Moritz Muehlenhoff]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@debian.org

debdiff below fixes two security issues, which don't warrant a DSA by itself.

Update has been tested on a Buster few systems (and verified with the PoC).

Cheers,
Moritz

diff -Nru python3.7-3.7.3/debian/changelog python3.7-3.7.3/debian/changelog
--- python3.7-3.7.3/debian/changelog2020-07-25 15:00:39.0 +0200
+++ python3.7-3.7.3/debian/changelog2021-01-22 20:05:45.0 +0100
@@ -1,3 +1,10 @@
+python3.7 (3.7.3-2+deb10u3) buster; urgency=medium
+
+  * CVE-2020-26116
+  * CVE-2021-3177
+
+ -- Moritz Mühlenhoff   Fri, 22 Jan 2021 21:04:44 +0100
+
 python3.7 (3.7.3-2+deb10u2) buster; urgency=medium
 
   * CVE-2019-20907
diff -Nru python3.7-3.7.3/debian/patches/CVE-2020-26116.patch 
python3.7-3.7.3/debian/patches/CVE-2020-26116.patch
--- python3.7-3.7.3/debian/patches/CVE-2020-26116.patch 1970-01-01 
01:00:00.0 +0100
+++ python3.7-3.7.3/debian/patches/CVE-2020-26116.patch 2021-01-22 
15:32:43.0 +0100
@@ -0,0 +1,84 @@
+Fixes CVE-2020-26116:
+
+From ca75fec1ed358f7324272608ca952b2d8226d11a Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-isling...@users.noreply.github.com>
+Date: Sun, 19 Jul 2020 02:27:35 -0700
+Subject: [PATCH] bpo-39603: Prevent header injection in http methods
+ (GH-18485) (GH-21538)
+
+reject control chars in http method in http.client.putrequest to prevent http 
header injection
+(cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e)
+
+Co-authored-by: AMIR <31338382+amiremoham...@users.noreply.github.com>
+
+--- python3.7-3.7.3.orig/Lib/http/client.py
 python3.7-3.7.3/Lib/http/client.py
+@@ -150,6 +150,10 @@ _contains_disallowed_url_pchar_re = re.c
+ #  _is_allowed_url_pchars_re = 
re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$")
+ # We are more lenient for assumed real world compatibility purposes.
+ 
++# These characters are not allowed within HTTP method names
++# to prevent http header injection.
++_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]')
++
+ # We always set the Content-Length header for these methods because some
+ # servers will otherwise respond with a 411
+ _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'}
+@@ -1107,6 +,8 @@ class HTTPConnection:
+ else:
+ raise CannotSendRequest(self.__state)
+ 
++self._validate_method(method)
++
+ # Save the method we use, we need it later in the response phase
+ self._method = method
+ if not url:
+@@ -1197,6 +1203,16 @@ class HTTPConnection:
+ # For HTTP/1.0, the server will assume "not chunked"
+ pass
+ 
++def _validate_method(self, method):
++"""Validate a method name for putrequest."""
++# prevent http header injection
++match = _contains_disallowed_method_pchar_re.search(method)
++if match:
++raise ValueError(
++f"method can't contain control characters. {method!r} "
++f"(found at least {match.group()!r})")
++
++
+ def putheader(self, header, *values):
+ """Send a request header line to the server.
+ 
+--- python3.7-3.7.3.orig/Lib/test/test_httplib.py
 python3.7-3.7.3/Lib/test/test_httplib.py
+@@ -360,6 +360,28 @@ class HeaderTests(TestCase):
+ self.assertEqual(lines[2], "header: Second: val")
+ 
+ 
++class HttpMethodTests(TestCase):
++def test_invalid_method_names(self):
++methods = (
++'GET\r',
++'POST\n',
++'PUT\n\r',
++'POST\nValue',
++'POST\nHOST:abc',
++'GET\nrHost:abc\n',
++'POST\rRemainder:\r',
++'GET\rHOST:\n',
++'\nPUT'
++)
++
++for method in methods:
++with self.assertRaisesRegex(
++ValueError, "method can't contain control characters"):
++conn = client.HTTPConnection('example.com')
++conn.sock = FakeSocket(None)
++conn.request(method=method, url="/")
++
++
+ class TransferEncodingTest(TestCase):
+ expected_body = b"It's just a flesh wound"
+ 
diff -Nru python3.7-3.7.3/debian/patches/CVE-2021-3177.patch 
python3.7-3.7.3/debian/patches/CVE-2021-3177.patch
--- python3.7-3.7.3/debian/patches/CVE-2021-3177.patch  1970-01-01 
01:00:00.0 +0100
+++ python3.7-3.7.3/debian/patches/CVE-2021-3177.patch  2021-01-22 
15:33:44.0 +0100
@@ -0,0 +1,169 @@
+Fixes CVE-2021-3177:
+
+From d9b8f138b7df3b455b54653ca59f491b4840d6fa Mon Sep 17 00:00:00 2001
+From: Benjamin Peterson 
+Date: Mon, 18 Jan 2021 15:24:02 -0600
+Subject: [PATCH] [3.7] closes bpo-42938: Replace snprintf with Python unicode
+ formatting in ctypes param reprs. (GH-24249)
+
+(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
+
+Co-authored-by: Benjamin Peterson 
+
+--- 

Bug#983099: perl FTCBFS: cross configs outdated

[Dominic Hargreaves]

On Fri, Feb 19, 2021 at 11:00:20AM +0100, Helmut Grohne wrote:
> Source: perl
> Version: 5.32.1-2
> Severity: important
> X-Debbugs-Cc: debian-rele...@lists.debian.org
> User: debian-cr...@lists.debian.org
> Usertags: ftcbfs
> 
> perl currently fails to cross build from source, due to a minor version
> bump. Whenever the version is updated, the cross compilation configs
> need to be updated and this didn't happen for perl.
> 
> Such temporary ftcbfs are usual for perl. What makes this worthy of
> reporting is that this version will end up in bullseye. There are a
> number of embedded distributions now that are based on Debian and due to
> perl's central role to Debian it should be cross buildable in stable.
> 
> The risk of breaking anything by fixing this bug is quite low as these
> cross configs are used for nothing but cross building perl and updating
> them is a routine task to Niko. I've Cced d-release in case they want to
> object now before Niko files an unblock request.

Thanks for the heads up. I had not realised the significance of these
cross files in the context of the stable release.

Niko, I see there is a debian/cross/extract-config-sh - could you
possibly add a note to debian/README.source explaining the
circumstances under which it needs to be run? I see there were multiple
updates for 5.32.0 so it looks like it's not only with new upstream
versions it needs to be run.

Probably it needs to be listed at 

too.

Cheers
Dominic

Bug#983133: chset.c: add missing braces around initializer

[Bjarni Ingi Gislason]

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From fcbfe423a4afaacff46cb50b7444b7de19624ecd Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason 
>Date: Fri, 19 Feb 2021 21:13:59 +
>Subject: [PATCH] chset.c: add missing braces around initializer

  Warning from the compiler:

chset.c:13:32: warning: missing braces around initializer [-Wmissing-braces]

Signed-off-by: Bjarni Ingi Gislason 
---
 chset.c | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/chset.c b/chset.c
index 0c9816e..9ea5d6c 100644
--- a/chset.c
+++ b/chset.c
@@ -11,19 +11,19 @@
 #include "chset.h"
 
 static struct chset chsets[] = {
-"us-ascii", 7,
-"iso-8859-1", 8,
-"iso-8859-2", 8,
-"iso-8859-3", 8,
-"iso-8859-4", 8,
-"iso-8859-5", 8,
-"iso-8859-6", 8,
-"iso-8859-7", 8,
-"iso-8859-8", 8,
-"iso-8859-9", 8,
-"iso-8859-15", 8,
-"unknown", 0,
-NULL, 0,
+{"us-ascii", 7},
+{"iso-8859-1", 8},
+{"iso-8859-2", 8},
+{"iso-8859-3", 8},
+{"iso-8859-4", 8},
+{"iso-8859-5", 8},
+{"iso-8859-6", 8},
+{"iso-8859-7", 8},
+{"iso-8859-8", 8},
+{"iso-8859-9", 8},
+{"iso-8859-15", 8},
+{"unknown", 0},
+{NULL, 0},
 };
 
 struct chset   *curchset = chsets;
-- 
2.30.0



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason

Bug#982567: openms build-depends on removed package

[Andreas Tille]

Hi Filippo,

this is extremely unfortunate.  However, I guess the alternative would
have been to keep some RC buggy seqan-dev which would not have helped
openms as well.  I tried the same as Peter and replaced the
Build-Depends seqan-dev by libseqan2-dev.

I can confirm the observation from Peter about the missing header file.
I simply tried to comment those missing headers (next one is also
missing):


// #include 
// #include 


This leaded to:

...
cd /build/openms-2.6.0+cleaned1/obj-x86_64-linux-gnu/src/openms && /usr/bin/c++ 
-DBOOST_ALL_NO_LIB -DOpenMS_EXPORTS -DQT_CORE_LIB -DQT_NETWORK_LIB 
-DQT_NO_DEBUG -I/build/openms-2.6.0+cleaned1/obj-x86_64-linux-gnu/src/openms 
-I/build/openms-2.6.0+cleaned1/src/openms 
-I/build/openms-2.6.0+cleaned1/obj-x86_64-linux-gnu/src/openms/OpenMS_autogen/include
 -I/build/openms-2.6.0+cleaned1/src/openms/include 
-I/build/openms-2.6.0+cleaned1/obj-x86_64-linux-gnu/src/openms/include -isystem 
/usr/lib -isystem /usr/lib/x86_64-linux-gnu/include -isystem 
/build/openms-2.6.0+cleaned1/src/openms/thirdparty/evergreen/src -isystem 
/usr/include/hdf5/serial -isystem /usr/include/libsvm -isystem 
/usr/include/eigen3 -isystem /usr/include/libwildmagic -isystem 
/build/openms-2.6.0+cleaned1/src/openswathalgo/include -isystem 
/build/openms-2.6.0+cleaned1/obj-x86_64-linux-gnu/src/openswathalgo/include 
-isystem 
/build/openms-2.6.0+cleaned1/src/openswathalgo/thirdparty/MIToolbox/include 
-isystem 
/build/openms-2.6.0+cleaned1/src/openswathalgo/thirdparty/MIToolbox/src 
-isystem /usr/include/x86_64-linux-gnu/qt5 -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtCore -isystem 
/usr/lib/x86_64-linux-gnu/qt5/mkspecs/linux-g++ -isystem 
/usr/include/x86_64-linux-gnu/qt5/QtNetwork -isystem 
/build/openms-2.6.0+cleaned1/src/openms/thirdparty/eol-bspline -isystem 
/build/openms-2.6.0+cleaned1/src/openms/thirdparty/IsoSpec -isystem 
/build/openms-2.6.0+cleaned1/src/openms/thirdparty/json -g -O2 
-ffile-prefix-map=/build/openms-2.6.0+cleaned1=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2-O3 
-DNDEBUG -fPIC -fvisibility=hidden -fvisibility-inlines-hidden -Wall -Wextra 
-Wno-non-virtual-dtor -Wno-unknown-pragmas -Wno-long-long -Wno-unused-function 
-Wno-variadic-macros -fPIC -fopenmp -o 
CMakeFiles/OpenMS.dir/source/FORMAT/FASTAFile.cpp.o -c 
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:50:18: 
error: 'RecordReader' in namespace 'seqan' does not name a template type
   50 |   typedef seqan::RecordReader > 
FASTARecordReader;
  |  ^~~~
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp: In member 
function 'void OpenMS::FASTAFile::readStart(const OpenMS::String&)':
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:93:66: 
error: expected primary-expression before '(' token
   93 | reader_ = std::unique_ptr >(new 
FASTARecordReader(infile_),
  |  ^
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:93:71: 
error: expected type-specifier before 'FASTARecordReader'
   93 | reader_ = std::unique_ptr >(new 
FASTARecordReader(infile_),
  |   
^
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp: In lambda 
function:
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:96:26: 
error: 'FASTARecordReader' does not name a type
   96 |   delete static_cast(ptr);
  |  ^
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:96:43: 
error: expected '>' before '*' token
   96 |   delete static_cast(ptr);
  |   ^
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:96:43: 
error: expected '(' before '*' token
   96 |   delete static_cast(ptr);
  |   ^
  |   (
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:96:44: 
error: expected primary-expression before '>' token
   96 |   delete static_cast(ptr);
  |^
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:96:50: 
error: expected ')' before ';' token
   96 |   delete static_cast(ptr);
  |  ^
  |  )
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp: In member 
function 'bool OpenMS::FASTAFile::readNext(OpenMS::FASTAFile::FASTAEntry&)':
/build/openms-2.6.0+cleaned1/src/openms/source/FORMAT/FASTAFile.cpp:104:35: 
error: 'FASTARecordReader' does not name a type
  104 | if (seqan::atEnd(*static_cast(reader_.get(
  |  

Bug#962259: Creating Webhooks fails and returns error 500

[Antoine Le Gonidec]

Le 16/02/2021 à 21:50, Maximilian Stein a écrit :

I used apt-rdepends(1) to limit the output of dpkg to (recursive) dependencies 
of gitlab:

apt-rdepends gitlab | grep '^\w' | awk '{print "^ii  " $0}' > gitlab-rdepends

dpkg -l | grep --file=gitlab-rdepends


Attached is the output on my own server, where the issue is not triggered.


gitlab-dependencies-versions.txt.gz
Description: application/gzip


OpenPGP_signature
Description: OpenPGP digital signature

Bug#983132: answer.c: add missing braces around initializer

[Bjarni Ingi Gislason]

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From 50f9f863d2645390801d833b8ccf5c1dc5cd4b3b Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason 
>Date: Fri, 19 Feb 2021 20:56:06 +
>Subject: [PATCH] answer.c: add missing braces around initializer

  Warning from the compiler:

answer.c:797:1: warning: missing braces around initializer [-Wmissing-braces]

Signed-off-by: Bjarni Ingi Gislason 
---
 answer.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/answer.c b/answer.c
index 4061fff..69330ce 100644
--- a/answer.c
+++ b/answer.c
@@ -795,13 +795,13 @@ static char*post_to_groups = NULL;
 static
 Option_Description(post_options)
 {
-'d', String_Option(post_distribution),
-'f', String_Option(post_source_file),
-'k', String_Option(post_keywords),
-'s', String_Option(post_subject),
-'y', String_Option(post_summary),
-'p', Bool_Option(post_no_edit),
-'\0', 0,
+{'d', String_Option(post_distribution)},
+{'f', String_Option(post_source_file)},
+{'k', String_Option(post_keywords)},
+{'s', String_Option(post_subject)},
+{'y', String_Option(post_summary)},
+{'p', Bool_Option(post_no_edit)},
+{'\0', 0},
 };
 
 void
-- 
2.30.0



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason

Bug#983131: bind9: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination

[Salvatore Bonaccorso]

Source: bind9
Version: 1:9.16.12-1
Severity: important
Tags: upstream
X-Debbugs-Cc: car...@debian.org

Hi

This is just to track the issue 'downstream'. The last bind9 update as
based on 9.16.12. There was a notification that there is an issue
introduced in 9.16.12 (and other versions), where enabling the new
option stale-answer-client-timeout" would cause issues and result in
the named daemon to crash.

Details in
https://www.openwall.com/lists/oss-security/2021/02/19/1

Regards,
Salvatore

Bug#983092: xapps-common:all is not properly arch-independent

[Andreas Henriksson]

Hello,

On Fri, Feb 19, 2021 at 10:45:41AM +0100, Sven Mueller wrote:
> Package: xapp
> Version: 2.0.6-1
> Severity: serious
> 
> xapps-common is tagged as architecture:all, but the generated
> xapp-sn-watcher.desktop included in it depends on the architecture it was
> built on.
[...]
> 1) Move the autostart file into the respective libxapp1 packages (with the
> binary)
[...]

Seems like Fabio Fantoni went with this solution and while I agree
that desktop files should be shipped in the same package as the binary
they launch in general, I also think it's very wrong to ship
non-SO-verioned files in a libfooN package!
(You'll most likely cause a file conflict bug when you later move
to libxapp2 in the future the entire reason we put the SO version
in the package name is to make the different versions co-installable,
but if you put non-versioned files in the package then you're breaking
that)

The executable and desktop file should really be in a different
(possibly newly added) package!

Given we're in freeze it might be too late to introduce a new binary
package (if that's needed), but fixing one bug by doing something
wrong doesn't feel like debian style either. Wouldn't it be better
to just ask the release team which solution they prefer and possibly
get an exception for introducing a new binary package if needed?

Regards,
Andreas Henriksson

Bug#983129: just a note about node-babel-runtime

[Pirate Praveen]

node-babel-runtime needs to be installed from buster-backports for 
yarnpkg to work, probably a bug in yarnpkg dependency declaration.

Bug#977327: (no subject)

[Ludovic Pouzenc]

Hi,

It seems that ansible 2.9 currently in testing still try to use python 
2.7. Using ansible-pull with a playbook using a ansible.builtin.apt task 
that juste ask for "apt update" just break as it tries to install 
"python-apt" first and this is not currently available in testing 
(python3-apt is available).


It seems important to me as bulleye soft freeze is started.

If I can help in any way, say me. I'm a sysadmin that had occasionally 
created some local packages, but I'm clearly not a dd.


Regards,

--
Ludovic Pouzenc
www.pouzenc.fr

Bug#983130: artikulate: remove libqtgstreamer-dev from Build-Depends

[Sebastian Ramacher]

Package: artikulate
Version: 4:20.12.1-2
Severity: normal
Tags: patch

Since the switch to the qtmultimedia backend, the qt-streamer backend is
no longer built. So the build dependency on libqtstreamer-dev is no
longer necessary. Please remove it.

Cheers
-- 
Sebastian Ramacher
diff -Nru artikulate-20.12.1/debian/changelog artikulate-20.12.1/debian/changelog
--- artikulate-20.12.1/debian/changelog	2021-01-13 09:26:10.0 +0100
+++ artikulate-20.12.1/debian/changelog	2021-02-19 21:01:27.0 +0100
@@ -1,3 +1,10 @@
+artikulate (4:20.12.1-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/control: Remove unused B-D on libqtgstreamer-dev
+
+ -- Sebastian Ramacher   Fri, 19 Feb 2021 21:01:27 +0100
+
 artikulate (4:20.12.1-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru artikulate-20.12.1/debian/control artikulate-20.12.1/debian/control
--- artikulate-20.12.1/debian/control	2021-01-13 09:23:43.0 +0100
+++ artikulate-20.12.1/debian/control	2021-02-19 21:01:24.0 +0100
@@ -17,7 +17,6 @@
libkf5i18n-dev (>= 5.64.0~),
libkf5newstuff-dev (>= 5.64.0~),
libkf5widgetsaddons-dev (>= 5.64.0~),
-   libqt5gstreamer-dev (>= 1.2.0),
libqt5sql5-sqlite (>= 5.11.0~) ,
libqt5xmlpatterns5-dev (>= 5.11.0~),
pkg-kde-tools,


signature.asc
Description: PGP signature

Bug#982530: libpam-modules: unable to login when using pam_tally2 after upgrade to libpam-modules >1.4.0

[Martin Schurz]

Hi Sam,


I apologize for taking a while to come up to speed on this and for
a couple of false starts.  It's been a while since pam has been a major
focus of mine, but I offered to help Steve out so I'm coming back up to
speed.


Sure, no problem there. I also get regular headaches when dealing with
PAM.


I think your second approach of looking into pam-configs, disabling
anything that uses pam_tally and then checking /etc/pam.d would be most
correct.
Unfortunately I'm uncomfortable with  our (or at least my) ability to
get all the corner cases right this deep into the freeze.


I am also not entirely confident and I see your problems with the 
freeze.

This kind of change should not happen that late and with these
consequences.


I'm currently thinking it would be good to just accept something like
your first patch, although I'm open to exploring your second approach.
Do you think it would be safe for  me to change it to look in
/var/lib/pam rather than /usr/share/pam-configs for pam_tally?


I am not sure, what /var/lib/pam does in Debian, as I mentioned I am not
a native Debian user and I also need to think very hard about all the
stuff that is involved here.


I don't see a need to break the upgrade on a disabled module.
I agree the /etc/pam.d check is still important.

If we were going to do the second approach I think  the steps involved
might look like:

* Check /var/lib/pam to see if any of the currently active profiles
  include pam_tally; if so disable them

* modify pam-auth-update to never enable a profile including pam_tally

* Do the /etc/pam.d check.

Rationale here is that there's no reason to break the upgrade if a user
has a pam_tally module already disabled nor to display a warning if the
module is already disabled.
But unless we actually remove the file from /usr/share/pam-configs,
pam-auth-update will let a user enable it again.


That sounds great and I like that approach. I think we should implement
it. And I did some deeper digging into linux-pam. While doing this, I
found a nice loophole for us. linux-pam in version 1.4.0 has not 
entirely
removed pam_tally and pam_tally2 but they have made it an extra option 
to

their configure script. Only in version 1.5.0 these two modules are
completely removed.

see: 
https://github.com/linux-pam/linux-pam/blob/9e5bea9e146dee574796259ca464ad2435be3590/configure.ac#L678-L694


So I created a patch, that enables pam_tally and pam_tally2 again for 
our

1.4.0 package. I also output an error message to highlight this fact to
the user. This buys us some time without breaking stuff for our users. 
We

can now take our time to come up with a good and tested solution without
having concerns about the freeze and without rushing things.diff --git a/debian/libpam-modules.preinst b/debian/libpam-modules.preinst
index 3a86a8fb..91a2bf0c 100644
--- a/debian/libpam-modules.preinst
+++ b/debian/libpam-modules.preinst
@@ -4,6 +4,15 @@ set -e
 
 . /usr/share/debconf/confmodule
 
+if dpkg --compare-versions "$2" lt-nl 1.4.0; then
+	db_version 2.0
+
+	if grep -rq pam_tally /etc/pam.d/ /usr/share/pam/ /usr/share/pam-configs/ >/dev/null; then
+		db_input critical libpam-modules/deprecate-tally || true
+		db_go || true
+	fi
+fi
+
 if dpkg --compare-versions "$2" lt-nl 1.4.0-2; then
 	db_version 2.0
 
diff --git a/debian/libpam-modules.templates b/debian/libpam-modules.templates
index b928751e..2f5ad154 100644
--- a/debian/libpam-modules.templates
+++ b/debian/libpam-modules.templates
@@ -7,3 +7,11 @@ _Description: xscreensaver and xlockmore must be restarted before upgrading
  authenticate to these programs.  You should arrange for these programs
  to be restarted or stopped before continuing this upgrade, to avoid
  locking your users out of their current sessions.
+
+Template: libpam-modules/deprecate-tally
+Type: error
+_Description: you are using pam_tally or pam_tally2 in your configuration
+ these two modules have been deprecated from linux-pam and you need to
+ migrate to pam_faillock or something else. We still include these
+ deprecated modules to not break systems. The next stable release of
+ libpam-modules will no longer include pam_tally and pam_tally2.
diff --git a/debian/rules b/debian/rules
index f8ad3c18..92a4129b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -31,6 +31,7 @@ override_dh_auto_configure:
 		--libdir=/lib/$(DEB_HOST_MULTIARCH) \
 		--enable-isadir=/lib/security \
 		--enable-cracklib \
+		--enable-tally --enable-tally2 \
 		$(CONFIGURE_OPTS)
 
 # .install files don't have "except for" handling, so we need to exclude

Bug#982435: [screen-devel] [bug #60030] Screen segfaults by displaying some UTF-8 character combination

[Salvatore Bonaccorso]

Hi Utkarsh,

On Fri, Feb 19, 2021 at 10:44:08PM +0530, Utkarsh Gupta wrote:
> Hi Axel, Salvatore,
> 
> On Fri, Feb 19, 2021 at 2:44 PM Axel Beckert  wrote:
> > No issue popped up so far during production use on Stretch and Buster.
> > I'd say, we can publish these in good conscience.
> 
> Perfect, thanks for all your work on this! \o/
> I've uploaded to stretch-security (& pushed the commit and tag as well).
> 
> Salvatore, do you want me to push to buster-security as well?

No need, we will let finishing the upload by Axel himself. Moritz will
then take care of releasing the DSA.

Regards,
Salvatore

Bug#982869: datamash FTBFS on !x86 32bit: FAIL: tests/decorate-errors

[Andreas Tille]

Control: tags -1 upstream
Control: forwarded -1 assafgor...@gmail.com
Control: severity -1 important

Hi Assaf,

as you can read in a recent bug report in Debian[1] datamash fails for
some architectures (namely the Debian release architectures armel, armhf
and mipsel) its build time test in some parts of the test suite.

I simply excluded the affected tests in the Debian build[2] since we are
currently in freeze and if the build issue would persist datamash would
not be delivered with the next Debian release.  However, I did not
closed the bug to make sure the issue remains documented.  Since the
package builds now on all archictectures I decreased the severity of the
bug from serious to important.

Kind regards

   Andreas.

[1] https://bugs.debian.org/982869
[2] 
https://salsa.debian.org/science-team/datamash/-/blob/master/debian/rules#L23

-- 
http://fam-tille.de

Bug#983129: Create a apt pinning configuration for gitlab dependencies

[Pirate Praveen]

Package: gitlab
severity: wishlist

Attached file can be saved as /etc/apt/preferences.d/99gitlab to make 
apt resolve dependencies correctly in fasttrack. I think the best place 
for this would be fasttrack-archive-keyring. Comments?


Package: node-worker-loader node-loader-utils node-schema-utils node-ajv
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-ajv-keywords webpack node-enhanced-resolve node-mkdirp
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-tapable node-uglifyjs-webpack-plugin  node-watchpack  
node-anymatch
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-chokidar node-cacache node-webpack-sources node-move-concurrently
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-p-map node-chownr node-copy-concurrently node-vue node-timeago.js
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-url-loader node-uuid node-vue-resource node-raw-loader
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-style-loader node-three-orbit-controls node-three-stl-loader
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-prosemirror-markdown libjs-popper.js node-jszip-utils node-jszip
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-markdown-it fonts-font-awesome node-glob node-jed node-jquery
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-js-yaml node-entities node-copy-webpack-plugin node-core-js
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-css-loader node-d3* node-d3-scale node-d3-selection
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-exports-loader node-imports-loader node-babel7
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-file-loader node-semver node-p-limit node-randombytes
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-find-cache-dir node-normalize-path node-del node-pkg-dir
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-find-up node-camelcase node-css-selector-tokenizer node-icss-utils
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-postcss node-postcss-modules-extract-imports node-autosize
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-postcss-modules-values node-postcss-value-parser node-mime
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-regexpu-core node-regenerate-unicode-properties node-mime-types
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-regjsparser node-unicode-match-property-value-ecmascript
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-browserslist node-chalk node-commander node-fs-readdir-recursive
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-lodash node-regenerator-transform node-caniuse-lite
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-electron-to-chromium node-babel-loader node-cache-loader
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-neo-async libjs-codemirror node-compression-webpack-plugin
Pin: release n=buster-backports
Pin-Priority: 500

Package: libjs-source-map node-source-map yarnpkg node-request 
node-har-validator
Pin: release n=buster-backports
Pin-Priority: 500

Package: node-har-schema
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-task-list ruby-safety-net-attestation ruby-tpm-key-attestation
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-bindata ruby-jwt ruby-multi-json ruby-json-schema ruby-flipper
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-tzinfo ruby-net-ssh ruby-retriable ruby-oauth2 ruby-health-check
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-activerecord-explain-analyze ruby-json-schemer ruby-regexp-parser
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-sshkey ruby-graphql ruby-gettext ruby-method-source ruby-erubi
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-ruby-parser ruby-sexp-processor ruby-mail-room ruby-rack
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-rails-html-sanitizer ruby-loofah ruby-thor ruby-net-dns 
ruby-octokit
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-health-check ruby-sawyer ruby-font-awesome-rails 
ruby-request-store
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-terser ruby-peek ruby-chronic ruby-numerizer ruby-chronic-duration
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-http ruby-http-form-data ruby-kubeclient ruby-gitlab-labkit
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-recursive-open-struct ruby-googleauth ruby-signet ruby-faraday
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-redis ruby-asana ruby-sentry-raven ruby-faraday-middleware
Pin: release n=buster-backports
Pin-Priority: 500

Package: ruby-rack-attack ruby-addressable ruby-derailed-benchmarks 
ruby-benchmark-ips
Pin: release n=buster-backports
Pin-Priority: 500

Bug#983128: evince: Document scaling wrong

[Günter Frenz]

Package: evince
Version: 3.38.2-1
Severity: normal

Dear Maintainer,

when I open a PDF document with scale set to 100% it is displayed with
200%. Setting to 50% gives a display of 100%. When opening with okular
it's ok.

Best regards

Günter

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages evince depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.38.0-2
ii  evince-common3.38.2-1
ii  gsettings-desktop-schemas3.38.0-2
ii  libatk1.0-0  2.36.0-2
ii  libc62.31-9
ii  libcairo-gobject21.16.0-5
ii  libcairo21.16.0-5
ii  libevdocument3-4 3.38.2-1
ii  libevview3-3 3.38.2-1
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1
ii  libglib2.0-0 2.66.7-1
ii  libgnome-desktop-3-193.38.4-1
ii  libgtk-3-0   3.24.24-2
ii  libnautilus-extension1a  3.38.2-1
ii  libpango-1.0-0   1.46.2-3
ii  libpangocairo-1.0-0  1.46.2-3
ii  libsecret-1-00.20.4-2
ii  shared-mime-info 2.0-1

Versions of packages evince recommends:
ii  dbus-x11 [dbus-session-bus]  1.12.20-1

Versions of packages evince suggests:
ii  gvfs 1.46.2-1
pn  nautilus-sendto  
ii  poppler-data 0.4.10-1
pn  unrar

-- no debconf information

Bug#983110: buster-pu: package ipmitool/1.8.18-6 (CVE-2020-5208)

[Salvatore Bonaccorso]

Hi Thomas,

[non-authoritative answer as not part of SRM]

On Fri, Feb 19, 2021 at 05:06:42PM +0100, Thomas Goirand wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Dear Stable release team,
> 
> I would like to update the ipmitool package in Buster, to
> address CVE-2020-5208. Attached is the debdiff including
> the upstream patches, backported to the current codebase
> in Buster. Please allow me to upload.
> 
> Note that I already uploaded this to Sid, through the
> DELAYED/5 queue. I was also able to quickly check that the
> basic ipmitool functionalities work (ie: by using ipmitool
> commands like "chassis power status" and so on...).
> 
> Cheers,
> 
> Thomas Goirand (zigo)

> diff -Nru ipmitool-1.8.18/debian/changelog ipmitool-1.8.18/debian/changelog
> --- ipmitool-1.8.18/debian/changelog  2018-08-05 12:20:50.0 +0200
> +++ ipmitool-1.8.18/debian/changelog  2021-02-19 11:30:06.0 +0100
> @@ -1,3 +1,18 @@
> +ipmitool (1.8.18-6+deb10u1) buster-security; urgency=medium

Thanks for preparing this update! For the buster update, please adjust
the target distribution to 'buster'.

Regards,
Salvatore

Bug#983127: newsrc.c: add missing braces around initializer

[Bjarni Ingi Gislason]

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From 29662ed438bbc2f9db38944b78a54f70e41d2220 Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason 
>Date: Fri, 19 Feb 2021 19:28:16 +
>Subject: [PATCH] newsrc.c: add missing braces around initializer

  Warning from the compiler:

newsrc.c:1432:1: warning: missing braces around initializer
[-Wmissing-braces]

newsrc.c:1529:1: warning: missing braces around initializer
[-Wmissing-braces]

newsrc.c:1647:1: warning: missing braces around initializer
[-Wmissing-braces]

  Remove trailing space (warning from "git").

Signed-off-by: Bjarni Ingi Gislason 
---
 newsrc.c | 58 
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/newsrc.c b/newsrc.c
index 2763c42..155bdd5 100644
--- a/newsrc.c
+++ b/newsrc.c
@@ -1427,18 +1427,18 @@ static int
 grep_pending = 0, grep_read = 0, grep_sequence = 0,
 grep_unsub = 0, grep_long = 0, grep_patterns;
 
-static 
+static
 Option_Description(grep_options)
 {
-'a', Bool_Option(grep_all),
-'i', Bool_Option(grep_not_sequence),
-'n', Bool_Option(grep_new),
-'p', Bool_Option(grep_pending),
-'r', Bool_Option(grep_read),
-'s', Bool_Option(grep_sequence),
-'u', Bool_Option(grep_unsub),
-'l', Bool_Option(grep_long),
-'\0',
+{'a', Bool_Option(grep_all)},
+{'i', Bool_Option(grep_not_sequence)},
+{'n', Bool_Option(grep_new)},
+{'p', Bool_Option(grep_pending)},
+{'r', Bool_Option(grep_read)},
+{'s', Bool_Option(grep_sequence)},
+{'u', Bool_Option(grep_unsub)},
+{'l', Bool_Option(grep_long)},
+{'\0'},
 };
 
 void
@@ -1524,19 +1524,19 @@ static int
 tidy_crap = 0, /* remove unrecognized lines */
 tidy_all = 0;  /* all of the above */
 
-static 
+static
 Option_Description(tidy_options)
 {
-'N', Bool_Option(no_update),
-'Q', Bool_Option(silent),
-'v', Bool_Option(verbose),
-'a', Bool_Option(tidy_all),
-'c', Bool_Option(tidy_crap),
-'i', Bool_Option(tidy_ignored),
-'r', Bool_Option(tidy_remove_unsub),
-'s', Bool_Option(tidy_sequence),
-'u', Bool_Option(tidy_unsubscribed),
-'\0',
+{'N', Bool_Option(no_update)},
+{'Q', Bool_Option(silent)},
+{'v', Bool_Option(verbose)},
+{'a', Bool_Option(tidy_all)},
+{'c', Bool_Option(tidy_crap)},
+{'i', Bool_Option(tidy_ignored)},
+{'r', Bool_Option(tidy_remove_unsub)},
+{'s', Bool_Option(tidy_sequence)},
+{'u', Bool_Option(tidy_unsubscribed)},
+{'\0'},
 };
 
 int
@@ -1642,16 +1642,16 @@ static int
 goback_days = -1, goback_alsounsub = 0;/* unsubscribed 
groups
 * also */
 
-static 
+static
 Option_Description(goback_options)
 {
-'N', Bool_Option(no_update),
-'Q', Bool_Option(silent),
-'d', Int_Option(goback_days),
-'i', Bool_Option(goback_interact),
-'u', Bool_Option(goback_alsounsub),
-'v', Bool_Option(verbose),
-'\0',
+{'N', Bool_Option(no_update)},
+{'Q', Bool_Option(silent)},
+{'d', Int_Option(goback_days)},
+{'i', Bool_Option(goback_interact)},
+{'u', Bool_Option(goback_alsounsub)},
+{'v', Bool_Option(verbose)},
+{'\0'},
 };
 
 int
-- 
2.30.0



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason

Bug#983126: iptotal: embeds path to "date"

[Vagrant Cascadian]

Source: iptotal
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The configuration /etc/iptotal/iptotal.cfg embeds the path to the "date"
command, which may vary when built on a usrmerge vs. a non-usrmerge
systems.

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/iptotal.html

  /etc/iptotal/iptotal.cfg

  DATECMD=/bin/date
  DATECMD=/usr/bin/date


Patch attached which fixes this in debian/rules.


live well,
  vagrant
From 4830bf04a5275f3ac69b7829c8481ba41fd76f6b Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Fri, 19 Feb 2021 18:51:03 +
Subject: [PATCH 1/2] debian/rules: Set DATECMD from dh_auto_install.

The path to "date" is embedded in the binaries, which may be /bin/date
or /usr/bin/date depending on if the running system is a usrmerge
system or not. Consistently use /bin/date as this is the most
compatible path.

https://tests.reproducible-builds.org/debian/issues/paths_vary_due_to_usrmerge_issue.html
---
 debian/rules | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/debian/rules b/debian/rules
index a53df1d..5620fa6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,3 +15,6 @@ override_dh_auto_install:
 	rm -f $(CURDIR)/debian/iptotal/var/lib/iptotal/*.png
 	rm -f $(CURDIR)/debian/iptotal/var/lib/iptotal/archive/*.png
 	rm -f $(CURDIR)/debian/iptotal/var/lib/iptotal/images/*.png
+	# Avoid embedding the path to date, by consistently using the
+	# most compatible path to date.
+	sed -i -e 's,^DATECMD=.*,DATECMD=/bin/date,g' $(CURDIR)/debian/iptotal/etc/iptotal/iptotal.cfg
-- 
2.20.1



signature.asc
Description: PGP signature

Bug#983125: more.c: add missing braces around initializer

[Bjarni Ingi Gislason]

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From 8a19af8d4c9d3b6447b3d263c4f49aea852665a0 Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason 
>Date: Fri, 19 Feb 2021 18:52:13 +
>Subject: [PATCH] more.c: add braces around initializer

  Warning from the compiler:

more.c:96:33: warning: missing braces around initializer [-Wmissing-braces]

Signed-off-by: Bjarni Ingi Gislason 
---
 more.c | 56 
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/more.c b/more.c
index 6985a6b..8a1987a 100644
--- a/more.c
+++ b/more.c
@@ -95,34 +95,34 @@ static struct header_def {
 char  **digest;
 }   header_defs[] = {
 
-'A', "Approved", _appr, 0,
-'B', "Distribution", _dist, 0,
-'c', "Comment-To", _comment, 0,
-'C', "Control", _control, 0,
-'D', "Date", _date, _date,
-'F', "From", _from, _from,
-'f', "Sender", _sender, 0,
-'I', "Message-Id", _ident, 0,
-'J', "Originator", _origr, 0,
-'K', "Keywords", _keyw, 0,
-'L', "Lines", _xlines, 0,
-'N', "Newsgroups", _groups, 0,
-'O', "Organization", _org, 0,
-'P', "Path", _path, 0,
-'R', "Reply-To", _reply, 0,
-'S', "Subject", _subj, _subj,
-'W', "Followup-To", _follow, 0,
-'X', "References", _ref, 0,
-'Y', "Summary", _summ, 0,
-'d', "Date-Received", _rdate, 0,
-'g', "Newsgroup", _groups, 0,
-'G', "Newsgroup", _groups, 0,
-'n', "Newsgroups", _groups, 0,
-'x', "Back-Ref", _bref, 0,
-'v', "Save-File", NULL, 0,
-'a', "Spool-File", NULL, 0,
-'i', "DB-Info", NULL, 0,
-0
+{'A', "Approved", _appr, 0},
+{'B', "Distribution", _dist, 0},
+{'c', "Comment-To", _comment, 0},
+{'C', "Control", _control, 0},
+{'D', "Date", _date, _date},
+{'F', "From", _from, _from},
+{'f', "Sender", _sender, 0},
+{'I', "Message-Id", _ident, 0},
+{'J', "Originator", _origr, 0},
+{'K', "Keywords", _keyw, 0},
+{'L', "Lines", _xlines, 0},
+{'N', "Newsgroups", _groups, 0},
+{'O', "Organization", _org, 0},
+{'P', "Path", _path, 0},
+{'R', "Reply-To", _reply, 0},
+{'S', "Subject", _subj, _subj},
+{'W', "Followup-To", _follow, 0},
+{'X', "References", _ref, 0},
+{'Y', "Summary", _summ, 0},
+{'d', "Date-Received", _rdate, 0},
+{'g', "Newsgroup", _groups, 0},
+{'G', "Newsgroup", _groups, 0},
+{'n', "Newsgroups", _groups, 0},
+{'x', "Back-Ref", _bref, 0},
+{'v', "Save-File", NULL, 0},
+{'a', "Spool-File", NULL, 0},
+{'i', "DB-Info", NULL, 0},
+{0}
 };
 
 static int
-- 
2.30.0



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason

Bug#981485: offlineimap3: crash when uploading locally created no-utf-8 encoded message

[Johannes Stezenbach]

Hi Sudip,

On Fri, Feb 19, 2021 at 03:59:35PM +, Sudip Mukherjee wrote:
> On Mon, Feb 1, 2021 at 10:57 PM Sudip Mukherjee
>  wrote:
> >
> > Control: forwarded -1 https://github.com/OfflineIMAP/offlineimap3/issues/43
> 
> Will it be possible to test the change at
> https://github.com/OfflineIMAP/offlineimap3/commit/62490ff1835b22941d1775d1d4bb98d042df026b
> and confirm if it fixes your issue..

I had a look but read the correponding pull request before
testing, which concludes that this doesn't work
(corrupts the encoding when uploading to IMAP).
https://github.com/OfflineIMAP/offlineimap3/pull/53

My initial hot-fix patch has the same problem.


Thanks,
Johannes

Bug#980217: ipp-usb: should this be Multi-Arch: foreign?

[Alexander Pevzner]

Hi Didier,

I don't know how to correctly explain it in terms of Debian packaging 
rules, but conceptually, yes, ipp-usb:i386 should be satisfied by 
ipp-usb:amd64 and visa versa.


I'll Cc: this conversation to Zdenek, because the same idea may be 
applied to Fedora packaging too.


And probably, the same is true for the ARM32/ARM64 combination.

On 2/19/21 8:39 PM, Didier 'OdyX' Raboud wrote:

Hello Alexander,

As ipp-usb author; do you have an opinion/advice about this?

Many thanks in advance, cheers,

OdyX

Le samedi, 16 janvier 2021, 12.19:15 h CET Simon McVittie a écrit :

Package: ipp-usb
Version: 0.9.16-1
Severity: minor

A recent update to wine32:i386 on my amd64 system pulled in libsane1:i386,
which Recommends ipp-usb. Because ipp-usb is Multi-Arch: no, apt
interprets this as wanting to install ipp-usb:i386, which conflicts
with ipp-usb:amd64.

ipp-usb seems to be a daemon (systemd service) that is contacted via
IPC, conceptually similar to avahi-daemon, dbus-daemon or cups - which
hopefully means that it doesn't matter which architecture's ipp-usb
you have, because libsane1:amd64, libsane1:i386 and libsane1:mipsel
all speak the same architecture-independent IPC protocol to communicate
with ipp-usb?

If that's the case, then ipp-usb should be marked Multi-Arch: foreign,
which means that libsane1:i386 Recommends: ipp-usb would be satisfied
by ipp-usb:amd64.





--

Wishes, Alexander Pevzner (p...@apevzner.com)

Bug#983124: RM: fretsonfire -- ROM; rc-buggy and unmaintained

[Markus Koschany]

Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: a...@debian.org

Dear ftp team,

please remove fretsonfire from Debian. The package is rc-buggy and
unmaintained. [1]

I have raised this issue on the debian-devel-games mailing list [2]
and nobody objected against the removal.

Regards,

Markus

[1] https://bugs.debian.org/943027
[2] https://lists.debian.org/debian-devel-games/2020/12/msg00013.html

Bug#983034: plasma-workspace-wayland: hanging in ksplashqml

[Dennis Filder]

Control: tag -1 + moreinfo bullseye sid

If you cannot switch to console with Ctrl-Alt-F2 then this is a strong
indicator that the bug is in the kernel, probably nouveau.

If you can reproduce this reliably it would help a lot if you could
provide the output of these commands after the bug has happened:

  dmesg
  strace -f -p $(pidof ksplashqml) 2>&1 | dd bs=1k count=20
  journalctl -ab

You may have to run some of them as root.

Bug#983123: RM: kiki-the-nano-bot -- ROM; rc-buggy and unmaintained

[Markus Koschany]

Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: a...@debian.org

Dear ftp team,

please remove kiki-the-nano-bot from Debian. The package is rc-buggy and
unmaintained. [1]

I have raised this issue on the debian-devel-games mailing list [2]
and nobody objected against the removal.

Regards,

Markus

[1] https://bugs.debian.org/936796
[2] https://lists.debian.org/debian-devel-games/2020/12/msg00013.html

Bug#983122: RM: jugglemaster -- ROM; rc-buggy and unmaintained

[Markus Koschany]

Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: a...@debian.org

Dear ftp team,

please remove jugglemaster from Debian. The package is rc-buggy and
unmaintained. [1]

I have raised this issue on the debian-devel-games mailing list [2]
and nobody objected against the removal.

Regards,

Markus

[1] https://bugs.debian.org/900890
[2] https://lists.debian.org/debian-devel-games/2020/12/msg00013.html

Bug#983121: tiny-initramfs: Add hibernation support to tiny-initramfs

[Michael Krylov]

Package: tiny-initramfs
Version: 0.1-5
Severity: wishlist
Tags: patch upstream

Dear Maintainer,

I'd like to use tiny-initramfs because it suits my needs very well, and
makes my computer boot a bit faster and thus makes me feel happier :)

The only issue I found with this nice piece of software is that it
doesn't allow me to resume from hibernation. So I looked into the code
of the tiny-initramfs and it turned out that it is very easy to add this
support.

I've made a patch that adds the support for resuming from hibernation,
and I'm attaching it to the bug report. It would be nice if someone
checked it for errors, since last time I wrote something substantial in
C was years ago. Anyway, it works fine for me (built my own package
with this patch) and it would be nice to help someone else who has the
same problem.

I'm aware that this has no chance to be included in bullseye, but oh
well.

Thanks in advace!


-- System Information:
Debian Release: 10.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.19.0-14-686 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages tiny-initramfs depends on:
ii  tiny-initramfs-core  0.1-5

tiny-initramfs recommends no packages.

tiny-initramfs suggests no packages.

-- no debconf information
Description: Make tirfs able to resume from hibernation 
Author: Mikhail Krylov 
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/tiny_initramfs.c
+++ b/tiny_initramfs.c
@@ -64,6 +64,7 @@ static char root_nfsdir[MAX_LINE_LEN];
 static char root_nfsoptions[MAX_LINE_LEN];
 #endif
 static char root_fstype[MAX_FILESYSTEM_TYPE_LEN];
+static char resume_device[MAX_FILESYSTEM_TYPE_LEN];
 static int root_delay;
 static int root_wait_indefinitely;
 static char init_binary[MAX_PATH_LEN];
@@ -112,6 +113,37 @@ int main(int argc, char **argv)
   warn("Parsed ", PROC_CMDLINE_FILENAME, NULL);
 #endif
 
+  if (!strlen(resume_device)){
+
+#ifdef ENABLE_DEBUG
+warn("No resume device specified");
+#endif
+
+  } else {
+// We won't need /target on a successful resume
+r = mount("sysfs", "/target", "sysfs", MS_NODEV | MS_NOEXEC | MS_NOSUID, 
NULL);
+if (r < 0)
+  panic(errno, "Could not mount /target for hibernation resume", NULL);
+
+#ifdef ENABLE_DEBUG
+warn("Mounted /target for hibernation resume", NULL);
+#endif
+
+int fd = open("/target/power/resume", O_WRONLY);
+
+if (fd < 0) {
+  warn("Couldn't open /target/power/resume", strerror(errno), NULL);
+  // Continue just like nothing happened
+  umount("/target");
+}
+
+write(fd, resume_device, strlen(resume_device));
+close(fd);
+// If we are still here, that means resume failed, continue booting
+umount("/target");
+  }
+
+
   if (!strlen(root_device)) {
 #ifdef ENABLE_NFS4
 if (strlen(root_nfshost))
@@ -366,6 +398,11 @@ int parse_cmdline_helper(void *data, const char *line, int 
line_is_incomplete)
   if (strlen(token) > MAX_PATH_LEN - 1)
 panic(0, "Parameter init=", token, " too long", NULL);
   set_buf(init_binary, MAX_PATH_LEN, token, NULL);
+} else if (!strncmp(token, "resume=", 7)){
+  token += 7;
+  if (strlen(token) > MAX_PATH_LEN - 1)
+panic(0, "Parameter resume=", token, " too long", NULL);
+  set_buf(resume_device, MAX_PATH_LEN, token, NULL);
 }
 #ifdef ENABLE_NFS4
 else if (!strncmp(token, "nfsroot=", 8)) {

Bug#983120: keymap.c: add missing braces around initializer

[Bjarni Ingi Gislason]

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From dc1308266777ce2672dcbe735ed884b82e5b7437 Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason 
>Date: Fri, 19 Feb 2021 14:45:11 +
>Subject: [PATCH] keymap.c: add braces around initializer

  Warning from the compiler:

keymap.c:462:38: warning: missing braces around initializer
[-Wmissing-braces]

keymap.c:930:47: warning: missing braces around initializer
[-Wmissing-braces]

Signed-off-by: Bjarni Ingi Gislason 
---
 keymap.c | 215 ---
 1 file changed, 108 insertions(+), 107 deletions(-)

  Patch is in the attachment.

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason


keymap.c.patch.gz
Description: application/gzip

Bug#983119: RM: adanaxisgpl -- ROM; rc-buggy and unmaintained upstream

[Markus Koschany]

Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: a...@debian.org

Dear ftp team,

please remove adanaxisgpl from Debian. The package is rc-buggy and
unmaintained. [1]

I have raised this issue on the debian-devel-games mailing list [2]
and nobody objected against the removal.

Regards,

Markus

[1] https://bugs.debian.org/697615
[2] https://lists.debian.org/debian-devel-games/2020/12/msg00013.html

Bug#982713: [PATCH] minexpert2: FTBFS: [ERROR] LazyFont - Failed to read font file...

[Dennis Filder]

Control: tag -1 + patch

The attached patch should fix this, but I haven't tried it myself.
Also consider Build-Depends-Indep: or Build-Depends:
texlive-fonts-extra (>= 2020.20210202-1) if you use it.

Regards,
Dennis.


minexpert2-982713-stix2paths.patch.gz
Description: application/gzip

Bug#982725: [PATCH] massxpert: FTBFS: [ERROR] LazyFont - Failed to read font file...

[Dennis Filder]

Control: tag -1 + patch

The attached patch should fix this, but I haven't tried it myself.
Also consider Build-Depends-Indep: or Build-Depends:
texlive-fonts-extra (>= 2020.20210202-1) if you use it.

Regards,
Dennis.


massxpert-982725-stix2paths.patch.gz
Description: application/gzip

Bug#983118: akonadiconsole segfaults on startup in SearchWidget::openStore

[Urs Ganse]

Package: akonadiconsole
Version: 4:20.08.3-1
Severity: important

Dear Maintainer,

Akonadicontrol crashes on startup for me:

$ akonadiconsole
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-urs'
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-urs'
Icon theme "breeze" not found.
kf.kwidgetsaddons: Invalid pixmap specified.
kf.kwidgetsaddons: Invalid pixmap specified.
kf.kwidgetsaddons: Invalid pixmap specified.
No text-to-speech plug-ins were found.
Please register the custom scheme 'cid' via 
QWebEngineUrlScheme::registerScheme() before installing the custom scheme 
handler.
zsh: segmentation fault  akonadiconsole
$

Running in gdb produces the following backtrace:

Thread 1 "akonadiconsole" received signal SIGSEGV, Segmentation fault.
SearchWidget::openStore (this=0x55e2cba0, idx=) at 
./src/searchwidget.cpp:148
148 ./src/searchwidget.cpp: No such file or directory.
(gdb) bt
#0  0x77f414df in SearchWidget::openStore(int) (this=0x55e2cba0, 
idx=) at ./src/searchwidget.cpp:148
#1  0x77f42d6a in SearchWidget::SearchWidget(QWidget*) 
(this=0x55e2cba0, parent=) at ./src/searchwidget.cpp:122
#2  0x77f147ad in MainWidget::MainWidget(KXmlGuiWindow*) 
(this=0x55955220, parent=0x7fffd80067d0) at 
/usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:967
#3  0x77f155d4 in MainWindow::MainWindow(QWidget*) 
(this=0x7fffd80067d0, parent=, __in_chrg=, 
__vtt_parm=) at ./src/mainwindow.cpp:37
#4  0x77f0f63a in InstanceSelector::slotAccept() (this=0x7fffe420) 
at ./src/instanceselector.cpp:100
#5  0x77f0ff94 in InstanceSelector::InstanceSelector(QString const&, 
QWidget*, QFlags) (this=0x7fffe420, remoteHost=..., 
parent=, flags=...) at ./src/instanceselector.cpp:67
#6  0x7e19 in main(int, char**) (argc=, 
argv=) at 
/usr/include/x86_64-linux-gnu/qt5/QtCore/qarraydata.h:257

Apparently, the xapianStore->dbPath().toStdString() produces a null
pointer dereference here. Is there some package dependency missing to
ensure an appropriate Xapian installation?

As a workaround, simply not initializing the xapian database and
returning a nullptr instead works (but then the search widget is
nonfunctional)

-- System Information:
Debian Release: 10.8
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages akonadiconsole depends on:
ii  libc6 2.31-9
ii  libgcc-s1 10.2.1-6
ii  libkf5akonadicontact5 [libkf5akonadicontact5-20.08]   4:20.08.3-1
ii  libkf5akonadicore5abi2 [libkf5akonadicore5-20.08] 4:20.08.3-1
ii  libkf5akonadiprivate5abi2 [libkf5akonadiprivate5-20.08]   4:20.08.3-1
ii  libkf5akonadisearchcore5 [libkf5akonadisearchcore5-20.08] 4:20.08.3-1
ii  libkf5akonadisearchxapian5 [libkf5akonadisearchxapian5-20.08  4:20.08.3-1
ii  libkf5akonadiwidgets5abi1 [libkf5akonadiwidgets5-20.08]   4:20.08.3-1
ii  libkf5akonadixml5 [libkf5akonadixml5-20.08]   4:20.08.3-1
ii  libkf5calendarcore5abi2   5:5.78.0-2
ii  libkf5calendarsupport5abi1 [libkf5calendarsupport5-20.08] 4:20.08.3-1
ii  libkf5completion5 5.78.0-3
ii  libkf5configcore5 5.78.0-4
ii  libkf5configwidgets5  5.78.0-2
ii  libkf5contacts5   5:5.78.0-2
ii  libkf5coreaddons5 5.78.0-2
ii  libkf5crash5  5.78.0-3
ii  libkf5dbusaddons5 5.78.0-2
ii  libkf5i18n5   5.78.0-2
ii  libkf5itemmodels5 5.78.0-2
ii  libkf5libkdepim5 [libkf5libkdepim5-20.08] 4:20.08.3-1
ii  libkf5messageviewer5abi1 [libkf5messageviewer5-20.08] 4:20.08.3-2
ii  libkf5mime5abi1 [libkf5mime5-20.08]   20.08.3-1
ii  libkf5textwidgets55.78.0-2
ii  libkf5widgetsaddons5  5.78.0-2
ii  libkf5xmlgui5 5.78.0-2
ii  libqt5core5a  5.15.2+dfsg-4
ii  libqt5dbus5   5.15.2+dfsg-4
ii  libqt5gui55.15.2+dfsg-4
ii  libqt5sql5 

Bug#982718: [PATCH] msxpertsuite: FTBFS: [ERROR] LazyFont - Failed to read font file...

[Dennis Filder]

Control: tag -1 + patch

The attached patch should fix this, but I haven't tried it myself.
Also consider Build-Depends-Indep: or Build-Depends:
texlive-fonts-extra (>= 2020.20210202-1) if you use it.

Regards,
Dennis.


msxpertsuite-982718-stix2paths.patch.gz
Description: application/gzip

Bug#983115: Acknowledgement (make -t doesn't correctly touch grouped targets that are built by a recursive make)

[Tim Woodall]

Might not be related, but a trivial makefile:

foo bar &:
echo

make -t only touches foo, not bar. Rerunning says 'foo is up to date'

Bug#983002: plocate: updatedb fails with "/var/lib/plocate/: Operation not supported"

[Steinar H. Gunderson]

On Fri, Feb 19, 2021 at 08:28:25AM +0100, Steinar H. Gunderson wrote:
> Aha. So overlayfs simply does not support O_TMPFILE? I have a workaround for
> FreeBSD that can probably be reused, but it has the usual concerns of not
> going away if the process is forcibly interrupted.

Are you in a position to try latest git?

/* Steinar */
-- 
Homepage: https://www.sesse.net/

Bug#981650: Acknowledgement (libc6-dev: Update flag bit defines in fcntl.h on hppa)

[John David Anglin]

Attached is an updated patch.  We also need to update the defines for 
EFD_NONBLOCK,
IN_NONBLOCK, SFD_NONBLOCK and TFD_NONBLOCK.  Glibc master is update.

Regards,
Dave Anglin

-- 
John David Anglin  dave.ang...@bell.net

Index: glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/fcntl.h
===
--- glibc-2.31.orig/sysdeps/unix/sysv/linux/hppa/bits/fcntl.h
+++ glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/fcntl.h
@@ -24,14 +24,11 @@
 #define O_EXCL 2000 /* not fcntl */
 #define O_NOCTTY   0040 /* not fcntl */
 #define O_APPEND   0010
-#define O_NONBLOCK 0024 /* HPUX has separate NDELAY & NONBLOCK */
+#define O_NONBLOCK 0020
 #define __O_DSYNC  0100
-#define __O_RSYNC  0200 /* HPUX only */
 #define __O_SYNC   0010
 #define O_SYNC (__O_SYNC|__O_DSYNC)
 
-#define O_BLKSEEK  0100 /* HPUX only */
-
 #define __O_DIRECTORY  1 /* Must be a directory.  */
 #define __O_NOFOLLOW   00200 /* Do not follow links.  */
 #define __O_CLOEXEC01000 /* Set close_on_exec.  */
Index: glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/eventfd.h
===
--- glibc-2.31.orig/sysdeps/unix/sysv/linux/hppa/bits/eventfd.h
+++ glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/eventfd.h
@@ -26,6 +26,6 @@ enum
 #define EFD_SEMAPHORE EFD_SEMAPHORE
 EFD_CLOEXEC = 01000,
 #define EFD_CLOEXEC EFD_CLOEXEC
-EFD_NONBLOCK = 0024 /* HPUX has separate NDELAY & NONBLOCK */
+EFD_NONBLOCK = 0020
 #define EFD_NONBLOCK EFD_NONBLOCK
   };
Index: glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/inotify.h
===
--- glibc-2.31.orig/sysdeps/unix/sysv/linux/hppa/bits/inotify.h
+++ glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/inotify.h
@@ -24,6 +24,6 @@ enum
   {
 IN_CLOEXEC = 01000,
 #define IN_CLOEXEC IN_CLOEXEC
-IN_NONBLOCK = 00024 /* HPUX has separate NDELAY & NONBLOCK */
+IN_NONBLOCK = 00020
 #define IN_NONBLOCK IN_NONBLOCK
   };
Index: glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/signalfd.h
===
--- glibc-2.31.orig/sysdeps/unix/sysv/linux/hppa/bits/signalfd.h
+++ glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/signalfd.h
@@ -24,6 +24,6 @@ enum
   {
 SFD_CLOEXEC = 01000,
 #define SFD_CLOEXEC SFD_CLOEXEC
-SFD_NONBLOCK = 0024 /* HPUX has separate NDELAY & NONBLOCK */
+SFD_NONBLOCK = 0020
 #define SFD_NONBLOCK SFD_NONBLOCK
   };
Index: glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/timerfd.h
===
--- glibc-2.31.orig/sysdeps/unix/sysv/linux/hppa/bits/timerfd.h
+++ glibc-2.31/sysdeps/unix/sysv/linux/hppa/bits/timerfd.h
@@ -24,6 +24,6 @@ enum
   {
 TFD_CLOEXEC = 01000,
 #define TFD_CLOEXEC TFD_CLOEXEC
-TFD_NONBLOCK = 00024 /* HPUX has separate NDELAY & NONBLOCK */
+TFD_NONBLOCK = 00020
 #define TFD_NONBLOCK TFD_NONBLOCK
   };

Bug#983106: linux-image-5.10.0-3-amd64: kernel 5.10.0-3-amd64 fails to boot system on Ryzen APU

[Kornel Herpai]

Package: src:linux
Version: 5.10.13-1
Severity: critical
Justification: breaks the whole system
X-Debbugs-Cc: herpaikor...@protonmail.com

Dear Maintainer,

After upgrading to Bullseye, the system became unbootable with the new kernel 
(5.10.0-3). The initramfs starts loading but the system goes blank at an early 
boot stage and reboots. I have no ways to access the logs in this case.
Adding the amdgpu.dc=0 boot parameter allows the system to reach multiuser 
target. The iGPU is effectively unusable this way, but the discrete craphics 
card can be used with a text console for troubleshooting. 
The previous kernel (4.19) works without issue, I am writing this report from
the same system with the old kernel (hence the discrepancy between system 
info and the kernel logs)

-- Package-specific info:
seemingly relevant lines from journalctl -a (with the problematic kernel, 
mostly related to the amdgpu module). Please let me know if you need further 
details:

Feb 19 13:03:56 Theseus kernel: Linux version 5.10.0-3-amd64 
(debian-ker...@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU 
ld (GNU Binutils for Debian) 2.35.1) #1 SMP Debian 5.10.13-1 (2021-02-06)
Feb 19 13:03:56 Theseus kernel: Command line: 
BOOT_IMAGE=/vmlinuz-5.10.0-3-amd64 
root=UUID=04332416-b8fd-4fc8-b823-e602d3b46b64 ro amdgpu.dc=0
...
Feb 19 13:03:56 Theseus kernel: iommu: Default domain type: Translated 
Feb 19 13:03:56 Theseus kernel: pci :25:00.0: vgaarb: VGA device added: 
decodes=io+mem,owns=none,locks=none
Feb 19 13:03:56 Theseus kernel: pci :2a:00.0: vgaarb: setting as boot VGA 
device
Feb 19 13:03:56 Theseus kernel: pci :2a:00.0: vgaarb: VGA device added: 
decodes=io+mem,owns=io+mem,locks=none
Feb 19 13:03:56 Theseus kernel: pci :25:00.0: vgaarb: bridge control 
possible
Feb 19 13:03:56 Theseus kernel: pci :2a:00.0: vgaarb: bridge control 
possible
Feb 19 13:03:56 Theseus kernel: vgaarb: loaded
Feb 19 13:03:56 Theseus kernel: EDAC MC: Ver: 3.0.0
Feb 19 13:03:56 Theseus kernel: NetLabel: Initializing
Feb 19 13:03:56 Theseus kernel: NetLabel:  domain hash size = 128
Feb 19 13:03:56 Theseus kernel: NetLabel:  protocols = UNLABELED CIPSOv4 CALIPSO
Feb 19 13:03:56 Theseus kernel: NetLabel:  unlabeled traffic allowed by default
Feb 19 13:03:56 Theseus kernel: PCI: Using ACPI for IRQ routing
Feb 19 13:03:56 Theseus kernel: PCI: pci_cache_line_size set to 64 bytes
Feb 19 13:03:56 Theseus kernel: pci :20:07.0: can't claim BAR 15 [mem 
0x7fff80-0x7fff8f 64bit pref]: no compatible bridge window
Feb 19 13:03:56 Theseus kernel: pci :28:00.0: can't claim BAR 4 [mem 
0x7fff80-0x7fff803fff 64bit pref]: no compatible bridge window
Feb 19 13:03:56 Theseus kernel: Expanded resource Reserved due to conflict with 
PCI Bus :00
Feb 19 13:03:56 Theseus kernel: e820: reserve RAM buffer [mem 
0x0009d400-0x0009]
Feb 19 13:03:56 Theseus kernel: e820: reserve RAM buffer [mem 
0x09d8-0x0bff]
Feb 19 13:03:56 Theseus kernel: e820: reserve RAM buffer [mem 
0x0a20-0x0bff]
Feb 19 13:03:56 Theseus kernel: e820: reserve RAM buffer [mem 
0x0b00-0x0bff]
Feb 19 13:03:56 Theseus kernel: e820: reserve RAM buffer [mem 
0x3ba87000-0x3bff]
Feb 19 13:03:56 Theseus kernel: e820: reserve RAM buffer [mem 
0x3bd25000-0x3bff]
Feb 19 13:03:56 Theseus kernel: e820: reserve RAM buffer [mem 
0x3f00-0x3fff]
Feb 19 13:03:56 Theseus kernel: e820: reserve RAM buffer [mem 
0x63f34-0x63fff]
...
Feb 19 13:03:56 Theseus kernel: Trying to unpack rootfs image as initramfs...
Feb 19 13:03:56 Theseus kernel: Freeing initrd memory: 33184K
Feb 19 13:03:56 Theseus kernel: pci :00:00.2: AMD-Vi: Unable to read/write 
to IOMMU perf counter.
Feb 19 13:03:56 Theseus kernel: pci :00:00.2: can't derive routing for PCI 
INT A
Feb 19 13:03:56 Theseus kernel: pci :00:00.2: PCI INT A: not connected
...
Feb 19 13:03:56 Theseus kernel: amdgpu :2a:00.0: amdgpu: RAS: optional ras 
ta ucode is not available
Feb 19 13:03:56 Theseus kernel: [drm] ring test on 5 succeeded in 2 usecs
Feb 19 13:03:56 Theseus kernel: [drm] UVD initialized successfully.
Feb 19 13:03:56 Theseus kernel: [drm] ib test on ring 0 succeeded in 0 usecs
Feb 19 13:03:56 Theseus kernel: [drm] ib test on ring 3 succeeded in 0 usecs
Feb 19 13:03:56 Theseus kernel: [drm] ib test on ring 4 succeeded in 0 usecs
Feb 19 13:03:56 Theseus kernel: amdgpu :2a:00.0: amdgpu: RAP: optional rap 
ta ucode is not available
Feb 19 13:03:56 Theseus kernel: [drm] kiq ring mec 2 pipe 1 q 0
Feb 19 13:03:56 Theseus kernel: [drm] VCN decode and encode initialized 
successfully(under SPG Mode).
Feb 19 13:03:56 Theseus kernel: kfd kfd: Allocated 3969056 bytes on gart
Feb 19 13:03:56 Theseus kernel: amdgpu: Topology: Add APU node [0x15dd:0x1002]
Feb 19 13:03:56 Theseus kernel: kfd kfd: added device 1002:15dd
Feb 19 13:03:56 Theseus kernel: amdgpu :2a:00.0: amdgpu: SE 1, SH per SE 1, 
CU per SH 11, active_cu_number 11
Feb 19 13:03:56 Theseus 

Bug#980217: ipp-usb: should this be Multi-Arch: foreign?

[Didier 'OdyX' Raboud]

Hello Alexander,

As ipp-usb author; do you have an opinion/advice about this?

Many thanks in advance, cheers,

OdyX

Le samedi, 16 janvier 2021, 12.19:15 h CET Simon McVittie a écrit :
> Package: ipp-usb
> Version: 0.9.16-1
> Severity: minor
> 
> A recent update to wine32:i386 on my amd64 system pulled in libsane1:i386,
> which Recommends ipp-usb. Because ipp-usb is Multi-Arch: no, apt
> interprets this as wanting to install ipp-usb:i386, which conflicts
> with ipp-usb:amd64.
> 
> ipp-usb seems to be a daemon (systemd service) that is contacted via
> IPC, conceptually similar to avahi-daemon, dbus-daemon or cups - which
> hopefully means that it doesn't matter which architecture's ipp-usb
> you have, because libsane1:amd64, libsane1:i386 and libsane1:mipsel
> all speak the same architecture-independent IPC protocol to communicate
> with ipp-usb?
> 
> If that's the case, then ipp-usb should be marked Multi-Arch: foreign,
> which means that libsane1:i386 Recommends: ipp-usb would be satisfied
> by ipp-usb:amd64.



signature.asc
Description: This is a digitally signed message part.

Bug#983116: im-config: does not work under wayland and zsh as login shell

[魏銘廷]

Package: im-config
Version: 0.46-1
Severity: normal

When using wayland, /etc/profile.d/im-config_wayland.sh is used to execute
script /etc/X11/Xsession.d/70im-config_launch , but if the user sets
/usr/bin/zsh as login shell, it uses /etc/zsh/zprofile instead of
/etc/profile, and in turn scripts under /etc/profile.d are not executed.

My workaround is to add `export SHELL="/usr/bin/zsh"` in user's
~/.profile, and the shell in terminal windows under the user is zsh
while using bash as login shell.

-- Package-specific info:
=== command path ==
im-config is /usr/bin/im-config

=== im-config API -l: available IM ===
im-config -l =>  fcitx5 hime xim

=== im-config API -m: selected IM ===
im-config -m => 
   'system' 'user' 'automatic' 'override' 'autobase'
   'default' 'missing' 'fcitx5' '' 'fcitx5'

=== /etc/default/im-config ==
# Default im-config mode (see im-config(8))

# This im-config helps to start best available input method (IM)

# Always start highest priority IM
IM_CONFIG_DEFAULT_MODE=auto
# Start or not to start IM dynamically under CJKV/desktop environment
#IM_CONFIG_DEFAULT_MODE=cjkv
# Never start IM by im-config (Leave it to desktop system)
#IM_CONFIG_DEFAULT_MODE=none

# cjkv mode behavior:
#  case 1:
#* desktop is listed in CJKV_DEFAULT_DESKTOP
#* locale is under so-called CJKV environments
#--> auto mode
#  case 2:
#* desktop is listed in CJKV_DEFAULT_DESKTOP
#* locale is *not* under so-called CJKV environments
#--> none mode
#  case 3:
#* desktop is *not* listed in CJKV_DEFAULT_DESKTOP
#* locale is under any environments
#--> auto mode
#
CJKV_DEFAULT_DESKTOP="*"
#CJKV_DEFAULT_DESKTOP="KDE:LXQt:XFCE"

# List of locales for so-called CJKV environments
CJKV_LOCALES="zh_TW:zh_HK:zh_SG:zh_CN:ja_JP:ko_KR:vi_VN"

# Set locale dependent preferred IM over standard auto mode if not GNOME
IM_CONFIG_PREFERRED_RULE="zh_CN,fcitx:zh_TW,fcitx:zh_HK,fcitx:zh_SG,fcitx"

# User and system wide configuration is normally done via im-config program.
# The above IM_CONFIG_PREFERRED_RULE sets locale dependent preferred IM
# override rule.  If you wish to use uim over ibus just for ja_JP,
# add :ja_JP,uim at the end of the above list. (Marked by "!" in GUI)

# List of desktop systems which starts ibus if available
#   Applicable desktops are excluded for applying IM_CONFIG_PREFERRED_RULE
DESKTOP_SETUP_IBUS="GNOME"

# Trace commands for debug
# (This may cause problem configuration file generated under console mode)
#IM_CONFIG_SETMODE="-x"

# Verbose output for debug (uncomment following)
#IM_CONFIG_VERBOSE="true"


=== localectl status ===
   System Locale: LANG=en_US.UTF-8
  LANGUAGE=en_US:en
   VC Keymap: us
  X11 Layout: us
 X11 Variant: mac

=== locale output ===
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_CTYPE="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_COLLATE="C"
LC_MONETARY="C"
LC_MESSAGES="C"
LC_PAPER="C"
LC_NAME="C"
LC_ADDRESS="C"
LC_TELEPHONE="C"
LC_MEASUREMENT="C"
LC_IDENTIFICATION="C"
LC_ALL=C

=== environment vars ==
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_ALL=C
DISPLAY=:0
GNOME_SETUP_DISPLAY=:1
WAYLAND_DISPLAY=wayland-0
XDG_CURRENT_DESKTOP=GNOME
XDG_MENU_PREFIX=gnome-
XDG_RUNTIME_DIR=/run/user/1000
XDG_SESSION_CLASS=user
XDG_SESSION_DESKTOP=gnome
XDG_SESSION_TYPE=wayland
CLUTTER_IM_MODULE=xim
GTK_IM_MODULE=fcitx5
QT_IM_MODULE=fcitx5
XMODIFIERS=@im=fcitx


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages im-config depends on:
ii  gettext-base  0.21-4

Versions of packages im-config recommends:
ii  whiptail0.52.21-4+b3
ii  x11-common  1:7.7+22
ii  zenity  3.32.0-6

im-config suggests no packages.

-- Configuration Files:
/etc/X11/xinit/xinputrc changed [not included]

-- no debconf information


signature.asc
Description: PGP signature

Bug#982206: binutils-i686-linux-gnu: obsolete package Priority: Extra

[Matthias Klose]

Control: reassign -1 ftp.debian.org

that's fixed in the packaging, likely needs fixing in the override file for all
binutils- packages.


On 2/7/21 1:48 PM, Martin-Éric Racine wrote:
> Package: binutils-i686-linux-gnu
> Version: 2.35.1-7
> Severity: normal
>
> Since Debian policy 10.11. released in August 2017, section 2.5 marks the 
> package priority Extra as deprecated. Priority Optional should be used 
> instead.
> 
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers unstable
>   APT policy: (900, 'unstable')
> Architecture: i386 (x86_64)
> 
> Kernel: Linux 4.19.0-14-amd64 (SMP w/8 CPU threads)
> Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
> Shell: /bin/sh linked to /bin/dash
> Init: unable to detect
> 
> Versions of packages binutils-i686-linux-gnu depends on:
> ii  binutils-common  2.35.1-7
> ii  libbinutils  2.35.1-7
> ii  libc62.31-9
> ii  libctf-nobfd02.35.1-7
> ii  libctf0  2.35.1-7
> ii  libgcc-s110.2.1-6
> ii  libstdc++6   10.2.1-6
> ii  zlib1g   1:1.2.11.dfsg-2
> 
> binutils-i686-linux-gnu recommends no packages.
> 
> Versions of packages binutils-i686-linux-gnu suggests:
> pn  binutils-doc  
> 
> -- no debconf information
> 
>

Bug#983115: make -t doesn't correctly touch grouped targets that are built by a recursive make

[Tim Woodall]

Package: make
Version: 4.3-4
Severity: normal

Dear Maintainer,

(N.B. I've backported make 4.3-4 to buster as I need grouped targets but
I have made no changes other than to depend on guile-2.2-dev instead of
guile-3.0-dev)


In some cases you need to run make -t multiple times to touch all the
targets of a grouped target that should all be built by a single
invocation of a recipe.


Example makefile to build debs from a dsc:

$ cat Makefile
chroot=/tmp/chroot

TARGETS=libfoo.deb foo.deb

all : $(TARGETS)

$(TARGETS) &: foo.dsc
#fakeroot fakechroot chroot $(chroot) $(MAKE) -C /build chroot-foo
$(MAKE) chroot-foo
cp $(chroot)/build/libfoo.deb libfoo.deb
cp $(chroot)/build/foo.deb foo.deb

.PHONY: chroot-foo
chroot-foo:
apt-get -y build-dep foo
cd foo-1.1 && dpkg-buildpackage -b --no-sign


Now consider the following:
$ touch foo.dsc
$ make -t
make chroot-foo
make[1]: Entering directory '/tmp/x'
make[1]: Nothing to be done for 'chroot-foo'.
make[1]: Leaving directory '/tmp/x'
touch libfoo.deb
touch libfoo.deb
$

$ make -t
make chroot-foo
make[1]: Entering directory '/tmp/x'
make[1]: Nothing to be done for 'chroot-foo'.
make[1]: Leaving directory '/tmp/x'
touch foo.deb
touch foo.deb

I have to run make -t twice to touch both the targets. I'm not sure why
they get touched twice but that might be expected, see below, but I only
expect to have to run make -t once to touch all the targets.


Change the &: to a simple : rule and we get:
$ make -t
make chroot-foo
make[1]: Entering directory '/tmp/x'
make[1]: Nothing to be done for 'chroot-foo'.
make[1]: Leaving directory '/tmp/x'
touch libfoo.deb
touch libfoo.deb
make chroot-foo
make[1]: Entering directory '/tmp/x'
make[1]: Nothing to be done for 'chroot-foo'.
make[1]: Leaving directory '/tmp/x'
touch foo.deb
touch foo.deb

As expected the rule gets executed twice, once for each target. Each
file is still touched twice.


-- System Information:
Debian Release: 10.8
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages make depends on:
ii  libc6  2.28-10

make recommends no packages.

Versions of packages make suggests:
pn  make-doc  

-- no debconf information

Bug#983114: libapparmor1: After upgrade is the system not bootable. Init is complaining about incorrect apparmor version.

[Ivanecky Jozef]

Package: libapparmor1
Version: 2.13.6-9
Severity: important
X-Debbugs-Cc: dodo...@gmail.com

Dear Maintainer,


   * What led up to the situation?
   apt update; apt upgrade

   * What exactly did you do (or not do) that was effective (or ineffective)?
   I am no more able to boot the system

   * What was the outcome of this action?
   kernel panic
   The last message before kernel crash was: /sbin/init can not
   find  apparmor_2.13
   * What outcome did you expect instead?
   normal boot



-- System Information:
Debian Release: 9.8
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages libapparmor1 depends on:
ii  libc6  2.31-9

libapparmor1 recommends no packages.

libapparmor1 suggests no packages.

-- no debconf information

Bug#983113: buster-pu: package ruby-mechanize/2.7.6-1+deb10u1

[Utkarsh Gupta]

Package: release.debian.org
User: release.debian@packages.debian.org
X-Debbugs-Cc: debian-r...@lists.debian.org
Usertags: pu
Tags: buster
Severity: normal

Hello,

ruby-mechanize was affected by CVE-2021-21289, where the package was
vulnerable to command injection vulnerability.

This has been fixed in sid, bullseye, and stretch.
Here's the debdiff for buster-pu:

8<--8<--8<--8<--8<--8<--8<--8<--8<--8<

diff -Nru ruby-mechanize-2.7.6/debian/changelog
ruby-mechanize-2.7.6/debian/changelog
--- ruby-mechanize-2.7.6/debian/changelog2019-01-04 16:57:45.0 +0530
+++ ruby-mechanize-2.7.6/debian/changelog2021-02-19 22:47:27.0 +0530
@@ -1,3 +1,10 @@
+ruby-mechanize (2.7.6-1+deb10u1) buster; urgency=medium
+
+  * Team upload for buster-pu.
+  * Add patch to prevent OS command injection. (Fixes: CVE-2021-21289)
+
+ -- Utkarsh Gupta   Fri, 19 Feb 2021 22:47:27 +0530
+
 ruby-mechanize (2.7.6-1) unstable; urgency=medium

   * Team upload
diff -Nru ruby-mechanize-2.7.6/debian/patches/CVE-2021-21289.patch
ruby-mechanize-2.7.6/debian/patches/CVE-2021-21289.patch
--- ruby-mechanize-2.7.6/debian/patches/CVE-2021-21289.patch
1970-01-01 05:30:00.0 +0530
+++ ruby-mechanize-2.7.6/debian/patches/CVE-2021-21289.patch
2021-02-19 22:46:52.0 +0530
@@ -0,0 +1,260 @@
+From aae0b13514a1a0caf93b1cf233733c50e679069a Mon Sep 17 00:00:00 2001
+From: Katsuhiko YOSHIDA 
+Date: Sat, 20 Jul 2019 11:03:40 +0900
+Subject: [PATCH 1/7] fix(security): prevent command injection in CookieJar
+
+Related to 
https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
+---
+ lib/mechanize/cookie_jar.rb   |  4 ++--
+ test/test_mechanize_cookie_jar.rb | 30 ++
+ 2 files changed, 32 insertions(+), 2 deletions(-)
+
+--- a/lib/mechanize/cookie_jar.rb
 b/lib/mechanize/cookie_jar.rb
+@@ -65,7 +65,7 @@
+   class CookieJar < ::HTTP::CookieJar
+ def save(output, *options)
+   output.respond_to?(:write) or
+-return open(output, 'w') { |io| save(io, *options) }
++return ::File.open(output, 'w') { |io| save(io, *options) }
+
+   opthash = {
+ :format => :yaml,
+@@ -119,7 +119,7 @@
+
+ def load(input, *options)
+   input.respond_to?(:write) or
+-return open(input, 'r') { |io| load(io, *options) }
++return ::File.open(input, 'r') { |io| load(io, *options) }
+
+   opthash = {
+ :format => :yaml,
+--- a/test/test_mechanize_cookie_jar.rb
 b/test/test_mechanize_cookie_jar.rb
+@@ -1,4 +1,5 @@
+ require 'mechanize/test_case'
++require 'fileutils'
+
+ class TestMechanizeCookieJar < Mechanize::TestCase
+
+@@ -500,6 +501,35 @@
+ assert_equal(0, @jar.cookies(url).length)
+   end
+
++  def test_prevent_command_injection_when_saving
++url = URI 'http://rubygems.org/'
++path = '| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\''
++
++@jar.add(url, Mechanize::Cookie.new(cookie_values))
++
++in_tmpdir do
++  @jar.save_as(path, :cookiestxt)
++  assert_equal(false, File.exist?('vul.txt'))
++end
++  end
++
++  def test_prevent_command_injection_when_loading
++url = URI 'http://rubygems.org/'
++path = '| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\''
++
++@jar.add(url, Mechanize::Cookie.new(cookie_values))
++
++in_tmpdir do
++  @jar.save_as("cookies.txt", :cookiestxt)
++  @jar.clear!
++
++  assert_raises Errno::ENOENT do
++@jar.load(path, :cookiestxt)
++  end
++  assert_equal(false, File.exist?('vul.txt'))
++end
++  end
++
+   def test_save_and_read_expired_cookies
+ url = URI 'http://rubyforge.org/'
+
+--- a/lib/mechanize.rb
 b/lib/mechanize.rb
+@@ -396,7 +396,7 @@
+ io = if io_or_filename.respond_to? :write then
+io_or_filename
+  else
+-   open io_or_filename, 'wb'
++   ::File.open(io_or_filename, 'wb')
+  end
+
+ case page
+--- a/test/test_mechanize.rb
 b/test/test_mechanize.rb
+@@ -345,6 +345,14 @@
+ end
+   end
+
++  def test_download_does_not_allow_command_injection
++in_tmpdir do
++  @mech.download('http://example', '| ruby -rfileutils -e
\'FileUtils.touch("vul.txt")\'')
++
++  refute_operator(File, :exist?, "vul.txt")
++end
++  end
++
+   def test_get
+ uri = URI 'http://localhost'
+
+--- a/lib/mechanize/download.rb
 b/lib/mechanize/download.rb
+@@ -71,7 +71,7 @@
+ dirname = File.dirname filename
+ FileUtils.mkdir_p dirname
+
+-open filename, 'wb' do |io|
++::File.open(filename, 'wb')do |io|
+   until @body_io.eof? do
+ io.write @body_io.read 16384
+   end
+--- a/test/test_mechanize_download.rb
 b/test/test_mechanize_download.rb
+@@ -46,6 +46,18 @@
+ end
+   end
+
++  def test_save_bang_does_not_allow_command_injection
++uri = URI.parse 'http://example/foo.html'
++body_io = StringIO.new '0123456789'
++
++download = @parser.new uri, nil, 

Bug#982435: [screen-devel] [bug #60030] Screen segfaults by displaying some UTF-8 character combination

[Utkarsh Gupta]

Hi Axel, Salvatore,

On Fri, Feb 19, 2021 at 2:44 PM Axel Beckert  wrote:
> No issue popped up so far during production use on Stretch and Buster.
> I'd say, we can publish these in good conscience.

Perfect, thanks for all your work on this! \o/
I've uploaded to stretch-security (& pushed the commit and tag as well).

Salvatore, do you want me to push to buster-security as well?


- u

Bug#983112: cheetah: reduce Build-Depends

[Helmut Grohne]

Source: cheetah
Version: 3.2.6-1
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: cross-satisfiability

cheetah cannot be cross built from source, because its Build-Depends are
not satisfiable. Instead of looking into such a difficult problem, I
looked for easily droppable build dependencies. While the nodoc
option/profile is nice to have, it also is unnecessary if the arch/indep
split is properly implemented. A nodoc build simply becomes an arch-only
build. To make that happen, the sphinx addon must be skipped for
arch-only builds. An easy way to do that is to request addons via build
dependencies on dh-sequence-* and move it to B-D-I. Beyond that, the
python3-markdown dependency is only required for testing and can thus be
annotated . Please consider applying the attached patch (post
bullseye).

Helmut
diff --minimal -Nru cheetah-3.2.6/debian/changelog 
cheetah-3.2.6/debian/changelog
--- cheetah-3.2.6/debian/changelog  2020-10-08 08:54:00.0 +0200
+++ cheetah-3.2.6/debian/changelog  2021-02-19 13:15:04.0 +0100
@@ -1,3 +1,14 @@
+cheetah (3.2.6-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Reduce Build-Depends: (Closes: #-1)
++ Convert dh --with to B-D: dh-sequence.
++ Replace nodoc option/profile with indep condition.
++ Move sphinx dependencies to B-D-I.
++ Annotate python3-markdown dependency .
+
+ -- Helmut Grohne   Fri, 19 Feb 2021 13:15:04 +0100
+
 cheetah (3.2.6-1) unstable; urgency=medium
 
   [ JCF Ploemen (jcfp) ]
diff --minimal -Nru cheetah-3.2.6/debian/control cheetah-3.2.6/debian/control
--- cheetah-3.2.6/debian/control2020-10-08 08:54:00.0 +0200
+++ cheetah-3.2.6/debian/control2021-02-19 13:14:20.0 +0100
@@ -5,11 +5,13 @@
 Uploaders: Debian Python Modules Team 

 Build-Depends:
  debhelper-compat (= 12),
- dh-python,
+ dh-sequence-python3,
  python3-all-dev,
- python3-markdown,
+ python3-markdown ,
  python3-pygments,
  python3-setuptools,
+Build-Depends-Indep:
+ dh-sequence-sphinxdoc,
  python3-sphinx
 Standards-Version: 4.5.0
 Homepage: http://www.cheetahtemplate.org/
diff --minimal -Nru cheetah-3.2.6/debian/rules cheetah-3.2.6/debian/rules
--- cheetah-3.2.6/debian/rules  2020-10-08 08:54:00.0 +0200
+++ cheetah-3.2.6/debian/rules  2021-02-19 13:15:02.0 +0100
@@ -6,14 +6,11 @@
 export PYBUILD_NAME=cheetah
 
 %:
-   dh $@ --with python3,sphinxdoc --buildsys=pybuild
+   dh $@ --buildsys=pybuild
 
 
-override_dh_auto_install:
-   dh_auto_install
-ifeq ($(filter nodoc,$(DEB_BUILD_OPTIONS))$(filter 
nodoc,$(DEB_BUILD_PROFILES)),)
+execute_after_dh_auto_install-indep:
PYTHONPATH=$(CURDIR) $(MAKE) -i -C docs html
-endif
 
 execute_after_dh_auto_clean:
PYTHONPATH=$(CURDIR) $(MAKE) -i -C docs clean