Bug#988403: gnumeric: http://www.gnumeric.org/v10.dtd and http://www.gnumeric.org/v9.xsd do not exist

[Kingsley G. Morse Jr.]

Package: gnumeric
Version: 1.12.48-1+b2
Severity: minor

Hi Dmitry,

I happened to notice 2 URLs in the second line of a
gnumeric work book do not exist.

They are

http://www.gnumeric.org/v10.dtd

and

http://www.gnumeric.org/v9.xsd

You can see this is so by using the attached file
"bug.gnumeric" as follows

$zcat  bug.gnumeric | sed -n 2p

I imagine several fixes.

1.) Add the pages to www.gnumeric.org.

2.) Delete the second line of the workbook's XML.

3.) Put working URLs in the second line of the workbook's XML.

Thanks again!
Kingsley

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.4.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages gnumeric depends on:
ii  cdebconf [debconf-2.0]  0.253
ii  debconf [debconf-2.0]   1.5.74
ii  gnumeric-common 1.12.48-1
ii  gsfonts 1:8.11+urwcyr1.0.7~pre44-4.4
ii  libatk1.0-0 2.36.0-2
ii  libc6   2.31-10
ii  libcairo2   1.16.0-5
ii  libgdk-pixbuf2.0-0  2.40.2-2
ii  libglib2.0-02.66.7-2
ii  libgoffice-0.10-10  0.10.48-1
ii  libgsf-1-1141.14.46-1
ii  libgtk-3-0  3.24.20-1
ii  libpango-1.0-0  1.46.2-3
ii  libpangocairo-1.0-0 1.46.2-3
ii  libxml2 2.9.10+dfsg-6.6
ii  procps  2:3.3.15-2+b1
ii  pxlib1  0.6.7-1+b1
ii  zlib1g  1:1.2.11.dfsg-2

Versions of packages gnumeric recommends:
ii  evince3.32.0-3
ii  gnumeric-doc  1.12.48-1
ii  lp-solve  5.5.2.5-2

Versions of packages gnumeric suggests:
ii  fonts-liberation1:1.07.4-11
ii  gnumeric-plugins-extra  1.12.48-1+b2
pn  libgsf-1-dev

-- debconf information:
  gnumeric/existing-process-title:
* gnumeric/existing-process: false


bug.gnumeric
Description: application/gzip

Bug#988400: qalc: Use man/qalc.1 from source

[Damir R. Islamov]

Package: qalc
Version: 3.18.0-1
Severity: minor

Dear Maintainer,

Please use qalc.1 man-page from source.
debian/qalc.1 file is too old, while <>/man/qalc.1 is up-to-date.

-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages qalc depends on:
ii  libc6   2.31-12
ii  libgcc-s1   10.2.1-6
ii  libqalculate21  3.18.0-1
ii  libreadline88.1-2
ii  libstdc++6  10.2.1-6

Versions of packages qalc recommends:
ii  wget  1.21-1+b1

qalc suggests no packages.

-- no debconf information

Bug#987279: nim: amd64 binaries built by maintainer; needs source-ony upload

[Salvatore Bonaccorso]

Control: reopen -1
Control: found -1 1.4.6+really1.4.2-1

Ciao Federico

On Tue, Apr 20, 2021 at 08:49:54PM +0200, Salvatore Bonaccorso wrote:
> Source: nim
> Version: 1.4.6-1
> Severity: serious
> Justification: not build on all release architectures by buildds; no 
> source-only upload
> X-Debbugs-Cc: car...@debian.org
> 
> Hi
> 
> The last nim upload seems to have included binary builds for amd64
> which will prevent nim to potentially go to testing (even after
> unblocked), as it needs a source-only upload with builds done on
> buildds.
> 
> Cf. https://tracker.debian.org/pkg/nim
> 
>  * Not built on buildd: arch amd64 binaries uploaded by 
> federico.cera...@gmail.com
>  * Not built on buildd: arch all binaries uploaded by 
> federico.cera...@gmail.com, a new source-only upload is needed to allow 
> migration

We still have this problem, 1.4.6+really1.4.2-1 was not build by the
buildd's and so would prevent the package to possibly migrate to
testing.

 * Not built on buildd: arch amd64 binaries uploaded by 
federico.cera...@gmail.com
 * Not built on buildd: arch all binaries uploaded by 
federico.cera...@gmail.com, a new source-only upload is needed to allow 
migration

It neds a source-only upload to that all packages get build on the
buildds and alowing to unblock the possible testing migration.

Thanks for the 1.4.6+really1.4.2-1 upload including the CVE fixes!

Regards,
Salvatore

Bug#988400: qalc: Use man/qalc.1 from source

[Norbert Preining]

Hi

On Wed, 12 May 2021, Damir R. Islamov wrote:
> debian/qalc.1 file is too old, while <>/man/qalc.1 is up-to-date.

Fixed in git, thanks for the report.

Norbert

--
PREINING Norbert  https://www.preining.info
Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#988402: qalculate-gtk: Use man/qalculate-gtk.1 from source

[Norbert Preining]

Hi Damir,

> debian/qalculate-gtk.1 file is too old, while <>/data/qalculate-gtk.1 is 
> up-to-date.

Thanks, fixed in git. Thanks for the report.

Norbert

--
PREINING Norbert  https://www.preining.info
Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#822112: still applies to current kernels

[Martin-Éric Racine]

This still applies to current kernels.

The problem seems to be that kernels after version 3 implement a
memory protection scheme that prevents the framebuffer from being
accessed by both vesafb and X drivers. The Geode X driver does that.

Martin-Éric

Bug#988401: gawk: checking for interactive shell in /etc/profile.d/gawk.*

[Christoph Anton Mitterer]

Package: gawk
Version: 1:5.1.0-1
Severity: wishlist


Hey.

Shouldn't /etc/profile.d/gawk.* check whther the shell is interactive
and return if not?

It's probably not that important, because they usually won't be sourced
for shell scripts anyway,... but in the unusual case that someone invokes
a shell script like:

# sh -l foo.sh

they'd actually get sourced.


Cheers,
Chris.

Bug#988386: Reporting CVE's from upstream

[Jeremy Galindo]

They're awaiting confirmation from MITRE, but the upstream maintainers
wanted to be able to answer the question:

And what, in your opinion, will be the distributions wanting to do ?
> Either fix their current release version or upgrade to the latest one ?
> Will they want the individual patches or switch to the new tarball ?
> Rebasing the patches to an old version should be easy enough, but this
> could lead to some complexity in managing the update reports (Fedora
> and Ubuntu are not currently releasing the same version).
>

On Tue, May 11, 2021 at 3:47 PM Salvatore Bonaccorso 
wrote:

> Control: tags -1 + moreinfo
>
> Hi
>
> [disclaimer, not the maintainer here]
>
> On Tue, May 11, 2021 at 12:00:40PM -0400, Jeremy Galindo wrote:
> > Package: ntfs-3g
> > Version: 2017.3.23AR.3
> >
> > For CVE's pending from upstream, is everything already mirrored so
> upstream
> > fixes are applied in the next release? I'm asking because the upstream
> > maintainers are trying to identify how soon their fixes will be applied
> to
> > your packages.
>
> Can you be more specific, which CVEs are you referring to?
>
> Regards,
> Salvatore
>
>

-- 

*Jeremy Galindo* Associate Mgr., Offensive Security
Datto, Inc. Direct Line www.datto.com


Join the conversation! [image: Facebook] 
[image: Twitter]  [image: LinkedIn]
  [image: Blog RSS]
 [image: Slideshare]
  [image: Spiceworks]

Bug#988289: htmldoc: CVE-2019-19630

[Håvard Flaget Aasen]

Hi Utkarsh

> 
>> I can make a release to buster if you want. I would need a sponsor
>> though, so if your determined, I won't rip it out of your hands.
> 
> That'd be helpful, thank you! Please let me know when you have a dsc ready?
I've got the release ready for buster and uploaded it to mentors [0]. I
also sent a request to the RM, for  buster-pu, but haven't got any
response yet [1].
> 
>> Regardless who does it, can we fix CVE-2021-20308 [0] as well? It's
>> marked as unimportant but since we already is preparing packages...
> 
> Absolutely, by all means!
> 
>> I'v prepared a release to unstable and bullseye with the fix for
>> cve-2021-20308 it's on the mentors site now.
> 
> Since this CVE is "unimportant", uploading to bullseye won't make
> sense. Rather we can upload to unstable and file an unblock request,
> that'd be a good way out here.
> 
> That said, I couldn't find the dsc there, could you sense the link to
> dsc for unstable and I'll be very happy to sponsor the upload. Thanks!
> :)
> 

I was lucky with the sponsoring to unstable, the package got uploaded
earlier today. I also got it unblocked, so it will migrate to bullseye.


Håvard

[0] https://mentors.debian.net/package/htmldoc/
[1] https://bugs.debian.org/#988365

Bug#988399: unblock: python-urllib3/1.26.4-1

[Stefano Rivera]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: er...@debian.org

Please unblock package python-urllib3

This is a upstream point release, that fixes a security issue
(CVE-2021-28363).

All the changes are either inconsequential documentation noise or
targeted bug fixes.

The diff is small enough that I'll immediately upload to unstable.

[ Reason ]
Pick up an upstream security fix, and bug fixes in a point release.

[ Impact ]
Known security issue.

[ Tests ]
Upstream unit test suite covers the changes.

[ Risks ]
Minimal. It's a popular Python package, the point release is over a
month old and hasn't had regressions reported.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I'll follow-up with a security update to pip that will update its
bundled urllib3.

unblock python-urllib3/1.26.4-1
diff -Nru python-urllib3-1.26.2/CHANGES.rst python-urllib3-1.26.4/CHANGES.rst
--- python-urllib3-1.26.2/CHANGES.rst   2020-11-12 18:16:30.0 -0400
+++ python-urllib3-1.26.4/CHANGES.rst   2021-03-15 11:03:47.0 -0400
@@ -1,6 +1,23 @@
 Changes
 ===
 
+1.26.4 (2021-03-15)
+---
+
+* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
+  during HTTPS requests. The default ``SSLContext`` now sets 
``check_hostname=True``.
+
+
+1.26.3 (2021-01-26)
+---
+
+* Fixed bytes and string comparison issue with headers (Pull #2141)
+
+* Changed ``ProxySchemeUnknown`` error message to be
+  more actionable if the user supplies a proxy URL without
+  a scheme. (Pull #2107)
+
+
 1.26.2 (2020-11-12)
 ---
 
diff -Nru python-urllib3-1.26.2/debian/changelog 
python-urllib3-1.26.4/debian/changelog
--- python-urllib3-1.26.2/debian/changelog  2020-12-30 21:22:32.0 
-0400
+++ python-urllib3-1.26.4/debian/changelog  2021-05-11 20:30:00.0 
-0400
@@ -1,3 +1,12 @@
+python-urllib3 (1.26.4-1) unstable; urgency=medium
+
+  * Team upload.
+  * New upstream release.
+- Enforces certificate validation in some cases involving HTTPS to HTTPS
+  proxies CVE-2021-28363.
+
+ -- Stefano Rivera   Tue, 11 May 2021 20:30:00 -0400
+
 python-urllib3 (1.26.2-1) unstable; urgency=medium
 
   * New upstream version 1.26.2
diff -Nru 
python-urllib3-1.26.2/debian/patches/01_do-not-use-embedded-python-six.patch 
python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch
--- 
python-urllib3-1.26.2/debian/patches/01_do-not-use-embedded-python-six.patch
2020-12-30 21:22:32.0 -0400
+++ 
python-urllib3-1.26.4/debian/patches/01_do-not-use-embedded-python-six.patch
2021-05-11 20:30:00.0 -0400
@@ -76,7 +76,7 @@
  __all__ = ["RecentlyUsedContainer", "HTTPHeaderDict"]
  
 diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py
-index 660d679..826f8d7 100644
+index 45580b7..1cddda4 100644
 --- a/src/urllib3/connection.py
 +++ b/src/urllib3/connection.py
 @@ -9,9 +9,9 @@ import warnings
@@ -160,7 +160,7 @@
  __all__ = ["inject_into_urllib3", "extract_from_urllib3"]
  
 diff --git a/src/urllib3/exceptions.py b/src/urllib3/exceptions.py
-index d69958d..31a779b 100644
+index cba6f3f..053758e 100644
 --- a/src/urllib3/exceptions.py
 +++ b/src/urllib3/exceptions.py
 @@ -1,6 +1,6 @@
@@ -294,7 +294,7 @@
  
  def is_fp_closed(obj):
 diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
-index ee51f92..8c275a8 100644
+index d25a41b..e11f585 100644
 --- a/src/urllib3/util/retry.py
 +++ b/src/urllib3/util/retry.py
 @@ -17,7 +17,7 @@ from ..exceptions import (
diff -Nru python-urllib3-1.26.2/docs/conf.py python-urllib3-1.26.4/docs/conf.py
--- python-urllib3-1.26.2/docs/conf.py  2020-11-12 18:16:30.0 -0400
+++ python-urllib3-1.26.4/docs/conf.py  2021-03-15 11:03:47.0 -0400
@@ -78,8 +78,8 @@
 html_theme_options = {
 "announcement": """
 https://opencollective.com/urllib3\;>
-Sponsor urllib3 v2.0 
on Open Collective
+   href=\"https://github.com/sponsors/urllib3\;>
+Support urllib3 on 
GitHub Sponsors
 
 """,
 "sidebar_hide_name": True,
diff -Nru python-urllib3-1.26.2/docs/sponsors.rst 
python-urllib3-1.26.4/docs/sponsors.rst
--- python-urllib3-1.26.2/docs/sponsors.rst 2020-11-12 18:16:30.0 
-0400
+++ python-urllib3-1.26.4/docs/sponsors.rst 2021-03-15 11:03:33.0 
-0400
@@ -15,7 +15,7 @@
 
`Get in contact `_ for additional
details on sponsorship and perks before making a contribution
-   through `Open Collective `_ if you have 
questions.
+   through `GitHub Sponsors `_ if you 
have questions.
 
 
 Silver v2.0 Sponsor Perks
@@ -76,12 +76,3 @@
   `@Lukasa `_
 
 * 

Bug#988315: xterm menu display garbled

[Thomas Dickey]

On Tue, May 11, 2021 at 10:59:16AM +0200, Philipp Marek wrote:
> > It's possible that you have some font resource (such as a proportional
> > font) which confuses it, causing it to write outside its window.
> 
> XTerm*faceName: DejaVu Sans Mono

actually Xaw uses only bitmap fonts (though some versions of fontconfig
can be told to offer those fonts...)

Thinking that locale might be a clue, I tried setting it to de_AT.UTF-8,
without seeing any problems.
 
> > But that would be apparent in xterm (thinking that a wildcard font
> > resource which affects one would affect both).
> > 
> > Given that, I'm expecting that the answer is that the X server
> > (for some less-used device) is not handling the window properly.
> 
> Hmmm
> 
> 00:02.0 VGA compatible controller: Intel Corporation UHD Graphics 620 (rev
> 07)

I can't tell :-(

That gets into hardware dependencies.

In your first comment, you mentioned "the few existing pixels blink".

That makes it sound like the X server (since the contents of the
window from xterm's point of view are generally static, unless programmed
to blink using an escape sequence).

If this had been simply a missing border, I'd ask about the window manager
(noting that on a couple of machines, I see the gnome stuff overriding
the resource-settings, while most window managers leave that alone).

Then again (one of those was Fedora34, whose effect was apparent because
it took about a second to _redraw_ the menu border), you might be using
some version of gnome-session/-shell/-whatever, which has bugs in its
attempt to redraw the border.

If that's the case, trying a different window manager (xfce4 for instance)
would show if the window manager is the appropriate place to go.

(xterm has had its own problems with drawing, but so far this doesn't match
any of the situations where I would assume xterm's at fault)

-- 
Thomas E. Dickey 
https://invisible-island.net
ftp://ftp.invisible-island.net


signature.asc
Description: PGP signature

Bug#988398:

[Dave Hibberd]

I should add, as it's probably helpful to, that these changes weren't made in 
isolation - this was discussed mainly on the debian-hams mailing list 
https://lists.debian.org/debian-hams/2021/04/msg00019.html and on irc as well.

I also forgot to mention the change in d/rules - this has been included to 
ensure that the daemon will restart after upgrade, causing installs using an 
unmodified default config to exit upon start, and disabled on first install to 
be sure that the service shall only be started once the user is certain they've 
 configured it and they're ready to start it. 

-- 
  Hibby
  MM0RFN

Bug#988398: unblock: aprx/2.9.0+dfsg-3

[Dave Hibberd]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package aprx

[ Reason ]
This is a fix for bug #987332, which impacts a web service the daemon
connects to. Our package installs, enables and starts by default with a 
useless config, connecting to their server and doing nothing else.

[ Impact ]
The grave bug outstanding #987332 for the package will remain standing,
the remote service shall continue to see dead connections.

[ Tests ]
This package has been manually tested to ensure new behaviour is as
expected (package exits cleanly on start), and importantly doesn't
cause an update to fail. No autopkgtests have been included as I've not
yet read enough to feel competent at implementing them.

[ Risks ]
This is quite a niche package with 73 Debian users on popcon. Currently, the
default config is causing issue for the service provider it connects to,
and it will continue to if left. The only change to the package is made
to the default configs, commenting out one of the connection details.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ] 
Complicating the issue is my relative inexperience with freeze - bundled
into this upload is a Debian janitor bump from dh11->12 that's been on
salsa for a while - I included this in the upload, and it is detailed in
d/changelog, however I didn't want to bring standards or dh any further
up to date than janitor did a year back.

unblock aprx/2.9.0+dfsg-3

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (10, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-1-amd64 (SMP w/16 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

thx
-- 
  Hibby
  MM0RFNdiff -Nru aprx-2.9.0+dfsg/debian/changelog aprx-2.9.0+dfsg/debian/changelog
--- aprx-2.9.0+dfsg/debian/changelog	2018-09-27 04:20:51.0 +0100
+++ aprx-2.9.0+dfsg/debian/changelog	2021-05-09 23:15:56.0 +0100
@@ -1,3 +1,19 @@
+aprx (2.9.0+dfsg-3) unstable; urgency=medium
+  [ Dave Hibberd ]
+  * Add debian/gitlab-ci.yml
+  * Change installinit behaviour in debian/rules
+- aprx is now disabled by default upon install
+- Belt & Braces interrupting installsystemd too
+  * Added patch to modify default config commenting out default callsign
+- Closes: #987332
+  [ Debian Janitor]
+  * Use secure URI in debian/watch.
+  * Use secure URI in Homepage field.
+  * Bump debhelper from old 11 to 12.
+  * Update renamed lintian tag names in lintian overrides.
+
+ -- Dave Hibberd   Sun, 09 May 2021 23:15:56 +0100
+
 aprx (2.9.0+dfsg-2) unstable; urgency=medium
 
   * debian/aprx.init
diff -Nru aprx-2.9.0+dfsg/debian/compat aprx-2.9.0+dfsg/debian/compat
--- aprx-2.9.0+dfsg/debian/compat	2018-09-27 04:20:51.0 +0100
+++ aprx-2.9.0+dfsg/debian/compat	1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-11
diff -Nru aprx-2.9.0+dfsg/debian/control aprx-2.9.0+dfsg/debian/control
--- aprx-2.9.0+dfsg/debian/control	2018-09-27 04:20:51.0 +0100
+++ aprx-2.9.0+dfsg/debian/control	2020-04-20 18:22:23.0 +0100
@@ -3,9 +3,9 @@
 Priority: optional
 Maintainer: Debian Hamradio Maintainers 
 Uploaders: Chris Knadle , Colin Tuckley  , Dave Hibberd 
-Build-Depends: debhelper (>= 11)
+Build-Depends: debhelper-compat (= 12)
 Standards-Version: 4.2.1
-Homepage: http://thelifeofkenneth.com/aprx/
+Homepage: https://thelifeofkenneth.com/aprx/
 Vcs-Browser: https://salsa.debian.org/debian-hamradio-team/aprx
 Vcs-Git: https://salsa.debian.org/debian-hamradio-team/aprx.git
 
diff -Nru aprx-2.9.0+dfsg/debian/gitlab-ci.yml aprx-2.9.0+dfsg/debian/gitlab-ci.yml
--- aprx-2.9.0+dfsg/debian/gitlab-ci.yml	1970-01-01 01:00:00.0 +0100
+++ aprx-2.9.0+dfsg/debian/gitlab-ci.yml	2021-05-09 22:09:08.0 +0100
@@ -0,0 +1,6 @@
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+reprotest:
+  extends: .test-reprotest-diffoscope
diff -Nru aprx-2.9.0+dfsg/debian/NEWS aprx-2.9.0+dfsg/debian/NEWS
--- aprx-2.9.0+dfsg/debian/NEWS	1970-01-01 01:00:00.0 +0100
+++ aprx-2.9.0+dfsg/debian/NEWS	2021-05-09 23:15:56.0 +0100
@@ -0,0 +1,8 @@
+aprx (2.9.0+dfsg-3) unstable; urgency=medium
+
+  aprx now ships with NOCALL-1 commented out in the default config, causing
+  the program to exit upon running with default config. Please read the
+  supplied example configs and edit them with your own callsign to avoid
+  spamming the APRS-IS servers, as we have been doing for 

Bug#988397: gnumeric: [GOData::get_value] Wrong number of coordinates (given 2 - needed 1)

[Kingsley G. Morse Jr.]

Package: gnumeric
Version: 1.12.48-1+b2
Severity: normal

Hi Dmitry,

Thank you very much for maintaining Debian's
gnumeric package!

Here's a bug report that gnumeric's
developer named Jean asked me to file.

He would prefer it is filed at gitlab.gnome.org.

Maybe that would be easier for you than I.

I don't have an account, and it's sign page said

""Please note that due to spam, new user
registrations are disabled."


   * What led up to the situation?

Typing 

$ gnumeric bug.gnumeric

on the command line of a FrankenUnstableDebian
computer whose packages are updated peicemeal
by doing

$ apt-get install 


   * What was the outcome of this action?

gnumeric complaining with thousands of

** (gnumeric:28770): WARNING **: 15:23:36.184: [GOData::get_value] 
Wrong number of coordinates (given 2 - needed 1)

on the console.

   * What outcome did you expect instead?

   No warnings.

A copy of the workbook that elicits the warnings
should be attached to this bug report.

Thanks,
Kingsley

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.4.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages gnumeric depends on:
ii  cdebconf [debconf-2.0]  0.253
ii  debconf [debconf-2.0]   1.5.74
ii  gnumeric-common 1.12.48-1
ii  gsfonts 1:8.11+urwcyr1.0.7~pre44-4.4
ii  libatk1.0-0 2.36.0-2
ii  libc6   2.31-10
ii  libcairo2   1.16.0-5
ii  libgdk-pixbuf2.0-0  2.40.2-2
ii  libglib2.0-02.66.7-2
ii  libgoffice-0.10-10  0.10.48-1
ii  libgsf-1-1141.14.46-1
ii  libgtk-3-0  3.24.20-1
ii  libpango-1.0-0  1.46.2-3
ii  libpangocairo-1.0-0 1.46.2-3
ii  libxml2 2.9.10+dfsg-6.6
ii  procps  2:3.3.15-2+b1
ii  pxlib1  0.6.7-1+b1
ii  zlib1g  1:1.2.11.dfsg-2

Versions of packages gnumeric recommends:
ii  evince3.32.0-3
ii  gnumeric-doc  1.12.48-1
ii  lp-solve  5.5.2.5-2

Versions of packages gnumeric suggests:
ii  fonts-liberation1:1.07.4-11
ii  gnumeric-plugins-extra  1.12.48-1+b2
pn  libgsf-1-dev

-- debconf information:
  gnumeric/existing-process-title:
* gnumeric/existing-process: false


bug.gnumeric
Description: application/gzip

Bug#988289: htmldoc: CVE-2019-19630

[Utkarsh Gupta]

Hi Håvard,

On Wed, May 12, 2021 at 2:11 AM Håvard Flaget Aasen
 wrote:
> I've got the release ready for buster and uploaded it to mentors [0]. I
> also sent a request to the RM, for  buster-pu, but haven't got any
> response yet [1].

Thanks for the buster update; uploaded! \o/
You'll not receive any reply to -pu bug unless the release team has
some problem with it. However, you'll receive a reply when someone
from the release team will batch-accept the uploads from the proposed
queue.

So basically, we're all good and set!

> I was lucky with the sponsoring to unstable, the package got uploaded
> earlier today. I also got it unblocked, so it will migrate to bullseye.

Awesome, thank you!


- u

Bug#985685: matrix-mirage can’t login to the same server on multiple devices

[Hubert Chathi]

On Sun, 21 Mar 2021 22:31:35 +0100 (CET), Marek Ľach  
said:

> Package: nheko
> Version: <0.6.4>

The subject line says "matrix-mirage", but the pseudoheader says
"nheko".  Can you clarify which package this refers to?

Thanks

> The new version, 0.7.1 fixes this. Since the bug is quite
> fundamentally impairing usabíity, it’d be useful to have it updated
> within the repos on here.

-- 
Hubert Chathi  -- https://www.uhoreg.ca/
Jabber: hub...@uhoreg.ca -- Matrix: @uhoreg:matrix.org
PGP/GnuPG key: 4096R/F24C F749 6C73 DDB8 DCB8  72DE B2DE 88D3 113A 1368

Bug#988396: debian-edu-config: EFI partition is missing during automatic partitioning

[Monsieur Cyril ETCHEVERRIA]

Package: debian-edu-config
Version: 2.11.54
Severity: normal

Dear Maintainer,


installing debian-edu 11 with debian-edu-bullseye-DI-rc1-amd64-netinst.iso
image with automatic partitioning on a UEFI system results in a systematic
error no EFI partition.
With an automatic partitioning on the second disk with an EFI partition present
on the first disk, the installation continues successfully.



-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-16-amd64 (SMP w/6 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debian-edu-config depends on:
ii  bind9-host   1:9.11.5.P4+dfsg-5.1+deb10u3
pn  cfengine3
ii  debconf [debconf-2.0]1.5.71
ii  debconf-utils1.5.71
pn  debian-edu-artwork   
pn  desktop-profiles 
ii  e2fsprogs1.44.5-1+deb10u3
pn  education-tasks  
pn  fping
pn  gnutls-bin   
pn  isenkram-cli 
ii  ldap-utils   2.4.47+dfsg-3+deb10u6
pn  ldapscripts  
ii  libconfig-inifiles-perl  3.01-1
pn  libfilesys-df-perl   
pn  libhtml-fromtext-perl
ii  libio-socket-ssl-perl2.060-3
pn  libnet-ldap-perl 
pn  libnet-netmask-perl  
ii  libnss3-tools2:3.42.1-1+deb10u3
pn  libpacparser1
pn  libpam-python
pn  libproxy1-plugin-kconfig 
ii  libproxy1-plugin-networkmanager  0.4.15-5+deb10u1
ii  libproxy1-plugin-webkit  0.4.15-5+deb10u1
ii  libterm-readkey-perl 2.38-1
pn  libtext-unaccent-perl
ii  lockfile-progs   0.1.18
ii  lsb-base 10.2019051400
ii  lsb-release  10.2019051400
ii  mime-support 3.62
ii  net-tools1.60+git20180626.aebd88e-1
ii  netcat-openbsd [netcat]  1.195-2
ii  netcat-traditional [netcat]  1.10-41.1
pn  ng-utils 
ii  openssl  1.1.1d-0+deb10u6
ii  patch2.7.6-3+deb10u1
ii  python   2.7.16-1
pn  python-notify
ii  ssl-cert 1.0.39
pn  swaks
pn  tftp-hpa | tftp  
pn  uuid 

Versions of packages debian-edu-config recommends:
ii  binutils   2.31.1-16
ii  libnotify-bin  0.7.7-4
ii  lsof   4.91+dfsg-1
pn  memtest86+ 
pn  resolvconf 
pn  syslinux   

debian-edu-config suggests no packages.

Bug#987637: fenix FTBFS with gcc 10

[Baptiste Beauplat]

Control: tags -1 + patch

Dear maintainer,

The following patch fixes the FTBFS. I've added a specific check in the
test suite and I've tested it manually.

Without feedback, I'll NMU the package and request an unblock in a
couple of days.

Best,

-- 
Baptiste Beauplat - lyknode
diff -Nru fenix-0.92a.dfsg1/debian/patches/fix_ftbfs_gcc10.patch 
fenix-0.92a.dfsg1/debian/patches/fix_ftbfs_gcc10.patch
--- fenix-0.92a.dfsg1/debian/patches/fix_ftbfs_gcc10.patch  1970-01-01 
01:00:00.0 +0100
+++ fenix-0.92a.dfsg1/debian/patches/fix_ftbfs_gcc10.patch  2021-05-11 
21:08:56.0 +0200
@@ -0,0 +1,19 @@
+From: Baptiste Beauplat 
+Date: Tue, 11 May 2021 21:06:15 +0200
+Subject: Fix FTBFS with gcc 10 (Closes: #987637)
+
+Declare debug as an external variable.
+Declaration and assignation is done in main.c.
+---
+
+--- a/fxc/src/c_main.c
 b/fxc/src/c_main.c
+@@ -182,7 +182,7 @@
+ #ifdef TARGET_MAC
+ static int debug ;
+ #else
+-int debug;
++extern int debug;
+ #endif
+ 
+ void compile_init ()
diff -Nru fenix-0.92a.dfsg1/debian/patches/series 
fenix-0.92a.dfsg1/debian/patches/series
--- fenix-0.92a.dfsg1/debian/patches/series 2019-02-12 10:40:57.0 
+0100
+++ fenix-0.92a.dfsg1/debian/patches/series 2021-05-10 21:39:02.0 
+0200
@@ -35,3 +35,4 @@
 fxc-cmdline-crash.patch
 fxi-cmdline-title.patch
 map-gif-256-colors.patch
+fix_ftbfs_gcc10.patch
diff -Nru fenix-0.92a.dfsg1/debian/tests/t/lib/Test/Fenix/Compile.pm 
fenix-0.92a.dfsg1/debian/tests/t/lib/Test/Fenix/Compile.pm
--- fenix-0.92a.dfsg1/debian/tests/t/lib/Test/Fenix/Compile.pm  2019-02-12 
15:47:50.0 +0100
+++ fenix-0.92a.dfsg1/debian/tests/t/lib/Test/Fenix/Compile.pm  2021-05-11 
22:17:32.0 +0200
@@ -41,12 +41,11 @@
Test::More::plan tests => 4;
 
my $cmd = Test::Command->new(cmd => [
-   $fxc, $test->{test}{src}->basename,
+   $fxc, '-d', $test->{test}{src}->basename,
]);
$cmd->exit_is_num(0);
-   # Yeah, this is backwards, I know...
-   $cmd->stdout_is_eq('');
-   $cmd->stderr_isnt_eq('');
+   $cmd->stdout_like(qr/END/);
+   $cmd->stderr_like(qr/- Main procedure/);
 
Test::More::ok -f $test->{test}{exe},
'the compiled program exists';


signature.asc
Description: PGP signature

Bug#988395: u-boot: can't crossbuild with arch:all from amd64

[Sean Whitton]

Source: u-boot
Version: 2021.01+dfsg-4

Hello,

`sbuild --host=arm64` on an amd64 host has dependency problems:

 gcc-10-x86-64-linux-gnu:arm64 : Depends: binutils-x86-64-linux-gnu:arm64 (>= 
2.35.1) but it is not installable
 Depends: libgcc-10-dev-amd64-cross:arm64 (>= 
10.2.1-6cross1) but it is not installable

If you turn off the arch:all build with --no-arch-all then you can get
the .debs you need, but discussion on IRC suggests that it might be
possible to adjust the u-boot's build-deps to fix this.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#986512: libunity: FTBFS: dh_auto_test: error: make -j4 check VERBOSE=1 returned exit code 2

[Baptiste Beauplat]

The issue may be related to this upstream issue:

https://gitlab.gnome.org/GNOME/vala/-/issues/1167

I'll test using a patched version of vala and reassign if needed.

-- 
Baptiste Beauplat - lyknode


signature.asc
Description: PGP signature

Bug#988121: postgresql-13: reduce Build-Depends

[Christoph Berg]

Re: Helmut Grohne
> The immediate issue is that its Build-Depends are not cross-satisfiably.
> There are multiple reasons for this one of which is libio-pty-perl. I've
> grepped through the sources for /io..?pty/i and found only occurences
> used in tests. I've performed a nocheck build with this dependency
> dropped and it worked. Unfortunately, since postgresql is not
> reproducible, we cannot validate a nocheck build against a regular
> build. Given these findings, I think it is a fair compromise to annotate
> libio-pty-perl . Do you agree?
> 
> Beyond this, I figured that libipc-run-perl can be dropped when passing
> --disable-tap-tests, which seems fine during nocheck. Unfortunately,
> postgresql embeds its configure flags in pg_config and others. Varying
> configure flags therefore make postgresql unreproducible. Would it be
> sensible to delete configure flags from pg_config?

Hi Helmut,

thanks for the---as always---thorough research that comes with your
patches. For libipc-run-perl I have good news, the perl module can be
marked  while keeping --enable-tap-tests on the configure
line if PROVE=/usr/bin/prove is passed along. So both will be marked
nocheck with the next upload, which is due on Thursday anyway as by
PG's minor release schedule.

> In general, making postgresql reproducible would help a lot in further
> reducing its Build-Depends as automated tools can tell you which
> dependencies are unused in that case.

It used to be reproducible for about a day or two, and then the patch
adding query JITing using libllvm landed in PG11. I just rechecked the
list of diffs on r-b.org, and all the differences are in the .bc
bitcode files, encoding the build path (and there is no clang option
yet to remove it). So PG is reproducible even today, you just have to
build in the same path, as can be seen in r-b's bullseye builds.

Thanks,
Christoph

Bug#988386: Reporting CVE's from upstream

[Jeremy Galindo]

Package: ntfs-3g
Version: 2017.3.23AR.3

For CVE's pending from upstream, is everything already mirrored so upstream
fixes are applied in the next release? I'm asking because the upstream
maintainers are trying to identify how soon their fixes will be applied to
your packages.

Thanks,




-- 

*Jeremy Galindo* Associate Mgr., Offensive Security
Datto, Inc. Direct Line www.datto.com


Join the conversation! [image: Facebook] 
[image: Twitter]  [image: LinkedIn]
  [image: Blog RSS]
 [image: Slideshare]
  [image: Spiceworks]

Bug#988139: khal fails to run with ModuleNotFoundError: No module named 'xdg.BaseDirectory' error

[Jonas Smedegaard]

Control: tags -1 unreproducible
Control: severity -1 important


Hi Filippo,

Thanks for reporting this issue.

> this is the full error report:

Seems you profided onky the error message, without any other context 
than the auto-generated information.

Please tell what you did - the package contains a library and several 
executables, so it is not obvious what you did which _triggered_ the 
presented stacktrace.

I cannot reproduce the error, so will lower severity for now.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#988300: linux-kbuild-5.10: can not build nvidia-kernel-340xx-dkms

[Ben Hutchings]

Control: tag -1 moreinfo

On Mon, 2021-05-10 at 01:56 +0200, Hans-J. Ullrich wrote:
> Package: linux-kbuild-5.10
> Version: 5.10.28-1
> Severity: important
> 
> Dear Maintainer,
> 
> I am not quite sure, but I believe, there is a problem with either
> linux-kbuild-5.10 or the nvidia-kernel-340xx-dkms.
> 
> The problem is, that the build of the kernel module stops and the
> make.log says the following:
[...]

Could this be the same bug as #987575?

Which version of nvidia-legacy-340xx-kernel-dkms is installed, and do
you have any other out-of-tree module packages installed?

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption]
would be development of an easy way to factor large prime numbers.
   - Bill Gates


signature.asc
Description: This is a digitally signed message part

Bug#988386: Reporting CVE's from upstream

[Salvatore Bonaccorso]

Control: tags -1 + moreinfo

Hi

[disclaimer, not the maintainer here]

On Tue, May 11, 2021 at 12:00:40PM -0400, Jeremy Galindo wrote:
> Package: ntfs-3g
> Version: 2017.3.23AR.3
> 
> For CVE's pending from upstream, is everything already mirrored so upstream
> fixes are applied in the next release? I'm asking because the upstream
> maintainers are trying to identify how soon their fixes will be applied to
> your packages.

Can you be more specific, which CVEs are you referring to?

Regards,
Salvatore

Bug#988394: thunar: CVE-2021-32563

[Salvatore Bonaccorso]

Source: thunar
Version: 4.16.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 4.16.3-1

Hi,

The following vulnerability was published for thunar.

CVE-2021-32563[0]:
| An issue was discovered in Thunar before 4.16.7 and 4.17.x before
| 4.17.2. When called with a regular file as a command-line argument, it
| delegates to a different program (based on the file type) without user
| confirmation. This could be used to achieve code execution.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-32563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32563
[1] https://marc.info/?l=oss-security=162058938307965=2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#929685: pending upload

[IOS]

Hello  How are you?

Отправлено из мобильной Почты Mail.Ru

вторник, 11 мая 2021 г., 13:48 +0400 от a...@debian.org  :
>On 19/03/2021 12.24, Matthias Klose wrote:
>> Control: reassign -1 src_ca-certificates-java, ca-certificates
>> 
>> I committed Andreas' proposed changes to ca-certificates-java, however that
>> requires a corresponding upload to ca-certificates.
>
>If we revert the ca-certificates version bump (merge request !6) you can 
>upload the remaining fixes now and we bump the version and create the 
>flag file once the corresponding features are implemented in 
>ca-certificates.
>
>Andreas

Bug#982552: ruby-carrierwave: CVE-2021-21288

[Pirate Praveen]

On Thu, 11 Feb 2021 18:40:58 +0100 Salvatore Bonaccorso 
 wrote:

> The following vulnerability was published for ruby-carrierwave.
>
> CVE-2021-21288[0]:
> | CarrierWave is an open-source RubyGem which provides a simple and
> | flexible way to upload files from Ruby applications. In CarrierWave
> | before versions 1.3.2 and 2.1.1 the download feature has an SSRF
> | vulnerability, allowing attacks to provide DNS entries or IP 
addresses

> | that are intended for internal use and gather information about the
> | Intranet infrastructure of the platform. This is fixed in versions
> | 1.3.2 and 2.1.1.

version 1.3.2 needs ruby-ssrf-filter which is still in NEW.

Bug#988393: mass unblock requests for fixes of Github watch file URLs

[Mike Gabriel]

Package: release.debian.org
Severity: normal

Dear release team,

this is a mass unblock request for several packages that received minor
changes regarding broken Github release tag / download URLs leaving my
personal dashboard (UDD) unusable.

Here is the list of packages that received changes (there are some more, but 
I'll start with these):

guake-indicator 1.4.5-2
libvncserver 0.9.13+dfsg-3
nodm 0.13-6
openboard 1.5.4+dfsg1-3
openboard-extras-nonfree 1.5.4+nonfree1-2
mate-window-applets 20.04.0-2
lightdm-autologin-greeter 1.0-4
smarty3 3.1.39-2
smarty-lexer 3.1.32+dfsg1-4
smarty-gettext 1.6.1-2
zypper 1.14.42-2
e2guardian 5.3.4-2
ganeti-os-noop 0.2-5
gosa-plugin-mailaddress 0.99.7-2
gosa-plugin-netgroups 0.2-2
gosa-plugin-pwreset 0.99.5-3
jquery-i18n-properties 1.2.7+dfsg1-3
libmateweather 1.24.1-2
libzypp 17.25.7-2


For each package I attached a .debdiff. Please let me know if you need more 
explicit info on this.

Mike
diff -Nru e2guardian-5.3.4/debian/changelog e2guardian-5.3.4/debian/changelog
--- e2guardian-5.3.4/debian/changelog   2020-02-15 10:43:10.0 +0100
+++ e2guardian-5.3.4/debian/changelog   2021-04-29 11:48:42.0 +0200
@@ -1,3 +1,13 @@
+e2guardian (5.3.4-2) unstable; urgency=medium
+
+  * debian/changelog:
++ Post-upload fix-up of missing changelog item regarding addition of
+  1001_spelling-fixes.patch
+  * debian/watch:
++ Fix Github watch URL.
+
+ -- Mike Gabriel   Thu, 29 Apr 2021 11:48:42 +0200
+
 e2guardian (5.3.4-1) unstable; urgency=medium
 
   * New upstream release.
@@ -6,6 +16,8 @@
   * debian/control:
 + Bump Standards-Version: to 4.5.0. No changes needed.
 + Add Rules-Requires-Root: field and set it to 'no'.
+  * debian/patches:
++ Add 1001_spelling-fixes.patch. Fix spelling of the work 'implement'.
 
  -- Mike Gabriel   Sat, 15 Feb 2020 10:43:10 +0100
 
diff -Nru e2guardian-5.3.4/debian/watch e2guardian-5.3.4/debian/watch
--- e2guardian-5.3.4/debian/watch   2020-02-15 10:43:10.0 +0100
+++ e2guardian-5.3.4/debian/watch   2021-04-29 11:46:19.0 +0200
@@ -1,3 +1,3 @@
 version=3
 opts=filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/e2guardian-$1.tar.gz/ \
-https://github.com/e2guardian/e2guardian/releases .*/archive/v?([\d\.]+).tar.gz
+https://github.com/e2guardian/e2guardian/releases 
.*/archive/refs/tags/v?([\d\.]+).tar.gz
diff -Nru ganeti-os-noop-0.2/debian/changelog 
ganeti-os-noop-0.2/debian/changelog
--- ganeti-os-noop-0.2/debian/changelog 2018-05-24 12:19:59.0 +0200
+++ ganeti-os-noop-0.2/debian/changelog 2021-04-29 12:32:25.0 +0200
@@ -1,3 +1,10 @@
+ganeti-os-noop (0.2-5) unstable; urgency=medium
+
+  * debian/watch:
++ Fix Github watch URL and switch to format version 4.
+
+ -- Mike Gabriel   Thu, 29 Apr 2021 12:32:25 +0200
+
 ganeti-os-noop (0.2-4) unstable; urgency=medium
 
   * debian/control:
diff -Nru ganeti-os-noop-0.2/debian/watch ganeti-os-noop-0.2/debian/watch
--- ganeti-os-noop-0.2/debian/watch 2015-08-07 01:29:46.0 +0200
+++ ganeti-os-noop-0.2/debian/watch 2021-04-29 12:32:00.0 +0200
@@ -1,3 +1,3 @@
-version=3
+version=4
 opts=filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/ganeti-os-noop-$1.tar.gz/ \
-https://github.com/grnet/ganeti-os-noop/tags .*/archive/v?([\d\.]+).tar.gz
+https://github.com/grnet/ganeti-os-noop/tags 
.*/archive/refs/tags/v?([\d\.]+).tar.gz
diff -Nru gosa-plugin-mailaddress-0.99.7/debian/changelog 
gosa-plugin-mailaddress-0.99.7/debian/changelog
--- gosa-plugin-mailaddress-0.99.7/debian/changelog 2019-02-06 
23:15:54.0 +0100
+++ gosa-plugin-mailaddress-0.99.7/debian/changelog 2021-04-29 
12:54:34.0 +0200
@@ -1,3 +1,10 @@
+gosa-plugin-mailaddress (0.99.7-2) unstable; urgency=medium
+
+  * debian/watch:
++ Fix Github watch URL and switch to format version 4.
+
+ -- Mike Gabriel   Thu, 29 Apr 2021 12:54:34 +0200
+
 gosa-plugin-mailaddress (0.99.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru gosa-plugin-mailaddress-0.99.7/debian/watch 
gosa-plugin-mailaddress-0.99.7/debian/watch
--- gosa-plugin-mailaddress-0.99.7/debian/watch 2016-02-07 11:27:23.0 
+0100
+++ gosa-plugin-mailaddress-0.99.7/debian/watch 2021-04-29 12:35:41.0 
+0200
@@ -1,4 +1,4 @@
-version=3
+version=4
 
opts=filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/gosa-plugin-mailaddress-$1.tar.gz/
 \
-https://github.com/gosa-project/gosa-plugin-mailaddress/tags 
.*/archive/v?([\d\.]+).tar.gz
+https://github.com/gosa-project/gosa-plugin-mailaddress/tags 
.*/archive/refs/tags/v?([\d\.]+).tar.gz
 
diff -Nru gosa-plugin-netgroups-0.2/debian/changelog 
gosa-plugin-netgroups-0.2/debian/changelog
--- gosa-plugin-netgroups-0.2/debian/changelog  2018-08-17 12:27:00.0 
+0200
+++ gosa-plugin-netgroups-0.2/debian/changelog  2021-04-29 13:06:14.0 
+0200
@@ -1,3 +1,10 @@
+gosa-plugin-netgroups (0.2-2) unstable; urgency=medium
+
+  * debian/watch:
++ Fix Github watch URL and switch to format version 4.
+
+ -- Mike Gabriel   

Bug#988392: Impossible to install grub-pc and grub-efi-amd64 in parallel

[Paul Menzel]

Package: src:grub
Version: 2.04-18
Severity: normal


Dear Debian folks,


I have a Debian installation on a disk, I carry around, and I want to 
boot on BIOS and (U)EFI systems. This would be possible with the switch 
`--target`.


sudo grub-install --target=i386-pc --boot-directory=/boot /dev/sda

and

sudo grub-install --target=x86_64-efi /dev/sda

Unfortunately I am unable to install both packages in parallel as they 
conflict (Replaces?) with each other.


$ apt show grub-pc
[…]
Replaces: grub, grub-common (<= 1.97~beta2-1), grub-coreboot, 
grub-efi-amd64, grub-efi-ia32, grub-ieee1275, grub-legacy, grub2 (<< 
2.04-18)


The GRUB build system also does not seem to allow to configure the build 
to build the platforms in parallel, but in the end the files in 
`/usr/lib/grub/` should be able to coexist.


It’ be great if Debian’s GRUB packages could be installed in parallel.


Kind regards,

Paul

Bug#988384: smartd-runner bug causes loss of email recipients

[John Denker]

Package: smartmontools
Version: 7.1-1build1

*** Origin and context:

I'm using an ubuntu package.
The ubuntu guys asked me to push this report upstream, so here it is.
A patch is included.

*** Expected, documented, and desired behavior:

In /etc/smartd.conf it is permitted to specify multiple email recipients.
Here is the relevant snippet:

###
DEFAULT -d removable -n standby \
-a -M test  \
-s S/../.././01 \
-m root,jsd \
-M exec /usr/share/smartmontools/smartd-runner
###

The last line is relevant, and the next-to-last line is super-relevant, insofar 
as it contains a comma-separated list of recipients.

The code in smartd itself handles this just fine, and always has.

*** Observed bad behavior:

I observe that the smartd-runner script throws away all recipients after the 
first.

*** Remark:

The root problem is that smartd-runner assumes it will be called with exactly 
three arguments.
It can be expected that this will cause multiple bugs, not just the one 
reported here.

*** Patch to fix the problem

A patch file is attached.

*** Platform details

ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu27.17
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: MATE
Date: Mon May 10 07:13:51 2021
Dependencies:
 debianutils 4.9.1
 gcc-10-base 10.2.0-5ubuntu1~20.04
 libc6 2.31-0ubuntu9.2
 libcap-ng0 0.7.9-2.1build1
 libcrypt1 1:4.4.10-10ubuntu4
 libgcc-s1 10.2.0-5ubuntu1~20.04
 libgcrypt20 1.8.5-5ubuntu1
 libgpg-error-l10n 1.37-1
 libgpg-error0 1.37-1
 libidn2-0 2.2.0-2
 liblz4-1 1.9.2-2
 liblzma5 5.2.4-1ubuntu1
 libpcre2-8-0 10.34-7
 libselinux1 3.0-1build2
 libstdc++6 10.2.0-5ubuntu1~20.04
 libsystemd0 245.4-4ubuntu3.6
 libunistring2 0.9.10-2
 lsb-base 11.1.0ubuntu2
DistroRelease: Ubuntu 20.04
InstallationDate: Installed on 2010-07-10 (3957 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
Package: smartmontools 7.1-1build1 [modified: 
usr/share/smartmontools/smartd-runner]
PackageArchitecture: amd64
ProcCpuinfoMinimal:
 processor  : 1
 vendor_id  : GenuineIntel
 cpu family : 6
 model  : 23
 model name : Intel(R) Core(TM)2 Duo CPU T9600  @ 2.80GHz
 stepping   : 10
 microcode  : 0xa07
 cpu MHz: 800.000
 cache size : 6144 KB
 physical id: 0
 siblings   : 2
 core id: 1
 cpu cores  : 2
 apicid : 1
 initial apicid : 1
 fpu: yes
 fpu_exception  : yes
 cpuid level: 13
 wp : yes
 flags  : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx lm 
constant_tsc arch_perfmon pebs bts nopl cpuid aperfmperf pni dtes64 monitor 
ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm pti tpr_shadow 
vnmi flexpriority vpid dtherm ida
 vmx flags  : vnmi flexpriority tsc_offset vtpr vapic
 bugs   : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds 
swapgs itlb_multihit
 bogomips   : 5585.85
 clflush size   : 64
 cache_alignment: 64
 address sizes  : 36 bits physical, 48 bits virtual
 power management:
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: smartmontools
Tags:  focal
Uname: Linux 5.11.0+ x86_64
UpgradeStatus: Upgraded to focal on 2020-08-09 (273 days ago)
_MarkForUpload: True
modified.conffile..etc.default.apport: [modified]
modified.conffile..etc.default.smartmontools: [modified]
modified.conffile..etc.smartd.conf: [modified]
mtime.conffile..etc.default.apport: 2020-08-09T18:38:49.803212
mtime.conffile..etc.default.smartmontools: 2010-11-12T20:22:37
mtime.conffile..etc.smartd.conf: 2016-05-14T13:58:08.981915

/// sent Mon 10 May 2021  7:35:45 AM MST
https://bugs.launchpad.net/ubuntu/+source/smartmontools/+bug/1927980

/// patch is:
--- smartd-runner#orig  2021-05-06 03:25:01.324133900 -0700
+++ smartd-runner   2021-05-10 07:00:08.342798348 -0700
@@ -3,8 +3,15 @@
 tmp=$(tempfile)
 cat >$tmp
 
-run-parts --report --lsbsysinit --arg=$tmp --arg="$1" \
---arg="$2" --arg="$3" -- /etc/smartmontools/run.d
+# Decorate every one of our args with "--arg=".
+# Use an array, since each arg might contain spaces.
+args=("$@")
+cmd=()
+for ((ii=0; ii<${#args[@]}; ii++)); do
+  cmd[$ii]="--arg=${args[$ii]}"
+done
 
-rm -f $tmp
+run-parts --report --lsbsysinit --arg=$tmp \
+ "${cmd[@]}" -- /etc/smartmontools/run.d
 
+rm -f $tmp

Bug#987980: Fwd: Re: Bug#987980: ITP: infamous-plugins -- Infamous Plugins is a collection of open-source LV2 plugins

[Fernando Toledo]

On Wed, 05 May 2021 11:20:57 -0300 "Henrique de Moraes Holschuh" 
 wrote:

Forwarding list-only reply to the bug report... sorry about that!

- Original message -
From: Henrique de Moraes Holschuh 
To: debian-de...@lists.debian.org
Subject: Re: Bug#987980: ITP: infamous-plugins --  Infamous Plugins is a 
collection of open-source LV2 plugins
Date: Monday, May 03, 2021 15:45

Hello Fernando,

On Mon, May 3, 2021, at 03:32, Fernando Toledo wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Fernando Toledo 
> 
> * Package name: infamous-plugins


Please consider a prefix for the source package and binary package name, maybe 
lv2- or lv2-audio- or something else more suitable...

After all, lv2 is not the only thing with infamous plugins out there ;-)

--
  Henrique de Moraes Holschuh 



Hi! thanks for reply
I agree, i will rename the package to lv2-infamous-plugins an reupload 
to mentors again!



--
Fernando Toledo
Dock Sud BBS
http://bbs.docksud.com.ar
telnet://bbs.docksud.com.ar

Bug#987686: webkit2gtk breaks balsa autopkgtest: xwd: error: No window with name Balsa exists!

[Alberto Garcia]

On Tue, Apr 27, 2021 at 11:27:32PM +0200, Alberto Garcia wrote:

> Nothing to do with webkit actually. The test launches Balsa, waits
> for two seconds and then takes a screenshot of the window. The bug
> happens because when xdg-desktop-portal-gtk is installed Balsa takes
> a very long time to start so those two seconds are not enough.

In webkit2gtk 2.32.1-1 the dependency on xdg-desktop-portal-gtk was
downgraded to a recommendation so the test no longer fails.

The underlying cause is still there so I don't know if you want to
keep this bug report open to look for a proper solution.

Berto

Bug#988341: unblock: nis/4.3

[Sebastian Ramacher]

On 2021-05-11 10:52:13 +0200, Francesco P. Lovergine wrote:
> I found also a pending doc-only change still seating in my repo:
> 
> diff --git a/debian/nis.debian.howto b/debian/nis.debian.howto
> index e90e549..2641b86 100644
> --- a/debian/nis.debian.howto
> +++ b/debian/nis.debian.howto
> @@ -66,6 +66,13 @@ The NIS how-to on Debian
> 
>   2.1 FOR LIBC6:
> 
> + Ensure to have libnss-nis package installed. It is currently
> + only recommended by both libc and ypbind-mt, because it is not an
> + essential component for the system. Even, for your own reasons you
> + could be interested in binding a NIS domain to access the NIS maps via
> + yptools, but not activating it as an account information provider for
> + the system.
> +Check your /etc/nsswitch.conf file and make sure that the
> entries for
>   passwd, group, shadow and netgroup look like this:
> 
> I could add this note to the source-only upload, possibly. Is it ok?

Yes, that's okay and in line with the freeze policy.

Cheers

> 
> On Tue, May 11, 2021 at 10:34:32AM +0200, Sebastian Ramacher wrote:
> > Control: tags -1 confirmed moreinfo
> > 
> > On 2021-05-10 20:43:26 +0200, Francesco P. Lovergine wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: unblock
> > > 
> > > Please unblock package nis
> > > 
> > > [ Reason ]
> > > 
> > > Fixes serious bug #988227 (bashism in postinst).
> > > 
> > > [ Impact ]
> > > 
> > > Upgrade not smoothly done from stable.
> > > 
> > > [ Tests ]
> > > 
> > > No autopkg test. Manually tested with dash.
> > > 
> > > [ Risks ]
> > > 
> > > None.
> > > 
> > > [ Checklist ]
> > >[x] all changes are documented in the d/changelog
> > >[x] I reviewed all changes and I approve them
> > >[x] attach debdiff against the package in testing
> > > 
> > > [ Other info ]
> > > 
> > > Native migration package only.
> > > 
> > > unblock nis/4.3
> > 
> > Not built on buildd: arch all binaries uploaded by frankie, a new 
> > source-only upload is needed to allow migration
> > 
> > Please perform a source-only upload and remove the moreinfo tag once
> > that's done.
> > 
> > Cheers
> > 
> > > 
> > > --
> > > Francesco P. Lovergine
> > 
> > > diff -Nru nis-4.2/debian/changelog nis-4.3/debian/changelog
> > > --- nis-4.2/debian/changelog  2021-01-31 10:22:32.0 +0100
> > > +++ nis-4.3/debian/changelog  2021-05-08 17:19:24.0 +0200
> > > @@ -1,3 +1,10 @@
> > > +nis (4.3) unstable; urgency=medium
> > > +
> > > +  * Fixed a sort-of bashism in postinst.
> > > +(closes: #988227)
> > > +
> > > + -- Francesco Paolo Lovergine   Sat, 08 May 2021 
> > > 17:19:24 +0200
> > > +
> > >  nis (4.2) unstable; urgency=medium
> > > 
> > >* Missed removing of /etc/init.d/nis at upgrade time added.
> > > diff -Nru nis-4.2/debian/postinst nis-4.3/debian/postinst
> > > --- nis-4.2/debian/postinst   2021-01-31 10:22:32.0 +0100
> > > +++ nis-4.3/debian/postinst   2021-05-08 17:19:24.0 +0200
> > > @@ -73,10 +73,13 @@
> > >  case "$1" in
> > >  configure)
> > >  PREV_VER="$2"
> > > - if [ ! -z "$PREV_VER" -a $(dpkg --compare-versions "$PREV_VER" 
> > > lt '4~'; echo $?) -eq 0 ]
> > > -then
> > > -upgrade_old
> > > -fi
> > > + if [ ! -z "$PREV_VER" ]
> > > + then
> > > + if dpkg --compare-versions "$PREV_VER" lt '4~'
> > > + then
> > > + upgrade_old
> > > + fi
> > > + fi
> > >   rm -f /etc/init.d/nis
> > >  ;;
> > >  *)
> > 
> > 
> > -- 
> > Sebastian Ramacher
> 
> 
> 
> -- 
> Francesco P. Lovergine
> 

-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#988391: reportbug: X-Debbugs-CC problems

[Ross Boylan]

Package: reportbug
Version: 7.10.3
Severity: normal
X-Debbugs-Cc: rossboy...@stanfordalumni.org

Dear Maintainer,

   * What led up to the situation?
   
   ross@debtest:~$ reportbug logcheck-database -H 'X-Debbugs-CC: 
987...@bugs.debian.org'
*** Warning: Your ~/.reportbugrc is setting an X-Debbugs-CC header in a 
'header' command. This is an old default setting that no longer works reliably. 
You may
want to re-run 'reportbug --configure', or edit your configuration file to use 
the 'list-cc-me' command (without recipient address) instead.
*** Welcome to reportbug.  Use ? for help at prompts. ***


Then when the editor spawned I did not see X-Debbugs-CC in the
file, although I do see it for this bug, which used --list-cc-me. 

Read documentation and got confused abut how different ways of
specifying X-Debbugs-CC interacted. 

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
 I ignored the warning and filed the report without being able to
 add myself to the X-Debbugs-CC list. 
 
   * What was the outcome of this action?
   Bug submitted and the message was cc'd to me (before getting a bug
   # assigned).  The cc surprised me, but I presume it's the result of
   /etc/reportbug.conf having a cc directive.
   
   * What outcome did you expect instead?
   1. That the error message would be accurate.  It said
   *** Warning: Your ~/.reportbugrc is setting an X-Debbugs-CC header in a 
'header' command. .
   My .reportbugrc has no header or debbugs-cc related directives.  I
   assume the warning was triggered by the -H option on the command
   line.
   Also, the warning message went on to suggest --list-cc-me,
   which was not appropriate since the edress I gave was not me.
   
   2. That there would be some way to edit my X-Debbugs-CC list after
   the fact.  I realized after I started that I wanted to include
   myself in list, and had no way to do it (unless I overlooked an
   X-Debbugs-CC line in the editor).  I could have added such a line
   in the editor, but it was unclear how that would interact with the
   previous request from the command line.
   Related: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648185

   3. That I would be able to figure out how different header-related
   options interacted from t he documentation.


In general, there are multiple ways to set the X-Debbugs-CC list, and
it is unclear how they interact.  For example, what if I have
list-cc-me and an explicit X-Debbugs-CC header?  If there are several
such headers, what happens?

https://www.debian.org/Bugs/Reporting#pseudoheader says
If you want to send copies to more than one address, add them
comma-separated in only one X-Debbugs-CC line.


Oops, I guess I shouldn't have done an X-Debbugs-CC to another bug,
because it continues

Avoid sending such copies to the addresses of other bug
reports, as they will be caught by the checks that prevent mail
loops. There is relatively little point in using X-Debbugs-CC for this
anyway, as the bug number added by that mechanism will just be
replaced by a new one; use an ordinary CC header instead.


The man page has both -P and -H.  What's the difference?  How do they
interact with -list-cc or --list-cc-me, or options set in
configuration files?

-H describes how to set X-Debbugs-CC, but
--list-cc=ADDRESS  
 Send a carbon copy of the report to the specified list after a report
 number is assigned; this is the equivalent to the option -P
 'X-Debbugs-CC: ADDRESS'. This option will only work as intended with
 debbugs systems.

uses -P instead.


-- Package-specific info:
** Environment settings:
INTERFACE="text"

** /home/ross/.reportbugrc:
reportbug_version "7.10.3"
mode standard
ui text
email "rossboy...@stanfordalumni.org"
smtphost "mail.betterworld.us"

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/3 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages reportbug depends on:
ii  apt2.2.3
ii  python33.9.2-3
ii  python3-reportbug  7.10.3
ii  sensible-utils 0.0.14

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail 
pn  debconf-utils  
ii  debsums3.0.2
pn  dlocate
ii  emacs-bin-common   1:27.1+1-3.1
ii  exim4-daemon-light [mail-transport-agent]  4.94-17
ii  file   1:5.39-3
ii  gnupg  2.2.27-2
pn  python3-urwid  
pn  reportbug-gtk  
ii  

Bug#962626: [Pkg-sssd-devel] Bug#962626: nss-wrapper: Please make autopkgtests cross-test-friendly

[Timo Aaltonen]

On 11.6.2020 0.08, Steve Langasek wrote:

Package: nss-wrapper
Version: 1.1.11-1
Severity: minor
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu groovy ubuntu-patch


Hi, now that I bumped into this after searching for something else, I've 
merged the change and it will be in the next upload. Thanks!




--
t

Bug#988278: [pre-approval] unblock: libgetdata/0.10.0-10

[Anton Gladky]

Sebastian, I have double checked the code, and you are probably right.
It is better to put this if-check into the internal scope of "(D->error ==
GD_E_OK && !match)".
Pipeline is passed, so I will upload it into unstable.

Thanks again.

Anton


Am Mo., 10. Mai 2021 um 22:42 Uhr schrieb Sebastian Ramacher <
sramac...@debian.org>:

> Control: tags -1 confirmed
>
> On 2021-05-10 22:35:28, Anton Gladky wrote:
> > Control: tags -1 -moreinfo
> >
> > Hi Sebastian,
> >
> > Thanks for looking into this issue. Yes, it is intentional. We should
> always
> > check whether first_raw is NULL or not.
>
> Then please go ahead.
>
> Cheers
>
> >
> > I have reproduced the issue in the CI-pipeline [1], and the proposed
> patch
> > fixes
> > the issue [2]: no more segfault, just an error message due to exploit.
> >
> > [1] https://salsa.debian.org/science-team/libgetdata/-/jobs/1631525
> > [2] https://salsa.debian.org/science-team/libgetdata/-/jobs/1633848
> >
> > Anton
> >
> >
> > Am Mo., 10. Mai 2021 um 22:27 Uhr schrieb Sebastian Ramacher <
> > sramac...@debian.org>:
> > 
> >
> > > > +--- libgetdata-0.10.0.orig/src/parse.c
> > > >  libgetdata-0.10.0/src/parse.c
> > > > +@@ -2504,6 +2504,9 @@ char *_GD_ParseFragment(FILE *restrict f
> > > > + if (D->error == GD_E_OK && !match)
> > > > +   first_raw = _GD_ParseFieldSpec(D, p, n_cols, in_cols,
> > > strlen(in_cols[0]),
> > > > +   NULL, me, 0, 1, , tok_pos);
> > > > ++  if (first_raw == NULL) {
> > > > ++_GD_SetError(D, GD_E_BAD_DIRFILE, GD_E_ENTRY_TYPE, NULL, 0,
> > > NULL);
> > > > ++  }
> > >
> > > Is it intentional that newly addeded if is evaluated in any case or is
> > > this patch missing curly brackets for the body of "if (D->error =
> > > GD_E_OK && !match)"?
> > >
>
> --
> Sebastian Ramacher
>

Bug#988390: gnome-gmail: test_body2html fails with Python 3.9.5

[David Steele]

On Tue, May 11, 2021 at 1:57 PM Dmitry Shachnev > wrote:


   Source: gnome-gmail
   Version: 2.7-2
   Severity: important



Thank you for that complete, concise, and early report.



OpenPGP_signature
Description: OpenPGP digital signature

Bug#988390: gnome-gmail: test_body2html fails with Python 3.9.5

[Dmitry Shachnev]

Source: gnome-gmail
Version: 2.7-2
Severity: important

Dear Maintainer,

When running gnome-gmail autopkgtest with Python ≥ 3.9.5, test_body2html
fails. That version is currently available in Debian experimental. The failing
configurations are:

- test_body2html[False-a\tb-ab]
- test_body2html[False-a\nb-a\nb]
- test_body2html[False-a\nb\nc-a\nb\nc]

For example, the first configuration fails with this error:

  _ test_body2html[False-a\tb-ab] 
__

  encbody = False, body = 'a\tb', result = 'ab'

  @pytest.mark.parametrize("body, result", testCaseStrings)
  @pytest.mark.parametrize("encbody", (False, True))
  def test_body2html(encbody, body, result):

  if encbody:
  body = urllib.parse.quote(body)
  elif '&' in body or '#' in body:
  pytest.skip("Don't test unencoded bodies with URL special chars")

  gmapi = get_gmapi(baseMailtoURL + body)

  html_body = gmapi.body2html()

  >   assert result in html_body
  E   AssertionError: assert 'ab' in 
'\n\n\n\nab\n\n'

  test/test_body.py:106: AssertionError

It happens because starting with Python 3.9.5, urllib.parse.urlsplit() removes
newline and tabs:

https://github.com/python/cpython/commit/491fde0161d5e527

And that function is called by gnome-gmail's mailto2dict() function.

Compare:

  Python 3.9.2 (default, Feb 28 2021, 17:03:44) 
  [GCC 10.2.1 20210110] on linux
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import urllib.parse
  >>> urllib.parse.urlsplit("mailto:joe?body=a\tb;, "mailto")
  SplitResult(scheme='mailto', netloc='', path='joe', query='body=a\tb', 
fragment='')

and:

  Python 3.9.5 (default, May  6 2021, 09:11:34) 
  [GCC 10.2.1 20210110] on linux
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import urllib.parse
  >>> urllib.parse.urlsplit("mailto:joe?body=a\tb;, "mailto")
  SplitResult(scheme='mailto', netloc='', path='joe', query='body=ab', 
fragment='')

--
Dmitry Shachnev


signature.asc
Description: PGP signature

Bug#988389: logcheck-database: systemd ignore patterns miss some cases

[Ross Boylan]

Package: logcheck-database
Version: 1.3.23
Severity: normal
Tags: patch

Dear Maintainer,

Running logcheck on testing/bullseye with reportlevel workstation it
reports various messages that would be screened out except that the
package name includes a "-".  Here's a sample of some of the lines
that are reported (as "system events"):
May 10 10:17:30 debtest systemd[1]: Starting Daily apt-listbugs preferences 
cleanup...
May 10 10:17:30 debtest systemd[1]: Starting exim4-base housekeeping...
May 10 10:17:30 debtest systemd[1]: Starting Daily man-db regeneration.

The first one led me to report Bug #987839 (cc'd in this report)
against apt-listbugs, which led to discovering this more general
problem.

In particular, the current pattern
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Starting|Stopping) [ +[:alnum:]/]+\.(\.\.)?$
in ignore.d.server/systemd fails to match these items because
   [ +[:alnum:]/]+
will not match a "-".  I believe it should be
   [- +[:alnum:]/]+
or possibly even
   [-_ +[:alnum:]/]+
or just
   .+
Taking the intermediate possibility gives
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Starting|Stopping) [-_ +[:alnum:]/]+\.(\.\.)?$

The first 3 rules in the current file all use the same pattern and
probably need the same rewrite:

^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Started|Reached|Stopped) target [ +[:alnum:]]+\.$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Starting|Stopping) [ +[:alnum:]/]+\.(\.\.)?$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Start|Stopp)ed [ +[:alnum:]/]+\.$

A related issue is that the patterns also fail to match various
"Finished" messages.  It seems to me if you are going to ignore the
starting messages you should ignore the finishing ones as well.
Sample log entries reported:

May 10 10:17:30 debtest systemd[1]: Finished Discard unused blocks on 
filesystems from /etc/fstab.
May 10 10:17:30 debtest systemd[1]: Finished exim4-base housekeeping.
May 10 10:17:31 debtest systemd[1]: Finished Daily apt-listbugs preferences 
cleanup.

Currently the only Finished pattern is

^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished 
(Rotate log files|Daily apt (download|upgrade and clean) activities|Daily 
man-db regeneration)\.$

So either that should be expanded to include additional specific tests or it
should be made as general as the starting patterns, i.e.,
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished 
[-_ +[:alnum:]/]+\.$

Finally, this is also related to Bug #808429
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808429), which
includes a much more extensive list of changes to the systemd
patterns. It uses .+ as the pattern for the message after start/stop
messages, and would exclude all of them.  However, it has no patterns
that match "Finished".

In short, I propose changing these rules
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Started|Reached|Stopped) target [ +[:alnum:]]+\.$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Starting|Stopping) [ +[:alnum:]/]+\.(\.\.)?$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Start|Stopp)ed [ +[:alnum:]/]+\.$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished 
(Rotate log files|Daily apt (download|upgrade and clean) activities|Daily 
man-db regeneration)\.$

To these
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Started|Reached|Stopped) target .+\.$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Starting|Stopping) .+\.(\.\.)?$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: 
(Start|Stopp)ed .+\.$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished 
.+\.$

Or one of the other alternatives listed above if .+ seems too loose.

P.S. The system to automatically gather configuration info is not
working--see the bottom.

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/3 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- Configuration Files:
/etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: 
'/etc/logcheck/cracking.d/kernel'
/etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: 
'/etc/logcheck/cracking.d/rlogind'
[should this be happening?  I'm cutting it off here.]

-- no debconf information

Bug#988388: RM: mongo-cxx-driver -- ROM; package not meant for unstable (no ABI)

[Roberto C. Sanchez]

Package: ftp.debian.org
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I uploaded mongo-cxx-driver to unstable by mistake.  By request of
upstream, it should only be in experimental because the library has no
ABI.  Please remove mongo-cxx-driver from unstable.

Regards,

- -Roberto

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmCavp4ACgkQldFmTdL1
kUJVjw//XL6F9BemB8U87GzTZXv/kWBfGDARPRdXGFcxbsW5FlmMxHraUttPQwmj
0hOc5GEly4HzRLyW4sLXHIpdp911/JBHC4nrERu5SvB81Slj9YTPNP6BTHrVi3YH
QUYpyX8vwVRfPeOkkz34k9+iAZ0jd9EGJAfRshHXsEdlPZ7hudcwoGU8c0rz5AZe
1lKSlwBZytOAe+0mG2XTSXadBIH67blRlnvk3U7YqR11rtJB12a8RchmMHY3GYhc
TEB9y5QFP22dKj3qQhufvVDJAY/FdU0wTN6BmvbY0loXmMm83wFPdYR4kUbKnvh9
a4tLK+WD1FJVXAoMStmxiUijfnRuT4kwr1c35qpUp+Eqn22/MsrmAkszlmHvhQ/3
+N8BjXt4fUvCe6B/jZ8R+WwfPDVAQeEXoLsi6nUnDI9MLjd5xAssGfgfgYygZNhU
0bMzVDwJ8rosPuiDGzHdj3HDZ9E4BPQa3Hm/6qf/YX/i59YWs1+NotB2Wm0eMSwI
1yQ1DshwPLcWTn+ST45PgGciWzvGRlEKVuzj/+FuUUuRca/5icdTq5253grzcZSn
rGiNEm7qp5RzLRYu1/Dz4MRbR8j18vdF0RF64MVNeet514M7zk0VtAaEswOvoGiB
xXQiTmLna0vRA5kxBid1Sq/ArbgMd51RotG9ZqamsfP4u+49VrI=
=jyHC
-END PGP SIGNATURE-

Bug#930532: xymon: imaps reports "unexpected service response"

[Andreas Oberritter]

On Thu, 9 Jan 2020 17:39:27 + Greg Arnold  wrote:
> I have a host that is consistently failing the imaps test - with debug
> on, I get "tcp_got_expected: No data in banner"

The root cause is xymonnet ignoring requests by the OpenSSL library to retry 
reading.

I submitted a merge request today: 
https://salsa.debian.org/debian/xymon/-/merge_requests/1

Previously, xymonnet would only have continued reading from the socket only if 
`http && (not_eof_or_error || ssl_retry) && not_done`. My patch changes the 
logic to `((http && not_eof_or_error) || ssl_retry) && not_done`, in order to 
fix retries for protocols other than HTTPS.

Bug#988367: linux-headers 4.19.165 '"make scripts" results fatal error: classmap.h: No such file or directory'

[Andrei POPESCU]

Control: reopen -1
Control: reassign -1 src:linux 4.19.181-1

On Ma, 11 mai 21, 21:35:17, Arul pandiyan wrote:
> Hello Andrei,
> 
>   I was checking the debian package default linux-headers
> version linux-headers-4.19.0-16-arm64 version as well.
> The Issue is still reproducible. Below are the logs. I could not find the
> headers classmap.h on  linux-headers-4.19.0-16-arm64.

Ok, reopening and reassigning accordingly.

Kind regards,
Andrei

> arul@debian:~/$ $ cd ~/work/linux-headers/
> arul@debian:~/work/linux-headers$ $ wget
> http://ftp.cn.debian.org/debian/pool/main/l/linux
> /linux-headers-4.19.0-16-common_4.19.181-1_all.deb
> --2021-05-11 21:33:08--
> http://ftp.cn.debian.org/debian/pool/main/l/linux/linux-headers-4.19.0-16-common_4.19.181-1_all.deb
> Resolving ftp.cn.debian.org (ftp.cn.debian.org)... 45.125.0.6,
> 2403:2c80:5::6
> Connecting to ftp.cn.debian.org (ftp.cn.debian.org)|45.125.0.6|:80...
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 8470280 (8.1M) [application/octet-stream]
> Saving to: ‘linux-headers-4.19.0-16-common_4.19.181-1_all.deb’
> 
> linux-headers-4.19.0-16-common_4.19
> 100%[==>]
> 8.08M  1.19MB/sin 6.6s
> 
> 2021-05-11 21:33:14 (1.22 MB/s) -
> ‘linux-headers-4.19.0-16-common_4.19.181-1_all.deb’ saved [8470280/8470280]
> arul@debian:~/work/linux-headers$ $
> arul@debian:~/work/linux-headers$ $ ar -x
> linux-headers-4.19.0-16-common_4.19.181-1_all.deb
> arul@debian:~/work/linux-headers$ $ tar -xf data.tar.xz
> arul@debian:~/work/linux-headers$ $ ls -la
> total 16564
> drwxr-xr-x 3 arul arul4096 Mar 19 19:59 .
> drwxr-xr-x 7 arul arul4096 May 11 21:31 ..
> -rw-r--r-- 1 arul arul  201912 May 11 21:32 control.tar.xz
> -rw-r--r-- 1 arul arul 8268176 May 11 21:32 data.tar.xz
> -rw-r--r-- 1 arul arul   4 May 11 21:32 debian-binary
> -rw-r--r-- 1 arul arul 8470280 Mar 20 02:14
> linux-headers-4.19.0-16-common_4.19.181-1_all.deb
> drwxr-xr-x 4 arul arul4096 Mar 19 19:59 usr
> arul@debian:~/work/linux-headers$ $ find usr/ -iname classmap.h
> arul@debian:~/work/linux-headers$ $
> 
> Regards,
> Arulpandiyan V.
> 
> On Tue, May 11, 2021 at 9:25 PM Andrei POPESCU 
> wrote:
> 
> > On Ma, 11 mai 21, 16:53:08, Arul pandiyan wrote:
> > > Package: linux-headers
> > > Version: 4.19.165-cip41-rt18
> >
> > [...]
> >
> > > I am using Debian buster, kernel 4.19.165-cip41-rt18.
> >
> > Hello,
> >
> > This doesn't look like a Debian kernel at all, which is probably why
> > your report was filed under "unknown packages".
> >
> > Please re-check where you obtained it from and / or try to reproduce the
> > issue with a Debian kernel, and re-open this bug if the issue is indeed
> > present in Debian.
> >
> > Kind regards,
> > Andrei
> > --
> > Looking after bugs assigned to unknown or inexistent packages
> >

-- 
Looking after bugs assigned to unknown or inexistent packages


signature.asc
Description: PGP signature

Bug#988387: ITP: python-lsdviztools -- visualisation tools for LSDTopoTools

[Magnus Hagdorn]

Package: wnpp
Severity: wishlist
Owner: Magnus Hagdorn 

* Package name: python-lsdviztools
  Version : 0.4.4
  Upstream Author : Simon Mudd 
* URL : https://pypi.org/project/lsdviztools/
* License : MIT
  Programming Lang: Python
  Description : visualisation tools for LSDTopoTools

lsdvizools is a collection of routines for plotting geospatial data, with a 
focus on data produces by LSDTopoTools or by lsdtopytools.

Features
 * Plotting of rasters that includes formatting so you can get 
   publication-ready figures with one command.
 * Selection of basins and channels for topogroahic analysis.
 * Tools for plotting point data, usually associated with channel networks, 
   derived from LSDTopoTools command line tools.

The software is developed and used at the School of GeoSciences and
required on our managed Linux machines.

Bug#988385: dash sets PS1 on non-interactive shells

[Christoph Anton Mitterer]

Package: dash
Version: 0.5.11+git20210120+802ebd4-1
Severity: normal


Hey.

Not sure wheter this is a bug, but at least it feels wrong ;-)

It seems that dash sets PS1 on non-interactive shells (regardless of whether
login- or non-login-shells).

I basically use the default /etc/profile and ~/.profile provided
by base-files.
These do not seem to set PS1, but they do source /etc/bash.bashrc and
~/.basrh, which however exit out when the shell is non-interactive.

So AFAIU, it cannot be set by those.

Now taking a little test script test.sh:
set -u
echo $PS1


gives:
calestyo@heisenberg:~$ dash test.sh
$
calestyo@heisenberg:~$ dash -l test.sh
$
calestyo@heisenberg:~$ bash test.sh
test.sh: line 2: PS1: unbound variable
calestyo@heisenberg:~$ bash -l test.sh
test.sh: line 2: PS1: unbound variable


I would expect that non-interactive shells should not have PS1 set?
Especially this also leads to stuff from the various profile files
to be excuted, that should not, because e.g. /etc/profile tests
interactiveness based on PS1.


Cheers,
Chris

Bug#988297: README.Debian contains instructions that result in RC bugs in other packages

[Raúl Benencia]

Hi Sean, 

On Mon, May 10, 2021 at 11:35:06AM -0700, Sean Whitton wrote:
> Firstly, due to my mistake, we have to revert all your other changes
> except perhaps the Uploader field if we want to ask for an unblock.  I
> should have uploaded your new package to experimental.  This means using
> a 2.7.0-1+really2.6-4 version number or something like that.

Ah, apologies for the confusion. :-)

When I adopted the package I was already under the impression that it
was not going to make it to bullseye, so I'm at peace with that idea.

Between bloating the git history with reverts, asking for an unblock,
putting extra load on the release team, etc., and just letting this
documentation bug be present on bullseye and only fix it on unstable,
I prefer the later. Having said that, if you still think that we need
to do the revert—even if we won't request an unblock—, then I'll be
happy to do it.

-- 
Raúl Benencia


signature.asc
Description: PGP signature

Bug#987022: unblock: spamassassin/3.4.5~pre1-4

[Noah Meyerhans]

Control: tags -1 - moreinfo

On Tue, Apr 20, 2021 at 02:26:00PM -0700, Noah Meyerhans wrote:
> On Tue, Apr 20, 2021 at 08:53:48PM +0200, Ivo De Decker wrote:
> > > The debdiff for 3.4.6-1 is at [5].  The debdiff for 3.4.5~pre1-4 is at
> > > [6].
> > 
> > I suggest you upload 3.4.5~pre1-4 to unstable and 3.4.6-1 to experimental. I
> > haven't looked at 3.4.5~pre1-4 in detail yet, but I suspect it will be fine.
> > Once it migrates, we can look at 3.4.6-1 again, and by then, the upload to
> > experimental will at least show us obvious issues in the builds or the ci.
> > 
> > Please remove the moreinfo tag from this bug when 3.4.5~pre1-4 (or something
> > similar) is ready to migrate.
> 
> So, naturally, it's not that simple.  Experimental contains a 4.0.0
> prerelease version, so getting 3.4.6-1 available there won't work.
> 
> In any case, I just uploaded 3.4.5~pre1-4 to unstable, and we can
> consider 3.4.6-1 in unstable after it migrates.  I think that's the next
> best plan, if we're to consider 3.4.6 at all.

OK, 3.4.5~pre1-4 is in unstable for 20 days and ready to migrate.  I'd
still like to try to get 3.4.6-1 into bullseye if the timing permits,
but for now, please unblock 3.4.5~pre1-4. Thanks.

noah

Bug#988365: buster-pu: package htmldoc/1.9.3-1

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: haavard_aa...@yahoo.no

This updates fixes CVE-2019-19630 and CVE-2021-20308 which is bug:
#984765. Both patches is from upstream and has very small changes.

CVE-2019-19630 is marked with no DSA and CVE-2021-20308 is marked
unimportant, so I have not contacted the security team.

[ Reason ]
Fix CVE-2019-19630 and CVE-2021-20308

[ Impact ]
Minor

[ Tests ]
None

[ Risks ]
Small to none

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The patches adds additional if-statements to prevent buffer-overflows.

Regards,
Håvard

https://security-tracker.debian.org/tracker/CVE-2019-19630
https://security-tracker.debian.org/tracker/CVE-2021-20308
https://bugs.debian.org/#984765
diff -Nru htmldoc-1.9.3/debian/changelog htmldoc-1.9.3/debian/changelog
--- htmldoc-1.9.3/debian/changelog  2018-04-11 20:04:27.0 +0200
+++ htmldoc-1.9.3/debian/changelog  2021-05-11 12:03:14.0 +0200
@@ -1,3 +1,13 @@
+htmldoc (1.9.3-1+deb10u1) buster; urgency=medium
+
+  * QA upload.
+  * Add patch to fix a stack-based buffer overflow in the hd_strlcpy()
+Fixes: CVE-2019-19630
+  * Add patch to fix buffer-overflow caused by integer-overflow
+Closes: #984765 Fixes: CVE-2021-20308
+
+ -- Håvard Flaget Aasen   Tue, 11 May 2021 12:03:14 
+0200
+
 htmldoc (1.9.3-1) unstable; urgency=medium
 
   * QA upload.
diff -Nru 
htmldoc-1.9.3/debian/patches/Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch
 
htmldoc-1.9.3/debian/patches/Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch
--- 
htmldoc-1.9.3/debian/patches/Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch
 1970-01-01 01:00:00.0 +0100
+++ 
htmldoc-1.9.3/debian/patches/Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch
 2021-05-11 11:55:58.0 +0200
@@ -0,0 +1,28 @@
+From: Michael R Sweet 
+Date: Sun, 8 Dec 2019 14:00:26 -0500
+Subject: Fix a buffer underflow issue with GCC on Linux (Issue #360)
+
+CVE-2019-19630
+
+Origin: upstream, 
https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c
+Bug: https://github.com/michaelrsweet/htmldoc/issues/370
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2019-19630
+---
+ htmldoc/ps-pdf.cxx | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/htmldoc/ps-pdf.cxx b/htmldoc/ps-pdf.cxx
+index 78a0183..5d96591 100644
+--- a/htmldoc/ps-pdf.cxx
 b/htmldoc/ps-pdf.cxx
+@@ -3721,7 +3721,9 @@ render_contents(tree_t *t,   /* I - Tree to 
parse */
+  nptr < (number + sizeof(number) - 1) && width < right;
+width += dot_width)
+   *nptr++ = '.';
+-nptr --;
++
++if (nptr > number)
++  nptr --;
+ 
+ strlcpy((char *)nptr, pages[hpage].page_text, sizeof(number) - 
(size_t)(nptr - number));
+ 
diff -Nru 
htmldoc-1.9.3/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 
htmldoc-1.9.3/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--- htmldoc-1.9.3/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
1970-01-01 01:00:00.0 +0100
+++ htmldoc-1.9.3/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
2021-05-11 11:55:58.0 +0200
@@ -0,0 +1,27 @@
+From: Michael R Sweet 
+Date: Wed, 31 Mar 2021 20:18:00 -0400
+Subject: Fix crash bug with bad GIFs (Issue #423)
+
+CVE-2021-20308
+
+Origin: upstream, 
https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654
+Bug: https://github.com/michaelrsweet/htmldoc/issues/423
+Bug-Debian: https://bugs.debian.org/#984765
+---
+ htmldoc/image.cxx | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
+index 907db8f..9d36a41 100644
+--- a/htmldoc/image.cxx
 b/htmldoc/image.cxx
+@@ -1245,6 +1245,9 @@ image_load_gif(image_t *img, /* I - Image pointer */
+   img->height = (buf[9] << 8) | buf[8];
+   ncolors = 2 << (buf[10] & 0x07);
+ 
++  if (img->width <= 0 || img->width > 32767 || img->height <= 0 || 
img->height > 32767)
++return (-1);
++
+   // If we are writing an encrypted PDF file, bump the use count so we create
+   // an image object (Acrobat 6 bug workaround)
+   if (Encryption)
diff -Nru htmldoc-1.9.3/debian/patches/series 
htmldoc-1.9.3/debian/patches/series
--- htmldoc-1.9.3/debian/patches/series 2018-04-11 20:04:27.0 +0200
+++ htmldoc-1.9.3/debian/patches/series 2021-05-11 11:55:58.0 +0200
@@ -4,3 +4,5 @@
 autoheader_support.patch
 disable_libz.patch
 remove-os-check.patch
+Fix-crash-bug-with-bad-GIFs-Issue-423.patch
+Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch

Bug#984956: Processed: Re: Bug#984956: me too

[Vassilis Virvilis]

On Tue, 11 May 2021 14:04:56 +0200 Lucas Nussbaum  wrote:

> That's because it is loaded dynamically.
>> mca_pmix_ext3x.so is linked to libpmix.so.2:
>>
>
Aah that's a great hint. Thanks

The output is the same as yours.

It's not available. I rebuilt it locally, and got:
>

Yes I also rebuilt it locally. I was looking for configure.log. My bad.

I found it at  ./debian/build-gfortran/config.log and it is the same as
yours. Looks ok.

Bug#988383: bash: improve /etc/skel/.bashrc’s colour capability detection

[Christoph Anton Mitterer]

Oh and maybe it's better to test for more colours, e.g.
  "${colour_support}" -gt 8
than just 2.

Bug#988374: [INTL:es] Spanish translation of the debconf template

[Camaleón]

El 2021-05-11 a las 16:12 +0200, Jonas Smedegaard escribió:
> Hi Camaleón,
> 
> Quoting Camaleón (2021-05-11 15:38:18)
> > You can find enclosed the Spanish translation template to be uploaded 
> > with the latest package build.
> 
> I just noticed one little nit in your contributed localisation:
> 
> The file contains the following header:
> 
> # ldh-gui-suite po-debconf translation to Spanish.
> # Copyright (C) 2021
> # This file is distributed under the same license as the ldh-gui-suite 
> package.
> # Camaleón , 2021.
> 
> The string "Copyright (C) 2021" is not a copyright statement.
> 
> Here is the content of the PO template file:
> 
> # LANGUAGE translation for ldh-gui-suite.
> # Copyright (C) YEAR FIRST AUTHOR 
> # This file is distributed under the same license as the ldh-gui-suite 
> package.
> # FIRST AUTHOR , YEAR.
> 
> I suggest that you use that template, replacing only the words in 
> capital with what those capitalized words hint at (unless you have 
> reason to do more changes - e.g. if you want your work to be licensed 
> differently).
> 
> I don't see this as a big problem (it is quite common for localisations 
> to contain bogus copyright and/or licensing information, or none at 
> all).  Just mentioning as it seems you wanted to state a copyright there 
> and I would love to promote¹ you as the copyright holder of your work.

Hi there and thanks for noticing it!
Almost all of the debconf PO template headers are quite the same, so I 
must have overlooked for this one.

I'm attaching the file again with an updated header to match your   
comments and keep the original PO header, as suggested.

Thanks!

-- 
Camaleón 
# Spanish translation for ldh-gui-suite.
# Copyright (C) 2021 Camaleón 
# This file is distributed under the same license as the ldh-gui-suite package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: ldh-gui-suite\n"
"Report-Msgid-Bugs-To: ldh-gui-su...@packages.debian.org\n"
"POT-Creation-Date: 2020-09-09 13:35+0200\n"
"PO-Revision-Date: 2021-05-01 12:56+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' which is
#. a specific concept defined at 
#: ../templates:1001
msgid ""
"The \"Liberty Deckplan Host\" (LDH) is a single domain implementing the "
"concrete configuration plan defined at ."
msgstr ""
"«Liberty Deckplan Host» (LDH) es un único dominio que implementa el plan "
"de configuración concreto definido en «https://source.puri.sm/liberty/;
"services»."

#. Type: string
#. Description
#: ../templates:1001
msgid ""
"This name will also be used by other programs. It should be the single, "
"fully qualified domain name (FQDN)."
msgstr ""
"También se utilizará este nombre por otros programas. Debe ser un nombre de "
"dominio único, completamente cualificado (FQDN)."

#. Type: string
#. Description
#. Type: string
#. Description
#. Type: string
#. Description
#. Type: string
#. Description
#. Type: string
#. Description
#: ../templates:1001 ../templates:2001 ../templates:3001 ../templates:4001
#: ../templates:5001
msgid ""
"Leave blank to use a default value (currently \"${defaultvalue}\"), and to "
"permit eventual automatic change of that value without asking."
msgstr ""
"Déjelo en blanco para utilizar el valor predeterminado (actualmente "
"«${defaultvalue}») y para permitir el eventual cambio automático del valor "
"sin preguntar."

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or 'Hub'
#. which are specific concepts defined at
#. 
#: ../templates:2001
msgid "Descriptive name for Liberty Deckplan Host service Hub:"
msgstr "Nombre descriptivo para el servicio Hub de Liberty Deckplan Host:"

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or 'Hub'
#. which are specific concepts defined at
#. 
#: ../templates:2001
msgid "\"Hub\" is a service to manage your Liberty Deckplan Host account."
msgstr "«Hub» es un servicio para gestionar su cuenta de Liberty Deckplan Host."

#. Type: string
#. Description
#: ../templates:2001
msgid ""
"This descriptive name will also be used by other programs. It should be a "
"short string usable within a longer description sentence."
msgstr ""
"También se utilizará este nombre descriptivo por otros programas. Debe ser "
"una cadena corta que pueda utilizarse dentro de una frase descriptiva "
"más larga."

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or 'Hub'
#. which are specific concepts defined at
#. 
#: ../templates:3001
msgid "URI for Liberty 

Bug#988383: bash: improve /etc/skel/.bashrc’s colour capability detection

[Christoph Anton Mitterer]

Package: bash
Version: 5.1-3
Severity: wishlist


Hey.

/etc/skel/.bashrc uses:
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac

to detect whether the terminal supports a colourised prompt or not.


1) Could you please add "linux" to the list. That seems to be what the
kernel console uses, and I guess this always supports colours?
(Haven't checked though, whether there are any kernel parameters or
config options that would allow to disable colour support).


2) Additionally or alternatively one could add a more generic way of
detection.

Perhaps something like:
if [ -x /usr/bin/tput ]; then
colour_support="$(tput colors 2> /dev/null)"
if [ $? -eq 0  -a  "${colour_support}" -gt 2 ]; then
color_prompt=yes
fi
unset colour_support
fi

This could be made as the fallback for the current case construct, which
could still list the TERM values known to have colours, e.g. like:
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
*)
[the above]
esac


Cheers,
Chris.

Bug#988374: [INTL:es] Spanish translation of the debconf template

[Jonas Smedegaard]

Hi Camaleón,

Quoting Camaleón (2021-05-11 15:38:18)
> You can find enclosed the Spanish translation template to be uploaded 
> with the latest package build.

I just noticed one little nit in your contributed localisation:

The file contains the following header:

# ldh-gui-suite po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the ldh-gui-suite package.
# Camaleón , 2021.

The string "Copyright (C) 2021" is not a copyright statement.

Here is the content of the PO template file:

# LANGUAGE translation for ldh-gui-suite.
# Copyright (C) YEAR FIRST AUTHOR 
# This file is distributed under the same license as the ldh-gui-suite package.
# FIRST AUTHOR , YEAR.

I suggest that you use that template, replacing only the words in 
capital with what those capitalized words hint at (unless you have 
reason to do more changes - e.g. if you want your work to be licensed 
differently).

I don't see this as a big problem (it is quite common for localisations 
to contain bogus copyright and/or licensing information, or none at 
all).  Just mentioning as it seems you wanted to state a copyright there 
and I would love to promote¹ you as the copyright holder of your work.


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#988382: bash ships same file twice

[Xk2c]

Package: bash
Version: 5.1-3
Severity: minor

Hello Maintainers,

bash .deb ships same doc file twice:

% command sha1sum /usr/share/doc/bash/CHANGES.gz \
/usr/share/doc/bash/changelog.gz
5a4fa4af9a0f1195491710825a6094deecf01051  /usr/share/doc/bash/CHANGES.gz
5a4fa4af9a0f1195491710825a6094deecf01051  /usr/share/doc/bash/changelog.gz

% command apt-cache policy bash
bash:
Installed: 5.1-3
Candidate: 5.1-3


kind regards,

 Thilo


-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bash depends on:
ii  base-files   11.1
ii  debianutils  4.11.2
ii  libc62.31-12
ii  libtinfo66.2+20201114-2

Versions of packages bash recommends:
ii  bash-completion  1:2.11-2

Versions of packages bash suggests:
ii  bash-doc  5.1-3

-- Configuration Files:
/etc/bash.bashrc changed [not included]
/etc/skel/.profile changed [not included]

-- no debconf information

Bug#988374: [INTL:es] Spanish translation of the debconf template

[Jonas Smedegaard]

Quoting Camaleón (2021-05-11 15:38:18)
> You can find enclosed the Spanish translation template to be uploaded 
> with the latest package build. Cheers,

Thanks, Camaleón - much appreciated!

Will issue an updated package release shortly, with the localisation 
included.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#988381: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: prometheus-smokeping-prober
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# prometheus-smokeping-prober po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the 
prometheus-smokeping-prober package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: prometheus-smokeping-prober\n"
"Report-Msgid-Bugs-To: prometheus-smokeping-pro...@packages.debian.org\n"
"POT-Creation-Date: 2021-02-03 15:43+0100\n"
"PO-Revision-Date: 2021-04-29 15:51+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: boolean
#. Description
#: ../templates:1001
msgid "Enable additional network privileges for ICMP probing?"
msgstr "¿Desea activar privilegios de red adicionales para el sondeo de ICMP?"

#. Type: boolean
#. Description
#: ../templates:1001
msgid ""
"/usr/bin/prometheus-smokeping-prober requires the CAP_NET_RAW capability to "
"be able to send out crafted packets to targets for ICMP probing."
msgstr ""
"«/usr/bin/prometheus-smokeping-prober» requiere que la capacidad CAP_NET_RAW "
"esté activada para enviar paquetes preformados a los objetivos del sondeo "
"ICMP."

#. Type: boolean
#. Description
#: ../templates:1001
msgid ""
"ICMP probing will not work unless this option is enabled, or prometheus-"
"smokeping-prober runs as root."
msgstr ""
"El sondeo ICMP no funcionará hasta que active esta opción o ejecute "
"prometheus-smokeping-prober como súperusuario."

Bug#988380: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: prometheus-homeplug-exporter
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# prometheus-homeplug-exporter po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the 
prometheus-homeplug-exporter package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: prometheus-homeplug-exporter\n"
"Report-Msgid-Bugs-To: prometheus-homeplug-expor...@packages.debian.org\n"
"POT-Creation-Date: 2020-05-16 20:01+\n"
"PO-Revision-Date: 2021-04-29 15:53+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: boolean
#. Description
#: ../templates:1001
msgid "Enable additional network privileges for PLC communication?"
msgstr "¿Desea activar privilegios de red adicionales para la comunicación PLC?"

#. Type: boolean
#. Description
#: ../templates:1001
msgid ""
"prometheus-homeplug-exporter requires CAP_NET_RAW capabilities to be able to "
"send out raw Ethernet packets to the HomePlug/PLC devices."
msgstr ""
"prometheus-homeplug-exporter requiere que la capacidad CAP_NET_RAW esté "
"activada para enviar paquetes sin procesar a los dispositivos HomePlug/PLC."

#. Type: boolean
#. Description
#: ../templates:1001
msgid ""
"prometheus-homeplug-exporter will not work at all unless this option is "
"enabled, or it runs as root."
msgstr ""
"prometheus-homeplug-exporter no funcionará hasta que active esta opción o "
"se ejecute como súperusuario."

Bug#988379: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: kwartz-client
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# kwartz-client po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the kwartz-client package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: kwartz-client\n"
"Report-Msgid-Bugs-To: kwartz-cli...@packages.debian.org\n"
"POT-Creation-Date: 2020-04-11 19:41+0200\n"
"PO-Revision-Date: 2021-05-02 10:00+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../kwartz-client.templates:1001
msgid "URI (\"Uniform Resource Identifier\") of the LDAP server:"
msgstr "URI («Identificador de Recursos Uniforme») del servidor LDAP:"

#. Type: string
#. Description
#: ../kwartz-client.templates:1001
msgid ""
"Please enter the URI of the LDAP server provided by your Kwartz machine. You "
"can use a numeric IP address rather than a symbolic one, in order to "
"minimize failure possibilities when the name service is down."
msgstr ""
"Por favor, indique la URI del servidor LDAP proporcionado por su máquina "
"Kwartz. Puede usar una dirección IP numérica en lugar de una simbólica, para "
"minimizar las probabilidades de error cuando el servicio de nombres no esté "
"disponible."

#. Type: string
#. Description
#: ../kwartz-client.templates:1001
msgid "It is possible to specify multiple LDAP URIS, separated by spaces."
msgstr "Puede indicar varias URI LDAP, separadas por espacios."

#. Type: string
#. Description
#: ../kwartz-client.templates:2001
msgid "LDAP's Base DN (\"Distinguished Name\"):"
msgstr "DN («Nombre Distinguido») base de LDAP:"

#. Type: string
#. Description
#: ../kwartz-client.templates:2001
msgid ""
"Please enter the DN (\"Distinguished Name\") used as the base of the LDAP "
"service. Many systems use the elements of their domain name for this "
"purpose. For example, the domain \"example.net\" would use \"dc=example, "
"dc=net\"."
msgstr ""
"Por favor, indique el DN («Nombre Distinguido») para usar como base del "
"servicio LDAP. La mayoría de los sistemas utilizan elementos de su nombre de "
"dominio para este fin. Por ejemplo, el dominio «example.net» podría usar "
"«dc=example, dc=net»."

#. Type: string
#. Description
#: ../kwartz-client.templates:3001
msgid "DN (\"Distinguished Name\") of one user:"
msgstr "DN («Nombre Distinguido») de un usuario:"

#. Type: string
#. Description
#: ../kwartz-client.templates:3001
msgid ""
"Please enter the DN (\"Distinguished Name\") of one unprivileged user "
"already existing in the LDAP directory. Kwartz requires that requests come "
"from an existing user before replying anything."
msgstr ""
"Por favor, indique el DN («Nombre Distinguido») de un usuario sin "
"privilegios que ya exista en el directorio LDAP. Kwartz necesita que las "
"peticiones provengan de un usuario existente antes de responder a cualquier "
"solicitud."

#. Type: password
#. Description
#: ../kwartz-client.templates:4001
msgid "Password of the unprivileged user:"
msgstr "Contraseña del usuario sin privilegios:"

#. Type: password
#. Description
#: ../kwartz-client.templates:4001
msgid ""
"Please enter the password of the unprivileged user. Kwartz requires that "
"requests come from an existing user before replying anything. This password "
"should not be disclosed, and should be fairly strong."
msgstr ""
"Por favor, introduzca la contraseña del usuario sin privilegios. Kwartz "
"necesita que las peticiones provengan de un usuario existente antes de "
"responder a cualquier solicitud. No divulgue esta contraseña y elija una "
"que sea bastante fuerte."

#. Type: string
#. Description
#: ../kwartz-client.templates:5001
msgid "The Samba name of the kwartz server:"
msgstr "Nombre Samba del servidor kwartz:"

#. Type: string
#. Description
#: ../kwartz-client.templates:5001
msgid ""
"Please enter the Samba name of the kwartz server; this is the name of the "
"server, as seen in Windows' neighborhood."
msgstr ""
"Por favor, indique el nombre Samba del servidor kwartz; este es el nombre "
"del servidor tal y como aparece en el entorno de red de Windows."

#. Type: string
#. Description
#: ../kwartz-client.templates:6001
msgid "The IP address of the Cloud service, if any:"
msgstr "La dirección IP del servicio en la nuble, si existe:"

#. Type: string
#. Description
#: ../kwartz-client.templates:6001
msgid ""
"Please enter the IP address of the Cloud server. It may be the address of "
"the main server, as seen from the Internet (not the address in the local "
"network). If there is no such service, you can safely keep the default."
msgstr ""
"Por favor, indique la dirección IP del servidor en la nube. Puede ser la "
"dirección del servidor principal, como se ve desde Internet 

Bug#988378: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: freezer
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# freezer po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the freezer package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: freezer\n"
"Report-Msgid-Bugs-To: free...@packages.debian.org\n"
"POT-Creation-Date: 2020-07-30 21:14+0200\n"
"PO-Revision-Date: 2021-05-02 09:10+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: boolean
#. Description
#: ../freezer-scheduler.templates:1001
msgid "Manage freezer-scheduler config through debconf?"
msgstr "¿Desea configurar freezer-scheduler con debconf?"

#. Type: boolean
#. Description
#: ../freezer-scheduler.templates:1001
msgid ""
"Freezer-scheduler service must contact Freezer-api, and this is configured "
"through the [DEFAULT] section of the configuration. Specify if you wish to "
"handle this configuration through debconf."
msgstr ""
"El servicio freezer-scheduler necesita contactar con Freezer-api, y esto se "
"establece en la sección [DEFAULT] de la configuración. Indique si desea "
"gestionar esta configuración con debconf."

#. Type: string
#. Description
#: ../freezer-scheduler.templates:2001
msgid "Freezer-api server region name:"
msgstr "Nombre de la región del servidor Freezer-api:"

#. Type: string
#. Description
#: ../freezer-scheduler.templates:2001
msgid ""
"Freezer-scheduler needs to be able to communicate with Freezer-api through "
"Keystone. Therefore Freezer-scheduler needs to know the freezer tenant name, "
"username, password and region."
msgstr ""
"Freezer-scheduler necesita comunicarse con Freezer-api usando Keystone. "
"Por lo tanto, Freezer-scheduler necesita conocer el nombre del tenant de "
"freezer, el nombre de usuario, la contraseña y la región."

#. Type: select
#. Description
#: ../freezer-scheduler.templates:3001
msgid "Keystone endpoint version:"
msgstr "Versión del punto final de Keystone:"

#. Type: string
#. Description
#: ../freezer-scheduler.templates:4001
msgid "Auth server endpoint URL:"
msgstr "URL del punto final del servidor de autenticación:"

#. Type: string
#. Description
#: ../freezer-scheduler.templates:4001
msgid ""
"Specify the URL of your Keystone authentication server endpoint. This value "
"will be set in os_auth_url."
msgstr ""
"Indique la URL del punto final del servidor de autenticación Keystone. Este "
"valor se configurará en os_auth_url."

#. Type: string
#. Description
#: ../freezer-scheduler.templates:5001
msgid "Freezer api backup endpoint URL:"
msgstr "URL del punto final del respaldo de la API de freezer:"

#. Type: string
#. Description
#: ../freezer-scheduler.templates:5001
msgid ""
"Specify the URL of your Freezer-api endpoint. This value will be set in "
"backup_url."
msgstr ""
"Indique la URL del punto final de freezer-API. Este valor se configurará "
"en backup_url."

#. Type: string
#. Description
#: ../freezer-scheduler.templates:6001
msgid "Auth server username:"
msgstr "Nombre de usuario del servidor de autenticación:"

#. Type: string
#. Description
#: ../freezer-scheduler.templates:7001
msgid "Auth server project name:"
msgstr "Nombre del proyecto del servidor de autenticación:"

#. Type: password
#. Description
#: ../freezer-scheduler.templates:8001
msgid "Auth server password:"
msgstr "Contraseña del servidor de autenticación:"

Bug#988377: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: wims-lti
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# wims-lti po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the wims-lti package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: wims-lti\n"
"Report-Msgid-Bugs-To: wims-...@packages.debian.org\n"
"POT-Creation-Date: 2021-04-19 14:44+0200\n"
"PO-Revision-Date: 2021-04-29 16:13+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../templates:1001
msgid "hostname for the service:"
msgstr "Nombre del equipo para el servicio:"

#. Type: string
#. Description
#: ../templates:1001
msgid ""
"When you use Apache2 + WSGI to deploy the service, it can be implemented as "
"a virtual host. In the example below, the service administration's webpage "
"should be at http://wims-lti.example.com/admin/;
msgstr ""
"Cuando utiliza Apache2 con WSGI para desplegar el servicio, puede "
"implementarlo como un host virtual. En el ejemplo de abajo, la página de "
"administración del servicio debería estar en «http://wims-lti.example.com/;
"admin/»"

#. Type: string
#. Description
#: ../templates:1001
msgid "If unsure, you can keep the default value."
msgstr "Si no está seguro, puede mantener el valor predeterminado."

#. Type: string
#. Description
#: ../templates:2001
msgid "email for django's service admin:"
msgstr "Correo electrónico para el administrador del servicio django:"

#. Type: string
#. Description
#: ../templates:2001
msgid "Choose a valid email string."
msgstr "Elija un dirección de correo electrónico con formato válido."

#. Type: password
#. Description
#: ../templates:3001
msgid "password for django's service admin:"
msgstr "Contraseña para el administrador del servicio django:"

#. Type: password
#. Description
#: ../templates:3001
msgid "Choose a strong enough password."
msgstr "Elija una contraseña que sea segura."

#. Type: string
#. Description
#: ../templates:4001
msgid "how long to wait for a response from WIMS adm/raw module:"
msgstr "Tiempo de espera para la respuesta desde el módulo adm/raw WIMS:"

#. Type: string
#. Description
#: ../templates:4001
msgid ""
"Choose an integer value (in seconds). The default value is generally fine. "
"When a server has many active classes, this time should be increased."
msgstr ""
"Elija un valor entero (en segundos). El valor predeterminado suele ser "
"adecuado. Si un servidor tiene varias clases activas, debe aumentar el "
"tiempo incrementando este valor."

Bug#988376: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: octavia
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# octavia po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the octavia package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: octavia\n"
"Report-Msgid-Bugs-To: octa...@packages.debian.org\n"
"POT-Creation-Date: 2019-12-31 16:09+0100\n"
"PO-Revision-Date: 2021-05-01 12:31+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: boolean
#. Description
#: ../octavia-health-manager.templates:1001
msgid "Configure health-manager with debconf ?"
msgstr "¿Desea configurar health-manager con debconf?"

#. Type: boolean
#. Description
#: ../octavia-health-manager.templates:1001
msgid ""
"Octavia health-manager needs to have bind_ip, bind_port and heartbeat_key "
"configured. This can be configured via debconf."
msgstr ""
"Octavia health-manager necesita tener configurados los valores bind_ip, "
"bind_port y heartbeat_key. Puede configurarlos desde debconf."

#. Type: string
#. Description
#: ../octavia-health-manager.templates:2001
msgid "Value for health_manager bind_ip:"
msgstr "Valor para bind_ip de health_manager:"

#. Type: string
#. Description
#: ../octavia-health-manager.templates:2001
msgid ""
"IP address of Octavia health_manager on which will listen for heart beats. "
"This IP has to be in external octavia LB network to be able communicate with "
"amphora instances. This value will be set in config block health_manager "
"bind_ip."
msgstr ""
"Dirección IP de Octavia health_manager donde escuchará los latidos. Esta "
"dirección IP debe encontrarse en una red externa de Octavia LB para que pueda "
"comunicarse con las instancias de amphora. Se establecerá este valor en el "
"bloque de configuración bind_ip de health_manager."

#. Type: string
#. Description
#: ../octavia-health-manager.templates:3001
msgid "Value for health_manager bind_port:"
msgstr "Valor para bind_port de health_manager:"

#. Type: string
#. Description
#: ../octavia-health-manager.templates:3001
msgid ""
"IP port of Octavia health_manager on which will listen for heart beats. This "
"value will be set in config block health_manager bind_port."
msgstr ""
"Puerto de la dirección IP de Octavia health_manager donde escuchará los "
"latidos. Se establecerá este valor en el bloque de configuración bind_port de "
"health_manager."

#. Type: string
#. Description
#: ../octavia-health-manager.templates:4001
msgid "Octavia's hearthbeat_key:"
msgstr "Valor hearthbeat_key de Octavia:"

#. Type: string
#. Description
#: ../octavia-health-manager.templates:4001
msgid ""
"Key used to validate amphora sending the message. This value will be set in "
"config block health_manager, heartbeat_key."
msgstr ""
"Clave utilizada para validar el envío del mensaje por amphora. Se establecerá "
"este valor en el bloque de configuración heartbeat_key de health_manager."

Bug#988374: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: ldh-gui-suite
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# ldh-gui-suite po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the ldh-gui-suite package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: ldh-gui-suite\n"
"Report-Msgid-Bugs-To: ldh-gui-su...@packages.debian.org\n"
"POT-Creation-Date: 2020-09-09 13:35+0200\n"
"PO-Revision-Date: 2021-05-01 12:56+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' which is
#. a specific concept defined at 
#: ../templates:1001
msgid ""
"The \"Liberty Deckplan Host\" (LDH) is a single domain implementing the "
"concrete configuration plan defined at ."
msgstr ""
"«Liberty Deckplan Host» (LDH) es un único dominio que implementa el plan "
"de configuración concreto definido en «https://source.puri.sm/liberty/;
"services»."

#. Type: string
#. Description
#: ../templates:1001
msgid ""
"This name will also be used by other programs. It should be the single, "
"fully qualified domain name (FQDN)."
msgstr ""
"También se utilizará este nombre por otros programas. Debe ser un nombre de "
"dominio único, completamente cualificado (FQDN)."

#. Type: string
#. Description
#. Type: string
#. Description
#. Type: string
#. Description
#. Type: string
#. Description
#. Type: string
#. Description
#: ../templates:1001 ../templates:2001 ../templates:3001 ../templates:4001
#: ../templates:5001
msgid ""
"Leave blank to use a default value (currently \"${defaultvalue}\"), and to "
"permit eventual automatic change of that value without asking."
msgstr ""
"Déjelo en blanco para utilizar el valor predeterminado (actualmente "
"«${defaultvalue}») y para permitir el eventual cambio automático del valor "
"sin preguntar."

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or 'Hub'
#. which are specific concepts defined at
#. 
#: ../templates:2001
msgid "Descriptive name for Liberty Deckplan Host service Hub:"
msgstr "Nombre descriptivo para el servicio Hub de Liberty Deckplan Host:"

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or 'Hub'
#. which are specific concepts defined at
#. 
#: ../templates:2001
msgid "\"Hub\" is a service to manage your Liberty Deckplan Host account."
msgstr "«Hub» es un servicio para gestionar su cuenta de Liberty Deckplan Host."

#. Type: string
#. Description
#: ../templates:2001
msgid ""
"This descriptive name will also be used by other programs. It should be a "
"short string usable within a longer description sentence."
msgstr ""
"También se utilizará este nombre descriptivo por otros programas. Debe ser "
"una cadena corta que pueda utilizarse dentro de una frase descriptiva "
"más larga."

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or 'Hub'
#. which are specific concepts defined at
#. 
#: ../templates:3001
msgid "URI for Liberty Deckplan Host service Hub:"
msgstr "URI del servicio Hub de Liberty Deckplan Host:"

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or 'Hub'
#. which are specific concepts defined at
#. 
#: ../templates:3001
msgid ""
"\"Hub\" is a service to manage your Liberty Deckplan Host account, online "
"accessible at this URI."
msgstr ""
"«Hub» es un servicio para gestionar su cuenta de Liberty Deckplan Host, "
"accesible en línea desde esta dirección."

#. Type: string
#. Description
#. Type: string
#. Description
#. Type: string
#. Description
#: ../templates:3001 ../templates:4001 ../templates:5001
msgid ""
"This URI will also be used by other programs. It should be the single "
"Uniform Resource Identifier (URI)."
msgstr ""
"También se utilizará esta URI por otros programas. Debe ser el "
"Identificador de Recursos Uniforme (URI) unificado."

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or
#. 'Chat' which are specific concepts defined at
#. 
#: ../templates:4001
msgid "URI for Liberty Deckplan Host service Chat:"
msgstr "URI del servicio de Chat de Liberty Deckplan Host:"

#. Type: string
#. Description
#. Translators, please do NOT translate 'Liberty Deckplan Host' or
#. 'Chat' which are specific concepts defined at
#. 
#: ../templates:4001

Bug#988375: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: evqueue-core
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# evqueue-core po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the evqueue-core package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: evqueue-core\n"
"Report-Msgid-Bugs-To: evqueue-c...@packages.debian.org\n"
"POT-Creation-Date: 2016-11-26 16:19+0100\n"
"PO-Revision-Date: 2021-04-29 16:27+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: string
#. Description
#: ../evqueue-core.templates:1001
msgid "MySQL hostname:"
msgstr "Nombre del equipo MySQL:"

#. Type: string
#. Description
#: ../evqueue-core.templates:1001
msgid "Hostame of the MySQL server that will contain evQueue database."
msgstr "Nombre del equipo del servidor MySQL que contiene la base de datos "
"evQueue."

#. Type: string
#. Description
#: ../evqueue-core.templates:2001
msgid "MySQL user:"
msgstr "Usuario MySQL:"

#. Type: string
#. Description
#. Type: string
#. Description
#: ../evqueue-core.templates:2001 ../evqueue-core.templates:3001
msgid "User used to connect to MySQL server."
msgstr "Usuario utilizado para conectar con el servidor MySQL."

#. Type: string
#. Description
#: ../evqueue-core.templates:3001
msgid "MySQL password:"
msgstr "Contraseña MySQL:"

#. Type: string
#. Description
#: ../evqueue-core.templates:4001
msgid "MySQL database name:"
msgstr "Nombre de la base de datos MySQL:"

#. Type: string
#. Description
#: ../evqueue-core.templates:4001
msgid "Name of the evQueue database."
msgstr "Nombre de la base de datos evQueue."

Bug#988373: [INTL:es] Spanish translation of the debconf template

[Camaleón]

Package: put-dns
Severity: wishlist
Tags: patch l10

Hello,
You can find enclosed the Spanish translation template to be uploaded with the 
latest package build.
Cheers,

-- 
Camaleón# put-dns po-debconf translation to Spanish.
# Copyright (C) 2021
# This file is distributed under the same license as the put-dns package.
# Camaleón , 2021.
#
msgid ""
msgstr ""
"Project-Id-Version: put-dns\n"
"Report-Msgid-Bugs-To: put-...@packages.debian.org\n"
"POT-Creation-Date: 2021-02-22 08:32+\n"
"PO-Revision-Date: 2021-04-29 15:35+0200\n"
"Last-Translator: Camaleón \n"
"Language-Team: Debian Spanish \n"
"Language: es\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Type: boolean
#. Description
#: ../templates:1001
msgid "Automatically update domain in put-dns.conf?"
msgstr "¿Desea actualizar automáticamente el dominio en put-dns.conf?"

#. Type: boolean
#. Description
#: ../templates:1001
msgid ""
"If enabled put-dns will, on configuration, try to detect a valid external "
"domain name on the current system and update the put-dns.conf configuration "
"file to use it. If disabled then the configuration will not be automatically "
"updated."
msgstr ""
"Si activa esta opción, put-dns intentará (conforme a la configuración) "
"detectar un nombre de dominio externo en el sistema actual que sea válido y "
"actualizará el archivo de configuración put-dns.conf para utilizarlo. Si " 
"no activa esta opción, la configuración no se actualizará automáticamente."

Bug#988372: unblock: debian-edu-config/2.11.55

[Holger Levsen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-config 2.11.54. It fixes 3 important bugs
for Debian Edu and has no impact outside of Debian Edu, yet it's a key package
and thus needs an unblock. It's been in unstable for 12 days and has been
tested successfully. The diff is small and rather straughtforward too:

$ debdiff debian-edu-config_2.11.54.dsc debian-edu-config_2.11.55.dsc | diffstat
 debian/changelog|   17 
 sbin/debian-edu-ltsp-install|   33 
 share/debian-edu-config/tools/kerberos-kdc-init |8 -
 share/debian-edu-config/tools/run-at-firstboot  |   16 +++
 4 files changed, 67 insertions(+), 7 deletions(-)

The full debdiff is attached and d/changelog has these entries:

debian-edu-config (2.11.55) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Create first user's Samba account at first boot of a main server when all
required information is available via LDAP and debconf.  Closes: #987632.
- Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
  required password from debconf and let tools/run-at-firstboot create the
  Samba account.
  * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634.
- Fix LTSP Initrd specific path component construction in case a 32-bit
  combined server is installed.
- Provide a full name for diskless workstation to show up in the iPXE menu.
- Use BD ISO image as mirror to enable complete offline installations of a
  combined server.

 -- Holger Levsen   Thu, 29 Apr 2021 15:27:17 +0200


unblock debian-edu-config/2.11.55

Thanks for your work on releasing bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If nothing saves us from death, may love at least save us from life.
diff -Nru debian-edu-config-2.11.54/debian/changelog debian-edu-config-2.11.55/debian/changelog
--- debian-edu-config-2.11.54/debian/changelog	2021-04-07 01:03:15.0 +0200
+++ debian-edu-config-2.11.55/debian/changelog	2021-04-29 15:27:17.0 +0200
@@ -1,3 +1,20 @@
+debian-edu-config (2.11.55) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Create first user's Samba account at first boot of a main server when all
+required information is available via LDAP and debconf.  Closes: #987632.
+- Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
+  required password from debconf and let tools/run-at-firstboot create the
+  Samba account.
+  * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634.
+- Fix LTSP Initrd specific path component construction in case a 32-bit
+  combined server is installed.
+- Provide a full name for diskless workstation to show up in the iPXE menu.
+- Use BD ISO image as mirror to enable complete offline installations of a
+  combined server.
+
+ -- Holger Levsen   Thu, 29 Apr 2021 15:27:17 +0200
+
 debian-edu-config (2.11.54) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install
--- debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install	2021-02-07 11:27:28.0 +0100
+++ debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install	2021-04-26 23:38:21.0 +0200
@@ -17,7 +17,7 @@
 # Author/Copyright:	Wolfgang Schweer 
 # Licence:		GPL2+
 # first edited:	2019-11-21
-# last edited:	2021-02-04
+# last edited:	2021-04-26
 
 set -e
 
@@ -137,6 +137,8 @@
 
 # Provide a full menu name for x86_64.img
 IPXE_X86_64_IMG="Diskless Workstation (64-Bit)"
+# Provide a full menu name for x86_32.img
+IPXE_X86_32_IMG="Diskless Workstation (32-Bit)"
 
 # Set default boot value ##
 # Default value is x86_64 or x86_32 (arch specific, Diskless Workstation)
@@ -339,18 +341,33 @@
 show=false
 EOF
 
+# Specific settings needed if BD ISO image is used for installation.
+if grep -q BD /etc/apt/sources.list ; then
+	BD_ISO="true";
+	device="$(grep media/cdrom /etc/fstab | cut -d' ' -f1)"
+	mirror="file:///media/cdrom/"
+else
+	mirror="http://deb.debian.org/debian;
+fi
+
 # Create thin client chroot and generate image.
 export DEBIAN_FRONTEND=noninteractive
 if ! [ "" == "$thin_type" ] && [ ! -d /srv/ltsp/thin/"$thin_type"-"$arch"/etc/ltsp ] ; then
 	mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"
 	# Install common thin client packages.
-debootstrap --arch="$arch" --variant=minbase --include=linux-image-"$kernel_arch" \
-	"$dist" /srv/ltsp/thin/"$thin_type"-"$arch" http://deb.debian.org/debian
+debootstrap --arch="$arch" --no-check-gpg --variant=minbase --include=linux-image-"$kernel_arch" \
+	"$dist" /srv/ltsp/thin/"$thin_type"-"$arch" "$mirror"
 	chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt clean
 	mount 

Bug#988289: htmldoc: CVE-2019-19630

[Utkarsh Gupta]

Hi Håvard,

On Tue, May 11, 2021 at 3:09 AM Håvard Flaget Aasen
 wrote:
> I wasn't aware this versioning could be a problem.

Yep, a big one sometimes :)

> I can make a release to buster if you want. I would need a sponsor
> though, so if your determined, I won't rip it out of your hands.

That'd be helpful, thank you! Please let me know when you have a dsc ready?

> Regardless who does it, can we fix CVE-2021-20308 [0] as well? It's
> marked as unimportant but since we already is preparing packages...

Absolutely, by all means!

> I'v prepared a release to unstable and bullseye with the fix for
> cve-2021-20308 it's on the mentors site now.

Since this CVE is "unimportant", uploading to bullseye won't make
sense. Rather we can upload to unstable and file an unblock request,
that'd be a good way out here.

That said, I couldn't find the dsc there, could you sense the link to
dsc for unstable and I'll be very happy to sponsor the upload. Thanks!
:)


- u

Bug#988371: debspawn: does not clean its aptcache during purge

[Helmut Grohne]

Package: debspawn
Version: 0.4.1-1

When purging debspawn from a system where it was used to build packages,
it leaves /var/lib/debspawn including its aptcache around. I think at
least the aptcache should be discarded during purge if not during
removal already. Also the aptcache shoule likely be moved to /var/cache.

Helmut

Bug#987927: bind9: unreasonable resource use and slow startup with lots of IP addresses

[Ondřej Surý]

Control: forwarded -1 
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5012

Hi,

coincidentally, I’ve been working (well, experimenting would be better word) 
with
reducing the contention in the memory allocator and the first patch in the 
branch
might help with the initialization time.  Not so much with contention, for that 
the
work on the branch will have to be complete (e.g. this will go into upstream 
9.18,
not 9.16), but I thought you might be interested in the work in progress.

This particular branch is very fresh, but I have at least 3 or 4 different 
approaches
with different experiments.

Ondrej
--
Ondřej Surý (He/Him)
ond...@sury.org

> On 2. 5. 2021, at 9:16, root  wrote:
> 
> Package: bind9
> Version: 1:9.16.13-1
> Severity: normal
> 
> May  2 16:38:37 sjl named[7372]: listening on IPv4 interface lo, 127.0.0.1#53
> May  2 16:38:37 sjl named[7372]: listening on IPv4 interface eno4, 
> 10.0.2.45#53
> May  2 16:38:37 sjl named[7372]: listening on IPv4 interface eno4, 
> 10.0.40.1#53
> May  2 16:38:37 sjl named[7372]: listening on IPv4 interface eno4, 
> 10.0.40.2#53
> May  2 16:38:37 sjl named[7372]: listening on IPv4 interface eno4, 
> 10.0.40.3#53
> [...]
> May  2 16:39:33 sjl named[7372]: listening on IPv4 interface eno4, 
> 10.0.47.0#53
> May  2 16:39:33 sjl named[7372]: listening on IPv4 interface eno4, 
> 10.0.48.0#53
> May  2 16:39:33 sjl named[7372]: listening on IPv4 interface eno4, 
> 10.0.49.0#53
> May  2 16:39:33 sjl named[7372]: listening on IPv6 interface lo, ::1#53
> 
> On a system with 2560 extra IPv4 addresses for test purposes a default
> configuration of bind9 takes one minute on a reasonably fast 64bit system (two
> E5-2620 CPUs).  See the above for example startup log entries.
> 
> May  2 16:39:36 sjl named[7372]: zone localhost/IN: loaded serial 2
> May  2 16:39:36 sjl named[7372]: all zones loaded
> May  2 16:39:36 sjl named[7372]: running
> May  2 16:39:36 sjl named[7372]: socket: file descriptor exceeds limit 
> (123273/21000)
> May  2 16:39:36 sjl named[7372]: managed-keys-zone: Unable to fetch DNSKEY 
> set '.': not enough free resources
> May  2 16:39:36 sjl named[7372]: socket: file descriptor exceeds limit 
> (123273/21000)
> 
> Then the startup doesn't complete properly with errors like the above.
> 
> OPTIONS="-u bind -S 15"
> 
> Putting something like the above in /etc/default/named fixes the errors, but
> it still takes a long time and really 150,000 file handles shouldn't be
> required for 2560 IP addresses.
> 
>listen-on { 10.0.2.45; };
> 
> Putting the above in named.conf.options got it to work correctly in this
> regard.  But I expect it to not use unreasonable amounts of resources without
> that configuration.
> 
> -- System Information:
> Debian Release: bullseye/sid
>  APT prefers testing
>  APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 5.10.0-6-amd64 (SMP w/24 CPU threads)
> Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
> Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
> LANGUAGE=en_AU:en
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: SELinux: enabled - Mode: Permissive - Policy name: default
> 
> Versions of packages bind9 depends on:
> ii  adduser3.118
> ii  bind9-libs 1:9.16.13-1
> ii  bind9-utils1:9.16.13-1
> ii  debconf [debconf-2.0]  1.5.75
> ii  dns-root-data  2021011101
> ii  init-system-helpers1.60
> ii  iproute2   5.10.0-4
> ii  libc6  2.31-11
> ii  libcap21:2.44-1
> ii  libfstrm0  0.6.0-1+b1
> ii  libjson-c5 0.15-2
> ii  liblmdb0   0.9.24-1
> ii  libmaxminddb0  1.5.2-1
> ii  libprotobuf-c1 1.3.3-1+b2
> ii  libssl1.1  1.1.1k-1
> ii  libuv1 1.40.0-1
> ii  libxml22.9.10+dfsg-6.3+b1
> ii  lsb-base   11.1.0
> ii  netbase6.3
> ii  zlib1g 1:1.2.11.dfsg-2
> 
> bind9 recommends no packages.
> 
> Versions of packages bind9 suggests:
> pn  bind-doc   
> ii  bind9-dnsutils [dnsutils]  1:9.16.13-1
> ii  dnsutils   1:9.16.13-1
> pn  resolvconf 
> pn  ufw
> 
> -- Configuration Files:
> /etc/bind/named.conf.local changed:
> //
> // Do any local configuration here
> //
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
> //include "/etc/bind/named.conf.postal";
> 
> /etc/bind/named.conf.options changed:
> options {
>   directory "/var/cache/bind";
>   // If there is a firewall between you and nameservers you want
>   // to talk to, you may need to fix the firewall to allow multiple
>   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
>   // If your ISP provided one or more IP addresses for stable 
>   // nameservers, you probably want 

Bug#986005: Newer upstream available: 5.56

[Yuri D'Elia]

Package: bluez
Version: 5.55-3
Followup-For: Bug #986005

Upstream is now at 5.58

Bug#988370: libatlas-test: FTBFS on 'nocheck' profile

[Lukas Märdian]

Package: libatlas-test
Version: 3.10.3-10
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: sl...@ubuntu.com

Dear Maintainer,

the src:atlas package fails to build its libatlas-test binary package
when built with the 'nocheck' profile, e.g.

DEB_BUILD_OPTIONS=nocheck debuild

...
make[1]: Leaving directory '/<>'
   dh_install -a
dh_install: warning: Cannot find (any matches for) "build/bin/*tst" (tried in 
., debian/tmp)

dh_install: warning: libatlas-test missing files: build/bin/*tst
dh_install: warning: Cannot find (any matches for) 
"build/interfaces/blas/C/testing/x*" (tried in ., debian/tmp)

dh_install: warning: libatlas-test missing files: 
build/interfaces/blas/C/testing/x*
dh_install: warning: Cannot find (any matches for) 
"build/interfaces/blas/F77/testing/x*" (tried in ., debian/tmp)

dh_install: warning: libatlas-test missing files: 
build/interfaces/blas/F77/testing/x*
dh_install: error: missing files, aborting
make: *** [debian/rules:108: binary-arch] Error 25
dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit 
status 2

It looks like it builds the relevant test binaries during the
'make check' stage only. So it cannot package/install them if run with
the 'nocheck' profile.

BR,
  Lukas

-- System Information:
Debian Release: bullseye/sid
  APT prefers hirsute-updates
  APT policy: (500, 'hirsute-updates'), (500, 'hirsute-security'), (500, 
'hirsute')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.11.0-16-generic (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE:en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libatlas-test depends on:
ii  libc6 2.33-0ubuntu5
ii  libgfortran5  11.1.0-1ubuntu1~21.04

libatlas-test recommends no packages.

libatlas-test suggests no packages.

Bug#984956: Processed: Re: Bug#984956: me too

[Lucas Nussbaum]

On 11/05/21 at 14:48 +0300, Vassilis Virvilis wrote:
> I believe the problem is that mpirun is built with the internal pmix
> library when there is external available.
> 
> bill@odin:~/src/openmpi-4.1.0$ dpkg -l '*pmix*' | grep ^ii
> ii  libpmix-dev:amd64 4.0.0-4  amd64Development files for the
> PMI Exascale library
> ii  libpmix2:amd644.0.0-4  amd64Process Management
> Interface (Exascale) library
> 
> mpirun is not linked to the external libpmix2
> 
> bill@odin:~/src/openmpi-4.1.0$ ldd /usr/bin/mpirun.openmpi
>linux-vdso.so.1 (0x7fffa1153000)
>libopen-rte.so.40 => /usr/lib/x86_64-linux-gnu/libopen-rte.so.40
> (0x7f3cdf657000)
>libopen-pal.so.40 => /usr/lib/x86_64-linux-gnu/libopen-pal.so.40
> (0x7f3cdf5a3000)
>libevent_core-2.1.so.7 =>
> /usr/lib/x86_64-linux-gnu/libevent_core-2.1.so.7 (0x7f3cdf569000)
>libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f3cdf3a4000)
>libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7f3cdf387000)
>libhwloc.so.15 => /usr/lib/x86_64-linux-gnu/libhwloc.so.15
> (0x7f3cdf32e000)
>libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
> (0x7f3cdf30a000)
>libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f3cdf304000)
>libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1
> (0x7f3cdf2ff000)
>libevent_pthreads-2.1.so.7 =>
> /usr/lib/x86_64-linux-gnu/libevent_pthreads-2.1.so.7 (0x7f3cdf2fa000)
>/lib64/ld-linux-x86-64.so.2 (0x7f3cdf72c000)
>libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f3cdf1b6000)
>libudev.so.1 => /usr/lib/x86_64-linux-gnu/libudev.so.1
> (0x7f3cdf18e000)

That's because it is loaded dynamically.

mca_pmix_ext3x.so is linked to libpmix.so.2:

# ldd /usr/lib/x86_64-linux-gnu/openmpi/lib/openmpi3/mca_pmix_ext3x.so
linux-vdso.so.1 (0x7ffeba72a000)
libopen-pal.so.40 => /lib/x86_64-linux-gnu/libopen-pal.so.40 
(0x7fae76f77000)
libpmix.so.2 => /lib/x86_64-linux-gnu/libpmix.so.2 (0x7fae76e2c000)
libevent_core-2.1.so.7 => /lib/x86_64-linux-gnu/libevent_core-2.1.so.7 
(0x7fae76df2000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
(0x7fae76dd)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7fae76c0b000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7fae76c05000)
libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x7fae76bfe000)
libhwloc.so.15 => /lib/x86_64-linux-gnu/libhwloc.so.15 
(0x7fae76ba5000)
libevent_pthreads-2.1.so.7 => 
/lib/x86_64-linux-gnu/libevent_pthreads-2.1.so.7 (0x7fae76ba)
/lib64/ld-linux-x86-64.so.2 (0x7fae77057000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7fae76a5c000)
libudev.so.1 => /lib/x86_64-linux-gnu/libudev.so.1 (0x7fae76a34000)

> There is this https://github.com/open-mpi/ompi/issues/8335 but it looks
> applied in Debian.
> 
> I am trying to find the config.log to understand why it prefers the
> internal version of the pmix library but so far I can't tell.
> 
> Can you give me a hint where the config.log lives after a successful build?

It's not available. I rebuilt it locally, and got:

configure:13919: checking if user requested internal PMIx 
support(/usr/lib/x86_64-linux-gnu/pmix2)
configure:13932: result: no
configure:13985: checking for pmix.h in /usr/lib/x86_64-linux-gnu/pmix2
configure:13993: result: not found
configure:13995: checking for pmix.h in /usr/lib/x86_64-linux-gnu/pmix2/include
configure:13999: result: found
configure:14048: checking libpmix.* in /usr/lib/x86_64-linux-gnu/pmix2/lib64
configure:14056: result: not found
configure:14058: checking libpmix.* in /usr/lib/x86_64-linux-gnu/pmix2/lib
configure:14062: result: found
configure:14081: checking PMIx version
configure:14091: result: version file found
configure:14099: checking version 4x
configure:14117: gcc -E -I/usr/lib/x86_64-linux-gnu/pmix2/include -Wdate-time 
-D_FORTIFY_SOURCE=2 conftest.c
configure:14117: $? = 0
configure:14118: result: found
configure:14305: checking PMIx version to be used
configure:14308: result: external(4x)

(which looks OK)

Lucas

Bug#988369: debsigs --verify not implemented

[Steve McIntyre]

Package: debsigs
Version: 0.1.25
Severity: normal

tack:~$ debsigs --verify sbsigntool_0.6-3.2_amd64.deb
Verify not yet implemented. at /usr/bin/debsigs line 75.

It would be nice to have some verification code here, to e able to
test things directly in the same package.

-- System Information:
Debian Release: 10.9
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debsigs depends on:
ii  binutils  2.31.1-16
ii  gnupg 2.2.12-1+deb10u1
ii  perl  5.28.1-6+deb10u1

Versions of packages debsigs recommends:
ii  debsig-verify  0.19+b10

debsigs suggests no packages.

-- no debconf information

Bug#987547: better error message if dpkg-dev not installed

[Helmut Grohne]

Control: severity -1 serious
Control: retitle -1 missing dependency on dpkg-dev
Control: tags -1 + patch
Justification: missing dependency

On Sun, Apr 25, 2021 at 02:11:30PM +0200, Marc Haber wrote:
> while debspawn recommends build-essential, it can be installed without
> dpkg-dev present. In this case, debspawn create fails with a python
> backtrace because it cannot find dpkg-architecture.

I confirm.

> This should either be a clearer error message ("dpkg-architecture
> missing, install dpkg-dev to allow operation") or dpkg-dev should be a
> Depends.

I disagree with the former here. Quite evidently, trying to use debspawn
without dpkg-dev is not a supported configuration. As such, a better
error message seems unnecessary to me. There is no reasonable way to use
dpkg-dev without dpkg-architecture and as such there should be the
dependency you suggest. It also happens to be easy trivial to fix and
such a fix is appropriate during freeze.

Let me also propose a different solution to the problem at hand.
Basically, the only thing that dpkg-architecture is being used for is
`dpkg-architecture -qDEB_HOST_ARCH`. Its output is used as a fallback
when no architecture is provided by the user. It is intended to serve
the architecture of the running system (even though that's not quite
what it does). A simpler way to do that is dpkg --print-architecture and
in doing so, the dpkg-dev dependency is avoided. I'm attaching a patch
to that end.

Either the patch or the dependency should be applied in time for
bullseye.

Helmut
--- debspawn-0.4.1.orig/debspawn/osbase.py
+++ debspawn-0.4.1/debspawn/osbase.py
@@ -56,9 +56,9 @@ class OSBase:
 
 def _make_name(self):
 if not self._arch:
-out, _, ret = safe_run(['dpkg-architecture', '-qDEB_HOST_ARCH'])
+out, _, ret = safe_run(['dpkg', '--print-architecture'])
 if ret != 0:
-raise Exception('Running dpkg-architecture failed: {}'.format(out))
+raise Exception('Running dpkg --print-architecture failed: {}'.format(out))
 
 self._arch = out.strip()
 if self._variant:
--- debspawn-0.4.1.orig/tests/conftest.py
+++ debspawn-0.4.1/tests/conftest.py
@@ -70,12 +70,12 @@ def build_arch():
 '''
 from debspawn.utils.command import safe_run
 
-out, _, ret = safe_run(['dpkg-architecture', '-q', 'DEB_BUILD_ARCH'])
+out, _, ret = safe_run(['dpkg', '--print-architecture'])
 assert ret == 0
 
 arch = out.strip()
 if not arch:
-arch = 'amd64'  # assume arm64 as default
+arch = 'amd64'  # assume amd64 as default
 
 return arch
 

Bug#988368: debsigs --list does not work with gpg2

[Steve McIntyre]

Package: debsigs
Version: 0.1.25
Severity: important
Tags: patch

Hi!

Just playing with debsigs locally to see if it might solve a problem
for me. A little it surprised to see that it doesn't work fully with
gpg2.

I signed a package and that worked OK:

tack:~$ debsigs --sign=origin sbsigntool_0.6-3.2_amd64.deb
gpg: using "587979573442684E" as default secret key for signing

But listing the sigs doesn't work:

tack:~$ debsigs --list sbsigntool_0.6-3.2_amd64.deb
GPG signatures in sbsigntool_0.6-3.2_amd64.deb:
bad gpg line at /usr/share/perl5/Debian/debsigs/gpg.pm line 39,  line 1.

The code in gpg.pm is assuming the first line is always going to
describe a signature packet, but that's not the case with
gpg2. Comparing the output, I see that there's an extra comment line
at the start of the output:

tack:~$ gpg1 --list-packets _gpgorigin 
:signature packet: algo 1, keyid 587979573442684E
version 4, created 1620732510, md5len 0, sigclass 0x00
digest algo 8, begin of digest 1d 9d
hashed subpkt 33 len 21 (?)
hashed subpkt 2 len 4 (sig created 2021-05-11)
subpkt 16 len 8 (issuer key ID 587979573442684E)
data: [4095 bits]


tack:~$ gpg2 --list-packets _gpgorigin 
# off=0 ctb=89 tag=2 hlen=3 plen=563
:signature packet: algo 1, keyid 587979573442684E
version 4, created 1620732510, md5len 0, sigclass 0x00
digest algo 8, begin of digest 1d 9d
hashed subpkt 33 len 21 (issuer fpr v4 
CEBB52301D617E910390FE16587979573442684E)
hashed subpkt 2 len 4 (sig created 2021-05-11)
subpkt 16 len 8 (issuer key ID 587979573442684E)
data: [4095 bits]

Here's a trivial patch to ignore that comment if it's there.

-- System Information:
Debian Release: 10.9
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debsigs depends on:
ii  binutils  2.31.1-16
ii  gnupg 2.2.12-1+deb10u1
ii  perl  5.28.1-6+deb10u1

Versions of packages debsigs recommends:
ii  debsig-verify  0.19+b10

debsigs suggests no packages.

-- no debconf information
>From d56451db12dd89c874606741ed619e6b72cfa86f Mon Sep 17 00:00:00 2001
From: Steve McIntyre 
Date: Tue, 11 May 2021 12:53:21 +0100
Subject: [PATCH] Cope with extra comment in gpg2 output

Signed-off-by: Steve McIntyre 
---
 gpg.pm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gpg.pm b/gpg.pm
index 99d2998..c624b4e 100644
--- a/gpg.pm
+++ b/gpg.pm
@@ -35,6 +35,9 @@ sub getkeyfromfd {
   my ($keyid, $date);
 
   my $line = <$gpgfd>;
+  if ($line =~ /^#/) {
+$line = <$gpgfd>;
+  };
   # print STDERR "gpg: got first line: $line";
   die 'bad gpg line' unless ($line =~ '^:signature packet:');
   ($keyid) = $line =~ /^:signature packet: .+ keyid ([0-9a-fA-F]+)/;
-- 
2.20.1

Bug#984956: me too

[Lucas Nussbaum]

On 07/05/21 at 17:24 +0300, Vassilis Virvilis wrote:
> The second value (index  == 1) has value.type = 56 (pmix.topo2) which is
> outside the range of supported value types. I think the last entry is
> PMIX_REGEX 46 at
> ./debian/build-gfortran/opal/mca/pmix/pmix3x/pmix/include/pmix_common.h
> 
> However in /usr/lib/x86_64-linux-gnu/pmix2/include/pmix_common.h the list
> goes further ending in PMIX_COMPRESSED_BYTE_OBJECT 59 with 56 being
> PMIX_TOPO

I tried to ensure that pmix_common.h (inside the sources) was unused
during build, and added an #error inside it. The build succeeded, which
seems to confirm that it is not used...

Lucas

Bug#986819: ukui-session-manager: leaves alternatives after upgrade from buster: /usr/bin/x-session-manager -> /etc/alternatives/x-session-manager -> /usr/bin/ukui-session

[handsome_feng]

Hi, Andreas,


Sorry for the delay and thanks a lot for your NUM !
I will merge this upstream.


handsome_feng














在2021年05月04 16时47分，"Andreas Beckmann"写道：

Followup-For: Bug #986819
Control: tag -1 pending

Hi,

I've just NMUed the fix to DELAYED/3, please let me know if I should
delay it longer.

Attached is an updated patch fixing the version number in the preinst
s.t. the cleanup also happens if the system was already upgraded to the
buggy bullseye version.


Andreas

Bug#868095: base-files: clean up legacy conffiles

[Christoph Anton Mitterer]

On Mon, 2021-05-10 at 19:35 +0200, Santiago Vila wrote:
> Patches are welcome.

I'm not 100% sure how to do it properly ^^

First, for most packages I've seen, the according dpkg-maintscript-
helper invocation seems to have been automatically added by
dh_installdeb... no idea how this is actually triggered there or why it
didn't happen for base-files

Second, if you just "manually" call something like:

dpkg-maintscript-helper rm_conffile /etc/apt/apt-file.conf VERSION~ -- "$@"

the file would get removed, AFAIU, while it should be kept (with any
possible modifications) and just unregistered from being a conffile.

AFAIU the manpage, VERISION would need to be the one where you do the
cleanup (followed by ~) - not the one where the file was switched back
to no longer being a conffile



> (But I'm not sure if it does worth the effort at this time for
> bullseye,

Probably not as you say,... it's rather just a cosmetic issue that
should be fixed eventually.


Cheers,
Chris.

Bug#988236: Likely the best solution

[Guilhem Moulin]

On Mon, 10 May 2021 at 23:19:51 -0300, Kurt Fitzner via 
Pkg-roundcube-maintainers wrote:
> I think you've lighted (hah) upon the best solution here.

I don't really like it as it makes assumptions about another namespace/
interface.  There is also no guaranty that fastcgi handlers for .php
match that glob (lighttpd <1.4.55-2 doesn't ship anything for PHP-FPM,
and a user could very well have hand-crafted 00-php-fpm.conf).

24fade6 might limit the risk of ending up with a broken configuration,
but in my eyes it's more a workaround than a fix.

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#988367: linux-headers 4.19.165 '"make scripts" results fatal error: classmap.h: No such file or directory'

[Arul pandiyan]

Package: linux-headers
Version: 4.19.165-cip41-rt18

When "make scripts" are triggered from /usr/src/linux-header-${uname -r}
directory.
It fails to build the scripts due to the unavailability of selinux headers.
Below are the logs
root@localhost:~# cd /usr/src/linux-headers-4.19.165-cip41-rt18+mel6
root@localhost:/usr/src/linux-headers-4.19.165-cip41-rt18+mel6#  wget
https://raw.githubusercontent.com/armbian/build/master/patch/misc/headers-debian-byteshift.patch
-O - | sudo patch -p1
sudo: unable to resolve host localhost.localdomain: Name or service not
known
--2021-05-11 08:18:27--
https://raw.githubusercontent.com/armbian/build/master/patch/misc/headers-debian-byteshift.patch
Resolving raw.githubusercontent.com (raw.githubusercontent.com)...
185.199.111.133, 185.199.108.133, 185.199.110.133, ...
Connecting to raw.githubusercontent.com
(raw.githubusercontent.com)|185.199.111.133|:443...
connected.
HTTP request sent, awaiting response... 200 OK
Length: 3591 (3.5K) [text/plain]
Saving to: ‘STDOUT’

-   100%[===>]   3.51K  --.-KB/sin 0s

2021-05-11 08:18:27 (11.5 MB/s) - written to stdout [3591/3591]

patching file tools/include/tools/be_byteshift.h
patching file tools/include/tools/le_byteshift.h
root@iot2050:/usr/src/linux-headers-4.19.165-cip41-rt18+mel6# make scripts
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  YACCscripts/kconfig/zconf.tab.c
  LEX scripts/kconfig/zconf.lex.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --syncconfig Kconfig
  HOSTCC  scripts/dtc/dtc.o
  HOSTCC  scripts/dtc/flattree.o
  HOSTCC  scripts/dtc/fstree.o
  HOSTCC  scripts/dtc/data.o
  HOSTCC  scripts/dtc/livetree.o
  HOSTCC  scripts/dtc/treesource.o
  HOSTCC  scripts/dtc/srcpos.o
  HOSTCC  scripts/dtc/checks.o
  HOSTCC  scripts/dtc/util.o
  LEX scripts/dtc/dtc-lexer.lex.c
  YACCscripts/dtc/dtc-parser.tab.h
  HOSTCC  scripts/dtc/dtc-lexer.lex.o
  YACCscripts/dtc/dtc-parser.tab.c
  HOSTCC  scripts/dtc/dtc-parser.tab.o
  HOSTLD  scripts/dtc/dtc
  HOSTCC  scripts/dtc/fdtoverlay.o
  HOSTCC  scripts/dtc/libfdt/fdt.o
  HOSTCC  scripts/dtc/libfdt/fdt_rw.o
  HOSTCC  scripts/dtc/libfdt/fdt_sw.o
  HOSTCC  scripts/dtc/libfdt/fdt_empty_tree.o
  HOSTCC  scripts/dtc/libfdt/fdt_overlay.o
  HOSTCC  scripts/dtc/libfdt/fdt_wip.o
  HOSTCC  scripts/dtc/libfdt/fdt_strerror.o
  HOSTCC  scripts/dtc/libfdt/fdt_ro.o
  HOSTCC  scripts/dtc/libfdt/fdt_addresses.o
  HOSTLD  scripts/dtc/fdtoverlay
  YACCscripts/genksyms/parse.tab.h
  HOSTCC  scripts/genksyms/genksyms.o
  YACCscripts/genksyms/parse.tab.c
  HOSTCC  scripts/genksyms/parse.tab.o
  LEX scripts/genksyms/lex.lex.c
  HOSTCC  scripts/genksyms/lex.lex.o
  HOSTLD  scripts/genksyms/genksyms
  HOSTCC  scripts/mod/mk_elfconfig
  CC  scripts/mod/empty.o
  MKELF   scripts/mod/elfconfig.h
  CC  scripts/mod/devicetable-offsets.s
  HOSTCC  scripts/mod/modpost.o
  HOSTCC  scripts/mod/file2alias.o
  HOSTCC  scripts/mod/sumversion.o
  HOSTLD  scripts/mod/modpost
  HOSTCC  scripts/selinux/genheaders/genheaders
scripts/selinux/genheaders/genheaders.c:18:10: fatal error: classmap.h: No
such file or directory
 #include "classmap.h"
  ^~~~
compilation terminated.
make[3]: *** [scripts/Makefile.host:90:
scripts/selinux/genheaders/genheaders] Error 1
make[2]: *** [scripts/Makefile.build:544: scripts/selinux/genheaders] Error
2
make[1]: *** [scripts/Makefile.build:544: scripts/selinux] Error 2
make: *** [Makefile:1092: scripts] Error 2
root@iot2050:/usr/src/linux-headers-4.19.165-cip41-rt18+mel6#

I had pushed the PR(https://github.com/ilbers/isar/pull/67) where
corresponding headers can be copied to linux-headers.

I am using Debian buster, kernel 4.19.165-cip41-rt18.
Regards
Arulpandiyan V

Bug#988366: RFS: ssocr/2.21.0-1 -- OCR for seven segment displays

[Gürkan Myczko]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "ssocr":

 * Package name: ssocr
   Version : 2.21.0-1
   Upstream Author : Erik Auerswald 
 * URL : https://www.unix-ag.uni-kl.de/~auerswal/ssocr/
 * License : GPL-3+
 * Vcs : [fill in URL of packaging vcs]
   Section : graphics

It builds those binary packages:

  ssocr - OCR for seven segment displays

To access further information about this package, please visit the 
following URL:


  https://mentors.debian.net/package/ssocr/

Alternatively, one can download the package with dget using this 
command:


  dget -x 
https://mentors.debian.net/debian/pool/main/s/ssocr/ssocr_2.21.0-1.dsc


Changes since the last upload:

 ssocr (2.21.0-1) experimental; urgency=medium
 .
   * New upstream version.
   * d/control:
 - bump standards version to 4.5.1.
 - added Rules-Requires-Root.
   * d/upstream/metadata: added.
   * d/copyright:
 - update copyright years.
 - added Upstream-Contact.
   * Bump debhelper version to 13, drop d/compat.

Regards,
--
  Gürkan Myczko

Bug#988364: e-dico-de-rene-cougnenc FTCBFS: builds for the build architecture

[Helmut Grohne]

Source: le-dico-de-rene-cougnenc
Version: 1.3-2.3
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

le-dico-de-rene-cougnenc fails to cross build from source, because it
does not pass cross tools to make. The easiest way of doing so - using
dh_auto_build - does not fix it, because the upstream Makefile hard
codes the build architecture compiler. It needs to be made substitutable
as well. Please consider applying the attached patch to make it cross
buildable.

Helmut
diff -u le-dico-de-rene-cougnenc-1.3/debian/changelog 
le-dico-de-rene-cougnenc-1.3/debian/changelog
--- le-dico-de-rene-cougnenc-1.3/debian/changelog
+++ le-dico-de-rene-cougnenc-1.3/debian/changelog
@@ -1,3 +1,12 @@
+le-dico-de-rene-cougnenc (1.3-2.4) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: (Closes: #-1)
++ Let dh_auto_build pass cross tools to make.
++ Make gcc substitutable.
+
+ -- Helmut Grohne   Tue, 11 May 2021 06:17:21 +0200
+
 le-dico-de-rene-cougnenc (1.3-2.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u le-dico-de-rene-cougnenc-1.3/debian/rules 
le-dico-de-rene-cougnenc-1.3/debian/rules
--- le-dico-de-rene-cougnenc-1.3/debian/rules
+++ le-dico-de-rene-cougnenc-1.3/debian/rules
@@ -11,7 +11,7 @@
 build-stamp:
dh_testdir
 
-   -$(MAKE) -C src
+   -dh_auto_build --sourcedirectory=src
 
touch build-stamp
 
diff -u le-dico-de-rene-cougnenc-1.3/src/Makefile 
le-dico-de-rene-cougnenc-1.3/src/Makefile
--- le-dico-de-rene-cougnenc-1.3/src/Makefile
+++ le-dico-de-rene-cougnenc-1.3/src/Makefile
@@ -2,8 +2,8 @@
 prefix = /usr
 
 dico: dico.c killposte.c
-   gcc -g dico.c -o dico
-   gcc -g killposte.c -o killposte
+   $(CC) -g dico.c -o dico
+   $(CC) -g killposte.c -o killposte
 
 clean:
rm -fr *~ dico killposte *.1 manpage.links manpage.refs

Bug#983874: gitaly: fails to install: Could not find gem 'rugged (~> 0.28)'

[Pirate Praveen]

On Tue, 16 Mar 2021 13:24:10 +0100 Kristof Csillag 
 wrote:

> Package: gitaly
> Followup-For: Bug #983874
>
> I am seeing the same thing. This also makes gitlab unusable.

Keeping all moving parts working together in unstable is not possible 
during freeze and transitions.


> Is there any update about this? A severe error has been reported,
> and there is no reply for two weeks.

This was fixed long time back in experimental. It is a good idea to 
check the wiki page of gitlab for known issues and work arounds.


> Is this package supposed to be actually used by people?

The recommended way is to use it from fasttrack as documented in
https://wiki.debian.org/gitlab#Buster_Fast_Track_.28Recommended.29

Many people use it and sometimes I provide support via #debian-gitlab 
on oftc irc.

Bug#984956: me too

[Lucas Nussbaum]

Control: severity -1 serious

Hi,

This breaks OpenMPI in very basic cases, so I'm upgrading the severity
to serious.

Lucas

Bug#988352: linux-image-4.19.0-16-amd64: none

[Salvatore Bonaccorso]

Hi,

On Tue, May 11, 2021 at 10:27:35AM +0200, Johann Grabmann wrote:
> Package: src:linux
> Version: 4.19.181-1
> Severity: wishlist
> 
> Dear Maintainer,
> 
> there seems to be a problem with cifs at *4.19.181-1 (**4.19.0-16-amd64*).
> With *4.19.171-2 (2021-01-30) (**linux-image-4.19.0-14-amd64**)* the error
> could NOT be reproduced, there it works as expected.
> 
> Problem when trying to mount a CIFS-share:
> mount error(20): Not a directory
> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
> 
> This is maybe related to the following from the changelog
> 
> :
> 
> - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
> 
> Unfortunately, there is also apparently no possibility of overwriting this
> prepath, since the option is only set additionally:
> mount.cifs kernel mount options:
> ip=xx.xx.xx.xx,unc=\\srv.local\filexchg,vers=1.0,sec=ntlmssp,cache=strict,
> *prefixpath=none*,uid=33,gid=33,user=username,domain=local,
> *prefixpath=shares/myshare*,pass=

Thanks for reporting, for dtails see
https://lore.kernel.org/stable/ygximcsclg4e1%2...@eldamar.lan/

It is in any case pending for the next upload for buster.

Regards,
Salvatore

Bug#929685: pending upload

[Andreas Beckmann]

On 19/03/2021 12.24, Matthias Klose wrote:

Control: reassign -1 src_ca-certificates-java, ca-certificates

I committed Andreas' proposed changes to ca-certificates-java, however that
requires a corresponding upload to ca-certificates.


If we revert the ca-certificates version bump (merge request !6) you can 
upload the remaining fixes now and we bump the version and create the 
flag file once the corresponding features are implemented in 
ca-certificates.


Andreas

Bug#988361: ITP: golang-github-rafaeljusto-redigomock -- Easy way to unit test projects using redigo library (Redis client in go)

[Arnaud Rebillout]

Package: wnpp
Severity: wishlist
Owner: Arnaud Rebillout 

* Package name: golang-github-rafaeljusto-redigomock
  Version : 3.0.1-1
  Upstream Author : Rafael Dantas Justo
* URL : https://github.com/rafaeljusto/redigomock
* License : GPL-2.0
  Programming Lang: Go
  Description : Unit tests using redigo library (Redis client in go)

 Easy way to unit test projects using redigo library
 (https://github.com/gomodule/redigo) (Redis client
 in go).



This is a dependency of mirrorbits [1] that I plan to package.

This is also a dependency for tests of gitlab-workhorse, although at the moment
the related unit tests are disabled in the Debian package [2]. I guess that it
will be possible to enable those tests when rafaeljusto-redigomock is packaged.

I plan to maintain this package with the Go Team.

[1]: https://github.com/etix/mirrorbits
[2]: 
https://salsa.debian.org/go-team/packages/gitlab-workhorse/-/blob/1f5760c78a54ff1319f5ada6d1438f8d2694b37c/debian/rules#L5

Bug#988341: unblock: nis/4.3

[Francesco P. Lovergine]

I found also a pending doc-only change still seating in my repo:

diff --git a/debian/nis.debian.howto b/debian/nis.debian.howto
index e90e549..2641b86 100644
--- a/debian/nis.debian.howto
+++ b/debian/nis.debian.howto
@@ -66,6 +66,13 @@ The NIS how-to on Debian

  2.1 FOR LIBC6:

+ Ensure to have libnss-nis package installed. It is currently
+ only recommended by both libc and ypbind-mt, because it is not an
+ essential component for the system. Even, for your own reasons you
+ could be interested in binding a NIS domain to access the NIS maps via
+ yptools, but not activating it as an account information provider for
+ the system.
+  
  Check your /etc/nsswitch.conf file and make sure that the entries for

  passwd, group, shadow and netgroup look like this:

I could add this note to the source-only upload, possibly. Is it ok?

On Tue, May 11, 2021 at 10:34:32AM +0200, Sebastian Ramacher wrote:

Control: tags -1 confirmed moreinfo

On 2021-05-10 20:43:26 +0200, Francesco P. Lovergine wrote:

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nis

[ Reason ]

Fixes serious bug #988227 (bashism in postinst).

[ Impact ]

Upgrade not smoothly done from stable.

[ Tests ]

No autopkg test. Manually tested with dash.

[ Risks ]

None.

[ Checklist ]
   [x] all changes are documented in the d/changelog
   [x] I reviewed all changes and I approve them
   [x] attach debdiff against the package in testing

[ Other info ]

Native migration package only.

unblock nis/4.3


Not built on buildd: arch all binaries uploaded by frankie, a new source-only 
upload is needed to allow migration

Please perform a source-only upload and remove the moreinfo tag once
that's done.

Cheers



--
Francesco P. Lovergine



diff -Nru nis-4.2/debian/changelog nis-4.3/debian/changelog
--- nis-4.2/debian/changelog2021-01-31 10:22:32.0 +0100
+++ nis-4.3/debian/changelog2021-05-08 17:19:24.0 +0200
@@ -1,3 +1,10 @@
+nis (4.3) unstable; urgency=medium
+
+  * Fixed a sort-of bashism in postinst.
+(closes: #988227)
+
+ -- Francesco Paolo Lovergine   Sat, 08 May 2021 17:19:24 
+0200
+
 nis (4.2) unstable; urgency=medium

   * Missed removing of /etc/init.d/nis at upgrade time added.
diff -Nru nis-4.2/debian/postinst nis-4.3/debian/postinst
--- nis-4.2/debian/postinst 2021-01-31 10:22:32.0 +0100
+++ nis-4.3/debian/postinst 2021-05-08 17:19:24.0 +0200
@@ -73,10 +73,13 @@
 case "$1" in
 configure)
 PREV_VER="$2"
-   if [ ! -z "$PREV_VER" -a $(dpkg --compare-versions "$PREV_VER" 
lt '4~'; echo $?) -eq 0 ]
-then
-upgrade_old
-fi
+   if [ ! -z "$PREV_VER" ]
+   then
+   if dpkg --compare-versions "$PREV_VER" lt '4~'
+   then
+   upgrade_old
+   fi
+   fi
rm -f /etc/init.d/nis
 ;;
 *)



--
Sebastian Ramacher




--
Francesco P. Lovergine

Bug#988358: bucardo: please use versioned Depends: libpod-parser-perl (>= 1.63)

[Andreas Beckmann]

Package: bucardo
Version: 5.6.0-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: clone -1 -2 -3
Control: reassign -2 latexml 0.8.5-2
Control: retitle -2 latexml: please use versioned Depends: libpod-parser-perl 
(>= 1.63)
Control: reassign -3 pod2pdf 0.42-5.1
Control: retitle -3 pod2pdf: please use versioned Depends: libpod-parser-perl 
(>= 1.63)

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'buster' if perl-modules-5.24 from stretch is still installed.

perl-modules-5.24 provided an unversioned virtual libpod-parser-perl
and apt tries to use the installed package (instead of installing a new
package) to satisfy the new dependency of bucardo, while
perl-modules-5.24 needs to get removed due to Breaks in new perl.
(The versioned virtual libpod-parser-perl (= 1.63) in perl/buster is
probably not considered a candidate since perl with its high score was
decided for being upgraded earlier.)

Making the dependency versioned excludes the unversioned virtual package
from being considered a candidate. I tested this with bucardo, and assume
that it will work the same way for the other two packages showing the
same problem.

>From the attached log (scroll to the bottom...):

  Starting 2 pkgProblemResolver with broken count: 1
  Investigating (0) perl:amd64 < 5.28.1-6+deb10u1 -> 5.32.1-4 @ii umU Ib >
  Broken perl:amd64 Breaks on perl-modules-5.24:amd64 < 5.24.1-3+deb9u7 @ii mK >
Considering perl-modules-5.24:amd64 -2 as a solution to perl:amd64 16
Added perl-modules-5.24:amd64 to the remove list
Fixing perl:amd64 via remove of perl-modules-5.24:amd64
  Investigating (0) bucardo:amd64 < 5.5.0-1 -> 5.6.0-2 @ii umU Ib >
  Broken bucardo:amd64 Depends on libpod-parser-perl:amd64 < none | 1.63-2 @un 
uH >
Considering libpod-parser-perl:amd64 1 as a solution to bucardo:amd64 0
Holding Back bucardo:amd64 rather than change libpod-parser-perl:amd64
  Investigating (0) libperl5.24:amd64 < 5.24.1-3+deb9u7 @ii gK Ib >
  Broken libperl5.24:amd64 Depends on perl-modules-5.24:amd64 < 5.24.1-3+deb9u7 
@ii mR > (>= 5.24.1-3+deb9u7)
Considering perl-modules-5.24:amd64 -2 as a solution to libperl5.24:amd64 -2
Removing libperl5.24:amd64 rather than change perl-modules-5.24:amd64
  Investigating (1) perl-base:amd64 < 5.28.1-6+deb10u1 -> 5.32.1-4 @ii umU Ib >
  Broken perl-base:amd64 Breaks on bucardo:amd64 < 5.5.0-1 | 5.6.0-2 @ii umH > 
(< 5.5.0-1.1)
Considering bucardo:amd64 0 as a solution to perl-base:amd64 5238
Upgrading bucardo:amd64 due to Breaks field in perl-base:amd64
  Investigating (1) bucardo:amd64 < 5.5.0-1 -> 5.6.0-2 @ii umU Ib >
  Broken bucardo:amd64 Depends on libpod-parser-perl:amd64 < none | 1.63-2 @un 
uH >
Considering libpod-parser-perl:amd64 1 as a solution to bucardo:amd64 0
Holding Back bucardo:amd64 rather than change libpod-parser-perl:amd64
  Investigating (2) perl-base:amd64 < 5.28.1-6+deb10u1 -> 5.32.1-4 @ii umU Ib >
  Broken perl-base:amd64 Breaks on bucardo:amd64 < 5.5.0-1 | 5.6.0-2 @ii umH > 
(< 5.5.0-1.1)
Considering bucardo:amd64 0 as a solution to perl-base:amd64 5238
Upgrading bucardo:amd64 due to Breaks field in perl-base:amd64
  Investigating (2) bucardo:amd64 < 5.5.0-1 -> 5.6.0-2 @ii umU Ib >
  Broken bucardo:amd64 Depends on libpod-parser-perl:amd64 < none | 1.63-2 @un 
uH >
Considering libpod-parser-perl:amd64 1 as a solution to bucardo:amd64 0
Holding Back bucardo:amd64 rather than change libpod-parser-perl:amd64
  Investigating (3) perl-base:amd64 < 5.28.1-6+deb10u1 -> 5.32.1-4 @ii umU Ib >
  Broken perl-base:amd64 Breaks on bucardo:amd64 < 5.5.0-1 | 5.6.0-2 @ii umH > 
(< 5.5.0-1.1)
Considering bucardo:amd64 0 as a solution to perl-base:amd64 5238
qUpgrading bucardo:amd64 due to Breaks field in perl-base:amd64
  Investigating (3) bucardo:amd64 < 5.5.0-1 -> 5.6.0-2 @ii umU Ib >
  Broken bucardo:amd64 Depends on libpod-parser-perl:amd64 < none | 1.63-2 @un 
uH >
Considering libpod-parser-perl:amd64 1 as a solution to bucardo:amd64 0
Holding Back bucardo:amd64 rather than change libpod-parser-perl:amd64
  Investigating (4) perl-base:amd64 < 5.28.1-6+deb10u1 -> 5.32.1-4 @ii umU Ib >
  Broken perl-base:amd64 Breaks on bucardo:amd64 < 5.5.0-1 | 5.6.0-2 @ii umH > 
(< 5.5.0-1.1)
Considering bucardo:amd64 0 as a solution to perl-base:amd64 5238
Upgrading bucardo:amd64 due to Breaks field in perl-base:amd64
  Investigating (4) bucardo:amd64 < 5.5.0-1 -> 5.6.0-2 @ii umU Ib >
  Broken bucardo:amd64 Depends on libpod-parser-perl:amd64 < none | 1.63-2 @un 
uH >
Considering libpod-parser-perl:amd64 1 as a solution to bucardo:amd64 0
Holding Back bucardo:amd64 rather than change libpod-parser-perl:amd64
  Investigating (5) perl-base:amd64 < 5.28.1-6+deb10u1 -> 5.32.1-4 @ii umU Ib >
  Broken perl-base:amd64 Breaks on bucardo:amd64 < 5.5.0-1 | 5.6.0-2 @ii umH > 
(< 5.5.0-1.1)
Considering bucardo:amd64 0 as a solution to perl-base:amd64 5238

Bug#988357: unblock: python-eventlet/0.26.1-7 CVE-2021-21419

[Thomas Goirand]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package python-eventlet

[ Reason ]
CVE-2021-21419

[ Impact ]
Malicious peer may exhaust memory on Eventlet side by sending
highly compressed data frame.

[ Tests ]
The Eventlet package contains its own test suite.

[ Risks ]
Regression? Hopefully not. The affected code is only in the
websocket.py file.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

Please unblock python-eventlet/0.26.1-7

Cheers,

Thomas Goirand (zigo)
diff -Nru python-eventlet-0.26.1/debian/changelog 
python-eventlet-0.26.1/debian/changelog
--- python-eventlet-0.26.1/debian/changelog 2021-02-18 17:07:30.0 
+0100
+++ python-eventlet-0.26.1/debian/changelog 2021-05-11 08:03:43.0 
+0200
@@ -1,3 +1,11 @@
+python-eventlet (0.26.1-7) unstable; urgency=medium
+
+  * CVE-2021-21419: Malicious peer may exhaust memory on Eventlet side
+by sending highly compressed data frame. Appled upstream patch: websocket:
+Limit maximum uncompressed frame length to 8MiB (Closes: #988342).
+
+ -- Thomas Goirand   Tue, 11 May 2021 08:03:43 +0200
+
 python-eventlet (0.26.1-6) unstable; urgency=medium
 
   * Hack a modified debian/greendns.py with filename=None instead of
diff -Nru 
python-eventlet-0.26.1/debian/patches/CVE-2021-21419_websocket-Limit-maximum-uncompressed-frame-length-to-8MiB.patch
 
python-eventlet-0.26.1/debian/patches/CVE-2021-21419_websocket-Limit-maximum-uncompressed-frame-length-to-8MiB.patch
--- 
python-eventlet-0.26.1/debian/patches/CVE-2021-21419_websocket-Limit-maximum-uncompressed-frame-length-to-8MiB.patch
1970-01-01 01:00:00.0 +0100
+++ 
python-eventlet-0.26.1/debian/patches/CVE-2021-21419_websocket-Limit-maximum-uncompressed-frame-length-to-8MiB.patch
2021-05-11 08:03:43.0 +0200
@@ -0,0 +1,203 @@
+Description: CVE-2021-21419: websocket: Limit maximum uncompressed frame 
length to 8MiB
+ This fixes a memory exhaustion DOS attack vector.
+ References: GHSA-9p9m-jm8w-94p2
+ https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2
+Author: Onno Kortmann 
+Date: Thu, 1 Apr 2021 16:15:47 +0200
+Origin: 
https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07.patch
+Bug-Debian: https://bugs.debian.org/988342
+Last-Update: 2021-05-11
+
+Index: python-eventlet/eventlet/websocket.py
+===
+--- python-eventlet.orig/eventlet/websocket.py
 python-eventlet/eventlet/websocket.py
+@@ -38,6 +38,7 @@ for _mod in ('wsaccel.utf8validator', 'a
+ break
+ 
+ ACCEPTABLE_CLIENT_ERRORS = set((errno.ECONNRESET, errno.EPIPE))
++DEFAULT_MAX_FRAME_LENGTH = 8 << 20
+ 
+ __all__ = ["WebSocketWSGI", "WebSocket"]
+ PROTOCOL_GUID = b'258EAFA5-E914-47DA-95CA-C5AB0DC85B11'
+@@ -75,14 +76,20 @@ class WebSocketWSGI(object):
+ :class:`WebSocket`.  To close the socket, simply return from the
+ function.  Note that the server will log the websocket request at
+ the time of closure.
++
++An optional argument max_frame_length can be given, which will set the
++maximum incoming *uncompressed* payload length of a frame. By default, 
this
++is set to 8MiB. Note that excessive values here might create a DOS attack
++vector.
+ """
+ 
+-def __init__(self, handler):
++def __init__(self, handler, max_frame_length=DEFAULT_MAX_FRAME_LENGTH):
+ self.handler = handler
+ self.protocol_version = None
+ self.support_legacy_versions = True
+ self.supported_protocols = []
+ self.origin_checker = None
++self.max_frame_length = max_frame_length
+ 
+ @classmethod
+ def configured(cls,
+@@ -323,7 +330,8 @@ class WebSocketWSGI(object):
+ sock.sendall(b'\r\n'.join(handshake_reply) + b'\r\n\r\n')
+ return RFC6455WebSocket(sock, environ, self.protocol_version,
+ protocol=negotiated_protocol,
+-extensions=parsed_extensions)
++extensions=parsed_extensions,
++max_frame_length=self.max_frame_length)
+ 
+ def _extract_number(self, value):
+ """
+@@ -502,7 +510,8 @@ class ProtocolError(ValueError):
+ 
+ 
+ class RFC6455WebSocket(WebSocket):
+-def __init__(self, sock, environ, version=13, protocol=None, 
client=False, extensions=None):
++def __init__(self, sock, environ, version=13, protocol=None, 
client=False, extensions=None,
++ max_frame_length=DEFAULT_MAX_FRAME_LENGTH):
+ super(RFC6455WebSocket, self).__init__(sock, environ, version)
+ self.iterator = self._iter_frames()
+ self.client = client
+@@ -511,6 +520,8 @@ class RFC6455WebSocket(WebSocket):
+ 
+ self._deflate_enc = 

Bug#988355: ITP: lsdtopotools2 -- software for analysing topography

[Magnus Hagdorn]

Package: wnpp
Severity: wishlist
Owner: Magnus Hagdorn 

* Package name: lsdtopotools2
  Version : 0.4
  Upstream Author : Simon Mudd 
* URL : https://lsdtopotools.github.io/
* License : GPL3
  Programming Lang: C++
  Description : software for analysing topography

LSDTopoTools is a software package for analysing topography. Applications of 
these analyses span hydrology, geomorphology, soil science, ecology, and 
cognate fields. The software began within the Land Surface Dynamics group at 
the University of Edinburgh.



The software is developed and used at the School of GeoSciences and
required on our managed Linux machines.

Bug#988354: schroot: fails to enter zfs source chroots

[Sebastian Ramacher]

Package: schroot
Version: 1.6.10-12
Severity: normal

Thanks for adding zfs support to schroot. While entering a zfs-backed
chroot works fine, i.e., schroot -c unstable-amd64-sbuild, trying to
enter the source chroot fails:

$ schroot -c source:unstable-amd64-sbuild
E: 10mount: filesystem 'tank/debian/schroot/unstable-amd64-sbuild' cannot be 
mounted using 'mount'.
E: 10mount: Use 'zfs set mountpoint=legacy' or 'zfs mount 
tank/debian/schroot/unstable-amd64-sbuild'.
E: 10mount: See zfs(8) for more information.
E: unstable-amd64-sbuild-74f80dc1-c405-4ec6-a7f5-b533ea723811: Chroot setup 
failed: stage=setup-start

Cheers

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (601, 'testing'), (500, 'testing-security')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages schroot depends on:
ii  libboost-filesystem1.74.0   1.74.0-9
ii  libboost-iostreams1.74.01.74.0-9
ii  libboost-program-options1.74.0  1.74.0-9
ii  libc6   2.31-11
ii  libgcc-s1   10.2.1-6
ii  libpam0g1.4.0-7
ii  libstdc++6  10.2.1-6
ii  libuuid12.36.1-7
ii  lsb-base11.1.0
ii  schroot-common  1.6.10-12

schroot recommends no packages.

Versions of packages schroot suggests:
pn  aufs-tools | unionfs-fuse  
pn  btrfs-progs
ii  debootstrap1.0.123
ii  lvm2   2.03.11-2.1
pn  qemu-user-static   
ii  zfsutils-linux 2.0.3-8

-- Configuration Files:
/etc/schroot/sbuild/fstab changed [not included]
/etc/schroot/setup.d/05btrfs changed [not included]

-- no debconf information

-- 
Sebastian Ramacher

Bug#988341: unblock: nis/4.3

[Sebastian Ramacher]

Control: tags -1 confirmed moreinfo

On 2021-05-10 20:43:26 +0200, Francesco P. Lovergine wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package nis
> 
> [ Reason ]
> 
> Fixes serious bug #988227 (bashism in postinst).
> 
> [ Impact ]
> 
> Upgrade not smoothly done from stable.
> 
> [ Tests ]
> 
> No autopkg test. Manually tested with dash.
> 
> [ Risks ]
> 
> None.
> 
> [ Checklist ]
>[x] all changes are documented in the d/changelog
>[x] I reviewed all changes and I approve them
>[x] attach debdiff against the package in testing
> 
> [ Other info ]
> 
> Native migration package only.
> 
> unblock nis/4.3

Not built on buildd: arch all binaries uploaded by frankie, a new source-only 
upload is needed to allow migration

Please perform a source-only upload and remove the moreinfo tag once
that's done.

Cheers

> 
> -- 
> Francesco P. Lovergine

> diff -Nru nis-4.2/debian/changelog nis-4.3/debian/changelog
> --- nis-4.2/debian/changelog  2021-01-31 10:22:32.0 +0100
> +++ nis-4.3/debian/changelog  2021-05-08 17:19:24.0 +0200
> @@ -1,3 +1,10 @@
> +nis (4.3) unstable; urgency=medium
> +
> +  * Fixed a sort-of bashism in postinst.
> +(closes: #988227)
> +
> + -- Francesco Paolo Lovergine   Sat, 08 May 2021 
> 17:19:24 +0200
> +
>  nis (4.2) unstable; urgency=medium
>  
>* Missed removing of /etc/init.d/nis at upgrade time added.
> diff -Nru nis-4.2/debian/postinst nis-4.3/debian/postinst
> --- nis-4.2/debian/postinst   2021-01-31 10:22:32.0 +0100
> +++ nis-4.3/debian/postinst   2021-05-08 17:19:24.0 +0200
> @@ -73,10 +73,13 @@
>  case "$1" in
>  configure)
>  PREV_VER="$2"
> - if [ ! -z "$PREV_VER" -a $(dpkg --compare-versions "$PREV_VER" 
> lt '4~'; echo $?) -eq 0 ]
> -then
> -upgrade_old
> -fi
> + if [ ! -z "$PREV_VER" ]
> + then
> + if dpkg --compare-versions "$PREV_VER" lt '4~'
> + then
> + upgrade_old
> + fi
> + fi
>   rm -f /etc/init.d/nis
>  ;;
>  *)


-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#988315: xterm menu display garbled

[Thomas Dickey]

On Tue, May 11, 2021 at 08:00:24AM +0200, Philipp Marek wrote:
> > That's more likely a problem with the X server than xterm
> > (the menus are via Xaw, which is pretty stable).
> 
> So the menus being cut off on the right and the bottom is on purpose?
> 
> 
> > For instance,
> > you might be using Wayland...
> 
> No, I don't think so:
> 
>1156 ?Ssl0:17 /usr/bin/sddm
>1199 tty7 Ssl+ 161:33  \_ /usr/lib/xorg/Xorg -nolisten tcp -auth
> /var/run/sddm/{ef674451-7b94-4f32-8c33-3e49df7fdecc} -background none
> -noreset -displayfd 17 -seat seat0 vt7
> 
> And I don't have any other garbage on the display either...

Xaw (e.g,. libxaw7:amd64) draws the menus, but uses X resources.
In a quick check (looking at the debugging trace), I suppose that
xterm's event-loop may handle exposure events for the menus(*), but
xterm doesn't know what's in the menus, in that level of detail.

It's possible that you have some font resource (such as a proportional
font) which confuses it, causing it to write outside its window.
But that would be apparent in xterm (thinking that a wildcard font
resource which affects one would affect both).

Given that, I'm expecting that the answer is that the X server
(for some less-used device) is not handling the window properly.

(*) the debugging trace shows me the window-id, but not the creator...

-- 
Thomas E. Dickey 
https://invisible-island.net
ftp://ftp.invisible-island.net


signature.asc
Description: PGP signature

Bug#988072: release.debian.org: unblick (pre-approval): hivex/1.3.20-1

[Sebastian Ramacher]

Control: tags -1 = confirmed moreinfo

Hi Hilko

On 2021-05-11 00:16:56 +0200, Hilko Bengen wrote:
> >> For buster DSA 4913-1 was released to fix this issue, so ideally this
> >> fix is present as well on bullseye. Does the debdiff look ok to you
> >> for inclusion based on rebasing to 1.3.20-1.
> >
> > The bug report didn't make it to the list which is a good sign that the
> > debdiff is too big. Please provide a filtered debdiff without the
> > gnulib, auto*, etc. noise.
> 
> Here it is, generated by running
> 
> debdiff --exclude gnulib --exclude Makefile.in --exclude '*.m4' --exclude 
> build-aux --exclude configure  hivex_1.3.{19,20}-1.dsc > 
> hivex_1.3.20-1.min.debdiff

Thanks, please go ahead and remove the moreinfo tag once the new version
is available in unstable.

Cheers

> 
> Cheers,
> -Hilko

> diff -Nru --exclude gnulib --exclude Makefile.in --exclude '*.m4' --exclude 
> build-aux --exclude configure hivex-1.3.19/ChangeLog hivex-1.3.20/ChangeLog
> --- hivex-1.3.19/ChangeLog2020-07-29 12:16:43.0 +0200
> +++ hivex-1.3.20/ChangeLog2021-05-03 12:14:28.0 +0200
> @@ -1,5 +1,86 @@
> +2021-05-03  Richard W.M. Jones  
> +
> + lib/handle.c: Bounds check for block exceeding page length 
> (CVE-2021-3504)
> + Hives are encoded as fixed-sized pages containing smaller variable-
> + length blocks:
> +
> +   +---+---+---+--
> +   | header|[ blk ][blk][ blk ]|[blk][blk][blk]|
> +   +---+---+---+--
> +
> + Blocks should not straddle a page boundary.  However because blocks
> + contain a 32 bit length field it is possible to construct an invalid
> + hive where the last block in a page overlaps either the next page or
> + the end of the file:
> +
> +   +---+---+
> +   | header|[ blk ][blk][ blk . ]
> +   +---+---+
> +
> + Hivex lacked a bounds check and would process the registry.  Because
> + the rest of the code assumes this situation can never happen it was
> + possible to have a block containing some field (eg. a registry key
> + name) which would extend beyond the end of the file.  Hivex mmaps or
> + mallocs the file, causing hivex to read memory beyond the end of the
> + mapped region, resulting in reading other memory structures or a
> + crash.  (Writing beyond the end of the mapped region seems to be
> + impossible because we always allocate a new page before writing.)
> +
> + This commit adds a check which rejects the malformed registry on
> + hivex_open.
> +
> + Credit: Jeremy Galindo, Sr Security Engineer, Datto.com
> + Fixes: CVE-2021-3504
> + Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1949687
> +
> +2021-04-16  Richard W.M. Jones  
> +
> + Update gnulib to latest.
> +
> + Add instructions for fuzzing hivex using AFL or AFL++.
> +
> + extra-tests: Remove fuzzing test.
> + We will soon add some instructions for using a real fuzzer like AFL++
> + so this test is not necessary.
> +
> +2020-09-15  rwmjones  
> +
> + Merge pull request #13 from weblate/weblate-hivex-master
> + Translations update from Weblate
> +
> +2020-09-06  Jean-Baptiste Holcroft  
> + Jean-Baptiste Holcroft  
> +
> + Translated using Weblate (French)
> + Currently translated at 100.0% (22 of 22 strings)
> +
> + Translate-URL: 
> https://translate.fedoraproject.org/projects/hivex/master/fr/
> + Translation: hivex/master
> +
> +2020-09-06  Weblate  
> + Weblate  
> +
> + Update translation files
> + Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
> +
> + Translate-URL: 
> https://translate.fedoraproject.org/projects/hivex/master/
> + Translation: hivex/master
> +
> +2020-08-27  Richard W.M. Jones  
> +
> + Update translations from Zanata (RHBZ#1787302).
> +
> +2020-08-14  Matt Coleman  
> +
> + Increase HIVEX_MAX_VALUES
> + Due to unintended interaction between Windows and VMWare's snapshot
> + functionality, HKLM\SYSTEM\MountedDevices can end up with more than
> + 55,000 values.
> +
>  2020-07-29  Richard W.M. Jones  
>  
> + build: Fix maintainer-tag rule.
> +
>   Version 1.3.19.
>  
>  2020-07-29  Richard W.M. Jones  
> diff -Nru --exclude gnulib --exclude Makefile.in --exclude '*.m4' --exclude 
> build-aux --exclude configure hivex-1.3.19/config.h.in 
> hivex-1.3.20/config.h.in
> --- hivex-1.3.19/config.h.in  2020-07-29 12:16:03.0 +0200
> +++ hivex-1.3.20/config.h.in  2021-05-03 12:12:46.0 +0200
> @@ -62,6 +62,10 @@
>  #undef GNULIB_LOCK
>  
>  /* Define to a C preprocessor expression that evaluates to 1 or 0, depending
> +   whether the gnulib module malloc-posix shall be considered present. */
> +#undef GNULIB_MALLOC_POSIX
> +
> +/* Define to a C preprocessor 

Bug#988353: ITP: libmath-random-free-perl -- Free drop-in replacement for Math::Random

[Andrius Merkys]

Package: wnpp
Owner: Andrius Merkys 
Severity: wishlist

* Package name: libmath-random-free-perl
  Version : 0.1.0
  Upstream Author : Andrius Merkys 
* URL : https://metacpan.org/release/Math-Random-Free
* License : BSD-3-Clause
  Programming Lang: Perl
  Description : Free drop-in replacement for Math::Random

Math::Random::Free is free implementation of Math::Random, serving as
drop-in replacement for this module.

Several useful Perl packages can neither enter Debian nor be used on it
freely as they depend on Math::Random which is non-free (see
Graph::Maker for example). Math::Random::Free is BSD-licensed drop-in
replacement for Math::Random.

Remark: I am the upstream of this package.

Remark: This package is to be maintained with Debian Perl Group at

https://salsa.debian.org/perl-team/modules/packages/libmath-random-free-perl

Bug#988352: linux-image-4.19.0-16-amd64: none

[Johann Grabmann]

Package: src:linux
Version: 4.19.181-1
Severity: wishlist

Dear Maintainer,

there seems to be a problem with cifs at *4.19.181-1 (**4.19.0-16-amd64*).
With *4.19.171-2 (2021-01-30) (**linux-image-4.19.0-14-amd64**)* the error
could NOT be reproduced, there it works as expected.

Problem when trying to mount a CIFS-share:
mount error(20): Not a directory
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

This is maybe related to the following from the changelog

:

- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.

Unfortunately, there is also apparently no possibility of overwriting this
prepath, since the option is only set additionally:
mount.cifs kernel mount options:
ip=xx.xx.xx.xx,unc=\\srv.local\filexchg,vers=1.0,sec=ntlmssp,cache=strict,
*prefixpath=none*,uid=33,gid=33,user=username,domain=local,
*prefixpath=shares/myshare*,pass=

Cheers,
Johann

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-4.19.0-16-amd64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.133+deb10u1
ii  kmod26-1
ii  linux-base  4.6

Versions of packages linux-image-4.19.0-16-amd64 recommends:
ii  apparmor 2.13.2-10
ii  firmware-linux-free  3.4

Versions of packages linux-image-4.19.0-16-amd64 suggests:
pn  debian-kernel-handbook  
ii  grub-pc 2.02+dfsg1-20+deb10u4
pn  linux-doc-4.19  

Versions of packages linux-image-4.19.0-16-amd64 is related to:
pn  firmware-amd-graphics 
pn  firmware-atheros  
pn  firmware-bnx2 
pn  firmware-bnx2x
pn  firmware-brcm80211
pn  firmware-cavium   
pn  firmware-intel-sound  
pn  firmware-intelwimax   
pn  firmware-ipw2x00  
pn  firmware-ivtv 
pn  firmware-iwlwifi  
pn  firmware-libertas 
pn  firmware-linux-nonfree
pn  firmware-misc-nonfree 
pn  firmware-myricom  
pn  firmware-netxen   
pn  firmware-qlogic   
pn  firmware-realtek  
pn  firmware-samsung  
pn  firmware-siano
pn  firmware-ti-connectivity  
pn  xen-hypervisor

-- no debconf information

Bug#988351: gimp crashes when copyq is running and i copy something from gimp to clipboard

[Mr. T]

Package: gimp
Version: 2.10.22-4
Severity: important
X-Debbugs-Cc: t...@treaki.tk


together with:

Package: copyq
Version: 3.13.0-1
Severity: normal

hi,

its a fresh debian testing install, i installed mate-desktop gimp and
copyq (cause i know it from windows and like to have a history not only
of clipboard text but also html/richtext and graphics). But when i have
copyq running (default settings) and are working with gimp, copying
stuff there, gimp just crashes completely.
Please check this out.

Thanks a lot and keep up a good work


-- System Information:
Debian Release: bullseye/sid
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gimp depends on:
ii gimp-data 2.10.22-4
ii graphviz 2.42.2-4+b2
ii libaa1 1.4p5-48
ii libbabl-0.1-0 1:0.1.82-1
ii libbz2-1.0 1.0.8-4
ii libc6 2.31-11
ii libcairo2 1.16.0-5
ii libfontconfig1 2.13.1-4.2
ii libfreetype6 2.10.4+dfsg-1
ii libgcc-s1 10.2.1-6
ii libgdk-pixbuf-2.0-0 2.42.2+dfsg-1
ii libgegl-0.4-0 1:0.4.26-2
ii libgexiv2-2 0.12.1-1
ii libgimp2.0 2.10.22-4
ii libglib2.0-0 2.66.8-1
ii libgs9 9.53.3~dfsg-7
ii libgtk2.0-0 2.24.33-1
ii libgudev-1.0-0 234-1
ii libharfbuzz0b 2.7.4-1
ii libheif1 1.11.0-1
ii libilmbase25 2.5.4-1
ii libjpeg62-turbo 1:2.0.6-4
ii libjson-glib-1.0-0 1.6.2-1
ii liblcms2-2 2.12~rc1-2
ii liblzma5 5.2.5-2
ii libmng1 1.0.10+dfsg-3.1+b5
ii libmypaint-1.5-1 1.6.0-2
ii libopenexr25 2.5.4-1
ii libopenjp2-7 2.4.0-3
ii libpango-1.0-0 1.46.2-3
ii libpangocairo-1.0-0 1.46.2-3
ii libpangoft2-1.0-0 1.46.2-3
ii libpng16-16 1.6.37-3
ii libpoppler-glib8 20.09.0-3.1
ii librsvg2-2 2.50.3+dfsg-1
ii libstdc++6 10.2.1-6
ii libtiff5 4.2.0-1
ii libwebp6 0.6.1-2+b1
ii libwebpdemux2 0.6.1-2+b1
ii libwebpmux3 0.6.1-2+b1
ii libwmf0.2-7 0.2.8.4-17
ii libx11-6 2:1.7.0-2
ii libxcursor1 1:1.2.0-2
ii libxext6 2:1.3.3-1.1
ii libxfixes3 1:5.0.3-2
ii libxmu6 2:1.1.2-2+b3
ii libxpm4 1:3.5.12-1
ii xdg-utils 1.1.3-4
ii zlib1g 1:1.2.11.dfsg-2

Versions of packages gimp recommends:
ii ghostscript 9.53.3~dfsg-7

Versions of packages gimp suggests:
pn gimp-data-extras 
pn gimp-help-en | gimp-help 
ii gvfs-backends 1.46.2-1
ii libasound2 1.2.4-1.1

-- no debconf information

Bug#988350: Fwd: unblock: graphviz/2.42.2-5

[GCS]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi Release Managers,

I would like to update graphviz due to a security fix, preventing a
heap overflow[1].

[ Reason ]
It's a security fix handling bad data correctly.

[ Impact ]
None on valid data, only fixing buffer length checking.

[ Tests ]
Just the Debian ones, passed.

[ Risks ]
None.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock graphviz/2.42.2-5

Thanks,
Laszlo/GCS
[1] https://gitlab.com/graphviz/graphviz/-/issues/1700
diff -Nru graphviz-2.42.2/debian/changelog graphviz-2.42.2/debian/changelog
--- graphviz-2.42.2/debian/changelog	2020-04-26 07:25:24.0 +0200
+++ graphviz-2.42.2/debian/changelog	2021-05-08 11:09:59.0 +0200
@@ -1,3 +1,10 @@
+graphviz (2.42.2-5) unstable; urgency=high
+
+  * Fix CVE-2020-18032: out of bounds write on invalid label
+(closes: #988000).
+
+ -- Laszlo Boszormenyi (GCS)   Sat, 08 May 2021 11:09:59 +0200
+
 graphviz (2.42.2-4) unstable; urgency=medium
 
   * Build with Guile 3.0 (closes: #885198).
diff -Nru graphviz-2.42.2/debian/patches/fix_out-of-bounds_write_on_invalid_label.patch graphviz-2.42.2/debian/patches/fix_out-of-bounds_write_on_invalid_label.patch
--- graphviz-2.42.2/debian/patches/fix_out-of-bounds_write_on_invalid_label.patch	1970-01-01 01:00:00.0 +0100
+++ graphviz-2.42.2/debian/patches/fix_out-of-bounds_write_on_invalid_label.patch	2021-05-08 11:09:33.0 +0200
@@ -0,0 +1,35 @@
+commit 784411ca3655c80da0f6025ab20634b2a6ff696b
+Author: Matthew Fernandez 
+Date:   Sat Jul 25 19:31:01 2020 -0700
+
+fix: out-of-bounds write on invalid label
+
+When the label for a node cannot be parsed (due to it being malformed), it falls
+back on the symbol name of the node itself. I.e. the default label the node
+would have had if it had no label attribute at all. However, this is applied by
+dynamically altering the node's label to "\N", a shortcut for the symbol name of
+the node. All of this is fine, however if the hand written label itself is
+shorter than the literal string "\N", not enough memory would have been
+allocated to write "\N" into the label text.
+
+Here we account for the possibility of error during label parsing, and assume
+that the label text may need to be overwritten with "\N" after the fact. Fixes
+issue #1700.
+
+diff --git a/lib/common/shapes.c b/lib/common/shapes.c
+index 0a0635fc3..9dca9ba6e 100644
+--- a/lib/common/shapes.c
 b/lib/common/shapes.c
+@@ -3546,9 +3546,10 @@ static void record_init(node_t * n)
+ reclblp = ND_label(n)->text;
+ len = strlen(reclblp);
+ /* For some forgotten reason, an empty label is parsed into a space, so
+- * we need at least two bytes in textbuf.
++ * we need at least two bytes in textbuf, as well as accounting for the
++ * error path involving "\\N" below.
+  */
+-len = MAX(len, 1);
++len = MAX(MAX(len, 1), (int)strlen("\\N"));
+ textbuf = N_NEW(len + 1, char);
+ if (!(info = parse_reclbl(n, flip, TRUE, textbuf))) {
+ 	agerr(AGERR, "bad label format %s\n", ND_label(n)->text);
diff -Nru graphviz-2.42.2/debian/patches/series graphviz-2.42.2/debian/patches/series
--- graphviz-2.42.2/debian/patches/series	2019-10-06 00:04:01.0 +0200
+++ graphviz-2.42.2/debian/patches/series	2021-05-08 11:09:50.0 +0200
@@ -8,3 +8,4 @@
 gvmap.sh_bashism.patch
 build_with_libann.patch
 update_documentation_link.patch
+fix_out-of-bounds_write_on_invalid_label.patch

Bug#988236: Likely the best solution

[Kurt Fitzner]

For what it's worth, I concur with this solution.  The lighty-enable-mod 
and -disable-mod helpers are an abstraction layer that certainly 
originated with Debian and may still be unique to Debian (et al).  They 
came into being sometime in 2005-ish.  While, as an abstraction, its 
purpose is to hide the underlying config file mechanics, I can't see the 
underlying mechanism changing any time soon if it hasn't in the last 16 
years.


Upstream lighty has never adopted this abstraction, so I can't see it 
worth the trouble to expand on it now.


I think you've lighted (hah) upon the best solution here.