Bug#942799: Stretch: Wrong startup under gdb

[Carsten Schoenert]

Hello Kevin,

Am 16.06.21 um 18:03 schrieb Kevin Locke:
> On Wed, 2021-06-16 at 09:22 -0600, Kevin Locke wrote:
>> I've attached a patch which changes the quoting to fix the issue with
>> the hope that you may find it more acceptable than Christophe's patch.
> 
> Please ignore the previous patch.  It was sent with insufficient testing
> and did not handle the quoting in ${TB_GDB_DEFAULT_OPTS} in the way it
> appears to be intended.
> 
> I've attached v2 of the patch which quotes ${TB_ARGS[@]} using
> `printf ' %q'` then uses eval to perform word splitting on the combined
> command string.  In my testing it handled spaces and special characters
> in ${TB_GDB_DEFAULT_OPTS} and arguments following -g in the way that I
> would expect.  See what you think.

thanks, looks good to me, will get included within the next upload.

-- 
Regards
Carsten

Bug#989630: mke2fs with size limit and default discard will discard data after size limit

[Josh Triplett]

On Thu, Jun 17, 2021 at 10:36:48AM +0200, Paul Gevers wrote:
> On Tue, 08 Jun 2021 20:22:39 -0700 Josh Triplett 
> wrote:
> > Package: e2fsprogs
> > Version: 1.46.2-2
> > Severity: important
> > X-Debbugs-Cc: j...@joshtriplett.org
> > 
> > "important" because this does cause data loss; not filing as
> > release-critical because using mke2fs on a full disk or full disk image
> > with a specified size to write a partition may be a niche use case.
> 
> Do you know if this is a regression with respect to the version in
> bullseye (1.46.2-1)?

I'm fairly sure this bug has existed for quite a long time. Please don't
let it affect propagation of new versions.

Bug#990084: graphicsmagick: reproducible builds: Embeds different paths on usrmerge system

[Vagrant Cascadian]

Source: graphicsmagick
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The delegates.mgk file embeds the full path to the "mv" binary, which is
different on usrmerge systems:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/graphicsmagick.html

  ./usr/lib/GraphicsMagick-1.4/config/delegates.mgk

  

  vs.
  


The attached patch fixes this in debian/rules by passing arguments to
configure to use the paths in the non-usrmerge paths, as usrmerge
systems typically have compatibility symlinks, while non-usrmerge
systems do not.


This patch does not resolve all reproducibility issues, though the only
remaining issue is build paths, which is not tested in the "testing"
suite, so applying this patch should result in reproducible builds once
it migrates to "testing".


Thanks for maintaining graphicsmagick!


live well,
  vagrant
From d5054356232c666ba611742a55de9d6660740143 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sun, 20 Jun 2021 01:39:52 +
Subject: [PATCH] debian/rules: Pass MVDelegate to configure.

The path to "mv" may end up in binaries or documentation, which may be
/bin/mv or /usr/bin/mv depending on if the running system is a
usrmerge system or not. Consistently use /bin/mv as this is the most
compatible path.

https://tests.reproducible-builds.org/debian/issues/paths_vary_due_to_usrmerge_issue.html
---
 debian/rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/rules b/debian/rules
index 46fcb72..4c48093 100755
--- a/debian/rules
+++ b/debian/rules
@@ -52,6 +52,7 @@ configure-stamp:
 	dh_testdir
 	dh_autoreconf
 	CFLAGS="$(CFLAGS)" CXXFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
+	MVDelegate=/bin/mv \
 	./configure $(gm_confflags) \
 		--enable-shared \
 		--enable-static \
-- 
2.32.0



signature.asc
Description: PGP signature

Bug#989644: iwd: After upgrading to 1.14-3, can no longer connect to access point

[Timur Sviridov]

Package: iwd
Followup-For: Bug #989644
X-Debbugs-Cc: tim.sviridov...@gmail.com

I was also hit by this bug.  Downgrading to 1.13-2 and rebooting fixed the
issue.


dmesg output for loading the firmware:

$ sudo dmesg | grep brcm
[3.502146] usbcore: registered new interface driver brcmfmac
[3.522197] brcmfmac :03:00.0: enabling device ( -> 0002)
[3.637016] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac4364-pcie 
for chip BCM4364/3
[3.639047] brcmfmac :03:00.0: firmware: direct-loading firmware 
brcm/brcmfmac4364-pcie.bin
[3.639344] brcmfmac :03:00.0: firmware: direct-loading firmware 
brcm/brcmfmac4364-pcie.Apple Inc.-MacBookPro15,1.txt
[4.340822] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac4364-pcie 
for chip BCM4364/3
[4.341315] brcmfmac :03:00.0: firmware: direct-loading firmware 
brcm/brcmfmac4364-pcie.clm_blob
[4.380890] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4364/3 wl0: Oct 23 
2019 08:32:36 version 9.137.11.0.32.6.36 FWID 01-671ec60c


-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.19-mbp (SMP w/12 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages iwd depends on:
ii  libc6 2.31-12
ii  libreadline8  8.1-1

Versions of packages iwd recommends:
ii  dbus [dbus-system-bus]  1.12.20-2
ii  wireless-regdb  2020.04.29-2

iwd suggests no packages.

-- no debconf information

Bug#924643: RFS: colorzero/2.0-1 [ITP] -- Construct, convert, and manipulate colors in a Pythonic manner.

[Paul Wise]

On Sat, Jun 19, 2021 at 9:06 PM Thomas Goirand wrote:

> That's a way more simple, as sometimes, upstream ships an egg-info and
> building *modifies* it (and then, nightmare starts...).

Usually upstream doesn't ship egg-info in the source repository
though, I think I would switch from PyPI tarballs containing egg-info
to upstream source repos not containing egg-info and other generated
files.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#986709: (no subject)

[Sam Pinkus]

FYI linked issue and summary of issue from upstream perspective: 
https://github.com/rsnapshot/rsnapshot/issues/279#issuecomment-860001348

Bug#986709: rsnapshot is stable, not dead

[Sam Pinkus]

On Fri, 28 May 2021 15:39:28 -0500 Michael Lustfield 
 wrote:

> On Fri, 28 May 2021 19:56:47 +0100
> David Cantrell  wrote:
>
> > [...]
> > So what, exactly, is unmaintained about it? Looks to me like it has
> > exactly the amount of maintenance that is required for mature software.
>
> I'm not going to strawman my justifications; it's not terribly 
relevant anyway.
> Absolutely anyone is free to disagree with me and continue 
maintenance of the

> package. If needed, I'll even sponsor the upload.
>
> https://mentors.debian.net/intro-maintainers (read 1-2, start at 3)
>
>

Hi Michael, I don't understand this. Wouldn't it be easier if you 
orhpaned the package since it's already in stable?


Thanks,

Sam.

Bug#986821: freecad: Garbled menu makes freecad unusable

[Michael Jarosch]

It's been a while…

Sorry!

Am 16.04.21 um 12:19 schrieb Tobias Frost:
Another random idea: Can you try to create a new user and try from 
there. Just to

ensure that there isnt something with your user account (E.g I had a silly bug 
where
I had something in $HOME/.local shadowing stuff some time ago…)


I took the time and tried another fresh user - and you were right: 
FreeCAD started up undamaged.


Now, I'm trying to kill the old config that caused the problem, but that 
seams not to be that easy.
First of all, I discovered a ~/.FreeCAD AND a ~/.config/FreeCAD 
directory which are both freshly created when renaming them. (Still, 
that didn't make a difference in appearance…)
Second: I don't know, which file in ~/.local/share is to be 
deleted/renamed. All I can find is a freecad.xml in 
~/.local/share/mime/packages and some icons in another directory but 
they don't seem to be involved in my problem.


Another idea?

Greets!

Bug#989547: fai-client: ROOTCMD relies on specific unshare features

[Thomas Lange]

Package: fai-client
Severity: normal

The Recommends was added because fdisk was added as a new separate package.
We need this from buster on.
But there's no need to define a dependency to util-linux, because
it's a required package.

Since FAI 5.10 is not part of stretch, I see no major impact that we
call unshare with options not available in this distribution.
And we alread have a workaround.

It would be nice if FAI would atomatically detect if it is run in an
unprivileged container.

-- 
viele Grüße Thomas

Bug#970574: xserver-xorg-video-amdgpu: ABI changed (24.0 to 24.1) but not the dependencies

[GSR]

Hi,
deb...@iremonger.me.uk (2021-06-19 at 1704.32 +0100):
> In short, I think this bug report should now be closed unless there
> is an apparent issue specifically in buster or bullseye now [??] ?

Currently I have xserver-xorg-video-amdgpu 19.1.0-2 with
xserver-xorg-core 2:1.20.11-1 and it keeps working (updating Sid every
now and then). The issue existed for a brief time, but probably does
not matter in releases if they have debs in sync. Even if they do not
explicitly request a given version, the avaliable versions implicitly
avoid the problem (sorry, no machines to test them, but by numbers,
Buster has an older video-amdgpu package, 18.1.99+git20190207-1, and
Bullseye is like Sid now). Thus I agree it can be closed.

For the record, in the rare case someone hits the issue, old log also
had:
---8<---
[   144.270] (II) Module ABI versions:
[   144.270]X.Org ANSI C Emulation: 0.4
[   144.270]X.Org Video Driver: 24.0
[   144.270]X.Org XInput driver : 24.1
[   144.270]X.Org Server Extension : 10.0
--->8---
Notice the 24.0.

Last ones have lines like:
---8<---
[24.338] (II) Module ABI versions:
[24.338]X.Org ANSI C Emulation: 0.4
[24.339]X.Org Video Driver: 24.1
[24.339]X.Org XInput driver : 24.1
[24.339]X.Org Server Extension : 10.0
...
[24.374] (II) Loading /usr/lib/xorg/modules/drivers/amdgpu_drv.so
[24.380] (II) Module amdgpu: vendor="X.Org Foundation"
[24.380]compiled for 1.20.9, module version = 19.1.0
[24.380]Module class: X.Org Video Driver
[24.380]ABI class: X.Org Video Driver, version 24.1
--->8---
Notice the two 24.1 for video drivers. xserver-xorg-video-amdgpu's
"Depends" line still lists xorg-video-abi-24, without .1.

Cheers,
GSR
 

Bug#990080: amanda-server: On a minimal installation there is no Mail command available to send email

[Jose M Calhariz]

Package: amanda-server
Version: 1:3.5.1-5+b1
Severity: important

Amanda uses command Mailt to send emails and because of that depends
on bsd-mailx or mailx.  Package mailutils provides mailx but do not
implements command Mail.

Request for an opinion on mailing-list debian-devel?


Kind regards
Jose M Calhariz


-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages amanda-server depends on:
ii  amanda-common  1:3.5.1-5+b1
ii  bsd-mailx [mailx]  8.1.2-0.20180807cvs-2
ii  libc6  2.31-12
ii  libcurl4   7.74.0-1.2
ii  libglib2.0-0   2.66.8-1
ii  libjson-perl   4.03000-1
ii  mailutils [mailx]  1:3.10-3+b1
ii  perl   5.32.1-4

amanda-server recommends no packages.

Versions of packages amanda-server suggests:
ii  amanda-client  1:3.5.1-5+b1
ii  cpio   2.13+dfsg-4
pn  gnuplot

-- no debconf information

Bug#947261: ITP: python-poetry -- Python dependency management and packaging made easy

[Emmanuel Arias]

Hello!

On 6/17/21 6:00 PM, Taihsiang Ho (tai271828) wrote:
> Hi Emmanuel,
>
> I can help as a poetry user for a while if you don't mind. It seems that I
> could reproduce the pytest-mock issue by building this poetry deb source[1]
> with Ubuntu 21.04. For better communication, I am wondering the following

I fixed with this patch [0].

I guess I finished a first complete package of poetry. Please look in
the DPT
mailing list.


[0]
https://salsa.debian.org/python-team/packages/poetry/-/blob/debian/master/debian/patches/0002-Fix-incompatibility-between-pytest-and-pytest-mock.patch

Cheers

-- 
Emmanuel Arias
@eamanu
yaerobi.com



OpenPGP_0xFA9DEC5DE11C63F1.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#990083: kodi: Kodi hangs on transitions between playlist items with spinning wheel and no control

[Fabrice Quenneville]

Hi Vasyl,

Here are the crash logs from when I updated a few hours ago and now. Very
interesting since I started kodi with debug logs on... it hasn't crashed /
froze on transitions yet... Before reporting it had crashed / froze a
few times in a row. I am now running it in the background while I work with
debug and separate selectors except for NFS which wasn't offered in Kodi
settings. My nfs mount is managed by the nfs settings at OS level.

Will update in the next few hours once I generate meaningful logs.

Fabrice


On Sat, Jun 19, 2021 at 4:49 PM Vasyl Gello  wrote:

> Hi Fabrice!
>
> Can you please attach the Kodi log with debug settings on? I need at least
> FFmpeg, Windowing, cURL, and NFS logs in separare log selectors.
> --
> Vasyl Gello
>


-- 
*Fabrice Quenneville*
## Kodi CRASH LOG ###

 SYSTEM INFO 
 Date: Sat 19 Jun 2021 04:20:49 PM EDT
 Kodi Options: 
 Arch: x86_64
 Kernel: Linux 5.10.0-7-amd64 #1 SMP Debian 5.10.40-1 (2021-05-28)
 Release: Debian GNU/Linux 11 (bullseye)
## END SYSTEM INFO ##

### STACK TRACE #
gdb not installed, can't get stack trace.
# END STACK TRACE ###

# LOG FILE ##

2021-06-19 16:20:49.331 T:6883 INFO : ---
2021-06-19 16:20:49.331 T:6883 INFO : Starting Kodi from Debian (19.1 Debian package version: 2:19.1+dfsg2-1). Platform: Linux x86 64-bit
2021-06-19 16:20:49.331 T:6883 INFO : Using Release Kodi from Debian x64
2021-06-19 16:20:49.331 T:6883 INFO : Kodi from Debian compiled 2021-06-07 by GCC 10.2.1 for Linux x86 64-bit version 5.10.40 (330280)
2021-06-19 16:20:49.331 T:6883 INFO : Running on Debian GNU/Linux 11 (bullseye), kernel: Linux x86 64-bit version 5.10.0-7-amd64
2021-06-19 16:20:49.332 T:6883 INFO : FFmpeg version/source: 4.3.2-0+deb11u2
2021-06-19 16:20:49.332 T:6883 INFO : Host CPU:   Intel(R) Atom(TM) x5-Z8350  CPU @ 1.44GHz, 4 cores available
2021-06-19 16:20:49.332 T:6883 INFO : special://xbmc/ is mapped to: /usr/share/kodi
2021-06-19 16:20:49.332 T:6883 INFO : special://xbmcbin/ is mapped to: /usr/lib/x86_64-linux-gnu/kodi
2021-06-19 16:20:49.332 T:6883 INFO : special://xbmcbinaddons/ is mapped to: /usr/lib/x86_64-linux-gnu/kodi/addons
2021-06-19 16:20:49.332 T:6883 INFO : special://masterprofile/ is mapped to: /home/fabrice/.kodi/userdata
2021-06-19 16:20:49.332 T:6883 INFO : special://envhome/ is mapped to: /home/fabrice
2021-06-19 16:20:49.332 T:6883 INFO : special://home/ is mapped to: /home/fabrice/.kodi
2021-06-19 16:20:49.332 T:6883 INFO : special://temp/ is mapped to: /home/fabrice/.kodi/temp
2021-06-19 16:20:49.332 T:6883 INFO : special://logpath/ is mapped to: /home/fabrice/.kodi/temp
2021-06-19 16:20:49.332 T:6883 INFO : The executable running is: /usr/lib/x86_64-linux-gnu/kodi/kodi.bin
2021-06-19 16:20:49.332 T:6883 INFO : Local hostname: debtv.dirtynet.ca
2021-06-19 16:20:49.332 T:6883 INFO : Log File is located: /home/fabrice/.kodi/temp/kodi.log
2021-06-19 16:20:49.332 T:6883 INFO : ---
2021-06-19 16:20:49.337 T:6883 INFO : loading settings
2021-06-19 16:20:49.346 T:6883 INFO : special://profile/ is mapped to: special://masterprofile/
2021-06-19 16:20:49.446 T:6979DEBUG : Sink changed
2021-06-19 16:20:49.446 T:6979DEBUG : Sink appeared


### END LOG FILE 

 END Kodi CRASH LOG #
## Kodi CRASH LOG ###

 SYSTEM INFO 
 Date: Sat 19 Jun 2021 04:38:55 PM EDT
 Kodi Options: 
 Arch: x86_64
 Kernel: Linux 5.10.0-7-amd64 #1 SMP Debian 5.10.40-1 (2021-05-28)
 Release: Debian GNU/Linux 11 (bullseye)
## END SYSTEM INFO ##

### STACK TRACE #
gdb not installed, can't get stack trace.
# END STACK TRACE ###

# LOG FILE ##

2021-06-19 16:35:00.821 T:7580 INFO : ---
2021-06-19 16:35:00.821 T:7580 INFO : Starting Kodi from Debian (19.1 Debian package version: 2:19.1+dfsg2-1). Platform: Linux x86 64-bit
2021-06-19 16:35:00.821 T:7580 INFO : Using Release Kodi from Debian x64
2021-06-19 16:35:00.821 T:7580 INFO : Kodi from Debian compiled 2021-06-07 by GCC 10.2.1 for Linux x86 64-bit version 5.10.40 (330280)
2021-06-19 16:35:00.821 T:7580 INFO : Running on Debian GNU/Linux 11 (bullseye), kernel: Linux x86 64-bit version 5.10.0-7-amd64
2021-06-19 16:35:00.821 T:7580 INFO : FFmpeg version/source: 4.3.2-0+deb11u2
2021-06-19 16:35:00.821 T:7580 INFO : Host CPU:   Intel(R) Atom(TM) x5-Z8350  CPU @ 1.44GHz, 4 cores available
2021-06-19 16:35:00.821 T:7580 INFO 

Bug#989922: thunderbird: testing: NS_ERROR_NET_INADEQUATE_SECURITY?

[Leszek Dubiel]

I have the same bug. All Images from    google.com (notifications from 
Google itself), or Allegro.pl  (biggest online store in Poland) appear 
broken.



Thunderbird version


# dpkg -l | egrep thunderb; cat /etc/issue

ii  thunderbird 1:78.11.0-1 amd64    mail/news 
client with RSS, chat and integrated spam filter support
ii  thunderbird-l10n-pl 1:78.11.0-1 all  
Polish language package for Thunderbird



Debian GNU/Linux 11 \n \l

Bug#924643: RFS: colorzero/2.0-1 [ITP] -- Construct, convert, and manipulate colors in a Pythonic manner.

[Emmanuel Arias]

On 6/19/21 9:03 AM, Peter Green wrote:
> Just done some reviewing/tweaking. I've pushed the following changes
> to the git repo, please
> tell me if you have any objections.
>
> I added a gpb.conf to make git-buildpackage actually use pristine tar
> and hence result in an orig
> tarball that was consistent with what is already in Ubuntu.

Also, you can try to follow DEP-14 (although is mark as candidate) and
add debian/master as default branch.

What about enable salsa-ci?

> Finally would you consider adding me as a co-maintainer.
You are in the DPT so you already are a co-maintainer. You can add you
as uploaders I guess.


Cheers,


-- 
Emmanuel Arias
@eamanu
yaerobi.com



OpenPGP_0xFA9DEC5DE11C63F1.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#892982: system freeze after lock screen/switched off monitors/spontaneously

[Simon Iremonger (debian)]

I can confirm the buster-backports now offers kernel
5.10.0-0.bpo.7-amd64  ..

Please test this following notes on previous bug pointer.
Can the bug now be closed, if that works, or doesn't  -- I don't
think there is an X.org bug here.

--Simon

Bug#783892: iceowl-extension: Reminder popup “Dismiss” buttons do nothing

[Manuel Bilderbeek]

Package: thunderbird
Followup-For: Bug #783892

Dear Maintainer,

This is a very old bug report, but after years and years of enjoying the 
calendar functionality of Thunderbird, I am now also getting it. It looks like 
a very recent update caused it:

[UPGRADE] thunderbird:amd64 1:78.10.0-1 -> 1:78.11.0-1

Is there a workaround?

Thanks.

Kind regards,
Manuel Bilderbeek

-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages thunderbird depends on:
ii  debianutils  4.11.2
ii  fontconfig   2.13.1-4.2
ii  libatk1.0-0  2.36.0-2
ii  libbotan-2-172.17.3+dfsg-2
ii  libbz2-1.0   1.0.8-4
ii  libc62.31-12
ii  libcairo-gobject21.16.0-5
ii  libcairo21.16.0-5
ii  libdbus-1-3  1.12.20-2
ii  libdbus-glib-1-2 0.110-6
ii  libevent-2.1-7   2.1.12-stable-1
ii  libffi7  3.3-6
ii  libfontconfig1   2.13.1-4.2
ii  libfreetype6 2.10.4+dfsg-1
ii  libgcc-s110.2.1-6
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1
ii  libglib2.0-0 2.66.8-1
ii  libgtk-3-0   3.24.24-4
ii  libicu67 67.1-6
ii  libjson-c5   0.15-2
ii  libnspr4 2:4.29-1
ii  libnss3  2:3.61-1
ii  libpango-1.0-0   1.46.2-3
ii  libstdc++6   10.2.1-6
ii  libvpx6  1.9.0-1
ii  libx11-6 2:1.7.1-1
ii  libx11-xcb1  2:1.7.1-1
ii  libxcb-shm0  1.14-3
ii  libxcb1  1.14-3
ii  libxext6 2:1.3.3-1.1
ii  libxrender1  1:0.9.10-1
ii  psmisc   23.4-2
ii  x11-utils7.7+5
ii  zlib1g   1:1.2.11.dfsg-2

Versions of packages thunderbird recommends:
ii  hunspell-en-us [hunspell-dictionary]  1:2019.10.06-1
ii  myspell-nl [myspell-dictionary]   1:2.10-5

Versions of packages thunderbird suggests:
ii  apparmor  2.13.6-10
ii  fonts-lyx 2.3.6-1
ii  libgssapi-krb5-2  1.18.3-5
ii  libgtk2.0-0   2.24.33-2

-- no debconf information

Bug#924643: RFS: colorzero/2.0-1 [ITP] -- Construct, convert, and manipulate colors in a Pythonic manner.

[Thomas Goirand]

On 6/19/21 2:03 PM, Peter Green wrote:
> Just done some reviewing/tweaking. I've pushed the following changes to
> the git repo, please
> tell me if you have any objections.
> 
> I added a gpb.conf to make git-buildpackage actually use pristine tar
> and hence result in an orig
> tarball that was consistent with what is already in Ubuntu.
> 
> I found the clean target was not cleaning up the "egg-info" so I added a
> command to do that.

I used to do that, but a few years ago, I switched to (and generalize in
all of my packages) using this:

$ cat debian/source/options
extend-diff-ignore = "^[^/]*[.]egg-info/"

That's a way more simple, as sometimes, upstream ships an egg-info and
building *modifies* it (and then, nightmare starts...).

Just my 2 cents of experience... :)

Thomas Goirand (zigo)

Bug#990083: kodi: Kodi hangs on transitions between playlist items with spinning wheel and no control

[Vasyl Gello]

Hi Fabrice!

Can you please attach the Kodi log with debug settings on? I need at least 
FFmpeg, Windowing, cURL, and NFS logs in separare log selectors.
-- 
Vasyl Gello
==
Certified SolidWorks Expert

Mob.:+380 (98) 465 66 77

E-Mail: vasek.ge...@gmail.com

Skype: vasek.gello
==
호랑이는 죽어서 가죽을 남기고 사람은 죽어서 이름을 남긴다

Bug#990083: kodi: Kodi hangs on transitions between playlist items with spinning wheel and no control

[Fabrice Quenneville]

Package: kodi
Version: 2:19.1+dfsg2-1
Severity: important
X-Debbugs-Cc: fabquennevi...@gmail.com

Dear Maintainer,


   * What led up to the situation?

Updated to version 2:19.1+dfsg2-1 and now kodi hangs with a spinning wheel 
after every playlist video, also starting any video is now slower to start 
since update

   * What exactly did you do (or not do) that was effective (or ineffective)?
pkill kodi does nothing
pkill -9 kodi works
controls within kodi dont work while wheen is spinning indefinetely
After waiting a while it goes to main menu, freezes and sometimes after a while 
kill gnome and return me to gnome login

   * What was the outcome of this action?
If I kill kodi manualy I can just reopen it and play any video

   * What outcome did you expect instead?
The next video playing

Other info:
My kodi starts on boot
My videos are all on system mounted NFS share and the network / shares work 
while kodi goes awire
I have the Extras, Youtube, WatchedList and BingBackground add-ons installed

-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kodi depends on:
ii  kodi-bin   2:19.1+dfsg2-1
ii  kodi-data  2:19.1+dfsg2-1

Versions of packages kodi recommends:
ii  kodi-repository-kodi [kodi-repository]  2:19.1+dfsg2-1
ii  kodi-visualization-spectrum 3.4.0+ds1-2

kodi suggests no packages.

-- no debconf information

Bug#914315: libwebp-dev: New versions fix disclosed heap use-after-free

[Sebastian Ramacher]

Control: severity -1 wishlist

On 2021-03-16 09:27:12 +, Laurence Parry wrote:
> Tags: fixed-upstream
> 
> Using webp-dev on buster with test file bug.c from the second bug
> mentioned above compiled with -lwebp, malloc reported: "free():
> corrupted unsorted chunks" within WebPIDelete().
> 
> This suggests to me that the bug may be exploitable on systems with
> libwebp6 installed - of which there are far more than when this
> package was introduced.
> https://qa.debian.org/popcon-graph.php?packages=libwebp-dev+libwebp6+libwebpmux3+libwebpdemux2+webp_installed=on_legend=on_ticks=on_date=2016-03-01_fmt=%25Y-%25m=1
> 
> As such, I've raised the priority. I don't know which packages use
> libwebp6 in threaded mode, but a change in this may not be noted in
> changelogs anyway.
> 
> As the maintainer appears inactive, I request assistance from the
> security team to address this issue.

Fixes for the security issues have been uploaded. Reducing the severity
of this bug back to wishlist as this is now a "please package new
upstream release" bug report.

Cheers

> 
> Best regards,
> -- 
> Laurence "GreenReaper" Parry - Inkbunny administrator
> https://www.greenreaper.co.uk/ - https://inkbunny.net/

-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#990082: High chance of boot problems with buster's version of arm64 shim

[Steve McIntyre]

Package: shim-signed
Version: 1.36~1+15.4-5~deb10u1
Severity: grave

Argh.

In pre-release testing I found problems with shim on signed versions
of shim on arm64. The shim binary crashes very early (Synchronous
Exception). Because of that problem, I took the hard decision to
disable Secure Boot support for arm64 in Debian Buster until a
solution could be found:

  https://wiki.debian.org/SecureBoot#arm64_problems

In testing a new build to go into Buster, I found that non-signed
versions were working fine on various machines. Unfortunately, it
seems that the boot issues might be affected by environment. Trying
the same binary build today as part of the 10.10 point release,
booting an installer image crashes repeatably in a VM. It also seems
that at least one of Debian's own arm64 hosts has been similarly
affected. :-(

Arm64 users are **strongly** advised to be careful about upgrading to
the latest Buster point release (10.10). If upgrading immediately, it
is recommended to disable remove shim-signed and reinstall GRUB on those
systems to ensure that they will continue to boot:

# apt-get remove shim-signed
# dpkg --reconfigure grub-efi-amd64

and disable Secure Boot in their system firmware if it's enabled.

I'm working on a more user-friendly fix now, and I hope to push it out
via the Buster security archive shortly. This will still not be
*working* Secure Boot for arm64, as we're still awaiting better
toolchain support to make that work.

-- System Information:
Debian Release: 10.9
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-0.bpo.5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shim-signed depends on:
ii  grub-efi-amd64-bin 2.02+dfsg1-20+deb10u4
ii  grub2-common   2.02+dfsg1-20+deb10u4
ii  shim-helpers-amd64-signed  1+15.4+2~deb10u1

Versions of packages shim-signed recommends:
pn  secureboot-db  

shim-signed suggests no packages.

-- debconf information excluded

Bug#980311: Patch is upstream

[Wolfram Sang]

The aforementioned patch is now upstream as commit:

63942f7a7473496d1160f02f5c1da3620525690d # gt68xx: fix use-after-free and two 
mem leaks

Thanks for the report!



signature.asc
Description: PGP signature

Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality

[Sebastian Ramacher]

Hallo Carsten

On 2021-06-19 09:00:13 +0200, Carsten Schoenert wrote:
> Hello Kevin, hello Sebastian,
> 
> thanks for working on this issue in between times, I wasn't able to do
> anything practically the last days.
> 
> Am 18.06.21 um 23:31 schrieb Kevin Locke:
> > Hi Sebastian,
> > 
> > On Fri, 2021-06-18 at 22:26 +0200, Sebastian Ramacher wrote:
> >> Thanks for this detailed analysis. That actually means that the symbol
> >> file for libnss3 2:3.67-1 is broken. It would need to bump the minimum
> >> version requirement for all symbols that works with SSLChannelInfo. From
> >> your description, at least the version for SSL_GetChannelInfo would need
> >> to be bumped. If thunderbird would then be built against a libnss3
> >> version with a fixed symbol files, it would pick up tight enought
> >> dependencies.
> >>
> >> So ideally the bug against thunderbird would be reassigned to libnss3
> >> 2:3.67-1 and its severits raised to serious. Once fixed, we can rebuild
> >> thunderbird to pick up the correct depedencies.
> > 
> > Good point.  Fixing the libnss3 symbol file sounds like the right fix to
> > me.  As far as I can tell SSL_GetChannelInfo is the only symbol which
> > takes SSLChannelInfo.  I've opened https://bugs.debian.org/990058 with
> > the proposed fix.
> 
> Fixing libnss3 is obviously the correct thing anyway. But this will take
> its time to get it landed into bullseye.
> 
> >> But since that version of libnss3 is not in bullseye, the rebuild would
> >> not be abile to migrate. Ideally libnss3 would be reverted to the
> >> version in bullseye to avoid this issue. Otherwise I can schedule
> >> binNMUs of thunderbird in tpu, but that means that we would need to do
> >> that for any thunderbird upload that we want in bullseye until the
> >> release. That is suboptimal - it's more work with less testing.
> > 
> > That may be tricky.  firefox 88.0.1-1 in unstable depends on
> > libnss3 (>= 2:3.63~).  If the maintainers are willing to upload an NSS
> > version between 2:3.63 and 2:3.65, I believe that would solve the issue
> > without breaking firefox.  (2:3.63-1 is the only suitable version
> > in debian/changelog.)  I've opened https://bugs.debian.org/990059 to
> > discuss.
> 
> To prevent quite a lot of work on all involved parties with not that
> much gain in the end I'd suggest to go back to my option B that was to
> (re)build Thunderbird with it's internal shipped NSS version.

If that's fine with the security team -- thunderbird updates in stable
releases have been performed via DSAs so far -- it's fine with me.
Adding the security team to CC.

Cheers

> 
> Looking at "Help - Troubleshooting Information" I can see now that
> Thunderbird is expecting NSS 3.51.1 (instead of 3.63) which gets
> provided by exact this version (internally).
> 
> There will be only one more real ESR version 78.12.0 before the ESR
> version will get bumped to 91.x. So in my eyes it's acceptable that we
> start right now to use the internal shipped NSS version. We will need to
> do this any way together with the new ESR version is getting prepared
> for bullseye-security.
> (To be honest, there will also be 78.{13-15}.0 before we probably be
> ready for 91.3.0. In the past we've been very conservative with
> uploading fresh and new ESR version to stable-security due limited
> resources for testing before.)
> 
> I've done such a rebuild of 78.11.0 together with the internal NSS
> library and so far I don't see any TLS/SSL related issue as before.
> 
> The packages and the debian folder can be found here
> 
> https://people.debian.org/~tijuca/thunderbird-bullseye/
> 
> I used a chroot of unstable to built the packages but all required
> versions can get fulfilled in testing (libnss3 isn't a dependency now as
> the internal version is used and dpkg-shlipdeps isn't adding any
> dependency to this).
> Thus we could simply use the usual way to update Thunderbird via
> unstable in testing.
> 
> -- 
> Regards
> Carsten
> 

-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#990072: lxc-attach fails after debian 10.10 update

[Salvatore Bonaccorso]

Control: tags -1 + moreinfo

Hi Matthew,

if the kernel downgrade fixes the issue for your then likely there is
the regression in the linux upload. Can you verify if the following
patch fixes your issue?

https://lore.kernel.org/stable/20210614102643.875096...@linuxfoundation.org/

Regards,
Salvatore

Bug#989545: libgl1-mesa-dri: si_texture.c:1727 si_texture_transfer_map - failed to create temporary texture to hold untiled copy

[Sebastian Ramacher]

Control: reassign -1 src:llvm-toolchain-11 1:11.0.1-2
Control: affects -1 libgl1-mesa-dri
Control: tags -1 patch

On 2021-06-07 09:42:44 +0200, Rubin Simons wrote:
> Package: libgl1-mesa-dri
> Version: 20.3.4-1
> Severity: grave
> Tags: upstream
> Justification: renders package unusable
> 
> Dear Maintainer,
> 
> I'm using a Radeon Vega Frontier Edition with a Talos Blackbird Power9 system 
> (ppc64le). I'm constantly running into the issue mentioned here:
> https://gitlab.freedesktop.org/mesa/mesa/-/issues/4107
> 
> The above issue documents an issue in mesa caused by a bug in LLVM.

Yes, so let's reassign it there. llvm maintainers, please cherry pick
https://github.com/llvm/llvm-project/commit/c5a1eb9b0a76 if possible.

Cheers

> 
> The issue manifests itself when using Firefox, or in Gnome, when clicking on 
> the top-bar, which crashes gnome-shell. Any crash always logs the following:
> 
> EE ../src/gallium/drivers/radeonsi/si_texture.c:1727 si_texture_transfer_map 
> - failed to create temporary texture to hold untiled copy
> LLVM triggered Diagnostic Handler: Illegal instruction detected: VOP* 
> instruction violates constant bus restriction
> renamable $vgpr4 = V_CNDMASK_B32_e32 32768, killed $vgpr4, implicit killed 
> $vcc, implicit $exec
> LLVM failed to compile shader
> radeonsi: can't compile a main shader part
> 
> It would be great if the resolution mentioned in the linked mesa issue #4107 
> could be applied (I think this would require recompilation with an LLVM that 
> has said fix and/or a more general update of the LLVM runtime?). What I 
> understand from the upstream report is that the issue is not isolated to 
> non-x86 platforms, so I would imagine any Debian Bullseye user with a Vega 
> based Radeon would be impacted.
> 
> *** Reporter, please consider answering these questions, where appropriate ***
> 
>* What led up to the situation?
>  - Install Debian Bullseye + gnome-core on a Radeon Vega based system.
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
>  - Click on Gnome top-bar after login. Watch X crash. Maximize any 
> window. Watch X crash.
>* What was the outcome of this action? 
>  - Frequent X crashes, graphics drawing corruption in Firefox. Above log 
> message appears frequently in logs.
>* What outcome did you expect instead?
>  - A working system!
> 
> *** End of the template - remove these template lines ***
> 
> 
> VGA-compatible devices on PCI bus:
> --
> :03:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. 
> [AMD/ATI] Vega 10 XTX [Radeon Vega Frontier Edition] [1002:6863]
> 0005:02:00.0 VGA compatible controller [0300]: ASPEED Technology, Inc. ASPEED 
> Graphics Family [1a03:2000] (rev 41)
> 
> Contents of /etc/X11/xorg.conf.d:
> -
> total 4
> -rw-r--r-- 1 root root 639 Jun  3 14:56 00-devices.conf
> 
> /etc/modprobe.d contains no KMS configuration files.
> 
> Kernel version (/proc/version):
> ---
> Linux version 5.10.0-7-powerpc64le (debian-ker...@lists.debian.org) (gcc-10 
> (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) 
> #1 SMP Debian 5.10.40-1 (2021-05-28)
> 
> No Xorg X server log files found.
> 
> udev information:
> -
> P: 
> /devices/pci:00/:00:00.0/:01:00.0/:02:00.0/:03:00.1/sound/card0/input10
> L: 0
> E: 
> DEVPATH=/devices/pci:00/:00:00.0/:01:00.0/:02:00.0/:03:00.1/sound/card0/input10
> E: SUBSYSTEM=input
> E: PRODUCT=0/0/0/0
> E: NAME="HDA ATI HDMI HDMI/DP,pcm=11"
> E: PHYS="ALSA"
> E: PROP=0
> E: EV=21
> E: SW=140
> E: MODALIAS=input:bvpe-e0,5,kramlsfw6,8,
> E: USEC_INITIALIZED=5707489
> E: ID_INPUT=1
> E: ID_INPUT_SWITCH=1
> E: ID_PATH=pci-:03:00.1
> E: ID_PATH_TAG=pci-_03_00_1
> E: ID_FOR_SEAT=input-pci-_03_00_1
> E: TAGS=:seat:
> E: CURRENT_TAGS=:seat:
> 
> P: 
> /devices/pci:00/:00:00.0/:01:00.0/:02:00.0/:03:00.1/sound/card0/input10/event10
> N: input/event10
> L: 0
> E: 
> DEVPATH=/devices/pci:00/:00:00.0/:01:00.0/:02:00.0/:03:00.1/sound/card0/input10/event10
> E: SUBSYSTEM=input
> E: DEVNAME=/dev/input/event10
> E: MAJOR=13
> E: MINOR=74
> E: USEC_INITIALIZED=5864423
> E: ID_INPUT=1
> E: ID_INPUT_SWITCH=1
> E: ID_PATH=pci-:03:00.1
> E: ID_PATH_TAG=pci-_03_00_1
> E: LIBINPUT_DEVICE_GROUP=0/0/0:ALSA
> E: TAGS=:power-switch:
> E: CURRENT_TAGS=:power-switch:
> 
> P: 
> /devices/pci:00/:00:00.0/:01:00.0/:02:00.0/:03:00.1/sound/card0/input5
> L: 0
> E: 
> DEVPATH=/devices/pci:00/:00:00.0/:01:00.0/:02:00.0/:03:00.1/sound/card0/input5
> E: SUBSYSTEM=input
> E: PRODUCT=0/0/0/0
> E: NAME="HDA ATI HDMI HDMI/DP,pcm=3"
> E: PHYS="ALSA"
> E: PROP=0
> E: EV=21
> E: SW=140
> E: MODALIAS=input:bvpe-e0,5,kramlsfw6,8,
> E: USEC_INITIALIZED=5707853
> E: ID_INPUT=1
> E: 

Bug#990081: golang-uber-goleak: ftbfs with gccgo-go

[Pirate Praveen]

Package: golang-uber-goleak
Version: 1.1.0-2
Severity: serious

This package ftbfs when built with gccgo-go (build log attached)

diff --git a/debian/control b/debian/control
index 90d37eb..9d17b02 100644
--- a/debian/control
+++ b/debian/control
@@ -6,7 +6,7 @@ Testsuite: autopkgtest-pkg-go
Priority: optional
Build-Depends: debhelper-compat (= 12),
   dh-golang,
- golang-any,
+ gccgo-go,
   golang-github-stretchr-testify-dev
Standards-Version: 4.5.1
Vcs-Browser: 
https://salsa.debian.org/go-team/packages/golang-uber-goleak


This causes build failure in bullseye-backports as gccgo-go is 
preferred over golang-go. Either the dependency should be changed to 
golang-go or the failure with gccgo-go should be fixed.


sbuild (Debian sbuild) 0.79.1 (22 April 2020) on mahishi

+==+
| golang-uber-goleak 1.1.0-2 (amd64)   Sat, 19 Jun 2021 19:26:08 + |
+==+

Package: golang-uber-goleak
Version: 1.1.0-2
Source Version: 1.1.0-2
Distribution: unstable
Machine Architecture: amd64
Host Architecture: amd64
Build Architecture: amd64
Build Type: binary

I: NOTICE: Log filtering will replace 
'var/run/schroot/mount/unstable-amd64-sbuild-20ebc20d-645c-44ee-b371-d75872567fe5'
 with '<>'
I: NOTICE: Log filtering will replace 
'build/golang-uber-goleak-FU5ilk/resolver-VvoqLt' with '<>'

+--+
| Update chroot|
+--+

Get:1 http://deb.debian.org/debian unstable InRelease [161 kB]
Get:2 http://deb.debian.org/debian unstable/main Sources.diff/Index [63.6 kB]
Get:3 http://deb.debian.org/debian unstable/main amd64 Packages.diff/Index 
[63.6 kB]
Get:4 http://deb.debian.org/debian unstable/main Sources 
T-2021-06-19-1401.23-F-2021-06-11-0801.30.pdiff [55.7 kB]
Get:4 http://deb.debian.org/debian unstable/main Sources 
T-2021-06-19-1401.23-F-2021-06-11-0801.30.pdiff [55.7 kB]
Get:5 http://deb.debian.org/debian unstable/main amd64 Packages 
T-2021-06-19-1401.23-F-2021-06-11-0801.30.pdiff [71.4 kB]
Get:5 http://deb.debian.org/debian unstable/main amd64 Packages 
T-2021-06-19-1401.23-F-2021-06-11-0801.30.pdiff [71.4 kB]
Fetched 415 kB in 5s (83.1 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages were automatically installed and are no longer required:
  bsdextrautils fontconfig-config fonts-dejavu-core krb5-locales libbrotli1
  libbsd0 libc-devtools libdeflate0 libexpat1 libfontconfig1 libfreetype6
  libgd3 libjbig0 libjpeg62-turbo libmd0 libnss-nis libnss-nisplus libpng16-16
  libtiff5 libwebp6 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxpm4
  manpages manpages-dev sensible-utils ucf
Use 'apt autoremove' to remove them.
The following packages will be upgraded:
  auto-apt-proxy libhogweed6 libnettle8
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 600 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://deb.debian.org/debian unstable/main amd64 libnettle8 amd64 3.7.3-1 
[270 kB]
Get:2 http://deb.debian.org/debian unstable/main amd64 libhogweed6 amd64 
3.7.3-1 [320 kB]
Get:3 http://deb.debian.org/debian unstable/main amd64 auto-apt-proxy all 13.3 
[9320 B]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 600 kB in 0s (1898 kB/s)
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 18699 files and directories currently installed.)
Preparing to unpack .../libnettle8_3.7.3-1_amd64.deb ...
Unpacking libnettle8:amd64 (3.7.3-1) over (3.7.2-3) ...
Setting up libnettle8:amd64 (3.7.3-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading 

Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality

[stephane szyller]

hello

Thunderbird does connect with gmail imap server with The packages and the debian 
folderhttps://people.debian.org/~tijuca/thunderbird-bullseye/  

thanks a lot
Stéphane

Bug#964127: fixed in plplot 5.15.0+dfsg-20

[Dmitry Shachnev]

Rafael, thank you for applying the patch and for contacting upstream again.

I have just verified that your upload also builds fine with SIP 6 (which is
currently available in experimental).

On Sat, Jun 19, 2021 at 02:20:09PM +, Debian FTP Masters wrote:
> Source: plplot
> Source-Version: 5.15.0+dfsg-20
> Done: Rafael Laboissière 
>
> We believe that the bug you reported is fixed in the latest version of
> plplot, which is due to be installed in the Debian FTP archive.
>
> [...]
>
>  plplot (5.15.0+dfsg-20) experimental; urgency=medium
>  .
>* d/rules: Explicitly disable the building of Octave binding
>* Add support for SIP 5/6
>  + d/control: Build-Depends on python3-pyqtbuild and sip-tools
>instead of python3-pyqt5 and python3-sip-dev
>  + d/p/sip-build-support.patch: New patch
>  Thanks to Dmitry Shachnev  for the patch
>  (Closes: #964127)

--
Dmitry Shachnev


signature.asc
Description: PGP signature

Bug#942318: xserver-xorg-video-amdgpu: VGA output is not detected in Radeon R7 (Carrizo) only the HDMI works. Motherboard MSI A68HM-E33 v2

[Simon Iremonger (debian)]

Julian and bug 942318,

buster-backports now provides kernel 5.10.0-0.bpo.7 via the
buster-backports linux-image-amd64 linux-headers-amd64 packages.

Please confirm if this solves the issue for you, and close the bug.

--Simon

Bug#990079: chromium: Update Chromium to 91.0.4472.114

[Legimet ‎]

Package: chromium
Version: 90.0.4430.212-1
Severity: grave

Numerous security holes have been fixed in the latest version:
https://security-tracker.debian.org/tracker/source-package/chromium

Bug#990078: unblock: guile-2.2/2.2.7+1-6

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

unblock guile-2.2/2.2.7+1-6

Please unblock package guile-2.2

The test-out-of-memory test is known to fail intermittently, and has
done so again
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966301#46

We've previously disabled it in guile-3.0, and this release just
cherry-picks that change to guile-2.2.

https://salsa.debian.org/rlb/deb-guile/-/commit/e9341779527efccf736a2a3c737371a10bc8ec63



guile-2.2_2.2.7+1-5.4-to-6.debdiff
Description: guile-2.2_2.2.7+1-5.4-to-6.debdiff

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#990029: konsole: Application and global menu

[Stefano Callegari]

Il Sun, Jun 20, 2021 at 12:43:31AM +0900, Norbert Preining scrisse:
> Hi
> 
> > No, it's plasma.
> 
> Okay ... interesting.
> 
> > Attached.
> 
> Sorry my ignorance, but how did you configure Plasma to use this
> window-decoration less mode? Is this with kwin? With x11 or wayland?
> 

Kwin and X11.

I've tried wayland time ago, but some problems like no interaction between
applications (I don't remember the details), force me to back to X11.

This is Plasma Breeze Dark and Breeze for applcation style and window
decoration, where I did some little adjustament, nothing else. From
unstable/sid.

> My rather default setup does not move menues to the panel.

Uh... I hope my memory help me... ;)

I know two way: or you add the panel "application menu bar" or in the
default panel add the widget "global menu".

However you must running "application menu daemon" in Background Services
(needed also for the menu in the title bar).

It not seem me there needs more

Thanks

> 
> Best
> 
> Norbert
> 
> --
> PREINING Norbert  https://www.preining.info
> Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
> GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

-- 
Stefano Callegari
GnuPG Public Key Server: pgp.mit.edu

Bug#990077: unblock: apache2/2.4.48-2

[Yadd]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: secur...@debian.org

Please unblock package apache2

[ Reason ]
In the past we had some problems to follow CVE fixes for Apache2. For
Buster, we had to import the whole http2 module from 2.4.46 into 2.4.38
because it was impossible to apply the upstream fix due to module
changes. This isolated import was really risky but we didn't found a
better way.

Now the story restarts with CVE-2021-31618. The upstream fix is simple
but refers to other changes. In particular the whole SSL stack changed.
Even for Bullseye, there are too many differences between 2.4.46 and
2.4.48 to apply this fix.

Apache2 is RFH for years, but has too many reverse dependencies to be
removed from Bullseye (even if there are some alternatives).

Our current apache2 policy keeps a lot of (maybe unimportant) CVE
opened.

So we decided to follow upstream changes for Bullseye. So this is the
last version which fixes 6 CVEs (one grave)/

[ Impact ]
Multiple security issues.

[ Tests ]
Tests passed (autopkgtest)

[ Risks ]
Patch isn't trivial, but it looks like upstream provides version fully
tested.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
The dedbiff contains only debian/* changes. I found not interessant to
provide the real debdiff which is really big.

Cheers,
Yadd

unblock apache2/2.4.48-2
diff --git a/debian/apache2-data.lintian-overrides 
b/debian/apache2-data.lintian-overrides
index 902735d7..fa617892 100644
--- a/debian/apache2-data.lintian-overrides
+++ b/debian/apache2-data.lintian-overrides
@@ -1 +1,5 @@
 debian-changelog-file-is-a-symlink
+package-contains-documentation-outside-usr-share-doc 
usr/share/apache2/default-site/index.html
+package-contains-documentation-outside-usr-share-doc 
usr/share/apache2/error/include/bottom.html
+package-contains-documentation-outside-usr-share-doc 
usr/share/apache2/error/include/spacer.html
+package-contains-documentation-outside-usr-share-doc 
usr/share/apache2/error/include/top.html
diff --git a/debian/apache2.logrotate b/debian/apache2.logrotate
index 37c5f22e..9d2356da 100644
--- a/debian/apache2.logrotate
+++ b/debian/apache2.logrotate
@@ -1,20 +1,20 @@
 /var/log/apache2/*.log {
-   daily
-   missingok
-   rotate 14
-   compress
-   delaycompress
-   notifempty
-   create 640 root adm
-   sharedscripts
-   postrotate
-if invoke-rc.d apache2 status > /dev/null 2>&1; then \
-invoke-rc.d apache2 reload > /dev/null 2>&1; \
-fi;
-   endscript
-   prerotate
-   if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
-   run-parts /etc/logrotate.d/httpd-prerotate; \
-   fi; \
-   endscript
+daily
+missingok
+rotate 14
+compress
+delaycompress
+notifempty
+create 640 root adm
+sharedscripts
+prerotate
+   if [ -d /etc/logrotate.d/httpd-prerotate ]; then
+   run-parts /etc/logrotate.d/httpd-prerotate
+   fi
+endscript
+postrotate
+   if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
+   invoke-rc.d apache2 reload
+   fi
+endscript
 }
diff --git a/debian/changelog b/debian/changelog
index fa775057..fef71d5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,40 @@
-apache2 (2.4.46-6) unstable; urgency=medium
+apache2 (2.4.48-2) unstable; urgency=medium
+
+  * Back to unstable: Apache2 will follow upstream changes for Bullseye
+
+  [ Christian Ehrhardt ]
+  * d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068)
+
+ -- Yadd   Sat, 19 Jun 2021 17:50:29 +0200
+
+apache2 (2.4.48-1) experimental; urgency=medium
+
+  [ Daniel Lewart ]
+  * Update apache2.logrotate (Closes: #979813)
+
+  [ Andreas Hasenack ]
+  * Avoid test suite failure (Closes: #985012)
+
+  [ Yadd ]
+  * Update lintian overrides
+  * Re-export upstream signing key without extra signatures.
+
+  [ Ondřej Surý ]
+  * New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938,
+CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691,
+CVE-2021-30641, CVE-2021-31618)
+
+ -- Ondřej Surý   Tue, 08 Jun 2021 08:29:35 +0200
+
+apache2 (2.4.47-1) experimental; urgency=medium
+
+  * Update upstream keys file
+  * New upstream version 2.4.47
+  * Refresh patches
+
+ -- Yadd   Thu, 29 Apr 2021 08:03:33 +0200
+
+apache2 (2.4.48-1) experimental; urgency=medium
 
   * Fix various low security issues (Closes: CVE-2020-13950, CVE-2020-35452,
 CVE-2021-26690, CVE-2021-26691, CVE-2021-30641)
@@ -76,7 +112,7 @@ apache2 (2.4.43-1) unstable; urgency=medium
   * Fix logrotate script for multi-instance (Closes: #914606)
 
   [ Xavier Guimard ]
-  * New upstream version 2.4.43
+  * New upstream version 2.4.43 (Closes: CVE-2020-1927, 

Bug#970574: xserver-xorg-video-amdgpu: ABI changed (24.0 to 24.1) but not the dependencies

[Simon Iremonger (debian)]

GSR,

Buster now has xserver-xorg-core version  2:1.20.4-1+deb10u3
[in-between the versions you quoted] and bullseye now has a newer
newer  2:1.20.11-1 version.

Given the date of your bug-report, it looks like you had the old
2018 version of the xorg-xserver package even though the
buster package tas been updated twice since then to 2019 and
2020 versions.

See Changelog:-

https://metadata.ftp-master.debian.org/changelogs//main/x/xorg-server/xorg-server_1.20.4-1+deb10u3_changelog

In short, I think this bug report should now be closed unless there
is an apparent issue specifically in buster or bullseye now [??] ?

--Simon

Bug#974581: np longer able to set native resolution of Dell U3014

[Simon Iremonger (debian)]

Dear Janusz

linux-image-amd64 linux-headers-amd64 have now come out in version
5.10.0-0.bpo.7 in buster-backports.

Please confirm the issue is solved for you (or not) by using that
kernel as above, so the bug report can be prgressed or closed.

--Simon

Bug#985303: questions

[debian]

On 2021-06-19 13:20 6, Thomas Lange wrote:

Should fcopy always ignore substitutions if the target is a symlink?

No, just ignore substitution on dead symlinks.

I guess it could work when it's a relative symlink. Does it work with
the current implementation?

FILES_SYSTEMD_X11VNC_ENABLED is a symlink:
ls -al files/etc/systemd/system/graphical.target.wants/x11vnc.service/LIHAS_FILES_SYSTEMD_X11VNC_ENABLED 
lrwxrwxrwx 1 root root 34 Jun 19 17:32 files/etc/systemd/system/graphical.target.wants/x11vnc.service/LIHAS_FILES_SYSTEMD_X11VNC_ENABLED -> /etc/systemd/system/x11vnc.service

I can test current implementation on monday.

But what if the target is an absolute symlink to /whatever?

I mean it should replace it.

Then it would change a file during the initial installation that is
not under /target but inside the nfsroot.

Bug#990076: acngfs: incomplete files; download retries in a loop

[Dennis Filder]

Package: apt-cacher-ng
Version: 3.7.2-1
Severity: normal

I'm having a real hard time getting acngfs to work reliably, and it
starts straining my good will quite a bit.  The impression that I'm
getting is that it finishes system calls before the underlying
download has finished which manifests as hashes being calculated
incorrectly in aptitude/apt-get/apt which makes acngfs useless.

Other behaviour I'm observing: apt-cacher-ng constantly terminates
not-yet-finished downloads only to retry them anew quickly after which
results in a lot of wasted bandwidth and incomplete files under
/var/cache/apt-cacher-ng/debrep which I then have to delete manually
because for some reason apt-cacher-ng does not detect the corruption
itself.  I have observed the behaviour only when accessing files
through acngfs.  Downloading a file with wget using apt-cacher-ng as
the proxy works fine.

I run acngfs like this:

/usr/lib/apt-cacher-ng/acngfs http://deb.debian.org/debian \
/var/local/acngfs_debian proxy=127.0.0.1:3142 \
cachedir=/var/cache/apt-cacher-ng/debrep \
-o allow_root,auto_unmount,intr,intr_signal=10 -f -d

I took squid out of the picture, so I don't think it has anything to
do with this.

That's all I have.  I wish I could offer more details, but the
software is nigh undebuggable and its architecture completely
incomprehensible to me.


-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default

Versions of packages apt-cacher-ng depends on:
ii  adduser  3.118
ii  debconf [debconf-2.0]1.5.75
ii  dpkg 1.20.9
ii  libbz2-1.0   1.0.8-4
ii  libc62.31-12
ii  libevent-2.1-7   2.1.12-stable-1
ii  libevent-pthreads-2.1-7  2.1.12-stable-1
ii  libgcc-s110.2.1-6
ii  liblzma5 5.2.5-2
ii  libssl1.11.1.1k-1
ii  libstdc++6   10.2.1-6
ii  libsystemd0  247.3-5
ii  libwrap0 7.6.q-31
ii  lsb-base 11.1.0
ii  zlib1g   1:1.2.11.dfsg-2

Versions of packages apt-cacher-ng recommends:
ii  ca-certificates  20210119

Versions of packages apt-cacher-ng suggests:
pn  avahi-daemon  
ii  doc-base  0.11.1
ii  libfuse2  2.9.9-5

-- Configuration Files:
/etc/apt-cacher-ng/acng.conf changed [not included]
/etc/apt-cacher-ng/security.conf [Errno 13] Permission denied: 
'/etc/apt-cacher-ng/security.conf'

-- debconf information excluded

Bug#842676: (no subject)

[rk3968296]

Sent from my Samsung Galaxy smartphone.

Bug#990029: konsole: Application and global menu

[Norbert Preining]

Hi

> No, it's plasma.

Okay ... interesting.

> Attached.

Sorry my ignorance, but how did you configure Plasma to use this
window-decoration less mode? Is this with kwin? With x11 or wayland?

My rather default setup does not move menues to the panel.

Best

Norbert

--
PREINING Norbert  https://www.preining.info
Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#990072: Update

[Matthew Darwin]

Reverting to previous kernel resolves the issue temporarily.

Previous kernel is: 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 
(2021-03-19) x86_64 GNU/Linux

Bug#964127: marked as done (plplot: Please switch from sip4 to sip5)

[Rafael Laboissière]

Control: reopen -1
Control: tags -1 + fixed-in-experimental

I am hereby reopening this bug report and tagging it accordingly. The 
fixed version was uploaded to experimental and the version currently 
in sid and testing is impacted by the bug.


Rafael Laboissière

Bug#990075:

[Matthew Darwin]

Sorry, seems to be duplicate 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990072

Bug#987461: libuima-adapter-soap-java is empty

[tony mancill]

On Sat, Jun 19, 2021 at 10:29:25PM +0900, Hideki Yamane wrote:
> control: tags -1 +patch
> 
> On Sat, 24 Apr 2021 18:40:31 +0200 Chris Hofstaedtler  wrote:
> > It appears the change itself was intentional:
> > 
> > > uimaj (2.10.2-2) unstable; urgency=medium
> > > 
> > >   * No longer build the uimaj-adapter-soap module
> > > 
> > >  -- Emmanuel Bourg   Fri, 30 Nov 2018 09:07:17 +0100
> > 
> > However, the binary package should probably also have been removed.
> > 
> > Maintainers, please come to a conclusion regarding the now empty binary 
> > package.
> 
>  Okay, libuima-adapter-soap-java has no reverse dependency.
> 
> $ apt-rdepends -r libuima-adapter-soap-java
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> libuima-adapter-soap-java
> 
> 
>  So let's remove its binary package and add Breaks: to it.
>  MR is here, could someone review it, please?
>  https://salsa.debian.org/java-team/uimaj/-/merge_requests/1

Thank you for addressing this.  I will handle the merge and upload.

Just one quick question...  Why is the Breaks necessary?  Is it there to
force removal of libuima-adapter-soap-java when libuima-core-java is
upgraded?

Cheers,
tony

Bug#944188: /etc/msmtprc password disclosure

[Simon Deziel]

Hello

On 2021-06-19 9:52 a.m., nodiscc wrote:

I found 4 msmtp repositories on salsa.debian.org, is it this one?
https://salsa.debian.org/kolter/msmtp


Yes, ^ that's the one. Thanks

Simon

Bug#990075: lxc-attach fails after debian 10.10 update

[Matthew Darwin]

Package: lxc
Version: 1:3.1.0+really3.0.3-8
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Applied latest apt updates (debian 10.10) and rebooted.  After reboot, 
lxc-attach doesn't work.

from /var/log/apt/history.log:

Start-Date: 2021-06-19  12:27:42
Commandline: apt-get dist-upgrade
Requested-By: matthew (1011)
Install: linux-headers-4.19.0-17-common:amd64 (4.19.194-1, automatic), 
linux-headers-4.19.0-17-amd64:amd64 (4.19.194-1, automatic), 
linux-image-4.19.0-17-amd64:amd64 (4.19.194-1, automatic)
Upgrade: libapt-inst2.0:amd64 (1.8.2.2, 1.8.2.3),apt:amd64  (1.8.2.2, 1.8.2.3), 
mariadb-common:amd64 (1:10.3.27-0+deb10u1, 1:10.3.29-0+deb10u1), 
linux-compiler-gcc-8-x86:amd64 (4.19.181-1, 4.19.194-1), libklibc:amd64 
(2.0.6-1, 2.0.6-1+deb10u1), libcpupower1:amd64 (4.19.181-1, 4.19.194-1), 
libapt-pkg5.0:amd64 (1.8.2.2, 1.8.2.3), shim-helpers-amd64-signed:amd64 
(1+15+1533136590.3beb971+7+deb10u1, 1+15.4+5~deb10u1), linux-image-amd64:amd64 
(4.19+105+deb10u11, 4.19+105+deb10u12), libgcrypt20:amd64 (1.8.4-5, 
1.8.4-5+deb10u1), linux-headers-amd64:amd64 (4.19+105+deb10u11, 
4.19+105+deb10u12), libhogweed4:amd64 (3.4.1-1, 3.4.1-1+deb10u1), 
apt-utils:amd64 (1.8.2.2, 1.8.2.3), shim-unsigned:amd64 
(15+1533136590.3beb971-7+deb10u1, 15.4-5~deb10u1), shim-signed:amd64 
(1.33+15+1533136590.3beb971-7, 1.36~1+deb10u1+15.4-5~deb10u1), libnettle6:amd64 
(3.4.1-1, 3.4.1-1+deb10u1), libxml2:amd64 (2.9.4+dfsg1-7+deb10u1, 
2.9.4+dfsg1-7+deb10u2), libmariadb3:amd64 (1:10.3.27-0+deb10u1, 
1:10.3.29-0+deb10u1), libgnutls30:amd64 (3.6.7-4+deb10u6, 3.6.7-4+deb10u7), 
linux-kbuild-4.19:amd64 (4.19.181-1, 4.19.194-1), klibc-utils:amd64 (2.0.6-1, 
2.0.6-1+deb10u1), libglib2.0-0:amd64 (2.58.3-2+deb10u2, 2.58.3-2+deb10u3), 
shim-signed-common:amd64 (1.33+15+1533136590.3beb971-7, 
1.36~1+deb10u1+15.4-5~deb10u1), linux-cpupower:amd64 (4.19.181-1, 4.19.194-1), 
base-files:amd64 (10.3+deb10u9, 10.3+deb10u10)
End-Date: 2021-06-19  12:29:41


$ lxc-attach mar-mon1
lxc-attach: mar-mon1: lsm/lsm.c: lsm_process_label_set_at: 174 Operation not permitted - Failed to set 
AppArmor label 
"lxc-mar-mon1_//&:lxc-mar-mon1_<-var-lib-lxc>:unconfined"

The lxc-config file contains

lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1

The generated apparmor seems unchanged when I compare it to containers on a 
server I didn't reboot.
I did reboot 2 servers after this debian update, and both have this problem.


-- System Information:
Debian Release: 10.10
  APT prefers stable
  APT policy: (500, 'stable'), (90, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-17-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6  2.28-10
ii  libcap21:2.25-2
ii  libgnutls303.6.7-4+deb10u7
ii  liblxc11:3.1.0+really3.0.3-8
ii  libseccomp22.3.3-4
ii  libselinux12.8-1+b1
ii  lsb-base   10.2019051400

Versions of packages lxc recommends:
ii  apparmor   2.13.2-10
ii  bridge-utils   1.6-2
pn  debootstrap
ii  dirmngr2.2.12-1+deb10u1
pn  dnsmasq-base   
ii  gnupg  2.2.12-1+deb10u1
ii  iproute2   4.20.0-2+deb10u1
ii  iptables   1.8.2-4
pn  libpam-cgfs
pn  lxc-templates  
ii  lxcfs  3.0.3-2
ii  openssl1.1.1d-0+deb10u6
pn  rsync  
pn  uidmap 

Versions of packages lxc suggests:
pn  btrfs-progs  
pn  lvm2 
pn  python3-lxc  

Bug#990074: unblock: auto-apt-proxy/13.3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package auto-apt-proxy

This updates fixes a autopkgtest regression (#989776).

Starting with debci 3.0, the test beds have auto-apt-proxy preinstalled
in them, what breaks some assumptions of the tests, in special that the
apt usage in them is the first time auto-apt-proxy is being used. By
setting AUTO_APT_PROXY_NO_CACHE, we avoid auto-apt-proxy caching any
results from invocations prior to the test run itself.

This brings no risk to end users as the only changes are to the test
suite.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock auto-apt-proxy/13.3
diff --git a/debian/changelog b/debian/changelog
index 2ebd205..7d6e40d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+auto-apt-proxy (13.3) unstable; urgency=medium
+
+  * autopkgtest: cope with auto-apt-proxy being pre-installed (Closes: #989776)
+
+ -- Antonio Terceiro   Fri, 18 Jun 2021 22:51:34 -0300
+
 auto-apt-proxy (13.2) unstable; urgency=medium
 
   [ Antonio Terceiro ]
diff --git a/debian/tests/apt-cacher-ng.txt b/debian/tests/apt-cacher-ng.txt
index 20f0936..0b169a5 100644
--- a/debian/tests/apt-cacher-ng.txt
+++ b/debian/tests/apt-cacher-ng.txt
@@ -1,2 +1,3 @@
+$ export AUTO_APT_PROXY_NO_CACHE=1
 $ auto-apt-proxy 
 http://127.0.0.1:3142
diff --git a/debian/tests/apt-integration b/debian/tests/apt-integration
index ea29484..dfdc2fe 100755
--- a/debian/tests/apt-integration
+++ b/debian/tests/apt-integration
@@ -5,6 +5,7 @@ set -eu
 cd ${AUTOPKGTEST_TMP:-/tmp}
 unset no_proxy
 
+export AUTO_APT_PROXY_NO_CACHE=1
 apt-get source auto-apt-proxy
 
 grep auto-apt-proxy /var/log/apt-cacher-ng/apt-cacher.log


signature.asc
Description: PGP signature

Bug#987461: libuima-adapter-soap-java is empty

[Hideki Yamane]

control: tags -1 +patch

On Sat, 24 Apr 2021 18:40:31 +0200 Chris Hofstaedtler  wrote:
> It appears the change itself was intentional:
> 
> > uimaj (2.10.2-2) unstable; urgency=medium
> > 
> >   * No longer build the uimaj-adapter-soap module
> > 
> >  -- Emmanuel Bourg   Fri, 30 Nov 2018 09:07:17 +0100
> 
> However, the binary package should probably also have been removed.
> 
> Maintainers, please come to a conclusion regarding the now empty binary 
> package.

 Okay, libuima-adapter-soap-java has no reverse dependency.

$ apt-rdepends -r libuima-adapter-soap-java
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
libuima-adapter-soap-java


 So let's remove its binary package and add Breaks: to it.
 MR is here, could someone review it, please?
 https://salsa.debian.org/java-team/uimaj/-/merge_requests/1


-- 
Regards,

 Hideki Yamane henrich @ debian.org/iijmio-mail.jp

Bug#990073: dpkg-gencontrol: please expand binary packages in Built-Using to source and version

[Nicolas Boulenguez]

Package: dpkg-dev
Version: 1.20.9
Severity: wishlist

Hello.

This pattern seems common:
debian/rules:
  override_dh_gencontrol:
dh_gencontrol -- "-VBuilt-Using:P1=`dpkg-query -Wf'$${source:Package} 
(= $${source:Version})' P2`"
debian/control:
  Package: P1
  Built-Using: ${Built-Using:P1}

It would be convenient and less error-prone to write:
  Package: P1
  Built-Using: P2
and trust dpkg-gencontrol to replace P2 with the output of
  dpkg-query -Wf '${source:Package} (= ${source:Version})' P2

debian/rules could still use variables, but would not be forced to
deal with dpkg-query anymore.
  override_dh_gencontrol:
dh_gencontrol -- -VBuilt-Using:P1=$(if TEST,P2)

Especially, conditions depending on architectures or build profiles
could be expressed directly within debian/control:
  Built-Using: P2 [!arm64]

The rewriting should only affect valid package identitiers without
version restriction (after variable substitutions and architecture or
profile restrictions).  Since the Policy requires values matching
'SOURCE (= VERSION)', single identifiers are currently invalid.
Hence, the change would not affect existing packages or, more
generally, explicit values from the maintainer.

Bug#990072: lxc-attach fails after debian 10.10 update

[Matthew Darwin]

Package: lxc
Version: 1:3.1.0+really3.0.3-8
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Applied latest apt updates (debian 10.10) and rebooted.  After reboot, 
lxc-attach doesn't work.

from /var/log/apt/history.log:

Start-Date: 2021-06-19  12:27:42
Commandline: apt-get dist-upgrade
Requested-By: matthew (1011)
Install: linux-headers-4.19.0-17-common:amd64 (4.19.194-1, automatic), 
linux-headers-4.19.0-17-amd64:amd64 (4.19.194-1, automatic), 
linux-image-4.19.0-17-amd64:amd64 (4.19.194-1, automatic)
Upgrade: libapt-inst2.0:amd64 (1.8.2.2, 1.8.2.3), apt:amd64 (1.8.2.2, 1.8.2.3), 
mariadb-common:amd64 (1:10.3.27-0+deb10u1, 1:10.3.29-0+deb10u1), 
linux-compiler-gcc-8-x86:amd64 (4.19.181-1, 4.19.194-1), libklibc:amd64 
(2.0.6-1, 2.0.6-1+deb10u1), libcpupower1:amd64 (4.19.181-1, 4.19.194-1), 
libapt-pkg5.0:amd64 (1.8.2.2, 1.8.2.3), shim-helpers-amd64-signed:amd64 
(1+15+1533136590.3beb971+7+deb10u1, 1+15.4+5~deb10u1), linux-image-amd64:amd64 
(4.19+105+deb10u11, 4.19+105+deb10u12), libgcrypt20:amd64 (1.8.4-5, 
1.8.4-5+deb10u1), linux-headers-amd64:amd64 (4.19+105+deb10u11, 
4.19+105+deb10u12), libhogweed4:amd64 (3.4.1-1, 3.4.1-1+deb10u1), 
apt-utils:amd64 (1.8.2.2, 1.8.2.3), shim-unsigned:amd64 
(15+1533136590.3beb971-7+deb10u1, 15.4-5~deb10u1), shim-signed:amd64 
(1.33+15+1533136590.3beb971-7, 1.36~1+deb10u1+15.4-5~deb10u1), libnettle6:amd64 
(3.4.1-1, 3.4.1-1+deb10u1), libxml2:amd64 (2.9.4+dfsg1-7+deb10u1, 
2.9.4+dfsg1-7+deb10u2), libmariadb3:amd64 (1:10.3.27-0+deb10u1, 
1:10.3.29-0+deb10u1), libgnutls30:amd64 (3.6.7-4+deb10u6, 3.6.7-4+deb10u7), 
linux-kbuild-4.19:amd64 (4.19.181-1, 4.19.194-1), klibc-utils:amd64 (2.0.6-1, 
2.0.6-1+deb10u1), libglib2.0-0:amd64 (2.58.3-2+deb10u2, 2.58.3-2+deb10u3), 
shim-signed-common:amd64 (1.33+15+1533136590.3beb971-7, 
1.36~1+deb10u1+15.4-5~deb10u1), linux-cpupower:amd64 (4.19.181-1, 4.19.194-1), 
base-files:amd64 (10.3+deb10u9, 10.3+deb10u10)
End-Date: 2021-06-19  12:29:41


$ lxc-attach mar-mon1
lxc-attach: mar-mon1: lsm/lsm.c: lsm_process_label_set_at: 174 Operation not 
permitted - Failed to set AppArmor label 
"lxc-mar-mon1_//&:lxc-mar-mon1_<-var-lib-lxc>:unconfined"

The lxc-config file contains

lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1

The generated apparmor seems unchanged when I compare it to containers on a 
server I didn't reboot. 
I did reboot 2 servers after this debian update, and both have this problem.


-- System Information:
Debian Release: 10.10
  APT prefers stable
  APT policy: (500, 'stable'), (90, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-17-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6  2.28-10
ii  libcap21:2.25-2
ii  libgnutls303.6.7-4+deb10u7
ii  liblxc11:3.1.0+really3.0.3-8
ii  libseccomp22.3.3-4
ii  libselinux12.8-1+b1
ii  lsb-base   10.2019051400

Versions of packages lxc recommends:
ii  apparmor   2.13.2-10
ii  bridge-utils   1.6-2
pn  debootstrap
ii  dirmngr2.2.12-1+deb10u1
pn  dnsmasq-base   
ii  gnupg  2.2.12-1+deb10u1
ii  iproute2   4.20.0-2+deb10u1
ii  iptables   1.8.2-4
pn  libpam-cgfs
pn  lxc-templates  
ii  lxcfs  3.0.3-2
ii  openssl1.1.1d-0+deb10u6
pn  rsync  
pn  uidmap 

Versions of packages lxc suggests:
pn  btrfs-progs  
pn  lvm2 
pn  python3-lxc  

-- debconf information excluded

Bug#944188: /etc/msmtprc password disclosure

[nodiscc]

Hi,
I recently switched from the old, world-readable /etc/msmtprc file, to
root:msmtp ownership+sgid bit

After quickly reading this bug report I think the best solution is to
warn about this limitation in the docs (and maybe changelog).

> ...
> # chmod 0640 /etc/msmtprc
> # chgrp msmtp /etc/msmtprc
>
> And the msmtp binary can be "setgid" to execute as the "msmtp" group.
>
> CAUTION: the setgid protection mechanism can easily be worked around by
>  any user with the ability to run the msmstp command, for example:
>  msmtp --debug nob...@example.org < /dev/null (see Debian bug #944188)
>  If the SMTP credentials need better protection, please consider a
>  different MTA like exim or postfix that offer clear security 
> boundaries.

I think the current sgid mechanism is still better than having the
file world-readable
(an attacker must be able to execute arbitrary commands instead of
just being able to
read world-readable files)

The sgid bit itself can also probably be abused (because the program
is not written
in a safe/paranoid way) to run arbitrary commands as effective group id msmtp,
but as far a I know the only special privileges for this group in a
standard install is
to, well, read /etc/msmtprc

I'd like to send a patch for the documentation, but where is the
Debian package source?
I found 4 msmtp repositories on salsa.debian.org, is it this one?
https://salsa.debian.org/kolter/msmtp

Thanks

Bug#920567: bash: dpkg-reconfigure: command not found

[Colin Watson]

On Tue, Jun 11, 2019 at 08:02:34PM +0200, Jiri Palecek wrote:
>On Sun, 27 Jan 2019 09:12:32 +0600 Thulium Equasman
> wrote:
>> I got the message "bash: dpkg-reconfigure: command not found
>> " when I ran `dpkg-reconfigure fontconfig-config`. I ran this command as
>root.
>> I then ran `echo $PATH` and the following appeared
>> "/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games". I searched
>for
> 
>How did you get your root shell? If that was by running "su", what you
>describe is actually expected. You should use "su -". See
>
> [1]https://unix.stackexchange.com/questions/460478/debian-su-and-su-path-differences
>for more information about that.

Indeed.  See also https://bugs.debian.org/910810.  I'm closing this,
since it's not a debconf bug.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#990071: heaptrack: man page points to non-existent "full documentation" in info

[David Bremner]

Package: heaptrack
Version: 1.2.0-1+b1
Severity: minor

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I guess it's help2man boilerplate or similar but


   The  full documentation for heaptrack is maintained as a Texinfo manual. 
 If the info and heaptrack pro‐
   grams are properly installed at your site, the command

  info heaptrack

   should give you access to the complete manual.

is not helpful, since "info heaptrack" just brings a worse version of the page 
already being viewed.


- -- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-security'), (500, 
'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages heaptrack depends on:
ii  libboost-iostreams1.74.01.74.0-9
ii  libboost-program-options1.74.0  1.74.0-9
ii  libc6   2.31-12
ii  libgcc-s1   10.2.1-6
ii  libheaptrack1.2.0-1+b1
ii  libstdc++6  10.2.1-6

heaptrack recommends no packages.

heaptrack suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmDN5fUACgkQA0U5G1Wq
FSFoYA//daeiloRDsRzvF9Cwuf9Q92UBBenh22vCXkopz70gIXhBZWzi0biV3tht
NYfpwb3GEjM7ncR7oJMqTeDE4gfri0jmeza1K0H2oALzNCdCUCH1CztT8CSOti7A
21h3DK5maiabrxPkEIVzzQH7oTkRdc5XCnBZLbGABspRhsJG1KEBUx38dnTs9x21
hWcidQ5DrBK1WNJ6ZFENVkueXcv0K1eS/G+i9t16qTmRFjTPRcf5abeLMvH3kIVO
TxE312vfuEhwpDwPjaEBou30/OmWXtIw0DTIYADZp4PCaF5S2fHR7BwY/wV3ybdZ
d38PldMK2awzaCE6sgzMHsjLsTPZsGDhHi955J3V48h6u8OONv9HUWPwQBfbSzZN
EG8sMX9ninmjnmzVV72e9fNX+ruewdVyfPRQ2Zx1B0+v2pt/nH4mbrX+0jJ83kGJ
oCXT2sNSlN/9fdc2eTSd6+Ha5N80NvNzfiSGoKoaHRCU6QSi8cXnMVGkTDaXWZ5L
LbqN1PhBNVaGaHH7AE93Zis25rEvdJshNU56agp4V93cepV2mUSMEm7Zgx72+tCz
fZv6DHZ8G3zzx0aFhKP1mPof6JmvAH+B4oYOtCoGYjujO0tDLOm1z4/lUYSsMGE6
CQzqbflViGpxzR1iBvdpCeNg2Fr1KLxpVG01/eSHY4Hx35WEESk=
=nJ7a
-END PGP SIGNATURE-

Bug#924643: RFS: colorzero/2.0-1 [ITP] -- Construct, convert, and manipulate colors in a Pythonic manner.

[Peter Green]

Just done some reviewing/tweaking. I've pushed the following changes to the git 
repo, please
tell me if you have any objections.

I added a gpb.conf to make git-buildpackage actually use pristine tar and hence 
result in an orig
tarball that was consistent with what is already in Ubuntu.

I found the clean target was not cleaning up the "egg-info" so I added a 
command to do that.

I added a closes: entry for the ITP bug.

---

That leaves one issue that I think still needs to be sorted before I sponsor 
the package.

The file "copyrights" has no license header and the git history says it was 
copied but not where
from. Poking around I discovered a script of the same name in gpiozero, 
containing what appears
to be the same code and committed by you with a commit message of "create copyright 
header", so
I presume this script is entirely your work, assuming it is I would suggest 
adding a copyright
header upstream and then picking the commit up as a Debian patch until there is 
another upstream
release.

Finally would you consider adding me as a co-maintainer.

Bug#990069: openssh-server: Not accepting new connections during Debian 10 -> 11 upgrade

[Colin Watson]

On Sat, Jun 19, 2021 at 12:53:48PM +0200, Olaf van der Spek wrote:
> During a Debian 10 -> 11 upgrade, the SSH server doesn't appear to be 
> accepting new connections. IMO this is less than optimal, and not sure if 
> this was always the case.
> Would it be possible to keep accepting connections, or at least to make the 
> time window in which SSH is down as short as possible?

That's odd, because we already take care to do that.  Any chance of some
logs?  I think the most useful things would be /var/log/dpkg.log,
/var/log/apt/term.log, and the bits of "journalctl -b -u ssh.service"
that show when sshd stopped and started.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#990070: irssi: -actcolor parameter for /highlight is not always respected

[Judit Foglszinger]

Package: irssi
Version: 1.2.3-1
Severity: minor

Hi,

while trying to set two differently colored highlights for my nickname,
depending on if it's the first word in the line or not,
I observed the following.
(as using a random word had the same results, I'll use the string "aaa" here)

Commands used:

/hilight -actcolor %G  -color %G -regexp (?!^)aaa
/hilight -actcolor %M  -color %M -regexp ^aaa

Expected behaviour:
- If "aaa" is at the beginning of a line (eg  aaa is this),
  there is a magenta colored highlight,
  both in the status bar and in the channel where "aaa" was written.
- If "aaa" is somewhere else than the beginning of line (eg  this is aaa),
  both highlights happen in green.

Actual behaviour:
- If "aaa" is at the beginning of a line (eg  aaa is this),
  there is a magenta colored highlight in the channel where "aaa" was written,
  but the highlight in the status bar is green.
- If "aaa" is somewhere else than the beginning of line (eg  this is aaa),
  both highlights happen in green as expected.

If
/hilight -actcolor %M  -color %M -regexp ^aaa
is used alone, the coloring is as expected,
so the two commands seem to interfere with each other;
though not sure how, because if one command just would falsely match both cases,
I'd expect both colors being wrong.


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages irssi depends on:
ii  libc6   2.31-11
ii  libglib2.0-02.66.8-1
ii  libperl5.32 5.32.1-3
ii  libssl1.1   1.1.1k-1
ii  libtinfo6   6.2+20201114-2
ii  perl5.32.1-3
ii  perl-base [perlapi-5.32.1]  5.32.1-3

irssi recommends no packages.

Versions of packages irssi suggests:
pn  irssi-scripts  

-- no debconf information

Bug#990037: Acknowledgement (unblock: kid3/3.8.5-2)

[Patrick Matthäi]

retitle 990037 unblock: kid3/3.8.5-3
thanks

Am 18.06.21 um 16:15 schrieb Debian Bug Tracking System:

Thank you for filing a new Bug report with Debian.

You can follow progress on this Bug here: 990037: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990037.


Hi,

sorry pls unblock 3.8.5-3. I have added a missing breaks / replaces for 
safety (apt and apt-get do not complain, hmkay):


diff -Naur 3.8.5-2/debian/changelog 3.8.5-3/debian/changelog
--- 3.8.5-2/debian/changelog    2021-06-18 15:59:46.355258057 +0200
+++ 3.8.5-3/debian/changelog    2021-06-19 13:17:55.952281139 +0200
@@ -1,3 +1,9 @@
+kid3 (3.8.5-3) unstable; urgency=medium
+
+  * Add missing breaks and replaces from the last upload.
+
+ -- Patrick Matthäi   Sat, 19 Jun 2021 13:17:06 +0200
+
 kid3 (3.8.5-2) unstable; urgency=medium

   * Cleanup manpage installing. The old method is obsolet and buggy. All
diff -Naur 3.8.5-2/debian/control 3.8.5-3/debian/control
--- 3.8.5-2/debian/control  2021-06-18 15:59:46.351258076 +0200
+++ 3.8.5-3/debian/control  2021-06-19 13:17:56.008280861 +0200
@@ -32,8 +32,12 @@
 Architecture: any
 Depends: ${shlibs:Depends},
  ${misc:Depends}
-Breaks: kid3 (<< 3.0.2-2)
-Replaces: kid3 (<< 3.0.2-2)
+Breaks: kid3 (<< 3.8.5-2),
+ kid3-cli (<< 3.8.5-2),
+ kid3-qt (<< 3.8.5-2)
+Replaces: kid3 (<< 3.8.5-2),
+ kid3-cli (<< 3.8.5-2),
+ kid3-qt (<< 3.8.5-2)
 Description: Audio tag editor core libraries and data
  With Kid3, an ID3 tag editor for KDE you can:
   * Edit ID3v1.1 tags in your MP3 files

Bug#990059: Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality

[Kevin Locke]

Hi Carsten,

On Sat, 2021-06-19 at 09:00 +0200, Carsten Schoenert wrote:
> To prevent quite a lot of work on all involved parties with not that
> much gain in the end I'd suggest to go back to my option B that was to
> (re)build Thunderbird with it's internal shipped NSS version.

Sure, that works for me.  If the other stakeholders (security and
release teams?) are ok with that plan, I'll close Bug #990059.
I think Bug #990058 should remain open until fixed in either case.

> I've done such a rebuild of 78.11.0 together with the internal NSS
> library and so far I don't see any TLS/SSL related issue as before.
> 
> The packages and the debian folder can be found here
> 
> https://people.debian.org/~tijuca/thunderbird-bullseye/

I gave it a try and it works well on my system with either libnss3
2:3.61-1 or 2:3.67-1 installed.  (It doesn't appear to use libnss3, as
you said, but I can't uninstall it due to other rdepends on my system).

Thanks again,
Kevin

Bug#985303: questions

[Thomas Lange]

Should fcopy always ignore substitutions if the target is a symlink?
I guess it could work when it's a relative symlink. Does it work with
the current implementation?

But what if the target is an absolute symlink to /whatever?
Then it would change a file during the initial installation that is
not under /target but inside the nfsroot.


-- 
viele Grüße Thomas

Bug#982849: Occasional t/exception.t test failure

[Jonas Smedegaard]

Thanks, Sandro!

Quoting Sandro Mani (2021-02-15 11:38:10)
> t/exception.t occasionally fails as follows
> 
> # Failed test 'detect licensing "(GPL-2+ and/or LGPL-2.1+) with SDC 
> exception" for sdc.py'
> # at t/exception.t line 179.
> # +-++-+
> # | GOT | OP | CHECK   |
> # +-++-+
> # | (GPL-2+ and/or LGPL-2.1) with S | eq | (GPL-2+ and/or LGPL-2.1+) with  |
> # | DC exception    |    | SDC exception   |
> # +-++-+
> # Seeded srand with seed '20210215' from local date.
> t/exception.t .. Dubious, test returned 1 (wstat 256, 0x100)
> Failed 1/44 subtests

There is two parts to this issue:

Main issue is that results are not deterministic.  That issue is in Perl 
module Regexp::Pattern::License, now tracked at 
https://bugs.debian.org/989912 thanks to Walter Lozano.

The other issue, masked by above (most of the time but not always, which 
was driving me crazy until you filed this report), is that the the test 
is wrongly matched as "GPL-2+ and/or LGPL-2.1" with above bug fixed.  
This is most likely an issue in Licensecheck itself related to the 
complex mixture of legacy custom patterns and structured 
Regexp::Pattern::License patterns...


> To reproduce:
> 
> cd App-Licensecheck-v3.1.1
> while true; do PERL_DL_NONLAZY=1 "/usr/bin/perl" 
> "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef 
> *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" 
> t/exception.t || break; done

Very helpful, thanks!

The issue is unrelated to installer, so this simpler command suffice:

  while true; do prove -l t/exception.t || break; done


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#990069: openssh-server: Not accepting new connections during Debian 10 -> 11 upgrade

[Olaf van der Spek]

Package: openssh-server
Version: 1:8.4p1-5
Severity: normal

Dear Maintainer,

During a Debian 10 -> 11 upgrade, the SSH server doesn't appear to be accepting 
new connections. IMO this is less than optimal, and not sure if this was always 
the case.
Would it be possible to keep accepting connections, or at least to make the 
time window in which SSH is down as short as possible?

Greetings,

Olaf

-- System Information:
Debian Release: 11.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.71
ii  dpkg   1.19.7
ii  libaudit1  1:2.8.4-3
iu  libc6  2.31-12
ii  libcom-err21.44.5-1+deb10u3
ii  libcrypt1  1:4.4.18-4
ii  libgssapi-krb5-2   1.17-3+deb10u1
ii  libkrb5-3  1.17-3+deb10u1
ii  libpam-modules 1.3.1-5
ii  libpam-runtime 1.3.1-5
ii  libpam0g   1.3.1-5
ii  libselinux13.1-3
ii  libssl1.1  1.1.1d-0+deb10u6
ii  libsystemd0241-7~deb10u7
ii  libwrap0   7.6.q-28
ii  lsb-base   10.2019051400
iu  openssh-client 1:8.4p1-5
iu  openssh-sftp-server1:8.4p1-5
ii  procps 2:3.3.15-2
iu  runit-helper   2.10.3
ii  ucf3.0038+nmu1
ii  zlib1g 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  241-7~deb10u7
ii  ncurses-term 6.1+20181013-2+deb10u2
ii  xauth1:1.0.10-1

Versions of packages openssh-server suggests:
pn  molly-guard   
pn  monkeysphere  
pn  ssh-askpass   
pn  ufw   

-- debconf information:
  openssh-server/permit-root-login: true
  openssh-server/password-authentication: true

Bug#988089: [debian-mysql] Bug#988089: Bug#988089: mariadb-server: MariaDB uninstalled on dist-upgrade Debian 10 -> 11

[Olaf van der Spek]

> Op za 22 mei 2021 om 23:30 schreef Otto Kekäläinen :
> > Would somebody like to review/test it?

Doesn't seem to be working for me:

# apt full-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages will be REMOVED:
  libpython-stdlib mariadb-client-10.3 mariadb-client-core-10.3
mariadb-server mariadb-server-10.3 mariadb-server-core-10.3 python
python-minimal
The following packages will be upgraded:
  galera-3 libpython2-stdlib libpython2.7-minimal libpython2.7-stdlib
python2 python2-minimal python2.7 python2.7-minimal
8 upgraded, 0 newly installed, 8 to remove and 0 not upgraded.

# apt dist-upgrade -o Debug::pkgDepCache::AutoInstall=1 -o
Debug::pkgDepCache::Marker=1 -o Debug::pkgProblemResolver=1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
  MarkInstall initramfs-tools-core:amd64 < 0.140 @ii mK NPb IPb > FU=0
  ignore old unsatisfied important dependency on pigz:amd64
   Delayed Removing: libpython-stdlib:amd64 as upgrade is not an
option for python2.7-minimal:amd64 (2.7.18-7)
   Delayed Removing: python:amd64 as upgrade is not an option for
python2.7-minimal:amd64 (2.7.18-7)
   Delayed Removing: python-minimal:amd64 as upgrade is not an option
for python2.7-minimal:amd64 (2.7.18-7)
  MarkInstall python2.7-minimal:amd64 < 2.7.16-2+deb10u1 -> 2.7.18-7
@ii umU Ib > FU=0
  MarkDelete libpython-stdlib:amd64 < 2.7.16-1 @ii mK Ib > FU=0
  MarkDelete python:amd64 < 2.7.16-1 @ii mK Ib > FU=0
  MarkDelete python-minimal:amd64 < 2.7.16-1 @ii mK Ib > FU=0
  MarkInstall iptables:amd64 < 1.8.7-1 @ii mK NPb IPb > FU=0
  ignore old unsatisfied important dependency on nftables:amd64
  MarkInstall mariadb-server:amd64 < 1:10.3.29-0+deb10u1 ->
1:10.5.10-2 @ii umU Ib > FU=0
  Installing mariadb-server-10.5:amd64 as Depends of mariadb-server:amd64
 Delayed Removing: mariadb-server-10.3:amd64 as upgrade is not an
option for mariadb-server-10.5:amd64 (1:10.5.10-2)
 Delayed Removing: mariadb-server-10.3:amd64 as upgrade is not an
option for mariadb-server-10.5:amd64 (1:10.5.10-2)
MarkInstall mariadb-server-10.5:amd64 < none -> 1:10.5.10-2 @un uN Ib > FU=0
Installing galera-4:amd64 as Depends of mariadb-server-10.5:amd64
  MarkKeep galera-3:amd64 < 25.3.25-2 -> 25.3.31-2+b1 @ii umU > FU=0
   Delayed Removing: galera-3:amd64 as upgrade is not an option
for galera-4:amd64 (26.4.8-1)
   Delayed Removing: galera-3:amd64 as upgrade is not an option
for galera-4:amd64 (26.4.8-1)
   Delayed Removing: galera-3:amd64 as upgrade is not an option
for galera-4:amd64 (26.4.8-1)
   Delayed Removing: galera-3:amd64 as upgrade is not an option
for galera-4:amd64 (26.4.8-1)
  MarkInstall galera-4:amd64 < none -> 26.4.8-1 @un uN Ib > FU=0
  MarkDelete galera-3:amd64 < 25.3.25-2 | 25.3.31-2+b1 @ii umH Ib > FU=0
Installing mariadb-client-10.5:amd64 as Depends of mariadb-server-10.5:amd64
   Delayed Removing: mariadb-client-10.3:amd64 as upgrade is not
an option for mariadb-client-10.5:amd64 (1:10.5.10-2)
   Delayed Removing: mariadb-client-10.3:amd64 as upgrade is not
an option for mariadb-client-10.5:amd64 (1:10.5.10-2)
   Delayed Removing: mariadb-client-core-10.3:amd64 as upgrade is
not an option for mariadb-client-10.5:amd64 (1:10.5.10-2)
  MarkInstall mariadb-client-10.5:amd64 < none -> 1:10.5.10-2 @un
uN Ib > FU=0
  Installing mariadb-client-core-10.5:amd64 as Depends of
mariadb-client-10.5:amd64
 Delayed Removing: mariadb-client-core-10.3:amd64 as upgrade
is not an option for mariadb-client-core-10.5:amd64 (1:10.5.10-2)
 Delayed Removing: mariadb-client-core-10.3:amd64 as upgrade
is not an option for mariadb-client-core-10.5:amd64 (1:10.5.10-2)
MarkInstall mariadb-client-core-10.5:amd64 < none ->
1:10.5.10-2 @un uN Ib > FU=0
MarkDelete mariadb-client-core-10.3:amd64 <
1:10.3.29-0+deb10u1 @ii mK Ib > FU=0
  MarkDelete mariadb-client-10.3:amd64 < 1:10.3.29-0+deb10u1 @ii
mK Ib > FU=0
Installing mariadb-server-core-10.5:amd64 as Depends of
mariadb-server-10.5:amd64
   Delayed Removing: mariadb-server-core-10.3:amd64 as upgrade is
not an option for mariadb-server-core-10.5:amd64 (1:10.5.10-2)
   Delayed Removing: mariadb-server-10.3:amd64 as upgrade is not
an option for mariadb-server-core-10.5:amd64 (1:10.5.10-2)
   Delayed Removing: mariadb-server-core-10.3:amd64 as upgrade is
not an option for mariadb-server-core-10.5:amd64 (1:10.5.10-2)
  MarkInstall mariadb-server-core-10.5:amd64 < none -> 1:10.5.10-2
@un uN Ib > FU=0
  MarkDelete mariadb-server-core-10.3:amd64 < 1:10.3.29-0+deb10u1
@ii mK Ib > FU=0
  MarkDelete mariadb-server-10.3:amd64 < 1:10.3.29-0+deb10u1 @ii
mK Ib > FU=0
MarkKeep python-minimal:amd64 < 2.7.16-1 @ii mR > FU=0
  MarkInstall libcap2-bin:amd64 < 1:2.44-1 @ii mK NPb IPb > FU=0
  ignore old unsatisfied important dependency on 

Bug#973564: qutebrowser opens with only a blank black screen

[Fritz Reichwald]

Hi,

Sorry for taking that long to respond. Does this issue still exist?
If yes I would ask you to try to reproduce it with another Browser using
qtwebengine for example Falkon and check if you see the same Problem. If
yes there is a general problem with webengine that is most likely not
related to qutebrowser.

Thanks for yor report!
Cheers Fritz

-- 
Fritz Reichwald
Linux Consultant
Tel: +49 160 8452444
Mail: reichw...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537


signature.asc
Description: PGP signature

Bug#990068: unblock: tor/0.4.5.9-1

[Peter Palfrader]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package tor

unblock tor/0.4.5.9-1

This is a security update fixing the same issues as have been fixed for
stable already in DSA 4932-1, viz. Debian#99000, CVE-2021-34548,
CVE-2021-34549, CVE-2021-34550 -- https://bugs.debian.org/99.

The version already passes autopkgtests, and so should migrate by itself
after 20 days, cf.
https://qa.debian.org/excuses.php?package=tor

However, it'd be greate if this could be changed to something less, say
5 days or even sooner?

Thanks,
weasel
-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#990052: Looks like this transition is not completed

[Pirate Praveen]

Control: forwarded -1 
https://github.com/DefinitelyTyped/DefinitelyTyped/pull/44365

Seems this transition is not completed.



pEpkey.asc
Description: application/pgp-keys

Bug#966218: firmware: failed to load iwl-debug-yoyo.bin (-2)

[Philip Wyett]

On Sat, 29 May 2021 23:15:26 -0400 Daniel Serpell  
wrote:
> Package: src:linux
> Version: 5.10.40-1
> Followup-For: Bug #966218
> 
> Dear maintainer,
> 
> This bug is still present in current linux version (5.10.40-1).
> 
> This is the extract from kernel logs, shown in red with dmesg and journalctl:
> 
> [4.029767] Intel(R) Wireless WiFi driver for Linux
> [4.031188] i915 :00:02.0: vgaarb: changed VGA decodes:
olddecodes=io+mem,decodes=io+mem:owns=io+mem
> [4.033427] iwlwifi :00:14.3: firmware: direct-loading firmware 
> iwlwifi-QuZ-a0-hr-b0-
59.ucode
> [4.033437] iwlwifi :00:14.3: api flags index 2 larger than supported 
> by driver
> [4.033449] iwlwifi :00:14.3: TLV_FW_FSEQ_VERSION: FSEQ Version: 
> 65.3.35.22
> [4.033702] iwlwifi :00:14.3: loaded firmware version 59.601f3a66.0 
> QuZ-a0-hr-b0-59.ucode
op_mode iwlmvm
> [4.033719] iwlwifi :00:14.3: firmware: failed to load 
> iwl-debug-yoyo.bin (-2)
> [4.033726] firmware_class: See https://wiki.debian.org/Firmware for 
> information about missing
firmware
> [4.035880] i915 :00:02.0: firmware: direct-loading firmware 
> i915/kbl_dmc_ver1_04.bin
> [4.036287] i915 :00:02.0: [drm] Finished loading DMC firmware 
> i915/kbl_dmc_ver1_04.bin
(v1.4)
> [4.037965] uvcvideo: Found UVC 1.00 device HD WebCam (04f2:b5c5)
> 
>  

Hi,

Easy way to suppress this warning for me is (mentioned above, but simplified 
here).

Create file below.

  sudo nano /etc/modprobe.d/iwlwifi.conf

Add the following in the file.

  options iwlwifi enable_ini=N

Save and close file, then reboot. The message should now be gone.

Regards

Phil

-- 
*** Playing the game for the games own sake. ***

WWW: https://kathenas.org

Twitter: @kathenasorg

Instagram: @kathenasorg

IRC: kathenas

GPG: 724AA9B52F024C8B


signature.asc
Description: This is a digitally signed message part

Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality

[Carsten Schoenert]

Hello Mina,

Am 19.06.21 um 09:33 schrieb Mina Morcose Farage:
...
>> I've done such a rebuild of 78.11.0 together with the internal NSS
>> library and so far I don't see any TLS/SSL related issue as before.
>>
>> The packages and the debian folder can be found here
>>
>> https://people.debian.org/~tijuca/thunderbird-bullseye/
>>
> i tested your version i can confirm  it's working on testing

thanks for testing and confirming the working functionality!

-- 
Regards
Carsten

Bug#990067: Copyright file has license inconsistencies under 'BSD-2-Clause'

[Ayan Mahapatra]

Package: util-linux
Version: 2.36.1-7

1. The copyright file has a License paragraph with `License: BSD-2-Clause`
at line 402,
with a license paragraph which is not the license text for `BSD-2-Clause`
(https://spdx.org/licenses/BSD-2-Clause.html), but only the 2 clauses
(mentioning the disclaimer) without the disclaimer.
The text in the copyright file is:

```
License: BSD-2-clause
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.

```

2. The files refer to the license `License: BSD-2-clause` in the Files
Paragraph, are:
- `text-utils/pg.c`
- `login-utils/last-deprecated.c`
- `login-utils/login.c`

But, they have different licenses in them, which is not consistent with
what is reported
in the copyright file. The license text in the file `text-utils/pg.c` is
BSD-3-clause:

```
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *notice, this list of conditions and the following disclaimer in the
 *documentation and/or other materials provided with the distribution.
 * 3. [deleted]
 * 4. Neither the name of Gunnar Ritter nor the names of his contributors
 *may be used to endorse or promote products derived from this software
 *without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY GUNNAR RITTER AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL GUNNAR RITTER OR CONTRIBUTORS BE
LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
```

The license text in the file `login-utils/login.c` is
https://scancode-licensedb.aboutcode.org/bsla.html:
```
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by the University of California, Berkeley.  The name of the
 * University may not be used to endorse or promote products derived
 * from this software without specific prior written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
```

The file `login-utils/last-deprecated.c` is not present anywhere, and the
`login-utils/last.c`
has a `gpl-2.0-plus` license text:

```
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA
```

These should be reported correctly in the copyright file. I'm interested in
creating a patch for the same.

This is also applicable to all the copyright files of the individual
packages util-linux
depends on (`libblkid1`, `libsmartcols1`, `bsdutils`, `mount`, `libuuid1`,
`libmount1`.),
since they have the same copyright file.
https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.36.1-7_copyright

This was discovered here
https://github.com/nexB/scancode-toolkit/issues/2555 while working
on improving license detection in debian 

Bug#989839: Thunderbird 1:78.11.0-1 in testing lacks full functionality

[Carsten Schoenert]

Hello Kevin, hello Sebastian,

thanks for working on this issue in between times, I wasn't able to do
anything practically the last days.

Am 18.06.21 um 23:31 schrieb Kevin Locke:
> Hi Sebastian,
> 
> On Fri, 2021-06-18 at 22:26 +0200, Sebastian Ramacher wrote:
>> Thanks for this detailed analysis. That actually means that the symbol
>> file for libnss3 2:3.67-1 is broken. It would need to bump the minimum
>> version requirement for all symbols that works with SSLChannelInfo. From
>> your description, at least the version for SSL_GetChannelInfo would need
>> to be bumped. If thunderbird would then be built against a libnss3
>> version with a fixed symbol files, it would pick up tight enought
>> dependencies.
>>
>> So ideally the bug against thunderbird would be reassigned to libnss3
>> 2:3.67-1 and its severits raised to serious. Once fixed, we can rebuild
>> thunderbird to pick up the correct depedencies.
> 
> Good point.  Fixing the libnss3 symbol file sounds like the right fix to
> me.  As far as I can tell SSL_GetChannelInfo is the only symbol which
> takes SSLChannelInfo.  I've opened https://bugs.debian.org/990058 with
> the proposed fix.

Fixing libnss3 is obviously the correct thing anyway. But this will take
its time to get it landed into bullseye.

>> But since that version of libnss3 is not in bullseye, the rebuild would
>> not be abile to migrate. Ideally libnss3 would be reverted to the
>> version in bullseye to avoid this issue. Otherwise I can schedule
>> binNMUs of thunderbird in tpu, but that means that we would need to do
>> that for any thunderbird upload that we want in bullseye until the
>> release. That is suboptimal - it's more work with less testing.
> 
> That may be tricky.  firefox 88.0.1-1 in unstable depends on
> libnss3 (>= 2:3.63~).  If the maintainers are willing to upload an NSS
> version between 2:3.63 and 2:3.65, I believe that would solve the issue
> without breaking firefox.  (2:3.63-1 is the only suitable version
> in debian/changelog.)  I've opened https://bugs.debian.org/990059 to
> discuss.

To prevent quite a lot of work on all involved parties with not that
much gain in the end I'd suggest to go back to my option B that was to
(re)build Thunderbird with it's internal shipped NSS version.

Looking at "Help - Troubleshooting Information" I can see now that
Thunderbird is expecting NSS 3.51.1 (instead of 3.63) which gets
provided by exact this version (internally).

There will be only one more real ESR version 78.12.0 before the ESR
version will get bumped to 91.x. So in my eyes it's acceptable that we
start right now to use the internal shipped NSS version. We will need to
do this any way together with the new ESR version is getting prepared
for bullseye-security.
(To be honest, there will also be 78.{13-15}.0 before we probably be
ready for 91.3.0. In the past we've been very conservative with
uploading fresh and new ESR version to stable-security due limited
resources for testing before.)

I've done such a rebuild of 78.11.0 together with the internal NSS
library and so far I don't see any TLS/SSL related issue as before.

The packages and the debian folder can be found here

https://people.debian.org/~tijuca/thunderbird-bullseye/

I used a chroot of unstable to built the packages but all required
versions can get fulfilled in testing (libnss3 isn't a dependency now as
the internal version is used and dpkg-shlipdeps isn't adding any
dependency to this).
Thus we could simply use the usual way to update Thunderbird via
unstable in testing.

-- 
Regards
Carsten

Bug#990066: unblock: distcc/3.3.2-10+deb10u1

[Christian Marillat]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: maril...@debian.org

Please unblock package distcc

The Debian script update-distcc-symlinks who generate gcc/clang symlinks in
/usr/lib/distcc doesn't work with gcc cross compiler and clang.

This bug has been "fixed" in 3.3.2-6 by installing the upstream python
script, but I reverted to the Debian perl script in 3.3.2-8 to not depends
on python3 without reopening/fixing bug #919704

The updated code come from the unstable package (Fixed in 3.3.3-1).

[ Impact ]
Users can't use distcc with clang and gcc cross compiler.

[ Tests ]
The same code is in unstable since august 2019 without problem.

[ Risks ]
No risk.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock distcc/3.3.2-10+deb10u1



distcc_3.3.2-10+deb10u1.debdiff
Description: Binary data

Bug#990065: unblock: squid-deb-proxy/0.8.15+nmu1

[Hideki Yamane]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package squid-deb-proxy

[ Reason ]
 squid-deb-proxy needs its apparmor profile to work.

[ Impact ]
 squid-deb-proxy does not work on bullseye
 (There's a alternative, so not grave for all users).

[ Tests ]
 Tested on KVM bullseye environment, it does not work well without
 this changes as the bug report says, and patched system works fine.

[ Risks ]
 None, IMHO.
  - It's leaf package
  - Its change does not affect its behavior, it's just for apparmor and
does not affect other package, too.
  - Code is trivial one

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock squid-deb-proxy/0.8.15+nmu1
diff -Nru squid-deb-proxy-0.8.15/debian/apparmor-profiles/squid-deb-proxy 
squid-deb-proxy-0.8.15+nmu1/debian/apparmor-profiles/squid-deb-proxy
--- squid-deb-proxy-0.8.15/debian/apparmor-profiles/squid-deb-proxy 
1970-01-01 09:00:00.0 +0900
+++ squid-deb-proxy-0.8.15+nmu1/debian/apparmor-profiles/squid-deb-proxy
2021-06-14 23:38:09.0 +0900
@@ -0,0 +1,6 @@
+# vim:syntax=apparmor
+
+/etc/squid-deb-proxy/** r,
+/var/log/squid-deb-proxy/* rw,
+/run/squid-deb-proxy.pid rwk,
+/var/cache/squid-deb-proxy/** rw,
diff -Nru squid-deb-proxy-0.8.15/debian/changelog 
squid-deb-proxy-0.8.15+nmu1/debian/changelog
--- squid-deb-proxy-0.8.15/debian/changelog 2020-01-19 03:00:55.0 
+0900
+++ squid-deb-proxy-0.8.15+nmu1/debian/changelog2021-06-14 
23:41:11.0 +0900
@@ -1,3 +1,10 @@
+squid-deb-proxy (0.8.15+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add apparmor profiles to work (Closes: #932501)
+
+ -- Hideki Yamane   Mon, 14 Jun 2021 23:41:11 +0900
+
 squid-deb-proxy (0.8.15) unstable; urgency=medium
 
   [ Graham Cantin ]
diff -Nru squid-deb-proxy-0.8.15/debian/squid-deb-proxy.dirs 
squid-deb-proxy-0.8.15+nmu1/debian/squid-deb-proxy.dirs
--- squid-deb-proxy-0.8.15/debian/squid-deb-proxy.dirs  2020-01-10 
19:02:40.0 +0900
+++ squid-deb-proxy-0.8.15+nmu1/debian/squid-deb-proxy.dirs 2021-06-14 
23:40:40.0 +0900
@@ -1,2 +1,3 @@
 etc/resolvconf/update-libc.d
+etc/apparmor.d/abstractions/squid-deb-proxy
 var/log/squid-deb-proxy
diff -Nru squid-deb-proxy-0.8.15/debian/squid-deb-proxy.install 
squid-deb-proxy-0.8.15+nmu1/debian/squid-deb-proxy.install
--- squid-deb-proxy-0.8.15/debian/squid-deb-proxy.install   2020-01-10 
19:02:40.0 +0900
+++ squid-deb-proxy-0.8.15+nmu1/debian/squid-deb-proxy.install  2021-06-14 
23:40:21.0 +0900
@@ -1,3 +1,4 @@
 ../update-libc.d etc/resolvconf/
 etc/squid-deb-proxy
 init-common.sh usr/share/squid-deb-proxy/
+../apparmor-profiles/* etc/apparmor.d/abstractions/squid-deb-proxy/