Bug#990923: minetest-data: Crash in falling.lua

[Craig Small]

Package: minetest-data
Version: 5.3.0+repack-2
Severity: normal

Hi,
  falling.lua has a bug where if param2 is not defined it crashes.


2021-07-11 15:01:10: ERROR[Main]: ServerError: AsyncErr: ServerThread::run Lua: 
Runtime error from mod '*builtin*' in callback luaentity_Activate(): 
/usr/share/games/minetest/builtin/game/falling.lua:154: attempt to perform 
arithmetic on field 'param2' (a nil value)

I'm not sure why param2 is not defined but its a simple fix, see patch.

 - Craig


-- System Information:
Debian Release: 10.10
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-17-amd64 (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages minetest-data depends on:
ii  fonts-croscore20201225-1
ii  fonts-droid-fallback  1:6.0.1r16-1.1

minetest-data recommends no packages.

minetest-data suggests no packages.

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/share/games/minetest/builtin/game/falling.lua (from 
minetest-data package)
147c147
<   elseif (node.param2 ~= 0 and (def.wield_image == ""
---
>   elseif (node.param2 ~= nil and (def.wield_image == ""
154c154
<   local fdir = node.param2 % 32
---
>   local fdir = (node.param2 or 0) % 32

Bug#990921: unblock: bouncycastle/1.68-2

[Adrian Bunk]

On Sun, Jul 11, 2021 at 06:56:14AM +0300, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package bouncycastle
> 
>   * Update poms for upstream version 1.68 (Closes: #988486)
> (change by tony mancill)
> 
> Quoting Tony in #988486:
>   Now that this is fixed in unstable, any thoughts from the Java Team
>   about whether I should request an unblock from the Release Team for this
>   bug for Bullseye?  It may prevent some potential confusion but is
>   otherwise, as far as I can tell, purely cosmetic.  Thus, although there
>   is no risk, I'm not certain about how to justify the request.
> 
>   I could wait and request an update via s-p-u.
> 
> 
> Doing s-p-u later would be more hassle than unblocking a package
> that has been for 2 months in unstable, IMHO for bullseye this
> is now or never.

And now with the debdiff.

cu
Adrian
diff -Nru bouncycastle-1.68/debian/changelog bouncycastle-1.68/debian/changelog
--- bouncycastle-1.68/debian/changelog  2021-01-19 10:45:43.0 +0200
+++ bouncycastle-1.68/debian/changelog  2021-05-14 05:14:07.0 +0300
@@ -1,3 +1,10 @@
+bouncycastle (1.68-2) unstable; urgency=medium
+
+  * Team upload.
+  * Update poms for upstream version 1.68 (Closes: #988486)
+
+ -- tony mancill   Thu, 13 May 2021 19:14:07 -0700
+
 bouncycastle (1.68-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru bouncycastle-1.68/debian/poms/bcmail.pom 
bouncycastle-1.68/debian/poms/bcmail.pom
--- bouncycastle-1.68/debian/poms/bcmail.pom2021-01-19 01:18:00.0 
+0200
+++ bouncycastle-1.68/debian/poms/bcmail.pom2021-05-14 05:14:07.0 
+0300
@@ -5,8 +5,8 @@
   bcmail-jdk15on
   jar
   Bouncy Castle S/MIME API
-  1.65
-  The Bouncy Castle Java S/MIME APIs for handling S/MIME 
protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can 
be used in conjunction with a JCE/JCA provider such as the one provided with 
the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation 
framework will also be needed.
+  1.68
+  The Bouncy Castle Java S/MIME APIs for handling S/MIME 
protocols. This jar contains S/MIME APIs for JDK 1.5 and up. The APIs can be 
used in conjunction with a JCE/JCA provider such as the one provided with the 
Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation 
framework will also be needed.
   http://www.bouncycastle.org/java.html
   
 
@@ -33,13 +33,13 @@
 
   org.bouncycastle
   bcprov-jdk15on
-  1.65
+  1.68
   jar
 
 
   org.bouncycastle
   bcpkix-jdk15on
-  1.65
+  1.68
   jar
 
   
diff -Nru bouncycastle-1.68/debian/poms/bcpg.pom 
bouncycastle-1.68/debian/poms/bcpg.pom
--- bouncycastle-1.68/debian/poms/bcpg.pom  2021-01-19 01:18:00.0 
+0200
+++ bouncycastle-1.68/debian/poms/bcpg.pom  2021-05-14 05:14:07.0 
+0300
@@ -5,8 +5,8 @@
   bcpg-jdk15on
   jar
   Bouncy Castle OpenPGP API
-  1.65
-  The Bouncy Castle Java API for handling the OpenPGP protocol. 
This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used 
in conjunction with a JCE/JCA provider such as the one provided with the Bouncy 
Castle Cryptography APIs.
+  1.68
+  The Bouncy Castle Java API for handling the OpenPGP protocol. 
This jar contains the OpenPGP API for JDK 1.5 and up. The APIs can be used in 
conjunction with a JCE/JCA provider such as the one provided with the Bouncy 
Castle Cryptography APIs.
   http://www.bouncycastle.org/java.html
   
 
@@ -38,7 +38,7 @@
 
   org.bouncycastle
   bcprov-jdk15on
-  1.65
+  1.68
   jar
 
   
diff -Nru bouncycastle-1.68/debian/poms/bcpkix.pom 
bouncycastle-1.68/debian/poms/bcpkix.pom
--- bouncycastle-1.68/debian/poms/bcpkix.pom2021-01-19 01:18:00.0 
+0200
+++ bouncycastle-1.68/debian/poms/bcpkix.pom2021-05-14 05:14:07.0 
+0300
@@ -5,8 +5,8 @@
   bcpkix-jdk15on
   jar
   Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF 
APIs
-  1.65
-  The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, 
OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 
1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the 
one provided with the Bouncy Castle Cryptography APIs.
+  1.68
+  The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, 
OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. 
The APIs can be used in conjunction with a JCE/JCA provider such as the one 
provided with the Bouncy Castle Cryptography APIs.
   http://www.bouncycastle.org/java.html
   
 
@@ -33,7 +33,7 @@
 
   org.bouncycastle
   bcprov-jdk15on
-  1.65
+  1.68
   jar
 
   
diff -Nru bouncycastle-1.68/debian/poms/bcprov.pom 
bouncycastle-1.68/debian/poms/bcprov.pom
--- bouncycastle-1.68/debian/poms/bcprov.pom2021-01-19 01:18:00.0 

Bug#990922: apt resolves differently than apt-get: mariadb-server dist-upgrade Buster to Bullseye fails

[Otto Kekäläinen]

Package: apt
Version: 2.2.4

While investigating Bug#990708 I noticed that apt and apt-get resolves
an upgrade scenario differently. Running apt-get works correctly while
apt fails to complete the upgrade properly.

On a Buster system that has mariadb-server (src:mariadb-10.3) apt-get
will correctly upgrade to new mariadb-server (src:mariadb-10.5)
version. However on apt, the resolver ends up uninstalling
mariadb-server.

This seems like a bug? Shouldn't apt always resolve like apt-get does?
Or do we in the future need to duplicate all of your upgrade tests and
piuparts to run both apt-get and apt?

See full log:
- apt-get success:
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/jobs/1748579
- s/apt-get/apt/:
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/commit/c8ed387f91be4f7a98ccb768935a4725a9f10cd4
- apt fail: https://salsa.debian.org/mariadb-team/mariadb-10.5/-/jobs/1750156

Attached apt-get.log and apt.log

$ diff -u apt-get.log apt.log
--- apt-get.log 2021-07-10 20:48:56.548202335 -0700
+++ apt.log 2021-07-10 20:47:52.194973602 -0700
@@ -7,205 +7,124 @@
-$ apt-get upgrade -y -o Debug::pkgProblemResolver=1
+$ apt upgrade -y -o Debug::pkgProblemResolver=1
+WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
 Reading package lists...
 Building dependency tree...
 Reading state information...
 Calculating upgrade...Entering ResolveByKeep
-  Dependencies are not satisfied for perl-base:amd64 <
5.28.1-6+deb10u1 -> 5.32.1-4 @ii umU Ib >
-Keeping package perl-base:amd64
-  Dependencies are not satisfied for login:amd64 < 1:4.5-1.1 ->
1:4.8.1-1 @ii umU Ib >
-Keeping package login:amd64
-  Dependencies are not satisfied for util-linux:amd64 < 2.33.1-0.1 ->
2.36.1-7 @ii umU Ib >
-Keeping package util-linux:amd64
-  Dependencies are not satisfied for apt:amd64 < 1.8.2.3 -> 2.2.4 @ii
umU NPb Ib >
-Keeping package apt:amd64
-  Dependencies are not satisfied for e2fsprogs:amd64 <
1.44.5-1+deb10u3 -> 1.46.2-2 @ii umU NPb Ib >
-Keeping package e2fsprogs:amd64
-  Dependencies are not satisfied for e2fsprogs:amd64 <
1.44.5-1+deb10u3 | 1.46.2-2 @ii umH NPb Ib >
-Package e2fsprogs:amd64 e2fsprogs:amd64 PreDepends on
libext2fs2:amd64 < 1.44.5-1+deb10u3 -> 1.46.2-2 @ii umU > (=
1.44.5-1+deb10u3)
-  Keeping Package libext2fs2:amd64 due to PreDepends
-  Dependencies are not satisfied for libc6:amd64 < 2.28-10 -> 2.31-12
@ii umU Ib >
-Keeping package libc6:amd64
-  Dependencies are not satisfied for libc-bin:amd64 < 2.28-10 ->
2.31-12 @ii umU NPb Ib >
-Keeping package libc-bin:amd64
-  Dependencies are not satisfied for libselinux1:amd64 < 2.8-1+b1 ->
3.1-3 @ii umU Ib >
-Keeping package libselinux1:amd64
-  Dependencies are not satisfied for dpkg:amd64 < 1.19.7 -> 1.20.9 @ii umU Ib >
-Keeping package dpkg:amd64
-  Dependencies are not satisfied for tar:amd64 < 1.30+dfsg-6 ->
1.34+dfsg-1 @ii umU Ib >
-Keeping package tar:amd64
-  Dependencies are not satisfied for findutils:amd64 <
4.6.0+git+20190209-2 -> 4.8.0-1 @ii umU Ib >
-Keeping package findutils:amd64
-  Dependencies are not satisfied for coreutils:amd64 < 8.30-3 ->
8.32-4+b1 @ii umU Ib >
-Keeping package coreutils:amd64
-  Dependencies are not satisfied for libsystemd0:amd64 <
241-7~deb10u7 -> 247.3-5 @ii umU Ib >
-Keeping package libsystemd0:amd64
-  Dependencies are not satisfied for libmount1:amd64 < 2.33.1-0.1 ->
2.36.1-7 @ii umU Ib >
-Keeping package libmount1:amd64
-  Dependencies are not satisfied for mount:amd64 < 2.33.1-0.1 ->
2.36.1-7 @ii umU Ib >
-Keeping package mount:amd64
-  Dependencies are not satisfied for libpam-modules:amd64 < 1.3.1-5
-> 1.4.0-7 @ii umU Ib >
-Keeping package libpam-modules:amd64
-  Dependencies are not satisfied for libpam-modules:amd64 < 1.3.1-5 |
1.4.0-7 @ii umH Ib >
-Package libpam-modules:amd64 libpam-modules:amd64 PreDepends on
libpam-modules-bin:amd64 < 1.3.1-5 -> 1.4.0-7 @ii umU Ib > (= 1.3.1-5)
-  Keeping Package libpam-modules-bin:amd64 due to PreDepends
-  Dependencies are not satisfied for libstdc++6:amd64 < 8.3.0-6 ->
10.2.1-6 @ii umU Ib >
-Keeping package libstdc++6:amd64
-  Dependencies are not satisfied for libgnutls30:amd64 <
3.6.7-4+deb10u7 -> 3.7.1-5 @ii umU Ib >
-Keeping package libgnutls30:amd64
-  Dependencies are not satisfied for libudev1:amd64 < 241-7~deb10u7
-> 247.3-5 @ii umU Ib >
-Keeping package libudev1:amd64
-  Dependencies are not satisfied for perl:amd64 < 5.28.1-6+deb10u1 ->
5.32.1-4 @ii umU Ib >
-Keeping package perl:amd64
-  Dependencies are not satisfied for passwd:amd64 < 1:4.5-1.1 ->
1:4.8.1-1 @ii umU Ib >
-Keeping package passwd:amd64
-  Dependencies are not satisfied for libsemanage1:amd64 < 2.8-2 ->
3.1-1+b2 @ii umU Ib >
-Keeping package libsemanage1:amd64
-  Dependencies are not satisfied for libsemanage1:amd64 < 2.8-2 |
3.1-1+b2 @ii umH Ib >
-Package libsemanage1:amd64 libsemanage1:amd64 Depends on
libsemanage-common:amd64 < 2.8-2 -> 3.1-1 @ii umU > (= 2.8-2)
-  Keeping Package libsemanage-common:amd64 due to Depends
-  Dependencies are not satisfied 

Bug#990920: unblock: mat2/0.12.1-2

[Adrian Bunk]

On Sun, Jul 11, 2021 at 06:45:07AM +0300, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package mat2
> 
>   * debian/patches:
> - Pull in upstream patch to improve support of Open XML (xlsx) files.
> (change by Georg Faerber)
> 
> Oneline change, autopkgtest pass.
> 
> Maintainer is in Cc, ack/nak would be appreciated.
> 
> unblock mat2/0.12.1-2

Attached is the debdiff I forgot.

cu
Adrian
diff -Nru mat2-0.12.1/debian/changelog mat2-0.12.1/debian/changelog
--- mat2-0.12.1/debian/changelog2021-03-20 21:11:38.0 +0200
+++ mat2-0.12.1/debian/changelog2021-05-24 18:01:29.0 +0300
@@ -1,3 +1,10 @@
+mat2 (0.12.1-2) unstable; urgency=medium
+
+  * debian/patches:
+- Pull in upstream patch to improve support of Open XML (xlsx) files.
+
+ -- Georg Faerber   Mon, 24 May 2021 15:01:29 +
+
 mat2 (0.12.1-1) unstable; urgency=medium
 
   * New upstream version 0.12.1:
diff -Nru mat2-0.12.1/debian/patches/0001-improve-support-for-xlsx-files.patch 
mat2-0.12.1/debian/patches/0001-improve-support-for-xlsx-files.patch
--- mat2-0.12.1/debian/patches/0001-improve-support-for-xlsx-files.patch
1970-01-01 02:00:00.0 +0200
+++ mat2-0.12.1/debian/patches/0001-improve-support-for-xlsx-files.patch
2021-05-24 18:01:29.0 +0300
@@ -0,0 +1,19 @@
+Description: Improve support of Open XML (xlsx) files
+Origin: upstream
+Applied-Upstream: bf0c777cb9159e220f636b0c019fe4957e4fea75
+Reviewed-by: Georg Faerber 
+Last-Update: 2021-05-24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: mat2/libmat2/office.py
+===
+--- mat2.orig/libmat2/office.py2021-05-19 11:26:06.093187321 +
 mat2/libmat2/office.py 2021-05-24 14:44:33.698488246 +
+@@ -107,6 +107,7 @@
+ # TODO: check if p:bgRef can be randomized
+ r'^ppt/slideMasters/slideMaster[0-9]+\.xml',
+ r'^ppt/slideMasters/_rels/slideMaster[0-9]+\.xml\.rels',
++r'^xl/worksheets/_rels/sheet[0-9]+\.xml\.rels',
+ }))
+ self.files_to_omit = set(map(re.compile, {  # type: ignore
+ r'^\[trash\]/',
diff -Nru mat2-0.12.1/debian/patches/series mat2-0.12.1/debian/patches/series
--- mat2-0.12.1/debian/patches/series   1970-01-01 02:00:00.0 +0200
+++ mat2-0.12.1/debian/patches/series   2021-05-24 18:01:29.0 +0300
@@ -0,0 +1 @@
+0001-improve-support-for-xlsx-files.patch

Bug#990921: unblock: bouncycastle/1.68-2

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package bouncycastle

  * Update poms for upstream version 1.68 (Closes: #988486)
(change by tony mancill)

Quoting Tony in #988486:
  Now that this is fixed in unstable, any thoughts from the Java Team
  about whether I should request an unblock from the Release Team for this
  bug for Bullseye?  It may prevent some potential confusion but is
  otherwise, as far as I can tell, purely cosmetic.  Thus, although there
  is no risk, I'm not certain about how to justify the request.

  I could wait and request an update via s-p-u.


Doing s-p-u later would be more hassle than unblocking a package
that has been for 2 months in unstable, IMHO for bullseye this
is now or never.

Bug#990920: unblock: mat2/0.12.1-2

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mat2

  * debian/patches:
- Pull in upstream patch to improve support of Open XML (xlsx) files.
(change by Georg Faerber)

Oneline change, autopkgtest pass.

Maintainer is in Cc, ack/nak would be appreciated.

unblock mat2/0.12.1-2

Bug#990919: unblock: exim4/4.94.2-6

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package exim4

  * Cherrypick
78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch from
upstream GIT master. This allows one to disable creation of a
daemon notifier socket by either setting notifier_socket to a empty value
or specifying -oY commandline option.
  * Init script: For QUEUERUNNER='separate' start daemons with -oY commandline
option to disable daemon notifier socket. Enforce lockstep ugrade of -base
and *daemon* by temporarily adding a versioned Breaks to exim4-base on
older *daemon*. Closes: #988844
(change by Andreas Metzler)

This fixes a regression from buster.

Maintainer and bug submitter are in Cc, ack/nak would be appreciated.

unblock exim4/4.94.2-6
diff -Nru exim4-4.94.2/debian/changelog exim4-4.94.2/debian/changelog
--- exim4-4.94.2/debian/changelog   2021-05-17 18:45:00.0 +0300
+++ exim4-4.94.2/debian/changelog   2021-05-26 19:49:44.0 +0300
@@ -1,3 +1,17 @@
+exim4 (4.94.2-6) unstable; urgency=medium
+
+  * Cherrypick
+78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch from
+upstream GIT master. This allows one to disable creation of a
+daemon notifier socket by either setting notifier_socket to a empty value
+or specifying -oY commandline option.
+  * Init script: For QUEUERUNNER='separate' start daemons with -oY commandline
+option to disable daemon notifier socket. Enforce lockstep ugrade of -base
+and *daemon* by temporarily adding a versioned Breaks to exim4-base on
+older *daemon*. Closes: #988844
+
+ -- Andreas Metzler   Wed, 26 May 2021 18:49:44 +0200
+
 exim4 (4.94.2-5) unstable; urgency=high
 
   * 73_04-Fix-host_name_lookup-Close-2747.patch from exim-4.94.2+fixes.
diff -Nru exim4-4.94.2/debian/control exim4-4.94.2/debian/control
--- exim4-4.94.2/debian/control 2021-05-04 19:23:02.0 +0300
+++ exim4-4.94.2/debian/control 2021-05-26 19:49:44.0 +0300
@@ -1,3 +1,6 @@
+# * -base and daemon of the same upstream version enforced by a Breaks
+#   in -base and a versioned Depends of the daemon-packages on -base
+# * -base depends on -config, without automatic versioning.
 Source: exim4
 Section: mail
 Priority: standard
@@ -42,7 +45,10 @@
 Breaks:
  exim4-daemon-custom (<<${Upstream-Version}),
  exim4-daemon-heavy (<<${Upstream-Version}),
- exim4-daemon-light (<<${Upstream-Version})
+ exim4-daemon-light (<<${Upstream-Version}),
+ exim4-daemon-custom (<< 4.94.2-6~),
+ exim4-daemon-heavy (<< 4.94.2-6~),
+ exim4-daemon-light (<< 4.94.2-6~)
 Conflicts: exim, exim-tls
 Replaces:
  exim,
diff -Nru exim4-4.94.2/debian/exim4-base.exim4.init 
exim4-4.94.2/debian/exim4-base.exim4.init
--- exim4-4.94.2/debian/exim4-base.exim4.init   2020-05-23 19:20:09.0 
+0300
+++ exim4-4.94.2/debian/exim4-base.exim4.init   2021-05-23 12:46:53.0 
+0300
@@ -95,13 +95,13 @@
 separate)
   start_daemon -p "$PIDFILE" \
 "$DAEMON" -bd \
-${COMMONOPTIONS} \
+${COMMONOPTIONS} -oY \
 ${SMTPLISTENEROPTIONS}
   log_progress_msg "exim4_listener"
   start_daemon -p "$QRPIDFILE" \
 "$DAEMON" -oP $QRPIDFILE \
 "-q${QFLAGS}${QUEUEINTERVAL}" \
-${COMMONOPTIONS} \
+${COMMONOPTIONS} -oY \
 ${QUEUERUNNEROPTIONS}
   log_progress_msg "exim4_queuerunner"
   ;;
diff -Nru 
exim4-4.94.2/debian/patches/78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch
 
exim4-4.94.2/debian/patches/78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch
--- 
exim4-4.94.2/debian/patches/78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch
1970-01-01 02:00:00.0 +0200
+++ 
exim4-4.94.2/debian/patches/78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch
2021-05-22 14:50:52.0 +0300
@@ -0,0 +1,198 @@
+From 99ea5f6faeaf714e34bbcd75fdc50cc94dc7a1c8 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris 
+Date: Fri, 10 Jul 2020 13:55:25 +0100
+Subject: [PATCH] Command-line option for no notifier socket.  Bug 2616
+
+---
+ doc/doc-docbook/spec.xfpt | 33 +--
+ doc/NewStuff  |  2 ++
+ src/daemon.c  |  5 
+ src/exim.c|  9 +++-
+ test/scripts/0999-EXP-Queue-Ramp/0999 |  2 +-
+ 5 files changed, 47 insertions(+), 4 deletions(-)
+
+--- a/doc/NewStuff
 b/doc/NewStuff
+@@ -2,14 +2,20 @@ New Features in Exim
+ 
+ 
+ This file contains descriptions of new features that have been added to Exim.
+ Before a formal release, there may be quite a lot of detail so that people can
+ test from the snapshots or the Git before the documentation is updated. Once
+ the documentation is updated, this file is reduced to a short list.
+ 
++Cherrypicked from GIT master:
++
++
++10. A command-line option to have a daemon not create 

Bug#990918: unblock: opencryptoki/3.8.1+dfsg-3.2

[Adrian Bunk]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package opencryptoki

  * Build again on architectures where libitm and transactional memory are not
available, use locks instead
(change by Laurent Bigonville)

This is a no change on the architectures where it built before,
and "FTBFS on architectures where it did not build before"
is a severity important issue if reported.
diff -Nru opencryptoki-3.8.1+dfsg/debian/changelog 
opencryptoki-3.8.1+dfsg/debian/changelog
--- opencryptoki-3.8.1+dfsg/debian/changelog2018-08-11 16:27:36.0 
+0300
+++ opencryptoki-3.8.1+dfsg/debian/changelog2021-06-07 16:35:32.0 
+0300
@@ -1,3 +1,11 @@
+opencryptoki (3.8.1+dfsg-3.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Build again on architectures where libitm and transactional memory are not
+available, use locks instead
+
+ -- Laurent Bigonville   Mon, 07 Jun 2021 15:35:32 +0200
+
 opencryptoki (3.8.1+dfsg-3.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru opencryptoki-3.8.1+dfsg/debian/control 
opencryptoki-3.8.1+dfsg/debian/control
--- opencryptoki-3.8.1+dfsg/debian/control  2017-10-31 16:26:51.0 
+0200
+++ opencryptoki-3.8.1+dfsg/debian/control  2021-06-07 16:35:32.0 
+0300
@@ -10,7 +10,7 @@
  libtspi-dev,
  bison,
  flex,
- libitm1,
+ libitm1 [alpha amd64 arm64 i386 x32 ppc64 ppc64el s390x sh4 sparc64],
  libica-dev [s390x],
  libldap2-dev
 Standards-Version: 4.1.1
diff -Nru opencryptoki-3.8.1+dfsg/debian/rules 
opencryptoki-3.8.1+dfsg/debian/rules
--- opencryptoki-3.8.1+dfsg/debian/rules2017-11-09 13:52:15.0 
+0200
+++ opencryptoki-3.8.1+dfsg/debian/rules2021-06-07 16:34:50.0 
+0300
@@ -4,6 +4,11 @@
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
+# Use locks instead of transactional memory in architectures where libitm is 
not available
+ifeq (,$(filter $(DEB_HOST_ARCH), alpha amd64 arm64 i386 x32 ppc64 ppc64el 
s390x sh4 sparc64))
+ENABLE_LOCKS=--enable-locks
+endif
+
 %:
dh ${@}
 
@@ -12,7 +17,7 @@
rm -f usr/lib/pkcs11/api/pkcs11
 
 override_dh_auto_configure:
-   dh_auto_configure -- --enable-tpmtok --with-systemd=/lib/systemd/system 
ac_cv_path_CHGRP=true
+   dh_auto_configure -- --enable-tpmtok --with-systemd=/lib/systemd/system 
ac_cv_path_CHGRP=true $(ENABLE_LOCKS)
 
 override_dh_auto_install:
dh_auto_install

Bug#990917: apertium-apy: Incompatibility with python3-tornado 6

[Adrian Bunk]

Package: apertium-apy
Version: 0.11.6-1
Severity: serious
Forwarded: https://github.com/apertium/apertium-apy/issues/168
Control: close -1 0.11.7-1

See https://github.com/apertium/apertium-apy/issues/168

Bug#990916: parallel.1: manual page is missing spaces before -- separators in synopsis

[Paul Wise]

Package: moreutils
Version: 0.65-1
Severity: minor
File: /usr/share/man/man1/parallel.1.gz
Usertags: typo

The manual page is missing spaces before -- separators in the synopsis
section. The examples later in the manual page make it clear that is
incorrect and a space is needed in the shell before -- separators.

   $ man parallel | grep -C1 options 
   SYNOPSIS
  parallel [options] [command]-- [argument ...]
   
  parallel [options]-- [command ...]
   
   $ man parallel | grep -- -- 
  parallel [options] [command]-- [argument ...]
  parallel [options]-- [command ...]
  If no command is specified before the --, the commands after it are 
instead run in parallel.
  parallel sh -c "echo hi; sleep 2; echo bye" -- 1 2 3
  parallel -j 3 ufraw -o processed -- *.NEF
  parallel -j 3 -- ls df "echo hi"
   
-- System Information:
Debian Release: 11.0
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental'), 
(500, 'testing-security')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages moreutils depends on:
ii  libc6  2.31-13
ii  libipc-run-perl20200505.0-1
ii  libtime-duration-perl  1.21-1
ii  libtimedate-perl   2.3300-2
ii  perl   5.32.1-4

moreutils recommends no packages.

moreutils suggests no packages.

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#990905: unblock: php-horde-memcache/2.1.1-7

[Mike Gabriel]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package php-horde-memcache

I am unsure if php-horde-memcache 2.1.1-7 will migrate just because
of succeeded autopktests, so filing an unblock bug anyway.

[ Reason ]
Upstream provided a PHP 8.0 compatibility fix. eople have started used
php 8.0 already on buster (from https://packages.sury.org/php/), more
will follow for bullseye, although php7.4 will be the default for
bullseye. So, fixing things for PHP 8.0 is probably nice to have if fixed
by a simple change.

[ Impact ]
php-horde-memcache won't be usable with php8.0.

[ Tests ]
Patch introspection. Not broken on php7.4, autopkgtests succeed.

[ Risks ]
Breakage of php-horde in Debian where php-horde-memcache is in use.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
None.

unblock php-horde-memcache/2.1.1-7
diff -Nru php-horde-memcache-2.1.1/debian/changelog 
php-horde-memcache-2.1.1/debian/changelog
--- php-horde-memcache-2.1.1/debian/changelog   2020-07-01 13:48:57.0 
+0200
+++ php-horde-memcache-2.1.1/debian/changelog   2021-07-05 14:14:04.0 
+0200
@@ -1,3 +1,10 @@
+php-horde-memcache (2.1.1-7) unstable; urgency=medium
+
+  * d/patches: Add 0001_Reorder-glue-and-array-parameters.patch. Reorder glue
+and array parameters in implode(). Prepare for PHP 8.x.
+
+ -- Mike Gabriel   Mon, 05 Jul 2021 14:14:04 +0200
+
 php-horde-memcache (2.1.1-6) unstable; urgency=medium
 
   * d/control: Add to Uploaders: Juri Grabowski.
diff -Nru 
php-horde-memcache-2.1.1/debian/patches/0001_Reorder-glue-and-array-parameters.patch
 
php-horde-memcache-2.1.1/debian/patches/0001_Reorder-glue-and-array-parameters.patch
--- 
php-horde-memcache-2.1.1/debian/patches/0001_Reorder-glue-and-array-parameters.patch
1970-01-01 01:00:00.0 +0100
+++ 
php-horde-memcache-2.1.1/debian/patches/0001_Reorder-glue-and-array-parameters.patch
2021-07-05 14:14:04.0 +0200
@@ -0,0 +1,28 @@
+From ffd585d3be551f6e1a5283779294f2cd241c4cd1 Mon Sep 17 00:00:00 2001
+From: Michael J Rubinsky 
+Date: Mon, 31 May 2021 12:01:18 -0400
+Subject: [PATCH] Reorder glue and array parameters
+
+Deprecated since 7.4 and an error in 8.0
+
+Signed-off-by: Mike Gabriel 
+---
+ Horde_Memcache-2.1.1/lib/Horde/Memcache.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Horde_Memcache-2.1.1/lib/Horde/Memcache.php 
b/Horde_Memcache-2.1.1/lib/Horde/Memcache.php
+index a13ca2c..498d88c 100644
+--- a/Horde_Memcache-2.1.1/lib/Horde/Memcache.php
 b/Horde_Memcache-2.1.1/lib/Horde/Memcache.php
+@@ -202,7 +202,7 @@ class Horde_Memcache implements Serializable
+ 
+ if (isset($this->_params['logger'])) {
+ $this->_logger = $this->_params['logger'];
+-$this->_logger->log('Connected to the following memcache 
servers:' . implode($this->_servers, ', '), 'DEBUG');
++$this->_logger->log('Connected to the following memcache 
servers:' . implode(', ', $this->_servers), 'DEBUG');
+ }
+ }
+ 
+-- 
+2.30.2
+
diff -Nru php-horde-memcache-2.1.1/debian/patches/series 
php-horde-memcache-2.1.1/debian/patches/series
--- php-horde-memcache-2.1.1/debian/patches/series  1970-01-01 
01:00:00.0 +0100
+++ php-horde-memcache-2.1.1/debian/patches/series  2021-07-05 
14:14:04.0 +0200
@@ -0,0 +1 @@
+0001_Reorder-glue-and-array-parameters.patch

Bug#990904: unblock: php-horde-imap-client/2.30.1-4

[Mike Gabriel]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package php-horde-imap-client

I am unsure if php-horde-imap-client 2.30.1-4 will migrated just because
of succeeded autopktests, so filing an unblock bug anyway.

[ Reason ]
Upstream provided two patches recently:

+  * d/patches:
++ Add 0001_fix-remove-redundant-array_diff.patch, Prevent unwanted
+  removal of mails.

-> Must have for bullseye.

++ Add 0002_Fix-removing-FETCH-query-labels-in-PHP-8.patch. Prepare for PHP 
8.x.

-> People have started used php 8.0 already on buster (from
https://packages.sury.org/php/), more will follow for bullseye, although
php7.4 will be the default for bullseye. So, fixing things for PHP 8.0
is probably nice to have if fixed by a simple change.


[ Impact ]
Esp. the unwanted mail removal might hit users of php-horde from Debian.

[ Tests ]
autopkgtests, manual runtime test

[ Risks ]
Breakage of php-horde (all maintained by me) which would need a follow-up 
upload.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
None.

unblock php-horde-imap-client/2.30.1-4
diff -Nru php-horde-imap-client-2.30.1/debian/changelog 
php-horde-imap-client-2.30.1/debian/changelog
--- php-horde-imap-client-2.30.1/debian/changelog   2020-09-12 
21:52:01.0 +0200
+++ php-horde-imap-client-2.30.1/debian/changelog   2021-07-05 
14:12:17.0 +0200
@@ -1,3 +1,11 @@
+php-horde-imap-client (2.30.1-4) unstable; urgency=medium
+
+  * d/patches: Add 0001_fix-remove-redundant-array_diff.patch,
+0002_Fix-removing-FETCH-query-labels-in-PHP-8.patch. Prevent unwanted
+removal of mails. Prepare for PHP 8.x.
+
+ -- Mike Gabriel   Mon, 05 Jul 2021 14:12:17 +0200
+
 php-horde-imap-client (2.30.1-3) unstable; urgency=medium
 
   * d/t/control: Add Ds: php-horde-hashtable, php-horde-pack.
diff -Nru 
php-horde-imap-client-2.30.1/debian/patches/0001_fix-remove-redundant-array_diff.patch
 
php-horde-imap-client-2.30.1/debian/patches/0001_fix-remove-redundant-array_diff.patch
--- 
php-horde-imap-client-2.30.1/debian/patches/0001_fix-remove-redundant-array_diff.patch
  1970-01-01 01:00:00.0 +0100
+++ 
php-horde-imap-client-2.30.1/debian/patches/0001_fix-remove-redundant-array_diff.patch
  2021-07-05 14:12:17.0 +0200
@@ -0,0 +1,29 @@
+From 65d4fbb528f152383e101d6eb8f6138500798d05 Mon Sep 17 00:00:00 2001
+From: Silvio Zimmer 
+Date: Tue, 23 Mar 2021 10:58:52 +0100
+Subject: [PATCH] fix: remove redundant array_diff
+
+Signed-off-by: Mike Gabriel 
+---
+ Horde_Imap_Client-2.30.1/lib/Horde/Imap/Client/Base.php | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/Horde_Imap_Client-2.30.1/lib/Horde/Imap/Client/Base.php 
b/Horde_Imap_Client-2.30.1/lib/Horde/Imap/Client/Base.php
+index 6d596992..2e2c02fe 100644
+--- a/Horde_Imap_Client-2.30.1/lib/Horde/Imap/Client/Base.php
 b/Horde_Imap_Client-2.30.1/lib/Horde/Imap/Client/Base.php
+@@ -3993,9 +3993,8 @@ implements Serializable, SplObserver
+ $vanished = $this->vanished($this->_selected, $modseq, array(
+ 'ids' => $uids_ob
+ ));
+-$disappear = array_diff($uids_ob->ids, $vanished->ids);
+-if (!empty($disappear)) {
+-$this->_deleteMsgs($this->_selected, $this->getIdsOb($disappear));
++if (!empty($vanished->ids)) {
++$this->_deleteMsgs($this->_selected, 
$this->getIdsOb($vanished->ids));
+ }
+ 
+ $mbox_ob->sync = true;
+-- 
+2.30.2
+
diff -Nru 
php-horde-imap-client-2.30.1/debian/patches/0002_Fix-removing-FETCH-query-labels-in-PHP-8.patch
 
php-horde-imap-client-2.30.1/debian/patches/0002_Fix-removing-FETCH-query-labels-in-PHP-8.patch
--- 
php-horde-imap-client-2.30.1/debian/patches/0002_Fix-removing-FETCH-query-labels-in-PHP-8.patch
 1970-01-01 01:00:00.0 +0100
+++ 
php-horde-imap-client-2.30.1/debian/patches/0002_Fix-removing-FETCH-query-labels-in-PHP-8.patch
 2021-07-05 14:12:17.0 +0200
@@ -0,0 +1,21 @@
+From 71e977fc3cd7c57ccf5ba6052f680325cb2b7980 Mon Sep 17 00:00:00 2001
+From: Ralf Becker 
+Date: Sat, 12 Jun 2021 13:14:08 -0400
+Subject: [PATCH] Fix removing FETCH query labels in PHP 8
+
+Signed-off-by: Mike Gabriel 
+---
+ lib/Horde/Imap/Client/Socket.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/Horde_Imap_Client-2.30.1/lib/Horde/Imap/Client/Socket.php
 b/Horde_Imap_Client-2.30.1/lib/Horde/Imap/Client/Socket.php
+@@ -2952,7 +2952,7 @@
+ case Horde_Imap_Client::FETCH_BODYPART:
+ case Horde_Imap_Client::FETCH_HEADERS:
+ foreach ($c_val as $key => $val) {
+-$cmd = ($key == 0)
++$cmd = ((int)$key == 0)
+ ? ''
+ : $key . '.';
+ $main_cmd = 

Bug#990915: lcov: Vcs-* headers point to empty repository

[Vagrant Cascadian]

Package: lcov
Severity: minor
X-Debbugs-Cc: Vagrant Cascadian 

The Vcs-* headers in debian/control point to a currently empty
repository:

  Vcs-Browser: https://salsa.debian.org:/mckinstry/lcov.git
  Vcs-Git: https://salsa.debian.org:/mckinstry/lcov.git

Please update them.


Thanks for maintaining lcov!


live well,
  vagrant


signature.asc
Description: PGP signature

Bug#990914: lcov: reproducible builds: Embedded timestamps in manpages

[Vagrant Cascadian]

Source: lcov
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build timestamp is embedded in various manpages:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/lcov.html

  ./usr/share/man/man1/gendesc.1.gz

  .TH·gendesc·1·"LCOV·1.14"·2021\-06\-13·"User·Manuals"
  vs.
  .TH·gendesc·1·"LCOV·1.14"·2022\-07\-16·"User·Manuals"


The attached patch fixes this by changing updateversion.pl to use the
date specified by the SOURCE_DATE_EPOCH environment variable, which is
set by dpkg when building packages:

  https://reproducible-builds.org/docs/source-date-epoch/


With this patch applied, lcov should be reproducible on
tests.reproducible-builds.org.


Thanks for maintaining lcov!


live well,
  vagrant
From a19a51175995aee46892da20ee099071a5b459dc Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sun, 11 Jul 2021 00:56:24 +
Subject: [PATCH] updateversion.pl: Add support for SOURCE_DATE_EPOCH to
 update_man_page function.

https://reproducible-builds.org/docs/source-date-epoch/
---
 bin/updateversion.pl | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bin/updateversion.pl b/bin/updateversion.pl
index 19db81e..395b3c4 100755
--- a/bin/updateversion.pl
+++ b/bin/updateversion.pl
@@ -2,6 +2,7 @@
 
 use strict;
 use warnings;
+use POSIX qw(strftime);
 
 use File::Basename;
 
@@ -98,7 +99,9 @@ sub update_man_page($)
 {
 	my ($filename) = @_;
 	my @date = get_file_info($filename);
-	my $date_string = $date[0];
+	# Support SOURCE_DATE_EPOCH for date:
+	# https://reproducible-builds.org/docs/source-date-epoch/
+	my $date_string = strftime("%Y-%m-%d", gmtime($ENV{SOURCE_DATE_EPOCH} || $date[0]));
 	local *IN;
 	local *OUT;
 
-- 
2.32.0



signature.asc
Description: PGP signature

Bug#990230: php-fpm: unexpected '=' in php.ini

[Adrian Bunk]

On Wed, Jun 23, 2021 at 04:43:47PM +0300, Vadim wrote:
>...
> Errors from the log file:
> Jun 23 16:09:01 Vadim systemd[1]: Starting Clean php session files..
> │Jun 23 16:09:01 sessionclean[4766]: PHP:  syntax error, unexpected '=' in
> /etc/php/7.3/fpm/php.ini on line 1333
>...

What is the contents in and around line 1333 of your
/etc/php/7.3/fpm/php.ini ?

cu
Adrian

Bug#990913: ausweisapp2: creates config in '~/.config/Unknown Organization'

[Christoph Anton Mitterer]

Package: ausweisapp2
Version: 1.22.0-1
Severity: normal


Hey

Since one of the last updates, the program writes it's config into
'~/.config/Unknown Organization'
instead of what it used previously (…/AusweisApp2_CE).

Perhaps that could be reverted or so, because the new one is a bit
ambigous.

Cheers,
Chris

Bug#990876: (no subject)

[Steve McIntyre]

Control: reassign -1 grub-efi-amd64

Hi Julian,

On Sat, Jul 10, 2021 at 09:45:04AM +, Julian Groß wrote:
>I just tried installing without changing the default partition table and just
>telling the installer to use the whole disk. Also fails on installing grub, but
>this time with a slightly different error message. See the attached logs.

OK, checking the log here (thanks for sending them!) the critical
piece is:

Jul 10 09:41:19 in-target: grub-install: Warnung: Cannot read EFI Boot* 
variables.^M
Jul 10 09:41:19 in-target: grub-install: Warnung: read_file: could not read 
from file: Eingabe-/Ausgabefehler.^M
Jul 10 09:41:19 in-target: grub-install: Warnung: vars_get_variable: 
read_file(/sys/firmware/efi/vars/Boot0007-8be4df61-93ca-11d2-aa0d-00e098032b8c/raw_var)
 failed: Eingabe-/Ausgabefehler.^M
Jul 10 09:41:19 in-target: grub-install: Warnung: efi_get_variable: 
ops->get_variable failed: Eingabe-/Ausgabefehler.^M
Jul 10 09:41:19 in-target: grub-install: Fehler: failed to register the EFI 
boot entry: Eingabe-/Ausgabefehler.^M
Jul 10 09:41:19 in-target: Failed: grub-install --target=x86_64-efi  ^M

This is odd behaviour - your system identified OK as UEFI earlier, but
the grub-install command is failing to even *read* the UEFI boot
variables. I've never seen that happen before. I'm hoping that our
main Grub maintainer Colin can follow this a little further...

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Dance like no one's watching. Encrypt like everyone is.
 - @torproject

Bug#990867: shim-helpers-arm64-signed: post-install script fails with 'error exit status 1'

[Steve McIntyre]

Control: reassign -1 grub-efi-arm64

(ish)

Hi Diederik,

On Sat, Jul 10, 2021 at 01:48:53AM +0200, Diederik de Haas wrote:
>Package: shim-helpers-arm64-signed
>Version: 1+15.4+6
>Severity: important
>
>Running 'aptitude safe-upgrade' on my Bullseye/Sid/Experimental system
>fails:
>
>Unpacking shim-unsigned (15.4-6) over (15.4-5) ...
>Preparing to unpack .../3-shim-helpers-arm64-signed_1+15.4+6_arm64.deb ...
>Unpacking shim-helpers-arm64-signed (1+15.4+6) over (1+15.4+5) ...
>Preparing to unpack .../4-shim-signed-common_1.37+15.4-6_all.deb ...
>Unpacking shim-signed-common (1.37+15.4-6) over (1.36+15.4-5) ...
>Preparing to unpack .../5-shim-signed_1.37+15.4-6_arm64.deb ...
>Unpacking shim-signed:arm64 (1.37+15.4-6) over (1.36+15.4-5) ...
>Setting up libuv1:arm64 (1.40.0-2) ...
>Setting up shim-signed-common (1.37+15.4-6) ...
>No DKMS packages installed: not changing Secure Boot validation state.
>Setting up udev (249-1) ...
>Setting up python3-urllib3 (1.26.5-1~exp1) ...
>Setting up shim-unsigned (15.4-6) ...
>Setting up shim-helpers-arm64-signed (1+15.4+6) ...
>Installing for arm64-efi platform.
>grub-install: warning: Cannot set EFI variable Boot.
>grub-install: warning: efivarfs_set_variable: failed to open 
>/sys/firmware/efi/efivars/Boot-8be4df61-93ca-11d2-aa0d-00e098032b8c for 
>writing: Read-only file system.
>grub-install: warning: _efi_set_variable_mode: ops->set_variable() failed: 
>Read-only file system.
>grub-install: error: failed to register the EFI boot entry: Read-only file 
>system.
>dpkg: error processing package shim-helpers-arm64-signed (--configure):
> installed shim-helpers-arm64-signed package post-installation script 
> subprocess returned error exit status 1
>dpkg: dependency problems prevent configuration of shim-signed:arm64:
> shim-signed:arm64 depends on shim-helpers-arm64-signed (>= 1+15.4+2); however:
>  Package shim-helpers-arm64-signed is not configured yet.

Right,

The maintainer scripts for the shim-signed packages now explicitly
calls grub-install to make sure that shim is added/removed from the
boot chain as appropriate. The errors you're seeing are from
grub-install, and that's where the problem is showing up.

AFAICS grub-install is failing to update due to the *real* underlying
problem, which is that your platform is running firmware which
implements UEFI but that UEFI support isn't working for writing UEFI
boot variables. You're using U-Boot, I assume?

So, here's a few thoughts:

 1. To stop your machine failing here, do a "dpkg-reconfigure
grub-efi-arm64" and say "yes" to the removable media path question
and "no" to the "update boot variables" question. That should
solve the immediate problem for you - please shout if it doesn't!

Fixing this in the *general* case is hard. We could add code to
fall back to *not* updating UEFI boot variables if that fails, but
that's likely going to be error-prone and cause trouble on
machines where that *should* work but it fails on a temporary
basis. Instead, I suspect we may need to replicate similar
functionality to flash-kernel and have a list of "quirky" machines
where we *don't* expect UEFI boot variables to work. That's messy as
all hell, but I'm not sure of a better option. :-/

 2. To the best of my knowledge, none of the current U-Boot releases
support Secure Boot so you may as well remove the shim-signed
package anyway. It's normally harmless to include it (so we pull
it in via recommends), but on your system it's not going to do
anything for you so you may as well remove it.

OK?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"... the premise [is] that privacy is about hiding a wrong. It's not.
 Privacy is an inherent human right, and a requirement for maintaining
 the human condition with dignity and respect."
  -- Bruce Schneier

Bug#990912: perl-tk: reproducible-builds: incorrect path for X11 libraries when built on usrmerge system

[Vagrant Cascadian]

Source: perl-tk
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The path for X11 libraries is probed at build time, resulting in
different hard-coded values in the package:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/perl-tk.html

  ./usr/lib/x86_64-linux-gnu/perl5/5.32/Tk/Config.pm

  $xlib·=·'-L/usr/lib/x86_64-linux-gnu·-lXft';
  vs.
  $xlib·=·'-L/lib/x86_64-linux-gnu·-lXft';


The attached patch passes X11LIB to Makefile.PL to always use the X11LIB
paths in /usr/lib, which are present on both usrmerge and non-usrmerge
systems.

Applying this patch should make perl-tk reproducible on
tests.reproducible-builds.org again.


Alternately, it might be better long-term to explore runtime detection,
though I'm not sure what other implications that might have.


Thanks for maintaining perl-tk!


live well,
  vagrant
From 46ee46a258f8fda55e96d2dd602f0b29088e4915 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sun, 11 Jul 2021 00:14:09 +
Subject: [PATCH] debian/rules: Pass X11LIB to Makefile.PL to ensure correct
 path.

On a usrmerge system with a /lib -> /usr/lib symlink, the path to X11
libraries gets hardcoded to the /lib path, but X11 libraries are
typically installed in /usr/lib.
---
 debian/rules | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index ff16864..1ce2497 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,6 +4,7 @@
 
 DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/buildflags.mk
+include /usr/share/dpkg/architecture.mk
 
 PERL ?= /usr/bin/perl
 
@@ -22,7 +23,8 @@ endif
 config:	config-stamp
 config-stamp:
 	dh_testdir
-	$(PERL) Makefile.PL XFT=1 INSTALLDIRS=vendor PERL=$(PERL)
+	# Pass X11LIB to ensure the correct path even on a usrmerge system
+	$(PERL) Makefile.PL XFT=1 INSTALLDIRS=vendor X11LIB=/usr/lib/$(DEB_HOST_MULTIARCH) PERL=$(PERL)
 	touch $@
 
 build-arch: build
-- 
2.32.0



signature.asc
Description: PGP signature

Bug#990213: pre-approval unblock: appstream/0.14.4-1

[Matthias Klumpp]

Control: tags -1 - moreinfo

Hi Graham!

Am Sa., 10. Juli 2021 um 13:21 Uhr schrieb Graham Inggs :
> [...]
> On Wed, 23 Jun 2021 at 03:12, Matthias Klumpp  wrote:
> > Let me know what you think!
>
> Assuming it can happen soon, please go ahead upload to unstable, and
> remove the moreinfo tag once it has built.

Uploaded, and the package has built on all architectures where it
built previously.
Thanks! :-)

Cheers,
Matthias

-- 
I welcome VSRE emails. See http://vsre.info/

Bug#990911: liferea: Segfaults when selecting a news bin

[Frédéric Brière]

Package: liferea
Version: 1.13.5-1
Severity: important
Tags: upstream, fixed-upstream, patch

liferea 1.13.5 will immediately segfault when selecting a news bin in
the left pane.  (And if a news bin was the last selected item before
upgrading, it will then automatically crash on startup.  I'd argue this
would justify a bump to serious; you be the judge.)

The bug is in feed_add_xml_attributes(), where node->subscription gets
dereferenced at the end, even if it was found to be NULL beforehand.

This was fixed upstream in 49cf235, by moving the last three lines
inside the if(), where they belong.  That patch does not apply cleanly
to 1.13.5 (due to 9db267f), so I'm attaching a revised version.


-- System Information:
Debian Release: 11.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
>From dd9ede21cd822989e9fafecadefb4fc410a7c0e7 Mon Sep 17 00:00:00 2001
From: Lars Windolf 
Date: Fri, 2 Apr 2021 01:22:24 +0200
Subject: [PATCH] Fix crash on selecting news bins

---
 src/feed.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/feed.c b/src/feed.c
index 585ed82a..97848f9f 100644
--- a/src/feed.c
+++ b/src/feed.c
@@ -165,9 +165,14 @@ feed_add_xml_attributes (nodePtr node, xmlNodePtr feedNode)
xmlNewTextChild (feedNode, NULL, "feedId", node_get_id (node));
xmlNewTextChild (feedNode, NULL, "feedTitle", node_get_title (node));
 
-   if (node->subscription)
+   if (node->subscription) {
subscription_to_xml (node->subscription, feedNode);
 
+   tmp = g_strdup_printf("%d", node->subscription->error);
+   xmlNewTextChild(feedNode, NULL, "error", tmp);
+   g_free(tmp);
+   }
+
tmp = g_strdup_printf("%d", node->available?1:0);
xmlNewTextChild(feedNode, NULL, "feedStatus", tmp);
g_free(tmp);
@@ -178,10 +183,6 @@ feed_add_xml_attributes (nodePtr node, xmlNodePtr feedNode)
 
if(feed->parseErrors && (strlen(feed->parseErrors->str) > 0))
xmlNewTextChild(feedNode, NULL, "parseError", 
feed->parseErrors->str);
-
-   tmp = g_strdup_printf("%d", node->subscription->error);
-   xmlNewTextChild(feedNode, NULL, "error", tmp);
-   g_free(tmp);
 }
 
 xmlDocPtr
-- 
2.30.2

Bug#801951: debian/copyright should mention BSD3 license, not PSF

[Colin Watson]

Control: tag -1 pending

On Fri, Jul 02, 2021 at 04:05:05PM +0200, Bastian Germann wrote:
> On Fri, 16 Oct 2015 10:48:28 +0200 Stefano Zacchiroli  wrote:
> > debian/copyright currently refers to (various incarnations of...) the PSF
> > license, whereas python-dateutil has been relicense under BSD3 a while ago.
> > See http://sources.debian.net/src/python-dateutil/latest/LICENSE/ for
> > reference. debian/copyright should be updated (and can be widely simplified 
> > /
> > shortened) to refer to BSD3.
> 
> Current versions (in buster and upcoming bullseye) are dual-licensed under
> BSD3 and Apache 2. I am raising the severity because this is a long-standing
> policy violation.

Thanks for committing a fix for this to git.

Do you need sponsorship help to upload this (if so, I'd be happy to do
it), or is an upload already in progress?

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#990832: spamass-milter: Postfix has increased unparseable relay failures leading to SPF_FAIL

[Don Armstrong]

On Thu, 08 Jul 2021, William Haller wrote:
> I didn't test this message, but I did test some others that failed by
> running them directly through spamc and they gave a correct report
> with no unparseable relay errors.

spamass-milter has to build up a Received: header because one doesn't
exist at the moment it has to send the header to spamassassin. I'm
suspecting that a configuration issue (or a bug) is causing the
Received: header to not be parsable (or doesn't match localnet in
spamassassin).

Try running spamass-milter with -d spamc; to have it output the received
header it is sending to spamc (and compare with the actual received
header that gets generated).

-- 
Don Armstrong  https://www.donarmstrong.com

Live and learn
or die and teach by example
 -- a softer world #625
http://www.asofterworld.com/index.php?id=625

Bug#934713: os-prober: missing dependency on mount

[Colin Watson]

On Mon, Jun 28, 2021 at 10:17:10PM +0900, Hideki Yamane wrote:
> On Thu, 15 Aug 2019 16:49:46 +0200 Johannes Schauer  wrote:
> > I was not trying to justify or excuse the omission of the src:util-linux
> > maintainers. I can only imagine that os-prober somehow slipped through the
> > cracks when the src:util-linux maintainers filed bugs against all packages 
> > that
> > need the mount utilities during the buster release cycle.
> > 
> > I agree that the situation now is unfortunate but I only reported this 
> > problem
> > once I stumbled across it. I was not involved in the decision two years ago.
> 
>  Anyway, here's a tiny MR
>  https://salsa.debian.org/installer-team/os-prober/-/merge_requests/9
> 
> 
>  If it would be a wrong way to deal with this bug, then close above MR
>  and remove Tags: patch, please. If not - just merge it and push the package 
> :D

This looks correct to me, thanks.  Merged and uploaded.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#990901: putty: CVE-2021-36367

[Colin Watson]

Control: found -1 0.63-10+deb8u1

On Sat, Jul 10, 2021 at 11:25:04PM +0200, Salvatore Bonaccorso wrote:
> The following vulnerability was published for putty.
> 
> CVE-2021-36367[0]:
> | PuTTY through 0.75 proceeds with establishing an SSH session even if
> | it has never sent a substantive authentication response. This makes it
> | easier for an attacker-controlled SSH server to present a later
> | spoofed authentication prompt (that the attacker can use to capture
> | credential data, and use that data for purposes that are undesired by
> | the client user).

Thanks for letting me know.  I can do an unstable upload shortly, though
am a bit too short of time to deal with stable at the moment.

> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2021-36367
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36367
> [1] 
> https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa

Probably also
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=413398af85b27cd83134f5618bd82f81758f9603
for some more documentation of the new option.

> Please adjust the affected versions in the BTS as needed.

I think this has been around essentially forever, so I marked the
version in oldoldstable as affected, although that doesn't necessarily
mean I expect anyone to bother with fixing it there.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#989799: Bug#990557: bugs.debian.org: Not automatically close Bug#989799 for buster-backports

[Don Armstrong]

tag 989799 - bullseye-ignore
severity 989799 serious
fixed 989799 4.10.0-1
thanks

On Fri, 02 Jul 2021, Hideki Yamane wrote:
>  As 
> https://tracker.debian.org/news/1243791/accepted-manpages-l10n-4100-1bpo101-source-into-buster-backports-backports-policy-buster-backports/
>  Bug#989799 was noted as "Closes" but not done automatically.
> 
>  We expect that is closed, is it BTS system side issue or not?

989799 was closed in 4.10.0-1~bpo10+1 but not in 4.10.0-1 (in
testing/unstable) which 4.10.0-1 and the bpo version are based on.

I'm assuming that it was also fixed in 4.10.0-1 (or maybe it was never
broken in that version?) so I'm marking it as fixed there too.

See this version graph for details on what was going on: 
https://bugs.debian.org/cgi-bin/version.cgi?absolute=0;collapse=1;fixed=4.10.0-1~bpo10%2B1;format=png;found=4.9.3-4~bpo10%2B1;height=;info=1;package=manpages-l10n;width=;ignore_boring=0

-- 
Don Armstrong  https://www.donarmstrong.com

There is no more concentrated form of evil
than apathy.

Bug#990910: p7zip: reproducible builds: parallelism triggers differences

[Vagrant Cascadian]

Source: p7zip
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Apparently p7zip includes different paths when built in parallel:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/p7zip.html

  /usr/lib/p7zip/7z

  ../../../../CPP/myWindows/StdAfx.h:68
  vs.
  ../../../myWindows/StdAfx.h:68


The attached patch fixes this by disabling parallelism during the build.

With this patch applied, p7zip should be reproducible on
tests.reproducible-builds.org.


It may be possible to dig deeper into p7zip to fix the issues with a
parallel build, but I haven't found a good starting point to do so.


Thanks for maintaining p7zip!


live well,
  vagrant
From ef7ff07a47b785e48be34d32810a4a65c5edacee Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sat, 10 Jul 2021 22:42:22 +
Subject: [PATCH] debian/rules: Disable parallel builds to enable reproducible
 builds.

---
 debian/rules | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/rules b/debian/rules
index 49bfcac..de763c1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,6 @@
 #!/usr/bin/make -f
 
-DH_AUTO_OPTIONS := -v -Smakefile --parallel
+DH_AUTO_OPTIONS := -v -Smakefile
 stampfile   := debian/build-stamp
 
 DEB_BUILD_MAINT_OPTIONS := hardening=+all
@@ -19,7 +19,7 @@ else
 endif
 
 %:
-	dh ${@}
+	dh ${@} --no-parallel
 
 override_dh_auto_clean:
 	# Make sure patches are applied otherwise `make clean' fails
-- 
2.32.0



signature.asc
Description: PGP signature

Bug#990909: RFP: elpa-treemacs -- a tree layout file explorer for Emacs

[Martin]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: debian-emac...@lists.debian.org

* Package name: elpa-treemacs
  Version : 2.8
  Upstream Author : Alexander Miller 
* URL : https://github.com/Alexander-Miller/treemacs
* License : GPL-3+
  Programming Lang: Emacs-Lisp
  Description : a tree layout file explorer for Emacs

 Treemacs is a file and project explorer similar to NeoTree or vim’s NerdTree,
 but largely inspired by the Project Explorer in Eclipse. It shows the file
 system outlines of your projects in a simple tree layout allowing quick
 navigation and exploration, while also possessing basic file management
 utilities.

Bug#990908: unblock: base-passwd/3.5.51

[Colin Watson]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock base-passwd 3.5.51.  IMO #990879 should be fixed before
release, because it adds an unintended and useless debconf prompt to
every buster → bullseye upgrade in default configurations (i.e. without
reconfiguring the debconf priority).  There were also a few small
documentation and translation updates already in unstable, but I think
those are obviously harmless enough for it not to be worth me doing a
separate t-p-u upload for this.

diff -Nru base-passwd-3.5.49/README base-passwd-3.5.51/README
--- base-passwd-3.5.49/README   2021-02-06 17:48:56.0 +
+++ base-passwd-3.5.51/README   2021-07-10 12:57:43.0 +0100
@@ -53,6 +53,7 @@
 64060 | nova  | OpenStack Compute
 64061 | cinder| OpenStack Block Storage
 64062 | glance| OpenStack Image
+64065 | gnocchi   | Gnocchi - Metric as a Service
 
 Reserved gids:
 gid   | name  | description
@@ -77,8 +78,9 @@
 64060 | nova  | OpenStack Compute
 64061 | cinder| OpenStack Block Storage
 64062 | glance| OpenStack Image
+64065 | gnocchi   | Gnocchi - Metric as a Service
 
-(Next uid/gid allocation: 64065.)
+(Next uid/gid allocation: 64070.)
 
 You *may not* use any uids or gids in the 6-64999 range without *first*
 requesting an allocation from base-pas...@packages.debian.org and waiting
diff -Nru base-passwd-3.5.49/debian/changelog 
base-passwd-3.5.51/debian/changelog
--- base-passwd-3.5.49/debian/changelog 2021-02-06 17:48:56.0 +
+++ base-passwd-3.5.51/debian/changelog 2021-07-10 12:57:43.0 +0100
@@ -1,3 +1,24 @@
+base-passwd (3.5.51) unstable; urgency=medium
+
+  [ Raf Czlonka ]
+  * update-passwd.8: Environment variables are 'set'.
+
+  [ Brian Murray ]
+  * update-passwd.c: Skip debconf question when changing irc's home
+directory from /var/run/ircd to /run/ircd, since these are equivalent
+(closes: #990879).
+
+ -- Colin Watson   Sat, 10 Jul 2021 12:57:43 +0100
+
+base-passwd (3.5.50) unstable; urgency=medium
+
+  * Allocate uid/gid 64065 to gnocchi, by request of Billy Olsen (closes:
+#983635).
+  * Debconf translations:
+- Spanish (thanks, Camaleón; closes: #987337).
+
+ -- Colin Watson   Sun, 16 May 2021 11:23:55 +0100
+
 base-passwd (3.5.49) unstable; urgency=medium
 
   [ Bastian Germann ]
diff -Nru base-passwd-3.5.49/debian/po/es.po base-passwd-3.5.51/debian/po/es.po
--- base-passwd-3.5.49/debian/po/es.po  1970-01-01 01:00:00.0 +0100
+++ base-passwd-3.5.51/debian/po/es.po  2021-07-10 12:57:43.0 +0100
@@ -0,0 +1,281 @@
+# base-passwd po-debconf translation to Spanish.
+# Copyright (C) 2021
+# This file is distributed under the same license as the base-passwd package.
+# Camaleón , 2021.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: base-passwd\n"
+"Report-Msgid-Bugs-To: base-pas...@packages.debian.org\n"
+"POT-Creation-Date: 2014-01-05 13:38-0800\n"
+"PO-Revision-Date: 2021-05-03 12:54+0200\n"
+"Last-Translator: Camaleón \n"
+"Language-Team: Debian Spanish \n"
+"Language: es\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid "Do you want to move the user ${name}?"
+msgstr "¿Desea mover el usuario ${name}?"
+
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#: ../templates:1001 ../templates:2001 ../templates:3001 ../templates:4001
+#: ../templates:5001 ../templates:6001 ../templates:7001 ../templates:8001
+#: ../templates:9001 ../templates:10001 ../templates:11001 ../templates:12001
+msgid ""
+"update-passwd has found a difference between your system accounts and the "
+"current Debian defaults.  It is advisable to allow update-passwd to change "
+"your system; without those changes some packages might not work correctly.  "
+"For more documentation on the Debian account policies, please see /usr/share/"
+"doc/base-passwd/README."
+msgstr ""
+"update-passwd ha encontrado una diferencia entre las cuentas de su sistema "
+"y las predeterminadas de Debian. Es recomendable permitir que update-passwd "
+"realice cambios en su sistema; sin esos cambios, algunos paquetes podrían "
+"funcionar mal. Consulte «/usr/share/doc/base-passwd/README» para más "
+"información sobre las directrices de cuentas en Debian."
+
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. Description
+#. Type: boolean
+#. 

Bug#990418: SSL handshake failed when loading openweathermap data

[Adrian Bunk]

On Mon, Jun 28, 2021 at 10:10:23PM +0500, Alexei Ustyuzhaninov wrote:
> Package: gnome-shell-extension-weather
> Version: 0.0~git20201103.d8be50f-1
> Severity: important
> 
> The extensiond doesn't show the weather information for me. A quick debuging
> shows that it can't access the openweathermap api with error "SSL handshake
> failed". The sasame url
> (https://api.openweathermap.org/data/2.5/weather?lon=60.6082502=56.8391034=metric=)
> is opened in a browser without a problem.
>...

Thanks for your report, does it work after installing the 
ca-certificates package?

cu
Adrian

Bug#990907: gnome-shell-extension-weather: Homepage in debian/control points to defunct location

[Adrian Bunk]

Source: gnome-shell-extension-weather
Version: 0.0~git20201103.d8be50f-1
Severity: minor

The new upstream location seems to be
   https://gitlab.com/jenslody/gnome-shell-extension-openweather

Bug#990017: [REGRESSION] Bullseye CD installer images fail to install GRUB on OpenPOWER machines

[Colin Watson]

Control: tag -1 moreinfo

On Thu, Jun 17, 2021 at 07:56:27PM -0500, Timothy Pearson wrote:
> - Original Message -
> > From: "Steve McIntyre" 
> > To: "Timothy Pearson" , 
> > 990...@bugs.debian.org
> > Sent: Thursday, June 17, 2021 7:43:15 PM
> > Subject: Re: Bug#990017: [REGRESSION] Bullseye CD installer images fail to 
> > install GRUB on OpenPOWER machines
> 
> > Reassigning this to the correct package where it should get more
> > attention...
> 
> Thank you, much appreciated.
> 
> > On Thu, Jun 17, 2021 at 04:20:47PM -0500, Timothy Pearson wrote:
> >>Attempting to use the latest Bullseye RC2 CD installer on an OpenPOWER 
> >>machine
> >>results in a fatal error during bootloader installation:
> >>
> >>Jun 17 21:14:45 grub-installer: info: Installing grub on '/dev/sda1'
> >>Jun 17 21:14:45 grub-installer: info: grub-install does not support 
> >>--no-floppy
> >>Jun 17 21:14:45 grub-installer: info: Running chroot /target grub-install
> >>--force "/dev/sda1"
> >>Jun 17 21:14:45 grub-installer: Installing for powerpc-ieee1275 platform.
> >>Jun 17 21:14:57 grub-installer: grub-install: error: unknown filesystem.
> >>Jun 17 21:14:57 grub-installer: error: Running 'grub-install  --force
> >>"/dev/sda1"' failed.
> >>
> >>The bootloader installs normally using the Buster CD installers on the same
> >>hardware.
> > 
> > Just a quick sanity check - how did you partition the disk? Does it
> > have the normal boot partition etc. needed for OpenPOWER? I'll admit I
> > don't know all the details here - I'm not a powerpc expert.
> 
> All defaults.  PReP partition was added automatically by the apparition, it 
> almost looks like Grub doesn't know what to do with it?
> 
> Layout:
> PReP:   /dev/sda1
> System: /dev/sda2
> Swap:   /dev/sda3

It's been quite a while since I dealt with this, but grub-install
certainly shouldn't be looking for a filesystem on the PReP partition -
indeed, the current code expects it to be empty.

When the install fails, could you please run:

  chroot /target grub-install --debug --force /dev/sda1 
>/var/log/grub-install.out 2>&1

... and then extract the resulting /var/log/grub-install.out file (e.g.
using the "Save debug logs" main menu entry)?

If you're able to also run "grub-install --debug /dev/sda1" on a working
buster system (assuming the PReP partition is on /dev/sda1 there too)
and provide the full output for comparison purposes, that would be
helpful as well.  You may need to clear that partition first using dd,
but if so grub-install should tell you the necessary command.

Thanks,

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#820848: RFS: phcpack 2.4.84 (NEW)

[Torrance, Douglas]

On Thu 08 Jul 2021 12:24:47 AM EDT, Torrance, Douglas  
wrote:

On Wed 07 Jul 2021 08:37:08 AM EDT, Doug Torrance  
wrote:

On Wed 07 Jul 2021 01:16:03 AM EDT, Nilesh Patra  wrote:

./src/Ada/Math_Lib/QD/READ_ME states this:

The main reference for the QD-2.3.9 library is
Y. Hida, X.S. Li, and D.H. Bailey:
"Algorithms for quad-double precision floating point arithmetic."
In 15th IEEE Symposium on Computer Arithmetic (Arith-15 2001),
11-17 June 2001, Vail, CO, USA, pages 155-162. IEEE Computer Society, 2001.
Shortened version of Technical Report LBNL-46996,
software at http://crd.lbl.gov/~dhbailey/mpdist/qd-2.3.9.tar.gz.

Note that the "BSD-LBNL-License" is GPL compatible, although
"If you wish to use the software for commercial purposes
please contact the Technology Transfer Department at t...@lbl.gov or
call 510-286-6457."

I admit, I'm not very sure if I understand the terms there correctly, but
should it be mentioned in d/copyright?
I also see similar stuff in a lot of READ_ME files,
./src/Ada/Root_Counts/MixedVol/READ_ME for instance.

Do they need to be mentioned in d/copyright? If not, IMO adding a
"Comment:" and the reasoning for not adding these in copyright would be
good.


Good catch!  I've sent upstream a note asking for clarification on the license
of the files in this directory.


Upstream confirmed that this particular feature would cause limitations for
commercial use due to the license.  It's just one feature, though, and I think
that PHCpack would still be a valuable addition to Debian without it.  (For
example, the PHCpack package in Macaulay2 doesn't use it.)

I'll spend some time working on stripping this feature out to create a
DFSG-compliant version of PHCpack and ping the list when it's ready for another
look.


I've repacked the PHCpack package so that it doesn't use the non-free QD
library.  I believe it's ready for another review:
https://salsa.debian.org/science-team/phcpack

Thanks!
Doug


signature.asc
Description: PGP signature

Bug#989229: Possibly related bug?

[Diederik de Haas]

I filed the following bug which may be related?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990867

Even though the (error) messages are/seem quite different, maybe 
the 'Read-only file system' message is also kernel related?
I don't know the details anymore, but I've seen 'efivars' come by
on the debian-kernel ML several times.

Excerpt from bug #990867:

Setting up shim-helpers-arm64-signed (1+15.4+6) ...
Installing for arm64-efi platform.
grub-install: warning: Cannot set EFI variable Boot.
grub-install: warning: efivarfs_set_variable: failed to open 
/sys/firmware/efi/efivars/Boot-8be4df61-93ca-11d2-aa0d-00e098032b8c for 
writing: Read-only file system.
grub-install: warning: _efi_set_variable_mode: ops->set_variable() failed: 
Read-only file system.
grub-install: error: failed to register the EFI boot entry: Read-only file 
system.
dpkg: error processing package shim-helpers-arm64-signed (--configure):
 installed shim-helpers-arm64-signed package post-installation script 
subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of shim-signed:arm64:
 shim-signed:arm64 depends on shim-helpers-arm64-signed (>= 1+15.4+2); however:
  Package shim-helpers-arm64-signed is not configured yet.

Maybe they're totally different things, but figured I'd mention it anyway.

signature.asc
Description: This is a digitally signed message part.

Bug#984760: grub-efi-amd64: upgrade works, boot fails (error: symbol `grub_is_lockdown` not found)

[Colin Watson]

Control: tag -1 moreinfo

Sorry for our long delay in replying to this.

On Mon, Mar 08, 2021 at 02:20:08PM +1100, Anand Kumria wrote:
> grub went into grub rescue mode and displayed:
> 
> error: symbol `grub_is_lockdown` not found

In general, this means that grub-install is not installing to the place
that your firmware is actually booting from, which causes the core image
(installed to a file under /boot/efi/ on UEFI systems) to be out of sync
with the modules (installed to a subdirectory of /boot/grub/).  This is
much rarer on UEFI systems than on BIOS systems, but it's still possible
in some misconfigured cases.

Could you please attach the output of "sudo grub-install --debug", "sudo
efibootmgr -v", and "sudo find /boot/efi -ls"?

> Currently, I am booting using a rescue CD and then entering commands to 
> manually start the laptop

What commands are you using?

> -- Package-specific info:
> 
> *** BEGIN /proc/mounts
> /dev/sda5 / ext4 rw,relatime,errors=remount-ro 0 0
> /dev/sda6 /home ext4 rw,relatime 0 0
> /dev/sda2 /boot/efi vfat 
> rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro
>  0 0
> *** END /proc/mounts
[...]
> *** BEGIN /dev/disk/by-id
> total 0
> lrwxrwxrwx 1 root root  9 Mar  8 11:14 ata-MATSHITADVD-RAM_UJ8C2_WP18_009183 
> -> ../../sr0
> lrwxrwxrwx 1 root root  9 Mar  8 11:14 ata-TOSHIBA_THNSNS128GCSP_922S10RGT2JY 
> -> ../../sda
> lrwxrwxrwx 1 root root 10 Mar  8 11:14 
> ata-TOSHIBA_THNSNS128GCSP_922S10RGT2JY-part1 -> ../../sda1
> lrwxrwxrwx 1 root root 10 Mar  8 11:15 
> ata-TOSHIBA_THNSNS128GCSP_922S10RGT2JY-part2 -> ../../sda2
> lrwxrwxrwx 1 root root 10 Mar  8 11:14 
> ata-TOSHIBA_THNSNS128GCSP_922S10RGT2JY-part3 -> ../../sda3
> lrwxrwxrwx 1 root root 10 Mar  8 11:14 
> ata-TOSHIBA_THNSNS128GCSP_922S10RGT2JY-part4 -> ../../sda4
> lrwxrwxrwx 1 root root 10 Mar  8 11:14 
> ata-TOSHIBA_THNSNS128GCSP_922S10RGT2JY-part5 -> ../../sda5
> lrwxrwxrwx 1 root root 10 Mar  8 11:15 
> ata-TOSHIBA_THNSNS128GCSP_922S10RGT2JY-part6 -> ../../sda6
> *** END /dev/disk/by-id
> 
> *** BEGIN /dev/disk/by-uuid
> total 0
> lrwxrwxrwx 1 root root 10 Mar  8 11:14 141A3D7E1A3D5E44 -> ../../sda4
> lrwxrwxrwx 1 root root  9 Mar  8 11:15 2020-11-30-03-01-21-00 -> ../../sr0
> lrwxrwxrwx 1 root root 10 Mar  8 11:15 26cd5a33-dd28-4968-b2b4-2d134be2e444 
> -> ../../sda6
> lrwxrwxrwx 1 root root 10 Mar  8 11:14 A65030AD50308659 -> ../../sda1
> lrwxrwxrwx 1 root root 10 Mar  8 11:15 DE31-8EDF -> ../../sda2
> lrwxrwxrwx 1 root root 10 Mar  8 11:14 a49dde0e-f2e4-4679-8c56-b9013d7b0fd2 
> -> ../../sda5
> *** END /dev/disk/by-uuid

I notice that not all your partitions are mounted.  What's on partitions
1, 3, and 4?  ("sudo parted -s /dev/sda print" might help.)

Thanks,

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#990452: Acknowledgement (clang-9: please drop Recommends: libomp-9-dev)

[Andreas Beckmann]

Control: tag -1 pending

This patch was acknowledged by the release team in pre-approval/unblock 
request #990788 and I've just uploaded it as a NMU to DELAYED/1


Andreas

Bug#990906: xarchiver Deleting Files Outside of Archive

[David Harte]

Package: xarchiver
Version: 1:0.5.4.14-1
Severity: critical
Justification: causes serious data loss

Dear Maintainer,

Subject: xarchiver Deleting Files Outside of Archive

The deleted files are linked to (ln -s) from within the archive 
(tar.gz), but reside outside of the archive.


These external files get deleted if one double clicks on the link line 
within xarchiver and the file resides on an ntfs disk.


#

#  The behaviour can be repeated as follows

cd /home/david/
mkdir Example

#  Write a txt file to within Example
echo "file red" > Example/red.txt

#  Utilise much spare disk space on ntfs drive
#  it needs to be ntfs
cd /mnt/win7/david/
mkdir MoreColours
echo "file green" > MoreColours/green.txt
echo "file blue" > MoreColours/blue.txt

#  Make symbolic link to MoreColours
#from within dir Example
cd /home/david/Example
ln -s -T /mnt/win7/david/MoreColours MoreColours

#  Make a tape archive of Example
cd /home/david/
tar -czvf example.tar.gz Example

#  Open using xarchiver, and
#  note that MoreColours points to correct location
xarchiver example.tar.gz

thunar /mnt/win7/david/MoreColours

#  Now double click on this line in xarchiver AND
#  watch the files in MoreColours in thunar above
#  at the same time. They get REMOVED.

#  I would have expected a default action of double
#  clicking to be something like opening thunar above.

#  An error message pops up:
'Failed to open "/tmp/xa-43Y950/MoreColours".
 Error when getting information for the file 
"/tmp/xa-43Y950/MoreColours": No such file or directory.'


#  Goto the /tmp dir named in the Error Pop-up
cd /tmp/xa-43Y950/
ls -l

-rwxrwxrwx 1 david david10 Jul 10 13:14 blue.txt
-rwxrwxrwx 1 david david11 Jul 10 13:14 green.txt
drwx-- 3 david david  4096 Jul 10 13:32 xa-tmp.0XTI60
-rw-r--r-- 1 david david 10240 Jul 10 13:30 xa-tmp.decompressed

#

The files blue.txt and green.txt have been MOVED to /tmp/xa-43Y950/. 
xarchiver should not have the permission to move/delete files that are 
not within the archive specified by the user.


When one closes xarchiver the /tmp dir is deleted along with all of ones 
files, 2.7Gb in my case. I lost them before seeing what was happening.


There is a conflict with ntfs, the above does not happen if the linked 
directory is on the local ext4 disk.


Is this related to the following bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862593

Possibly some escaped characters with ntfs mounts are not being dealt 
with properly?


The ntfs disk mount is configured in /etc/fstab:
UUID=id.here /mnt/win7  ntfs  user,auto,uid=a.number,gid=a.number  0  0

Regards
David Harte



-- System Information:
Debian Release: 10.10
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-17-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_NZ.utf8, LC_CTYPE=en_NZ.utf8 (charmap=UTF-8), 
LANGUAGE=en_NZ:en (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages xarchiver depends on:
ii  libc6   2.28-10
ii  libgdk-pixbuf2.0-0  2.38.1+dfsg-1
ii  libglib2.0-02.58.3-2+deb10u3
ii  libgtk-3-0  3.24.5-1

Versions of packages xarchiver recommends:
ii  bzip2   1.0.6-9.2~deb10u1
ii  p7zip-full  16.02+dfsg-6
ii  unzip   6.0-23+deb10u2
ii  xdg-utils   1.1.3-1+deb10u1
ii  xz-utils5.2.4-1

Versions of packages xarchiver suggests:
pn  arj  
ii  binutils 2.31.1-16
ii  cpio 2.12+dfsg-9
pn  lhasa
pn  liblz4-tool  
pn  lrzip
pn  lzip 
pn  lzop 
pn  ncompress
pn  rar  
pn  unar 
ii  zip  3.0-11+b1
pn  zstd 

-- no debconf information

Bug#945001: grub-efi-amd64: GRUB-EFI messes up boot variables

[Colin Watson]

Control: tag -1 moreinfo

Sorry for our long delay in replying to this.

On Mon, Nov 18, 2019 at 10:16:43AM +0100, Heinrich Schuchardt wrote:
> I have multiple disk with different operating systems each with its own
> bootloader.
> 
> Updating GRUB delete all existing UEFI variables BOOT and put in
> some values that do not make any sense for my system. I had a lot of
> trouble to get my system running again.

If possible, the output of "sudo grub-install --debug" would be the most
helpful thing you could provide here.  I understand if that is difficult
due to the work needed to get back to a working state afterwards, but
it's really what we need to see.

Could you also please provide a dump of /sys/firmware/efi/efivars/ (or
at least all the Boot* entries there) as well the output of "sudo
efibootmgr -v", ideally both before and after running grub-install?
Even if you can't provide grub-install --debug output, a snapshot of
this information may still be helpful.

I notice that you say "BOOT", rather than "Boot" as I see on my
system.  Does this match how your variables are named?  If this is a
case-sensitivity issue, that could possibly be interesting.  (However, I
think such firmware would be non-compliant; the latest version of the
UEFI spec that I have to hand specifies "Boot" and has no indication
that it may be case-insensitive.)

Even so, the only Boot entries that grub-install might intentionally
delete are second and subsequent entries with the label "debian".
Anything else is definitely unintentional and indicates something quite
odd going on.

> I do not expect GRUB to ever touch my UEFI variables without my explicit
> consent. Please, provide a dialogue.

I don't think this is an expectation we can fulfil given the stated
purpose of the grub-efi-amd64 package, which is to be your system's
active boot loader: it may have to edit the boot order to achieve that.
You can remove grub-efi-amd64 and leave only grub-efi-amd64-bin if you
want to deal with the step of installing GRUB manually.

All the same, what you're seeing would certainly be a bug, just not one
whose cause I can identify without more information.  Adding a dialogue
to work around such a bug is probably not the right answer.

(Release team: the code likely to be responsible for this hasn't
significantly changed since 2.02+dfsg1-14, which predates buster.  Since
I don't yet understand the bug I can't say for sure, but you might wish
to draw the conclusion that this bug probably existed in buster as well
and thus shouldn't block bullseye.)

> Bug report 913916 seems to be related but I am not sure if it is
> reporting the same issue.

That was against 2.02~beta3-5+deb9u1, and I essentially rewrote
grub-install's UEFI boot variable handling in 2.02+dfsg1-14.  It could
probably only be the same issue if it turns out to be a problem in the
efivar userspace library or in the kernel (or I suppose perhaps in the
firmware).

Thanks,

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#990903: unblock: marco/1.24.1-3

[Mike Gabriel]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package marco

[ Reason ]
Recently, a longterm runtime flaw in marco has been hunted down and
resolved.

+  * debian/patches:
++ Add 0002_tabpopup-fix-cairo-surface-leak.patch. Fix cairo surface leak in
+  src/ui/draw-workspace.c. (Closes: 990859).

-> This fixes marco freezing more and more until it has become unusable
after 1-2 weeks of runtime.

[ Impact ]
Marco regularly requires a restart (marco --replace) from the cmdline to keep a
session usable without this fix being applied.

[ Tests ]
Patch introspection, accepted upstream. Smoke test of the marco WM (nothing 
broken at first spot).

[ Risks ]
Window manager issues in MATE Desktop Environment which then would need a
follow-up upload.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
None.

unblock marco/1.24.1-3
diff -Nru marco-1.24.1/debian/changelog marco-1.24.1/debian/changelog
--- marco-1.24.1/debian/changelog   2021-02-02 10:45:35.0 +0100
+++ marco-1.24.1/debian/changelog   2021-07-10 23:47:08.0 +0200
@@ -1,3 +1,11 @@
+marco (1.24.1-3) unstable; urgency=medium
+
+  * debian/patches:
++ Add 0002_tabpopup-fix-cairo-surface-leak.patch. Fix cairo surface leak in
+  src/ui/draw-workspace.c. (Closes: 990859).
+
+ -- Mike Gabriel   Sat, 10 Jul 2021 23:47:08 +0200
+
 marco (1.24.1-2) unstable; urgency=medium
 
   [ Martin Wimpress ]
diff -Nru 
marco-1.24.1/debian/patches/0002_tabpopup-fix-cairo-surface-leak.patch 
marco-1.24.1/debian/patches/0002_tabpopup-fix-cairo-surface-leak.patch
--- marco-1.24.1/debian/patches/0002_tabpopup-fix-cairo-surface-leak.patch  
1970-01-01 01:00:00.0 +0100
+++ marco-1.24.1/debian/patches/0002_tabpopup-fix-cairo-surface-leak.patch  
2021-07-10 23:43:40.0 +0200
@@ -0,0 +1,51 @@
+From 8f204678be6d888ad1d2904e28af1aa9f2ad8e11 Mon Sep 17 00:00:00 2001
+From: Faidon Liambotis 
+Date: Sat, 3 Jul 2021 01:10:22 +0300
+Subject: [PATCH] tabpopup: fix cairo surface leak
+
+Commit 6b05da5e49996a2101edfd703dd3f5d91011d726 introduced a Cairo
+surface leak, by calling gdk_cairo_surface_create_from_pixbuf() but then
+never freeing those surfaces with cairo_surface_destroy().
+
+This manifested in leaking resources when switching between virtual
+desktops, as observed using xrestop ("Pxms" column), which made the
+desktop slow and ultimately unusable after a few weeks of uptime.
+
+Fixes #685
+---
+ src/ui/draw-workspace.c | 8 +++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/ui/draw-workspace.c b/src/ui/draw-workspace.c
+index 8229abd00..fc8f82e55 100644
+--- a/src/ui/draw-workspace.c
 b/src/ui/draw-workspace.c
+@@ -131,6 +131,7 @@ draw_window (GtkWidget   *widget,
+   /* If the icon is too big, fall back to mini icon. */
+   if (icon_w > (winrect->width - 2) || icon_h > (winrect->height - 2))
+ {
++  cairo_surface_destroy (icon);
+   icon = gdk_cairo_surface_create_from_pixbuf (win->mini_icon, scale, 
NULL);
+   if (icon)
+ {
+@@ -139,7 +140,10 @@ draw_window (GtkWidget   *widget,
+ 
+   /* Give up. */
+   if (icon_w > (winrect->width - 2) || icon_h > (winrect->height 
- 2))
+-icon = NULL;
++{
++  cairo_surface_destroy (icon);
++  icon = NULL;
++}
+ }
+ }
+ }
+@@ -155,6 +159,8 @@ draw_window (GtkWidget   *widget,
+   cairo_clip (cr);
+   cairo_paint (cr);
+   cairo_restore (cr);
++
++  cairo_surface_destroy (icon);
+ }
+ 
+   gtk_style_context_get_color (style, state, );
diff -Nru marco-1.24.1/debian/patches/series marco-1.24.1/debian/patches/series
--- marco-1.24.1/debian/patches/series  2021-02-02 10:44:11.0 +0100
+++ marco-1.24.1/debian/patches/series  2021-07-10 23:43:47.0 +0200
@@ -1 +1,2 @@
 0001_no-shadows-for-side-tiled-windows.patch
+0002_tabpopup-fix-cairo-surface-leak.patch

Bug#990902: RM: libuima-adapter-soap-java -- NBS; need manual cruft removal

[Adrian Bunk]

Package: ftp.debian.org
Severity: normal

uimaj (2.10.2-4) unstable; urgency=medium
...
  * Drop libuima-adapter-soap-java and add Breaks: to remove unnecessary
empty package (Closes: #987461)
...
 -- tony mancill   Tue, 22 Jun 2021 09:45:29 -0700

Bug#990580: debdiff for NMU apache2 (= 2.4.48-3.1) (was Re: Bug#990580: apache2: [regression] daily cron mails from logrotate: Reloading Apache httpd web server: apache2., caused by #979813)

[Thorsten Glaser]

On Fri, 9 Jul 2021, Yadd wrote:

> Apache2 is RFH for years, feel free to contribute

OK, thanks for the maintainer approval. Accordingly, I have
just uploaded the attached debdiff. I chose to direct the
output to syslog instead of the bitbucket so it is not lost
if someone indeed needs it so it isn’t a regression.

bye,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*

Mit dem tarent-Newsletter nichts mehr verpassen: www.tarent.de/newsletter

*diff -Nru apache2-2.4.48/debian/apache2.logrotate 
apache2-2.4.48/debian/apache2.logrotate
--- apache2-2.4.48/debian/apache2.logrotate 2021-06-20 13:55:24.0 
+0200
+++ apache2-2.4.48/debian/apache2.logrotate 2021-07-10 23:31:24.0 
+0200
@@ -14,7 +14,7 @@
 endscript
 postrotate
if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
-   invoke-rc.d apache2 reload
+   invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
fi
 endscript
 }
diff -Nru apache2-2.4.48/debian/changelog apache2-2.4.48/debian/changelog
--- apache2-2.4.48/debian/changelog 2021-06-20 16:39:33.0 +0200
+++ apache2-2.4.48/debian/changelog 2021-07-10 23:31:28.0 +0200
@@ -1,3 +1,11 @@
+apache2 (2.4.48-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Direct init script reload output from logrotate to syslog, to
+avoid mail-spamming the local admin (Closes: #990580)
+
+ -- Thorsten Glaser   Sat, 10 Jul 2021 23:31:28 +0200
+
 apache2 (2.4.48-3) unstable; urgency=medium
 
   * Fix debian/changelog

Bug#990901: putty: CVE-2021-36367

[Salvatore Bonaccorso]

Source: putty
Version: 0.75-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for putty.

CVE-2021-36367[0]:
| PuTTY through 0.75 proceeds with establishing an SSH session even if
| it has never sent a substantive authentication response. This makes it
| easier for an attacker-controlled SSH server to present a later
| spoofed authentication prompt (that the attacker can use to capture
| credential data, and use that data for purposes that are undesired by
| the client user).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-36367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36367
[1] 
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#990900: avahi: CVE-2021-36217

[Salvatore Bonaccorso]

Source: avahi
Version: 0.8-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for avahi.

CVE-2021-36217[0]:
| Avahi 0.8 allows a local denial of service (NULL pointer dereference
| and daemon crash) against avahi-daemon via the D-Bus interface or a
| "ping .local" command.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-36217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36217
[1] https://bugzilla.suse.com/show_bug.cgi?id=1188083

Regards,
Salvatore

Bug#989229: grub-install: warning: Cannot read EFI Boot* variables.

[Colin Watson]

Control: reassign -1 linux
Control: affects -1 grub2-common

On Sat, May 29, 2021 at 12:00:17PM -0400, Joseph Maher wrote:
> grub seems unhappy on my laptop (testing=bullseye, acer spin 1), currently
> grub-install doesn't work, and so the various grub packages aren't
> installable / upgradable
> 
> Not sure what the severity should be, or which package I should file a bug
> against, but I've appended some typical output below that may or may not be
> useful:
> 
> Yours
> 
> Joseph
> 
> 
> # grub-install --target=x86_64-efi
> Installing for x86_64-efi platform.
> grub-install: warning: Cannot read EFI Boot* variables.
> grub-install: warning: efivarfs_get_variable: read failed: Interrupted system 
> call.
> grub-install: warning: efi_get_variable: ops->get_variable failed: 
> Interrupted system call.
> grub-install: error: failed to register the EFI boot entry: Interrupted 
> system call.
> 
> 
> # grub-install --target=x86_64-efi --debug
> 
> This output is very verbose, but I've left a copy here:
> 
> https://www.maher.org.uk/~joseph/20210529-grub-install.log
> 
> 
> 
> # efibootmgr Skipping unreadable variable "Boot": Interrupted system
> call
> Skipping unreadable variable "Boot0001": Interrupted system call
> Skipping unreadable variable "Boot0002": Interrupted system call
> Skipping unreadable variable "Boot0003": Interrupted system call
> Skipping unreadable variable "Boot0005": Interrupted system call
> Skipping unreadable variable "Boot0008": Interrupted system call
> Skipping unreadable variable "Boot000B": Interrupted system call
> Skipping unreadable variable "Boot000E": Interrupted system call
> Skipping unreadable variable "Boot0011": Interrupted system call
> Skipping unreadable variable "Boot0014": Interrupted system call
> Skipping unreadable variable "Boot0017": Interrupted system call
> Skipping unreadable variable "Boot2001": Interrupted system call
> Skipping unreadable variable "Boot2002": Interrupted system call
> Skipping unreadable variable "Boot2003": Interrupted system call
> show_order(): Interrupted system call

The fact that both grub-install and efibootmgr are getting EINTR here
(albeit with different subsequent effects) suggests to me that the
problem is at a lower level.  This looks like it's probably a kernel
bug, or maybe (though less likely IMO) a bug in the efivar userspace
library.  Reassigning to the kernel for now.

I suspect "strace -f -s 1024 grub-install --target=x86_64-efi" and
"strace -f -s 1024 efibootmgr" might be helpful, along with checking
dmesg to see if the kernel is logging any errors there.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#990899: openexr: CVE-2021-3605

[Salvatore Bonaccorso]

Source: openexr
Version: 2.5.4-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for openexr.

CVE-2021-3605[0]:
| Heap buffer overflow in the rleUncompress function

Note it is different from CVE-2020-11760.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3605
[1] 
https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1970991

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#990880: unblock: nomad/0.12.10+dfsg1-3

[Salvatore Bonaccorso]

Hi Peter, hi Graham,

On Sat, Jul 10, 2021 at 02:19:04PM +0200, Graham Inggs wrote:
> Control: tags -1 + moreinfo confirmed
> 
> Hi Peter
> 
> On Sat, 10 Jul 2021 at 14:03, Peter Pentchev  wrote:
> > This is a pre-approval request before I upload nomad to unstable to
> > fix a security problem (CVE-2021-32575).
> 
> Assuming it can happen soon, please go ahead upload to unstable, and
> remove the moreinfo tag once it has built.

Removed the moreinfo tag as the builds are now there on all
architectures, but I'm replying here due to the following: I was
checking the status for this, given it involved a CVE, and noticed
that for s390x there was a build failure. Only after giving back two
times nomad was build there as well, cf.:

https://buildd.debian.org/status/logs.php?pkg=nomad=s390x

Is this a known issue?

Regards,
Salvatore

Bug#990898: unblock: httraqt/1.4.9-5

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

please unblock package httraqt.

Upload 1.4.9-5 fixes release critical bug #990895, which was
recently detected. Diff is attached.


unblock httraqt/1.4.9-5

Thanks

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDqBXcRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wY4QA/8DiDz9fNaWAW/2onyn+zou2k4lDVnvf0X
52NRdpOJ2dDYfVh/DjOL8bgF0hhva/jqpXsRuOx6cw0r3LBfn+ifafUhIV7sH0SI
4IhyRSjgL2nHl1Qfr693+vR5Wxb84WTbXsMZBux/M1Y55Q9TlEVjmuDuKy+SC9lg
POV/xUs/XC4EwtLSsN5SBVk/uVZfCvYelU6i7mtBlRmnJbtSopGReYGmZVLrQFD8
OGkWk6HcLCr2LefYCvRLjtzggVpZZjaDD84FPzxCxmqsMlkSVLyz/LmTBYQqH4LB
NSmZNLhIsOjJDO10nDzXOFxvOvDeqJkew5oHp9q/mkD2yhClDZHEVoIYpk2nqE/l
HOv9Ce1aaaBDBDHHEhiv+Y50/a5M2SJpTHq138W+T3kPLDR4R190Xo4AuJLGituT
kZme4dnRDs7syrV8R6S0xy74/b4qtP5RemGOS9RP/UKV+Xk4AdDni3pERfKdKUnb
ybdD4fqdZSD1E5qB4/MjlEX9CHsFWDO43zYHsUpsG/nPpiH9ODvXpxmdL/v6o2AN
QXTOQBkcTQb9QDjoyPl56BdD9CNl1LLTPaVELHHcfCXT+WW89eQn6Kde9Lr19kU6
ggD+1EL8rA5tkesAsg79j3T9Mq4zZQy//2s8yUmu/1W8exw36oFvBVRIgiqKdEdg
aJvqImoF83c=
=RzFI
-END PGP SIGNATURE-
diff --git a/debian/changelog b/debian/changelog
index c7da9ab..bf983b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+httraqt (1.4.9-5) unstable; urgency=medium
+
+  * Install doc-files in /usr/share/httraqt. (Closes: #990895)
+
+ -- Anton Gladky   Sat, 10 Jul 2021 22:16:58 +0200
+
 httraqt (1.4.9-4) unstable; urgency=medium
 
   * [936829d] Fix section in manpage. (Closes: #963343)
diff --git a/debian/httraqt.doc-base b/debian/httraqt.doc-base
index d97da4c..4fef6b5 100644
--- a/debian/httraqt.doc-base
+++ b/debian/httraqt.doc-base
@@ -4,5 +4,5 @@ Author: Xavier Roche & other contributors
 Section: Network/Web Browsing
 
 Format: HTML
-Index: /usr/share/doc/httraqt/help/index.html
-Files: /usr/share/doc/httraqt/help/*.*
+Index: /usr/share/httraqt/help/index.html
+Files: /usr/share/httraqt/help/*.*
diff --git a/debian/rules b/debian/rules
index c132f1a..ba78c0d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,8 +11,3 @@ override_dh_installchangelogs:
 
 override_dh_auto_configure:
dh_auto_configure -- -DBUILD_DATE="$(BUILD_DATE)"
-
-override_dh_auto_install:
-   dh_auto_install
-   mkdir -p $(CURDIR)/debian/httraqt/usr/share/doc
-   mv $(CURDIR)/debian/httraqt/usr/share/httraqt 
$(CURDIR)/debian/httraqt/usr/share/doc/httraqt

Bug#990897: unblock: linux/5.10.46-1

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: car...@debian.org,k...@debian.org

Hi release team, hi Cyril (specifically for d-i)

Please unblock package linux

It contained a rebase of the 5.10.y series to 5.10.46 upstream and
included the following changes relevant to add additional HW support
and bugfxes. The upstream import to 5.10.46 contained fixes for
various CVEs.

The explicit other changes in the packaging are:

   * [armhf] drivers/bluetooth: Enable BT_HCIUART as a module, with support
 for all features already enabled in the generic config. (Closes: #987361)
   * [armhf] enable i.MX6 MIPI-CSI video capture device. (Closes: #987365)
 - drivers/mux: Enable MUX_MMIO as a module.
 - drivers/media/platform: Enable VIDEO_MUX as a module.
 - drivers/staging/media/imx: Enable VIDEO_IMX_MEDIA and VIDEO_IMX_CSI as
   modules.
   * [arm64] Update device tree for Kobol's helios64 from next
   * [rt] Refresh "net/Qdisc: use a seqlock instead seqcount"
   * Ignore some ABI changes that should not affect OOT modules
   * Bump ABI to 8
   * [rt] Refresh "tracing: Merge irqflags + preempt counter"
   * can: bcm: delay release of struct bcm_op after synchronize_rcu()
 (CVE-2021-3609)
   * Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
 (Closes: #990008)
   * [arm64] Add pwm-rockchip to fb-modules udeb.
   * [arm64] Add fusb302, tcpm and typec to usb-modules udeb.
   * [armhf] Add gpio-mxc to kernel-image udeb. Thanks to Rick Thomas.
 (Closes: #982270)

The relevant CVEs fixed were: CVE-2020-26141, CVE-2020-26145,
CVE-2021-33624, CVE-2021-34693, CVE-2021-3609, CVE-2020-24586,
CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26147,
CVE-2021-28691, CVE-2021-3564, CVE-2021-3573 and CVE-2021-3587.
In particular this covered the fragattacks CVEs and the recently
published bpf related issues.

I guess at this point we want to delay any further 5.10.y imports to
the first bullseye point release, but let me know your toughts on
this.

Regards,
Salvatore

Bug#882276: Dovecot reports undefined symbol while opening lib95_imap_sieve_plugin

[fliu]

We ran into the same problem on Debian 11 bullseye testing. Please see the 
attachment for `doveconf -n` output.

## Postfix Log

Jul 10 15:33:18 host2 postfix/postfix-script[1219]: warning: symlink leaves 
directory: /etc/postfix/./makedefs.out
Jul 10 15:33:19 host2 postfix/postfix-script[1397]: starting the Postfix mail 
system
Jul 10 15:33:19 host2 postfix/master[1399]: daemon started -- version 3.5.6, 
configuration /etc/postfix
Jul 10 15:39:13 host2 postfix/smtpd[1463]: connect from _gateway[10.42.0.1]
Jul 10 15:39:13 host2 postfix/smtpd[1463]: B7B9234631: 
client=_gateway[10.42.0.1]
Jul 10 15:39:13 host2 postfix/cleanup[1533]: B7B9234631: 
message-id=<20210710153902.003128@debian>
Jul 10 15:39:19 host2 postfix/smtpd[1463]: disconnect from _gateway[10.42.0.1] 
ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jul 10 15:39:19 host2 postfix/qmgr[1401]: B7B9234631: 
from=, size=503, nrcpt=1 (queue active)
Jul 10 15:39:20 host2 postfix/lmtp[1535]: B7B9234631: 
to=, orig_to=, 
relay=host2.test.example[private/dovecot-lmtp], delay=6.2, 
delays=6/0.08/0.13/0, dsn=4.4.2, status=deferred (lost connection with 
host2.test.example[private/dovecot-lmtp] while receiving the initial server 
greeting)
Jul 10 15:42:39 host2 postfix/anvil[1529]: statistics: max connection rate 
1/60s for (smtp:10.42.0.1) at Jul 10 15:39:13
Jul 10 15:42:39 host2 postfix/anvil[1529]: statistics: max connection count 1 
for (smtp:10.42.0.1) at Jul 10 15:39:13
Jul 10 15:42:39 host2 postfix/anvil[1529]: statistics: max cache size 1 at Jul 
10 15:39:13

## Dovecot Log

Jul 10 15:32:53 master: Info: Dovecot v2.3.13 (89f716dc2) starting up for imap, 
lmtp, sieve, pop3 (core dumps disabled)
Jul 10 15:36:20 master: Warning: Killed with signal 15 (by pid=1435 uid=0 
code=kill)
Jul 10 15:36:22 master: Info: Dovecot v2.3.13 (89f716dc2) starting up for imap, 
lmtp, sieve, pop3 (core dumps disabled)
Jul 10 15:39:13 auth: Debug: Loading modules from directory: 
/usr/lib/dovecot/modules/auth
Jul 10 15:39:13 auth: Debug: Module loaded: 
/usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Jul 10 15:39:13 auth: Debug: Loading modules from directory: 
/usr/lib/dovecot/modules/auth
Jul 10 15:39:13 auth: Debug: Module loaded: 
/usr/lib/dovecot/modules/auth/libauthdb_ldap.so
Jul 10 15:39:13 auth: Debug: Wrote new auth token secret to 
/run/dovecot/auth-token-secret.dat
Jul 10 15:39:13 auth: Debug: auth client connected (pid=0)
Jul 10 15:39:19 lmtp(1536): Fatal: Couldn't load required plugin 
/usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so: dlopen() failed: 
/usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so: undefined symbol: 
command_hook_register

## System Information

Distributor ID: Debian
Description:Debian GNU/Linux 11 (bullseye)
Release:11
Codename:   bullseye

dovecot-core/testing,now 1:2.3.13+dfsg1-1 amd64 [installed,automatic]
dovecot-imapd/testing,now 1:2.3.13+dfsg1-1 amd64 [installed]
dovecot-ldap/testing,now 1:2.3.13+dfsg1-1 amd64 [installed]
dovecot-lmtpd/testing,now 1:2.3.13+dfsg1-1 amd64 [installed]
dovecot-managesieved/testing,now 1:2.3.13+dfsg1-1 amd64 [installed]
dovecot-pop3d/testing,now 1:2.3.13+dfsg1-1 amd64 [installed]
dovecot-sieve/testing,now 1:2.3.13+dfsg1-1 amd64 [installed,automatic]

## doveconf -n

# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 4.19.0-16-amd64 x86_64 Debian 11.0 
# Hostname: freedombox
auth_debug = yes
auth_verbose = yes
log_path = /var/log/fbx-dovecot.log
mail_debug = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_plugins = " imap_sieve"
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/freedombox-ldap-passdb.conf.ext
  driver = ldap
  result_failure = return-fail
  result_internalfail = return-fail
}
passdb {
  driver = pam
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap lmtp sieve pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0600
user = postfix
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
ssl_cert = 

Bug#990895: Fwd: Re: Bug#990895: httraqt: Apparently installs entire program in /usr/share/doc/

[Anton Gladky]

Control: severity -1 grave

Thanks! I am able to reproduce it now! Hopefully the fix will
be accepted into the Bullseye.

Regards

Anton

>

Bug#990642: linux-image-4.19.0-17-amd64: kernel panic on xen dom0 with Broadcom Limited NetXtreme II BCM5709

[Salvatore Bonaccorso]

Control: found -1 5.10.40-1

Hi,

On Sat, Jul 10, 2021 at 06:40:08PM +0200, s...@gmxpro.de wrote:
> 
> > 
> > Can you reproduce the issue with recent kernel from unstable or
> > buster-backports?
> > 
> 
> Tried with linux-image-5.10.0-0.bpo.7-amd64 (5.10.40-1~bpo10+1 amd64)
> from buster-backports.
> 
> Same issue - kernel panic with bonded interfaces.
> 
> Current workaround for me is to run without bonding.

thanks for confirming this as well, so adding a found version. Next
step would be to check the latest 5.10.y upstream version. If it's an
issue there, next to report it upstream.

Regards,
Salvatore

Bug#990895: Fwd: Re: Bug#990895: httraqt: Apparently installs entire program in /usr/share/doc/

[Calum McConnell]

Resending because I am an idiot who never remembers to reply-all


> On Sat, 2021-07-10 at 21:17 +0200, Anton Gladky wrote:
> > Am Sa., 10. Juli 2021 um 21:11 Uhr schrieb Calum McConnell
> > :
> > > 
> > > I have no idea how else to describe how to reproduce it: the issue
> > > is happening on every run, regardless of what I do, or if I
> > > reinstall.  The CLI httrack package works fine.  The issue manifests
> > > as two error messages popping up, saying the localization files
> > > couldn't be found, followed by a segmentation fault.
> > > 
> > 
> > 
> > If you can create a core-file or run the package through gdb to
> > produce the stack trace, it could help to investigate the issue
> > deeper.  Do not forget to use dbgsym-package for more debug-
> > information.
> 
> I installed the dbgsym packages I could think of: this is the result
> 
> > Thread 1 "httraqt" received signal SIGSEGV, Segmentation fault.
> > QMenu::setTitle (this=0x0001, text=...) at widgets/qmenu.h:65
> > 65 widgets/qmenu.h: No such file or directory.
> > (gdb) bt
> > #0 QMenu::setTitle(QString const&) (this=0x0001, text=...) at
> > widgets/qmenu.h:65
> > #1 0x5558c7bf in HTTraQt::translateActions() ()
> > #2 0x5558e244 in HTTraQt::setLangGUI() ()
> > #3 0x555937c5 in HTTraQt::HTTraQt(QWidget*,
> > QFlags) ()
> > #4 0x5557844b in main ()
> > (gdb) print text
> > $1 = (const QString &) @0x7fffddc8: {static null = { > fields>}, d = 0x5560ff10}
> > (gdb) 
> > 
> 
> > > The AMD64 package version that is currently in both sid and bullseye
> > > is definitely dropping all of it's files into
> > >
> > /usr/share/doc/: https://packages.debian.org/sid/amd64/httraqt/filelist
> > >  shows this.  I'm pretty sure that's the root of the issue.   In
> > > previous versions of the package, those files were not placed in
> > > /usr/share/doc
> > > 
> > 
> > 
> > I do not see any issue there at all. Files are placed in a proper
> > folder.
> 
> /usr/share/doc/ is for documentation.  You package is placing into that
> folder files like /usr/share/doc/httraqt/lang/English.utf.gz , which
> appears to be a list of translation strings for the program itself.
>  This is not a proper folder for that file.  Previous versions of the
> package did not install anything other than documentation in this
> folder, and held that file in /usr/share/httraqt/lang/English.utf.gz ,
> where it belongs.
> 
> Are you running the latest version of httraqt, as it appears in
> Bullseye?
> 



signature.asc
Description: This is a digitally signed message part

Bug#990895: httraqt: Apparently installs entire program in /usr/share/doc/

[Anton Gladky]

Am Sa., 10. Juli 2021 um 21:11 Uhr schrieb Calum McConnell <
calumlikesapple...@gmail.com>:

>
> I have no idea how else to describe how to reproduce it: the issue is
> happening on every run, regardless of what I do, or if I reinstall.  The
> CLI httrack package works fine.  The issue manifests as two error messages
> popping up, saying the localization files couldn't be found, followed by a
> segmentation fault.
>

If you can create a core-file or run the package through gdb to produce the
stack trace, it could help to investigate the issue deeper.  Do not forget
to use dbgsym-package for more debug-information.

The AMD64 package version that is currently in both sid and bullseye is
> definitely dropping all of it's files into /usr/share/doc/:
> https://packages.debian.org/sid/amd64/httraqt/filelist shows this.  I'm
> pretty sure that's the root of the issue.   In previous versions of the
> package, those files were not placed in /usr/share/doc
>

I do not see any issue there at all. Files are placed in a proper folder.

Cheers

Anton

Bug#990895: httraqt: Apparently installs entire program in /usr/share/doc/

[Calum McConnell]

On Sat, 2021-07-10 at 20:59 +0200, Anton Gladky wrote:
> Control: gravity -1 minor
> Control: tags -1 +moreinfo +unreproducible
> 
> Thanks for the bug report,
> 
> I am not able to reproduce the issue. Please provide more information
> about
> how to reproduce it. It looks like something is broken on your side. Try
> to
> install another similar package.
> 
> Regards
> 
> Anton


I have no idea how else to describe how to reproduce it: the issue is
happening on every run, regardless of what I do, or if I reinstall.  The
CLI httrack package works fine.  The issue manifests as two error messages
popping up, saying the localization files couldn't be found, followed by a
segmentation fault.

The AMD64 package version that is currently in both sid and bullseye is
definitely dropping all of it's files into
/usr/share/doc/: https://packages.debian.org/sid/amd64/httraqt/filelist sh
ows this.  I'm pretty sure that's the root of the issue.   In previous
versions of the package, those files were not placed in /usr/share/doc



signature.asc
Description: This is a digitally signed message part

Bug#990895: httraqt: Apparently installs entire program in /usr/share/doc/

[Anton Gladky]

Control: gravity -1 minor
Control: tags -1 +moreinfo +unreproducible

Thanks for the bug report,

I am not able to reproduce the issue. Please provide more information about
how to reproduce it. It looks like something is broken on your side. Try to
install another similar package.

Regards

Anton

Bug#990896: ITP: python-pyspoa -- Python bindings to spoa

[Nilesh Patra]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: nil...@debian.org

Subject: ITP: python-pyspoa -- Python bindings to spoa
Package: wnpp
Owner: Nilesh Patra 
Severity: wishlist

* Package name: python-pyspoa
  Version : 0.0.8
  Upstream Author : Oxford Nanopore Technologies
* URL : https://github.com/nanoporetech/pyspoa
* License : Expat
  Programming Lang: Python
  Description : Python bindings to spoa
 Spoa (SIMD POA) is a c++ implementation of the partial order alignment
 (POA) algorithm (as described in 10.1093/bioinformatics/18.3.452) which
 is used to generate consensus sequences (as described in
 10.1093/bioinformatics/btg109). It supports three alignment modes: local
 (Smith-Waterman), global (Needleman-Wunsch) and semi-global alignment
 (overlap).
 .
 This package presents Python bindings for the spoa library

Remark: This package is maintained by Debian Med Packaging Team at
   https://salsa.debian.org/med-team/python-pyspoa

Bug#990895: httraqt: Apparently installs entire program in /usr/share/doc/

[Calum McConnell]

Package: httraqt
Version: 1.4.9-4
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: calumlikesapple...@gmail.com

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Any attempt to run this package (on my system) fails: a check through apt-file 
would make it seem that
the whole package (including the localization files that it needs to run) is 
installed to /usr/share/doc.

It doesn't appear to look for the files there, hence the problem.  Also, there 
are some weird double slashes
in the stat() calls: it might be a multi-step issue.


- -- System Information:
Debian Release: 11.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages httraqt depends on:
ii  libc6   2.31-12
ii  libhttrack2 3.49.2-1.1
ii  libqt5core5a5.15.2+dfsg-9
ii  libqt5dbus5 5.15.2+dfsg-9
ii  libqt5gui5  5.15.2+dfsg-9
ii  libqt5widgets5  5.15.2+dfsg-9
ii  libstdc++6  10.2.1-6

httraqt recommends no packages.

httraqt suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJRBAEBCgA7FiEE/vC/PEGxsMPJ5u5w7/Xh1+DNmzIFAmDp5sAdHGNhbHVtbGlr
ZXNhcHBsZXBpZUBnbWFpbC5jb20ACgkQ7/Xh1+DNmzJB7RAApNrG6MnIV4prktVA
fhDDWVG+RyyQ3YDahXRSgjzz6DqS8Mt8qiZ0yHJhwXlosH34RU2WoFsN65IiDqJu
l4wZVPkj9O1o9mmWisF2KBMySho96Ewdso2ieHaQ9sO6VWxAp6hWHbyoplWYnwg6
mSwll9nRIyLG5FqLKnNHTmQLulghnQmUoco2jjV6/SBdS5PStinyIcMoRMCNfV/X
9yVxbBgPxEu9G9UyfTtfJZ9YKD4MbRG3c6XzI3k7BhFovuJnjTtK4sOyJH/mMN9w
6dGuOOBmsHiuwLPJthajMc5V1H4+/YVxlTRpjHna+c3CwyE6RWek0Su+H4sPTpIc
LMT5C5SaMy9y85WTORblbHvAM7+Zi6WmBOzEvTZegDTZzrGz7GJNy76WE8nZQ2Ml
EmrFIKtRQolOIxn/SDZKBKClg2j3vgF0FCr9vNcabKGvKIxqSCsmniho2E/YeOBA
xL3mQkSedW+3Jomp+n2WqrZ9JP2Mbp3x2lFia4714ieU3E+s7J6H9FQ6rYAmGhYM
CSjlK1zarZrk96nnLL29K4qMriq22ma5JfyNs43kiC5mEzttMRw+lrcY/X3TlSMx
WH6FE31b28SOYdjG0rXRbvBXJ14JxboLMVnkrDgmLabwIv1NntHZzGWlsU6WJWIf
6axioF556NZsCW6cDoSOs/dGBFg=
=Ig/8
-END PGP SIGNATURE-

Bug#990016: Debian installer images missing ASpeed video driver

[Jochen Sprickerhof]

Control: reassign -1 src:linux

Hi Timothy,

* Timothy Pearson  [2021-06-17 15:46]:

The current Bullseye installer images don't include the "ast" video driver, 
making it impossible to install Debian on systems that don't have a fallback VGA BIOS 
(anything non-x86, e.g. ARM/OpenPOWER).

Ubuntu fixed this issue almost 5 years ago:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1514711

Please include the "ast" kernel module, which does not require any proprietary 
firmware to function, in the Debian installer CD images.


The module is part of the fb-modules-5.10.0-7-arm64-di:

https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/installer/modules/arm64/fb-modules#L3

and fb-modules-5.10.0-7-loongson-3-di:

https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/installer/modules/mipsel-loongson-3/fb-modules#L5

Additionally CONFIG_DRM_AST is enabled for ppc64:

https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/config/kernelarch-powerpc/config-arch-64#L94

and x86:

https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/config/kernelarch-x86/config#L519

So I assume it should be easy to add the module to the corresponding 
udebs. Reassigning to the linux package, accordingly.


I guess it would help if you could be more specific on which 
architectures it would be useful.


Cheers Jochen


signature.asc
Description: PGP signature

Bug#990872: puppetdb.jar crashes out of the box with clojure classpath error

[Louis-Philippe Véronneau]

On Fri, 09 Jul 2021 23:14:22 -0700 "Gabriel G. Rosa"
 wrote:
> Package: puppetdb
> Version: 6.2.0-5
> Severity: grave
> Justification: renders package unusable
> 
> Dear Maintainer,
> 
> When installing puppetdb and configuring it to listen on http port, the
> puppetdb.jar crashes with the following lines in syslog:
> 
> Jul  9 23:01:46 puppet java[25194]: Syntax error (FileNotFoundException) 
> compiling at (clojure/core/async/impl/ioc_macros.clj:1:1).
> Jul  9 23:01:46 puppet java[25194]: Could not locate 
> clojure/tools/analyzer__init.class, clojure/tools/analyzer.clj or 
> clojure/tools/analyzer.cljc on classpath.
> Jul  9 23:01:46 puppet java[25194]: Full report at:
> Jul  9 23:01:46 puppet java[25194]: /tmp/clojure-1064777479875377538.edn

I've seen that error elsewhere while running clojure testsuites for
packages depending on libcore-async-clojure [1] and never got to debug it...

I've just re-built libcore-async-clojure and libtools-analyzer-clojure
locally and their full testsuites passes though.

I've also checked, and libtools-analyzer-clojure does ship the right jar
files:

usr/
└── share
├── doc
│   └── libtools-analyzer-clojure
│   ├── changelog.Debian.gz
│   ├── changelog.gz
│   ├── CONTRIBUTING.md
│   ├── copyright
│   └── README.md.gz
├── java
│   ├── tools.analyzer-1.0.0.jar
│   └── tools.analyzer.jar -> tools.analyzer-1.0.0.jar
└── maven-repo
└── org
└── clojure
└── tools.analyzer
├── 1.0.0
│   ├── tools.analyzer-1.0.0.jar
│   └── tools.analyzer-1.0.0.pom
└── debian
├── tools.analyzer-debian.jar ->
../1.0.0/tools.analyzer-1.0.0.jar
└── tools.analyzer-debian.pom

Those jars do contain the right clojure files too...

clojure/
└── tools
├── analyzer
│   ├── ast
│   │   └── query.clj
│   ├── ast.clj
│   ├── env.clj
│   ├── passes
│   │   ├── add_binding_atom.clj
│   │   ├── cleanup.clj
│   │   ├── collect_closed_overs.clj
│   │   ├── constant_lifter.clj
│   │   ├── elide_meta.clj
│   │   ├── emit_form.clj
│   │   ├── index_vector_nodes.clj
│   │   ├── source_info.clj
│   │   ├── trim.clj
│   │   ├── uniquify.clj
│   │   └── warn_earmuff.clj
│   ├── passes.clj
│   └── utils.clj
└── analyzer.clj

Although this package is built using the old "lets use `jar cf` to cram
things in a jar manually" way instead of using leiningen directly and
would certainly benefit in being migrated to it, I don't think this is a
bug in puppetdb's packaging per say, but spawns from either one of those
libs.

Which one though... ¯\_(ツ)_/¯

[1]:
https://salsa.debian.org/clojure-team/puppetlabs-ring-middleware-clojure/-/blob/debian/main/debian/tests/control#L5-7

-- 
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄



OpenPGP_signature
Description: OpenPGP digital signature

Bug#990894: ITP: golang-github-d2r2-go-logger -- Go logger functionality with package-level logging separation

[Benjamin Drung]

Package: wnpp
Severity: wishlist
Owner: Benjamin Drung 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: golang-github-d2r2-go-logger
  Version : 0.0~git20210606.60e9d12-1
  Upstream Author : Denis Dyakov
* URL : https://github.com/d2r2/go-logger
* License : MIT
  Programming Lang: Go
  Description : Go logger functionality with package-level logging 
separation

 Functionality of this package is similar to logrus and other popular Go
 logging packages, but still the capabilities of this package are not as
 flexible and advanced as the mentioned popular packages.
 .
 One of the reasons for creating this library was the ability to log with more
 verbosity levels. For instance, it has Fatal, Panic, Error, Warning, Notify,
 Information and Debug levels, while others ordinary do not include Notify
 verbosity.

I am still working on a Prometheus sensors exporter which is using
go-bsbmp, go-sht3x, and go-logger. I will maintain these libraries as
part of the Debian Go Packaging Team.

-- 
Benjamin Drung
Debian & Ubuntu Developer

Bug#990875: unblock: kvirc/4:5.0.0+dfsg-5

[Andrey Rahmatullin]

Control: tags -1 - moreinfo

On Sat, Jul 10, 2021 at 01:40:15PM +0200, Graham Inggs wrote:
> Control: tags -1 + moreinfo confirmed
> 
> Hi Andrey
> 
> On Sat, 10 Jul 2021 at 10:42, Andrey Rahmatullin  wrote:
> > unblock kvirc/4:5.0.0+dfsg-5
> 
> I don't see 4:5.0.0+dfsg-5 in unstable yet, so I'm not sure if this
> was meant to be a pre-approval request.  
Indeed it was, thanks.

> Assuming it was, please go ahead and upload to unstable.  Either way,
> please remove the moreinfo tag once it has built.
Done: https://buildd.debian.org/status/package.php?p=kvirc

-- 
WBR, wRAR


signature.asc
Description: PGP signature

Bug#990893: unblock: libserialport/0.1.1-3

[Jonathan McDowell]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libserialport

[ Reason ]

I've been made aware in bug #990863 that linux 5.10.38-1, uploaded late
May, has removed support for termiox. This has broken the libserialport
package, which uses termiox when it's discovered.

(I'm aware this is extremely late in the release cycle, but the bug was
only raised yesterday.)

[ Impact ]

With the attached debdiff, taken from upstream, detection of termiox is
disabled and we fall back to the supported termios2.

[ Tests ]

Tim Small, the original reporter of the bug, has confirmed this fixes
the issue on bullseye.

[ Risks ]

Although the regression has been caused by a kernel update during the
freeze rather than any change to libserialport it seems that this is the
more correct fix and limits any risk only to users of the libserialport
package. Without the patch serial port usage via libserialport will
fail, so the package is entirely non-functional.

[ Checklist ]

  [x] all debian/ changes are documented in the d/changelog
  [x] I reviewed all debian/ changes and I approve them
  [x] attach debian/ diff against the package in testing

unblock libserialport/0.1.1-3

diff -Nru libserialport-0.1.1/debian/changelog 
libserialport-0.1.1/debian/changelog
--- libserialport-0.1.1/debian/changelog2018-05-18 09:44:24.0 
+0100
+++ libserialport-0.1.1/debian/changelog2021-07-10 17:21:59.0 
+0100
@@ -1,3 +1,10 @@
+libserialport (0.1.1-4) unstable; urgency=high
+
+  * Avoid the use of termiox now the kernel has dropped support for it.
+Thanks to Tim Small. (Closes: #990863)
+
+ -- Jonathan McDowell   Sat, 10 Jul 2021 17:21:59 +0100
+
 libserialport (0.1.1-3) unstable; urgency=medium
 
   * VCS is at Salsa.
diff -Nru libserialport-0.1.1/debian/patches/avoid-termiox.diff 
libserialport-0.1.1/debian/patches/avoid-termiox.diff
--- libserialport-0.1.1/debian/patches/avoid-termiox.diff   1970-01-01 
01:00:00.0 +0100
+++ libserialport-0.1.1/debian/patches/avoid-termiox.diff   2021-07-10 
17:20:33.0 +0100
@@ -0,0 +1,34 @@
+Subject: Don't even check for termiox
+Origin: 
https://sigrok.org/gitweb/?p=libserialport.git;a=commit;h=6f9b03e597ea7200eb616a4e410add3dd1690cb1
+Bug: https://sigrok.org/bugzilla/show_bug.cgi?id=1687
+Bug-Debian: https://bugs.debian.org/990863
+Author: Karl Palsson 
+Last-Update: 2021-07-10
+
+Don't check for termiox, as it has been remove from Linux in e0efb3168d34
+
+Some more information available in 
https://www.spinics.net/lists/linux-serial/msg41926.html
+
+Attempting to use the termiox ioctls on more modern kernels results in
+"Inappropriate IOCTL" errors.
+
+While the "right" solution might be to remove the termiox code from the
+linux path, simply not checking for termiox builds a libserialport that
+functions on modern linux kernels.
+
+diff --git a/configure.ac b/configure.ac
+index b1af16f..a26b851 100644
+--- a/configure.ac
 b/configure.ac
+@@ -112,7 +112,7 @@ AC_SYS_LARGEFILE
+ AC_TYPE_SIZE_T
+ 
+ # Check for specific termios structures.
+-AC_CHECK_TYPES([struct termios2, struct termiox],,,
++AC_CHECK_TYPES([struct termios2],,,
+   [[#include ]])
+ AC_CHECK_MEMBERS([struct termios.c_ispeed, struct termios.c_ospeed,
+   struct termios2.c_ispeed, struct termios2.c_ospeed],,,
+-- 
+2.30.2
+
diff -Nru libserialport-0.1.1/debian/patches/series 
libserialport-0.1.1/debian/patches/series
--- libserialport-0.1.1/debian/patches/series   2018-05-18 09:44:24.0 
+0100
+++ libserialport-0.1.1/debian/patches/series   2021-07-10 17:20:45.0 
+0100
@@ -1,2 +1,3 @@
 non-linux-build-fix.diff
 fix_for_alpha_where_BOTHER_is_not_defined.diff
+avoid-termiox.diff

Bug#990863: [Pkg-electronics-devel] Bug#990863: Bug#990863: libserialport0: libserialport tries to use termiox on bullseye, and fails to open serial ports

[Jonathan McDowell]

Control: tags -1 pending

On Fri, Jul 09, 2021 at 06:06:52PM +0100, Jonathan McDowell wrote:
> On Fri, Jul 09, 2021 at 05:55:52PM +0100, Tim Small wrote:
> > Package: libserialport0
> > Version: 0.1.1-3+b1
> > Severity: important
> > Tags: upstream patch
> > X-Debbugs-Cc: t...@seoss.co.uk
> > 
> > Serial port open seems to fail on bullseye.  Strace output follows:
> > 
> > 1512868 openat(AT_FDCWD, "/dev/ttyACM0", O_RDWR|O_NOCTTY|O_NONBLOCK) = 9
> > 1512868 ioctl(9, TCGETS, {B9600 opost isig icanon echo ...}) = 0
> > 1512868 ioctl(9, TIOCMGET, [TIOCM_DTR|TIOCM_RTS|TIOCM_CTS]) = 0
> > 1512868 ioctl(9, TCGETX, 0x55cd7cc80df0) = -1 ENOTTY (Inappropriate ioctl 
> > for device)
> > 1512868 close(9)= 0
> > 1512868 write(2, "sr: ", 4) = 4
> > 1512868 write(2, "serial-libsp: Error opening port"..., 71) = 71
> > 1512868 write(2, "No devices found.\n", 18) = 18
> > 
> > Applying upstream commit 6f9b03e597ea fixes the issue.  I tested this
> > with:
> > 
> > /usr/local/bin/sigrok-cli --driver=rdtech-tc:conn=/dev/ttyACM0 --continuous
> > 
> > Patch here:
> > 
> > https://github.com/sigrokproject/libserialport/commit/6f9b03e597ea7200eb616a4e410add3dd1690cb1
> > 
> > I suspect that libserialport0 will fail to open all serial ports on
> > bullseye without this fix, so this bug may unfortunately be RC?
> 
> It looks like the kernel broke this in the v5.10.37 update
> (eef2158b0c44baa8cd9855091b1d99a35e16afdb), which hit
> unstable towards the end of May. Not clear why this was backported to
> the stable tree but I guess fixing libserialport is going to be the
> easier solution.

Fixed in
https://salsa.debian.org/electronics-team/sigrok/libserialport/-/tree/Bug990863
and unblock request sent to the release team; given we're so close to
release I'll understand entirely if this has to wait until the first
point release.

J.

-- 
101 things you can't have too much of : 53 - Space.

Bug#990642: linux-image-4.19.0-17-amd64: kernel panic on xen dom0 with Broadcom Limited NetXtreme II BCM5709

[spi]

Can you reproduce the issue with recent kernel from unstable or
buster-backports?



Tried with linux-image-5.10.0-0.bpo.7-amd64 (5.10.40-1~bpo10+1 amd64)
from buster-backports.

Same issue - kernel panic with bonded interfaces.

Current workaround for me is to run without bonding.

Cheers,
spi

Bug#990534: arduino: Arduino-IDE not starting witch Cinnamon Desktop.

[Thorsten Glaser]

On Sat, 10 Jul 2021, Carsten Schoenert wrote:

> ensure users have also installed openjdk-11-jre to get Arduino IDE working.

Or 17?

If you need to ensure a minimum version, do this (/bin/sh-safe):


if test "$(java -XshowSettings:properties -version 2>&1 | \
sed -n '/^java.version = \([0-9]*\)\..*$/s//\1/p')" -lt 11; then
echo >&2 "E: Either no JRE found or JRE too old (<11):"
java -version
exit 1
fi


The command substitution evaluates to the first number before
a period in the version, which is either 1 (from 1.8.x) or 8
for JRE 8, 11 for JRE 11, and obviously larger for later ones.
If none, it evaluates to empty, which test … -lt interprets as
zero which will also work.

Please submit this to the Arduino IDE maintainer.

bye,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*

Mit dem tarent-Newsletter nichts mehr verpassen: www.tarent.de/newsletter

*

Bug#990892: debian-installer: Please add an option for installing Nvidia proprietary video driver

[Georgi Naplatanov]

Package: debian-installer
Version: Debian 11
Severity: wishlist

Dear Maintainer,

please add an option for installing proprietary Nvidia video driver during 
installation.

Kind regards
Georgi

-- System Information:
Debian Release: 11.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#990891: unblock: node-millstone/0.6.19-5

[Yadd]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package node-millstone

[ Reason ]
node-millstone 0.6.19-4 has brokken autopkgtest due to wikipedia changes
(some tests need internet). Bug: #990857

[ Impact ]
Only autopkgtest failure

[ Tests ]
Most of test which download files from external sites are now disabled

[ Risks ]
No risk, only tests changes

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

Cheers,
Yadd

unblock node-millstone/0.6.19-5
diff --git a/debian/changelog b/debian/changelog
index 772caee..48a07e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-millstone (0.6.19-5) unstable; urgency=medium
+
+  * Team upload
+  * Disable another test (Closes: #990857)
+
+ -- Yadd   Sat, 10 Jul 2021 07:46:14 +0200
+
 node-millstone (0.6.19-4) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/disable-one-test.diff 
b/debian/patches/disable-one-test.diff
index 20e5058..d542571 100644
--- a/debian/patches/disable-one-test.diff
+++ b/debian/patches/disable-one-test.diff
@@ -2,17 +2,17 @@ Description: disable some checks
  Upstream deleted test files in its repo
 Author: Yadd 
 Forwarded: not-needed
-Last-Update: 2021-05-14
+Last-Update: 2021-07-10
 
 --- a/test/markers.test.js
 +++ b/test/markers.test.js
-@@ -42,6 +42,7 @@
- });
+@@ -15,6 +15,7 @@
  });
  
+ 
 +/*
- it('correctly localizes zipped json', function(done) {
- var mml = JSON.parse(fs.readFileSync(path.join(__dirname, 
'zipped-json/project.mml')));
+ it('correctly localizes remote image/svg files', function(done) {
+ var mml = JSON.parse(fs.readFileSync(path.join(__dirname, 
'markers/project.mml')));
  
 @@ -70,3 +71,4 @@
  done();

Bug#609047: An update on CCL for Debian

[Sébastien Villemot]

I’ve recently tried to reevaluate the situation regarding CCL in
Debian.

In short, the answer is unfortunately that it’s not yet possible to
package CCL, but there is however the hope that the situation will
improve at some point.

What prevents CCL from being packaged Debian is the ffigen tool, which
is required at build time to generate various FFI bindings. The latest
functional version of this tool (ffigen4) is essentially a patch over
GCC 4. The ftpmasters refused to have this in the archive (see above).

There is however an ongoing effort to rewrite ffigen, see:
https://github.com/Clozure/ccl/issues/13

The rewrite is essentially a small executable depending on libclang,
and is now dubbed ffigen5.

I’ve tried it, and even though it is able to parse many C headers, it
still fails at some. So it’s not yet ready for use. But hopefully it
will be at some point, which should clear the way for CCL in Debian.

-- 
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  https://sebastien.villemot.name
⠈⠳⣄  https://www.debian.org



signature.asc
Description: This is a digitally signed message part

Bug#990890: virtuoso-opensource-7: source contains non-free image sw-vert-v.svg

[Jonas Smedegaard]

Package: virtuoso-opensource-7
Version: 7.2.5.1+dfsg-3.2
Severity: serious
Justification: Policy 2.3

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The SVG image sw-vert-v.svg included with the source declares in its RDF
metadata that http://www.w3.org/2007/10/sw-logos.html#LogoWithoutW3C is
its license.

That license is limited to non-commercial distribution.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmDpx9EACgkQLHwxRsGg
ASFqEQ/+MZhlrgO9yl10j2i2LVZ69o8dIuWEwK5YsF8WGjJCA75mqVnIro6hnWcf
H90DvG/1opzIMzPfW9TUXQjxLLPfGUdnbpEMBaob1+p5PmAAUXmcB+LJPjNyz5jt
lfuhOcWiMxNRSpQL3SSSgJFKpDsb6IjKIioews3jUZnHEudegiUiQc+SMRI8UQtp
OabIFsCkcIPRqnQk3lzmsJoc2h7PbWuN+VOqarVppl70NABgICHTgPm5nup0aaPJ
Yc5qenQLb0qefC3LZYXHK9nRts4WazRJnXcCUaU052BqOEq0fEDVDB5euaA+5Ujz
gWUoAkGO9wF6A1tH11x7fb6urp4uIlCvNGNohJatuDip1qmFOYjPXSP0zHvR/H0h
msFWYEdflT8y1qTZeUCJoVo1oyCJK+md1ShPDaKMh0nlrVAVhsyM1kTrBBWVPaPX
hEZcr195IeyNvFhJrlEznNfCYv1FdBmDrDhj+y0PD0M+n3KHGRpT4ie1DWyL0U2R
hMw6mISUCk0UC6p15DVVXcb4j+rIyUcvafrzQvsI/enekiN7b1BacL/SCII8/+TA
Kg6yyF5Qx4tarX+CeU+/wLBW4uWlNP2u0KL04y5IjpqpfHQAyxQi8QnyUWNEMadZ
uUijR67L0N8yf4unf7XhoQNLHGlH1cwrr7LAJzEWQxlgcy9Xo0Y=
=Y1Wm
-END PGP SIGNATURE-

Bug#990889: gitlab-workhorse: contains non-free image testdata/image.svg

[Jonas Smedegaard]

Package: gitlab-workhorse
Version: 8.54.2+debian-1
Severity: serious
Justification: Policy 2.3

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The SVG image testdata/image.svg in the source package declares in its
RDF metadata that http://www.w3.org/2007/10/sw-logos.html#LogoWithoutW3C
is its license.

That license is limited to non-commercial distribution.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmDpyLMACgkQLHwxRsGg
ASGBdRAAmD0wvZAnH9yX8nLap6C7EXlzoKMgCav0jBpojHx0lFOnoeUJlkNH9BMr
lUqjuWUfQ+K8JT86Sz723nsAmBYxMnvt/MbE67Jf60we2I0SHz5uX8d0kt27aSCb
sfBFAZlUepydxqUj7RPcFFB3IgUkA2TGerTSRmBk46M7voE+UItDaw0MQiY6CQTi
XtErbOVRuo1Dvla4A4o3EobHdJvrFxMAOxuhVElhHi4NlhhVB0tiXkuJWhNEdB01
8WR3g2eqVoo1gPBWWCllmWbZw99ZfYaN/lSnC40HA9EhpXLfOP7tDUZkRskuwUid
+ohHpDEEnRHtGIwbr66GOOzwQvn1WSsGlVlvkIUbINBgCsKpgtN/aauRvMS/OsKM
ssv9TcbwrSGG9F7virtBNRomNpE5EBPBjISf7gd4kX3zDHbMXJMiIJX7cgblKKa8
Osm3xI+HKfRn18Bx/4riuH8xY7qWOT8oxkMvOcCi9yReqEeQ/nO5I5OwSWom8Zsa
LXXGHCUg2VAKQtZvYcNGbl/W1mkmRbdqtMYq72ZcJocNHZwNhmAFcwSgyxod0gxJ
5eOpYnmzsXo7T+X5/PmnDLPNFcHy95JvB8Hq0THEYUm5NvewyNp6lmLICaIMTWev
f/Ie8+1AHbAkPtZKDa2RDfBPNYXehYqyxzDzQxRHrBNBDVBBu9c=
=C98+
-END PGP SIGNATURE-

Bug#990882: openssh-server: With ipv6 ssh-client fail as well as scp getting expecting SSH2_MSG_KEX_ECDH_REPLY

[Daniel]

Package: openssh-server
Version: 1:7.9p1-10+deb10u2
Severity: normal
Tags: ipv6

Dear Maintainer,

* What led up to the situation?

We could't ssh to the server in ipv6, ipv4 was OK. After some times we 
discover that the problem also exists with scp, only ipv6 too.


* What exactly did you do (or not do) that was effective (or
ineffective)?

Adding MACs=hmacs-sha2-256 to .ssh/config solved the problem for ssh 
client (Debian 9/10 & Ubuntu 18/20) but not for scp (Debian 9/10 & 
Ubuntu 18/20)


* What was the outcome of this action?

System update begining of july (servers are updated each week on saturday)

* What outcome did you expect instead?

ssh and scp connecting smoothly. With the above MACs trick, scp connect 
but then hangs on copy like


Authenticated to myserver ([2001:db8:dead:beef::1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessi...@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys...@openssh.com 
want_reply 0
debug1: Remote: /root/.ssh/authorized_keys:2: key options: 
agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /root/.ssh/authorized_keys:2: key options: 
agent-forwarding port-forwarding pty user-rc x11-forwarding

debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
debug1: Sending command: scp -v -t /etc/bind/VarCacheBind/
Sending file modes: C0644 3079 file.txt
Sink: C0644 3079 file.txt
file.txt 0% 0 0.0KB/s --:-- ETA

where VarCacheBind is a symlink

If we do the copy in ipv4 -by adding -4 in front of command- it copy 
smoothly.



-- System Information:
Debian Release: 10.10
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-17-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.71
ii dpkg 1.19.7
ii libaudit1 1:2.8.4-3
ii libc6 2.28-10
ii libcom-err2 1.44.5-1+deb10u3
ii libgssapi-krb5-2 1.17-3+deb10u1
ii libkrb5-3 1.17-3+deb10u1
ii libpam-modules 1.3.1-5
ii libpam-runtime 1.3.1-5
ii libpam0g 1.3.1-5
ii libselinux1 2.8-1+b1
ii libssl1.1 1.1.1d-0+deb10u6
ii libsystemd0 241-7~deb10u7
ii libwrap0 7.6.q-28
ii lsb-base 10.2019051400
ii openssh-client 1:7.9p1-10+deb10u2
ii openssh-sftp-server 1:7.9p1-10+deb10u2
ii procps 2:3.3.15-2
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 241-7~deb10u7
ii ncurses-term 6.1+20181013-2+deb10u2
pn xauth 

Versions of packages openssh-server suggests:
ii molly-guard 0.7.1
pn monkeysphere 
pn rssh 
pn ssh-askpass 
pn ufw 

-- debconf information:
openssh-server/password-authentication: true
* openssh-server/permit-root-login: true

Bug#990888: libnss-gw-name FTCBFS: builds for the build architecture

[Helmut Grohne]

Source: libnss-gw-name
Version: 0.3-2
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

libnss-gw-name fails to cross build from source, because debian/rules
does not pass cross tools to make. The easiest way of doing so - using
dh_auto_build - is not sufficient as the upstream Makefile hard codes
pkg-config. It has to be made substitutable as well. Please consider
applying the attached patch.

Helmut
diff --minimal -Nru libnss-gw-name-0.3/debian/changelog 
libnss-gw-name-0.3/debian/changelog
--- libnss-gw-name-0.3/debian/changelog 2013-06-03 14:34:30.0 +0200
+++ libnss-gw-name-0.3/debian/changelog 2021-07-10 17:38:30.0 +0200
@@ -1,3 +1,12 @@
+libnss-gw-name (0.3-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: (Closes: #-1)
++ Let dh_auto_build pass cross tools to make.
++ cross.patch: Make pkg-config substitutable.
+
+ -- Helmut Grohne   Sat, 10 Jul 2021 17:38:30 +0200
+
 libnss-gw-name (0.3-2) unstable; urgency=low
 
   * Upload to unstable 
diff --minimal -Nru libnss-gw-name-0.3/debian/patches/cross.patch 
libnss-gw-name-0.3/debian/patches/cross.patch
--- libnss-gw-name-0.3/debian/patches/cross.patch   1970-01-01 
01:00:00.0 +0100
+++ libnss-gw-name-0.3/debian/patches/cross.patch   2021-07-10 
17:38:13.0 +0200
@@ -0,0 +1,21 @@
+--- libnss-gw-name-0.3.orig/Makefile
 libnss-gw-name-0.3/Makefile
+@@ -1,6 +1,7 @@
+ # Makefile for libnss-gw-name
+ 
+ CC = gcc
++PKG_CONFIG ?= pkg-config
+ prefix = /usr
+ exec_prefix = ${prefix}
+ BITSOFS=
+@@ -13,8 +14,8 @@
+ # This only works sometimes, give manually when needed:
+ BIT_CFLAGS = $(if $(BITSOFS),-m$(BITSOFS))
+ CFLAGS = $(BIT_CFLAGS) -g -O2 -Wall -Wpointer-arith
+-CPPFLAGS = $(shell pkg-config --cflags libnl-3.0 libnl-route-3.0)
+-LIBS = $(shell pkg-config --libs libnl-3.0 libnl-route-3.0)
++CPPFLAGS = $(shell $(PKG_CONFIG) --cflags libnl-3.0 libnl-route-3.0)
++LIBS = $(shell $(PKG_CONFIG) --libs libnl-3.0 libnl-route-3.0)
+ LDFLAGS = -shared -Wl,-soname,$(INSTALL_NAME) -Wl,-z,defs
+ 
+ all: $(SHARED_OBJECT)
diff --minimal -Nru libnss-gw-name-0.3/debian/patches/series 
libnss-gw-name-0.3/debian/patches/series
--- libnss-gw-name-0.3/debian/patches/series1970-01-01 01:00:00.0 
+0100
+++ libnss-gw-name-0.3/debian/patches/series2021-07-10 17:37:53.0 
+0200
@@ -0,0 +1 @@
+cross.patch
diff --minimal -Nru libnss-gw-name-0.3/debian/rules 
libnss-gw-name-0.3/debian/rules
--- libnss-gw-name-0.3/debian/rules 2011-06-28 10:38:44.0 +0200
+++ libnss-gw-name-0.3/debian/rules 2021-07-10 17:38:29.0 +0200
@@ -22,7 +22,7 @@
 
 build-arch-stamp:
dh_testdir
-   $(MAKE) CFLAGS="$(CFLAGS)"
+   dh_auto_build -- CFLAGS="$(CFLAGS)"
touch build-arch-stamp
 
 clean:

Bug#821111:

[Yu Yu]

Bug#990887: tig: Please update to 2.5.4

[Elimar Riesebieter]

Package: tig
Version: 2.5.1-1
Severity: wishlist

Dear Maintainer,

there is a new release available:

https://github.com/jonas/tig/releases/tag/tig-2.5.4

Thanks
Elimar
-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (10, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.13.1-pippin-lxtec-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tig depends on:
ii  git [git-core]  1:2.32.0-1
ii  libc6   2.31-13
ii  libncursesw66.2+20201114-2
ii  libreadline88.1-2
ii  libtinfo6   6.2+20201114-2

tig recommends no packages.

tig suggests no packages.

-- no debconf information

Bug#990886: tig: Please update Homepage in debian/control

[Elimar Riesebieter]

Package: tig
Version: 2.5.1-1
Severity: minor

Dear maintainer,

please update the Homepage: to https://jonas.github.io/tig/.

You should also move the Debian Package to salsa.debian.org ;-) and
update the respective Vcs fields.

Thanks
Elimar

-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (10, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.13.1-pippin-lxtec-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tig depends on:
ii  git [git-core]  1:2.32.0-1
ii  libc6   2.31-13
ii  libncursesw66.2+20201114-2
ii  libreadline88.1-2
ii  libtinfo6   6.2+20201114-2

tig recommends no packages.

tig suggests no packages.

-- no debconf information

Bug#990849: dpkg-dev: dpkg-buildpackage fails trying multifile optimization with dwz on aarch64 and armv71

[Dennis Bijwaard]

Thanks Niels,

Initially, I only updated to the backported dws, this was apparently not 
enough, see below. As you suggested, I therefore created a script 
dh_dwz, with contents "/usr/bin/dh_dwz --no-dwz-multifile $@" and 
prepended the script path to my $PATH. This option works at least on 
aarch64, and creates a debian package that is roughly factor 3 smaller.


Next, I installed both the newer dws and debhelper on both aarch64 and 
armv7l using:  sudo apt -t buster-backports install dwz debhelper


I removed my custom dh_dwz, cleaned all cached debhelper files, and 
dpkg-buildpackage without problems. So, your backport suggestion works 
on aarch64 and armv7l, and creates a debian package that is roughly 
factor 3 smaller.


The fact that it worked on my PC is probably since ubuntu already 
upgraded to the newer debhelper version 12.10ubuntu1 and dws version 
0.13-5 without backports, my debian buster now uses debhelper Version: 
13.3.3~bpo10+1 and dwz Version: 0.13-5~bpo10+1.


--
Met vriendelijke groet, kind regards,
Dennis Bijwaard

On 10/07/2021 06:30, Niels Thykier wrote:

Guillem Jover:

[...]
On Fri, 2021-07-09 at 08:52:18 +, Dennis Bijwaard wrote:

Package: dpkg-dev
Version: 1.19.7
Severity: normal

Dear all,

[...]

I found a work-around to at least create a package on these machines
using DEB_BUILD_OPTIONS=nostrip, but the package remains quite big. A regular
strip on the binaries does reduce them a bit, this could be an
alternative when dwz fails. Alternatively, it would be great if there
was an option to disable multifile option of dwz via e.g. DEB_BUILD_OPTIONS.
Or is there already an easy way to pass the --no-dwz-multifile option to
dh_dzw when invoked via dpkg-buildpackage?

Below is the trace of the failing dpkg-buildpackage.

Kind regards
Dennis

[...]


Hi Dennis,

 From memory, this bug has been fixed in bullseye (the up coming version
of Debian).  I urge you to retry with debhelper AND dwz from from
buster-backports[1] (or bullseye), which combined should solve this
issue for you on buster.
   In most cases, it should be a "simple" matter of adding backports to
your sources list and updating the version constraints on debhelper in
the Build-Depends field of debian/control (debhelper from backports
depends on the backports version of dwz) plus restarting the build
process - including the part of installing build-dependencies.
   If my starting points above are not sufficient guidance, then please
do consider asking for help in the #packaging IRC channel on
irc.debian.org with the details of your concrete situation.


If using backports (or bullseye) is not an option to you, then you can
deploy workarounds such as injecting a dwz in PATH that overrides the
default dwz or use the DH_EXTRA_ADDONS environment to load a custom
dh-addon that passes --no-dwz-multifile to dh_dwz.
   There might be concrete challenges in how you need to deploy them.  If
you are using a chroot (e.g., sbuild or pbuilder), you would have to
implement it _inside_ the chroot to have any effect (rather than
directly on your host system).  Again, I recommend the #packaging
channel from irc.debian.org if my short starting points above are
insufficient.

Thanks,
~Niels

PS: I have recommended the #packaging channel since I assumed you were
building the deb without intention to upload it to the Debian archive.
   If you are looking to upload it to the Debian archive, you should ask
in #debian-mentors instead.  But if so, please be advised that all
packages for the Debian archive will be introduced via unstable and
people in #debian-mentors will ask you to first ensure that your package
builds in unstable rather than in stable(-backports).

[1]: https://backports.debian.org/

Bug#990885: ITP: intel-acm: Authenticated code modules for Intel CPUs

[Timo Lindfors]

Package: wnpp
Severity: wishlist
Owner: Paulo Roberto Alves de Oliveira (aka kretcheu) 

* Package name: intel-acm
  Version : 20210710
  Upstream Author : Intel Corporation
* URL : 
https://software.intel.com/content/www/us/en/develop/articles/intel-trusted-execution-technology.html
* License : non-free, idzla-SINIT Authenticated Code Module License
  Description : Authenticated code modules for Intel CPUs

 This package contains updated authenticated code modules (ACMs) for
 Intel processors.

Bug#990884: Linux (Mint 20.1) Installation on HP 14-fq1040ca laptop

[J C Nash]

Package: installation-reports

Boot method: live-USB after changing boot order in BIOS (F10 to get the dialog)
Image version: Linux Mint MATE 20.1 

Date: 2021-7-9 and 2021-7-10

Machine: HP 14-fq1040ca (This does NOT seem to have the usual HP naming, but 
there are a number of
 similar machines with different processors and memory and disk
Processor: Ryzen 7 5700U
Memory: 16GB DDR4
Partitions: EFI, NTFS (Win10 shrunk from nearly 1TB to 60GB, rest ext4 by Linux 
install, see prose comments)

Output of lspci -knn (or lspci -nn): N/A (this is being entered from another 
machine and the target machine
 not yet set up to share files)

Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [O]
Detect network card:[N -- see below; did detect USB ethernet or USB wifi OK]
Configure network:  [O]
Detect CD:  [ ]
Load installer modules: [O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[O]
Clock/timezone setup:   [O]
User/password setup:[O]
Install tasks:  [O]
Install boot loader:[O - but see below]
Overall install:[O - but see below]

Comments/Problems:



This is a msg sent to the Linux-Ottawa list.

Previously I've been musing on what to get for a decent "travel laptop".

This Wed night, the decision was accelerated when the December 2014 Asus 
Zenbook which
had a broken hinge and was held in a frame was upgraded to Linux Mint 20.1 (yes 
I know
20.2 just came out a few hours later). As we plugged in an external USB backup 
disk,
the screen went black. After a few tries I carried to workbench and a screw 
fell out!
More investigation showed BOTH the internal SSD and external drive were fried. 
Must
have had a bad short. Sigh.

So Thurs morning I went to Canada Computers and bought an HP 14-fq1040ca. 16G 
RAM,
1TB SSD, 1920x1080 NON-touch screen.

Here's the interim story and tentative verdict:

- It was relatively easy, if annoying to start up Windows 10, kill Cortana 
speaking,
  refuse all "do you want" requests etc.

- It was easy to use Disk Manager in Windows to shrink Win10 to around 60 GB and
  make a recovery DVD with an external burner. It didn't seem to want to allow a
  USB flash drive for recovery, though I've made one for an earlier machine.

- Linux Mint 20.1 booted fairly easily, but wifi won't fire. I used a wired
  USB-Ethernet and installed fairly easily. Learning that F10 is the key to get
  at BIOS and put USB HDD first in boot sequence was almost the most difficult
  part. However I did try with Secure Boot still enabled, and at the end of the
  install I was copying information about MOK setup when screensaver kicked in.
  (some blue air at that point)

- Back into BIOS and turn off Secure Boot. Reinstall Linux. (Fortunately about
  6-7 mins only. Machine quite fast)
  I could probably be persuaded that Secure Boot is a "good idea" if there were
  a really good tutorial on the why and how. For now, I think I'll take the
  easy route.

- Now can boot Linux, BUT if I booted Win10, then I found "boot drive missing"
  and had to boot live-USB and do boot-repair. Trick was to boot-repair, go
  into Win10 and run a bcdedit command in admin-enabled CMD.exe to point to
  \EFI\ubuntu\shimx64.efi which gives choice of Lin and Win. I also found
  how to turn off Fast Boot, Sleep, and Lock in Win10 Power settings and did
  this, as well as disabling Bitlocker encryption. i.e., keep things simple.

- Now both Linux and Win10 boot, but screen a bit dim. Wifi still needs a
  dongle (I actually went and got a TP link tiny one that is now $10. Then,
  of course, found drivers.)

- Several false starts to find an appropriate wifi driver. Unfortunately, inxi
  simply says "Realtek: driver N/A". Fortunately came across a really useful
  Github repo from lwfinger (Larry Finger) and also some askubuntu postings
  that suggested the driver needed for HP laptops is often RTL8852 (the
  rtw89 choice on Finger's collection). I had to build the material, but
  that went smoothly. Now wifi fine.

- Dimness of screen led to similar search. Turned out Linux Mint is rather
  helpful. 1) I got an upgrade suggestion to 20.2, which is quite a small change
  relative to my previous experience.
   2) In the upgrade manager, "View" allows an option "Linux kernels"
  and I installed 5.11. Reboot made screen nice and bright. Had to rebuild rtw89
  for the wifi. Installed brightness-controller-simple to allow for dimming the
  screen. Fn keys don't seem to work. Maybe next kernel iteration.

- Machine has an SD slot that takes full sized SD. I put in one with a microSD
  in a full sized carrier. Only a couple of mm stick out, which means you can
  carry extra data (I have a 256GB one somewhere for family photos). However,
  I burned latest BunsenLabs Lithium 64 bit to see if I could boot from it.
  No joy. 

Bug#990883: ITP: surpyvor -- modification of VCF files with SURVIVOR

[Steffen Moeller]

Package: wnpp
Severity: wishlist

Subject: ITP: surpyvor -- modification of VCF files with SURVIVOR
Package: wnpp
Owner: Steffen Moeller 
Severity: wishlist

* Package name: surpyvor
  Version : 0.5
  Upstream Author : Wouter De Coster 
* URL : https://github.com/wdecoster/surpyvor
* License : MIT
  Programming Lang: Python
  Description : modification of VCF files with SURVIVOR
 SURVIVOR is a tool set for simulating/evaluating
 structural variantions, merging and comparing SVs within
 and among samples, and includes various methods to
 reformat or summarize structural variantions.
 .
 This package provides a Python wrapper to help with its
 integration in various Python-based workflows.

Remark: This package is maintained by Debian Med Packaging Team at
   https://salsa.debian.org/med-team/surpyvor

Bug#990881: ITP: gn -- meta-build system that generates build files for Ninja

[Boyuan Yang]

X-Debbugs-CC: debian-de...@lists.debian.org

https://tracker.debian.org/pkg/generate-ninja

Hideki Yamane  于2021年7月10日周六 上午8:03写道：

>
> Package: wnpp
> Severity: wishlist
> Owner: Hideki Yamane 
> X-Debbugs-Cc: debian-de...@lists.debian.org
>
> * Package name: gn
>   Upstream Author : The Chromium Authors
> * URL : https://gn.googlesource.com/gn
> * License : BSD-3-Clause
>   Programming Lang: C++
>   Description : meta-build system that generates build files for Ninja
>
>  It can generate Ninja build files for C, C++, Rust, Objective C, and Swift
>  source on most popular platforms. Other languages can be compiled using
>  the general “action” rules which are executed by Python or another scripting
>  language (Google does this to compile Java and Go). But because this is not
>  as clean, generally GN is only used when the bulk of the build is in one of
>  the main built-in languages.

-- 
Thanks,
Boyuan Yang

Bug#990368: Severity

[ooyoo...@gmail.com]

This bug should be "serious" severity, instead of "normal."

Cf. https://www.debian.org/Bugs/Developer.en.html#severities

Bug#990880: unblock: nomad/0.12.10+dfsg1-3

[Graham Inggs]

Control: tags -1 + moreinfo confirmed

Hi Peter

On Sat, 10 Jul 2021 at 14:03, Peter Pentchev  wrote:
> This is a pre-approval request before I upload nomad to unstable to
> fix a security problem (CVE-2021-32575).

Assuming it can happen soon, please go ahead upload to unstable, and
remove the moreinfo tag once it has built.

Regards
Graham

Bug#940249: apply patch to fix Content-Disposition: inline

[Jelle de Jong]

http://git.savannah.gnu.org/cgit/mailutils.git/commit/?id=3a15565050

Can we apply this patch, Sergey suggested switching to version 3.12, but 
this seems to be a long way out from being available in Debian stable.


Kind regards,

Jelle de Jong

Bug#990881: ITP: gn -- meta-build system that generates build files for Ninja

[Hideki Yamane]

Package: wnpp
Severity: wishlist
Owner: Hideki Yamane 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: gn
  Upstream Author : The Chromium Authors
* URL : https://gn.googlesource.com/gn
* License : BSD-3-Clause
  Programming Lang: C++
  Description : meta-build system that generates build files for Ninja

 It can generate Ninja build files for C, C++, Rust, Objective C, and Swift
 source on most popular platforms. Other languages can be compiled using
 the general “action” rules which are executed by Python or another scripting
 language (Google does this to compile Java and Go). But because this is not
 as clean, generally GN is only used when the bulk of the build is in one of
 the main built-in languages.

Bug#990880: unblock: nomad/0.12.10+dfsg1-3

[Peter Pentchev]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: team+pkg...@tracker.debian.org

This is a pre-approval request before I upload nomad to unstable to
fix a security problem (CVE-2021-32575). Thanks in advance, and keep
up the great work!

[ Reason ]
See #990581 for more information: there is a CAP_NET_RAW capability
issue in Nomad that is fixed in a later upstream version.

[ Impact ]
Quoted from 
https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296

  It was discovered that processes launched by the docker, exec, and java
  task drivers that make use of Nomad’s bridge networking mode can
  perform ARP spoofing attacks against other tasks on the same node.
  Specifically, tasks making use of bridge networking are susceptible to
  other tasks on the same node performing DoS and MITM attacks due to the
  default enablement of the CAP_NET_RAW 6 Linux capability by these task
  drivers.

[ Tests ]
The upstream patch adds unit tests to the package's test suite.

[ Risks ]
The patch is not trivial, but its logic is not hard to follow.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock nomad/0.12.10+dfsg1-3
diff -Nru nomad-0.12.10+dfsg1/debian/changelog 
nomad-0.12.10+dfsg1/debian/changelog
--- nomad-0.12.10+dfsg1/debian/changelog2021-05-09 10:14:36.0 
+0300
+++ nomad-0.12.10+dfsg1/debian/changelog2021-07-10 02:29:09.0 
+0300
@@ -1,3 +1,11 @@
+nomad (0.12.10+dfsg1-3) unstable; urgency=medium
+
+  * Team upload.
+  * Adapt the upstream patch for CVE-2021-32575 and add it as
+the disable-cap-net-raw patch. Closes: #990581
+
+ -- Peter Pentchev   Sat, 10 Jul 2021 02:29:09 +0300
+
 nomad (0.12.10+dfsg1-2) unstable; urgency=medium
 
   * Disabled "TestConfig_outgoingWrapper_OK" (Closes: #987644).
diff -Nru nomad-0.12.10+dfsg1/debian/patches/disable-cap-net-raw.patch 
nomad-0.12.10+dfsg1/debian/patches/disable-cap-net-raw.patch
--- nomad-0.12.10+dfsg1/debian/patches/disable-cap-net-raw.patch
1970-01-01 02:00:00.0 +0200
+++ nomad-0.12.10+dfsg1/debian/patches/disable-cap-net-raw.patch
2021-07-05 23:47:53.0 +0300
@@ -0,0 +1,592 @@
+Description: drivers/docker+exec+java: disable net_raw capability by default
+ The default Linux Capabilities set enabled by the docker, exec, and
+ java task drivers includes CAP_NET_RAW (for making ping just work),
+ which has the side affect of opening an ARP DoS/MiTM attack between
+ tasks using bridge networking on the same host network.
+ .
+ 
https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
+ .
+ This PR disables CAP_NET_RAW for the docker, exec, and java task
+ drivers. The previous behavior can be restored for docker using the
+ allow_caps docker plugin configuration option.
+ .
+ A future version of nomad will enable similar configurability for the
+ exec and java task drivers.
+ .
+ Note (Debian): The upstream patch was adapted because of code changes.
+Origin: upstream; 
https://github.com/hashicorp/nomad/commit/003d68fe6df652b172bc68beabd11a25fd7e1b58
+Author: Seth Hoenig 
+Bug-Debian: https://bugs.debian.org/990581
+Last-Update: 2021-07-05
+
+--- a/drivers/docker/config.go
 b/drivers/docker/config.go
+@@ -35,17 +35,41 @@
+   // it is timed out.
+   dockerTimeout = 5 * time.Minute
+ 
+-  // dockerBasicCaps is comma-separated list of Linux capabilities that 
are
+-  // allowed by docker by default, as documented in
+-  // 
https://docs.docker.com/engine/reference/run/#block-io-bandwidth-blkio-constraint
+-  dockerBasicCaps = 
"CHOWN,DAC_OVERRIDE,FSETID,FOWNER,MKNOD,NET_RAW,SETGID," +
+-  
"SETUID,SETFCAP,SETPCAP,NET_BIND_SERVICE,SYS_CHROOT,KILL,AUDIT_WRITE"
+-
+   // dockerAuthHelperPrefix is the prefix to attach to the credential 
helper
+   // and should be found in the $PATH. Example: ${prefix-}${helper-name}
+   dockerAuthHelperPrefix = "docker-credential-"
+ )
+ 
++// nomadDefaultCaps is the subset of dockerDefaultCaps that Nomad enables by
++// default and is used to compute the set of capabilities to add/drop given
++// docker driver configuration.
++func nomadDefaultCaps() []string {
++  return []string{
++  "AUDIT_WRITE",
++  "CHOWN",
++  "DAC_OVERRIDE",
++  "FOWNER",
++  "FSETID",
++  "KILL",
++  "MKNOD",
++  "NET_BIND_SERVICE",
++  "SETFCAP",
++  "SETGID",
++  "SETPCAP",
++  "SETUID",
++  "SYS_CHROOT",
++  }
++}
++
++// dockerDefaultCaps is a list of Linux capabilities enabled by docker by 
default
++// and is used to compute the set of capabilities to add/drop given docker 

Bug#990879: base-passwd: asks high-priority question about irc user's home directory when upgrading from buster to bullseye

[Colin Watson]

Package: base-passwd
Version: 3.5.49
Severity: serious

In response to https://bugs.debian.org/946884, I changed the irc user's
home directory from /var/run/ircd to /run/ircd in base-passwd 3.5.48.
However, I noticed in a recent test upgrade from buster to bullseye that
this causes users with default configurations to be prompted to accept
this change.  This was not my intention when making this change:
/var/run/ircd and /run/ircd are equivalent (base-files.postinst makes
/var/run a symlink to /run) and so the prompt is simply noise that I
expect to confuse some users.

Some of this confusion is visible for Ubuntu users here:

  https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/1916651

I think this is worth fixing before it causes problems for users doing
stable upgrades.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#990875: unblock: kvirc/4:5.0.0+dfsg-5

[Graham Inggs]

Control: tags -1 + moreinfo confirmed

Hi Andrey

On Sat, 10 Jul 2021 at 10:42, Andrey Rahmatullin  wrote:
> unblock kvirc/4:5.0.0+dfsg-5

I don't see 4:5.0.0+dfsg-5 in unstable yet, so I'm not sure if this
was meant to be a pre-approval request.  Assuming it was, please go
ahead and upload to unstable.  Either way, please remove the moreinfo
tag once it has built.

Regards
Graham

Bug#985967: freeradius: Fails to start with permission denied when configuring to use privileged ports

[Thore Krüss]

Thank you for the suggestion.

This did indeed fix it. freeradius does bind to the port and doesn't 
crash any more.


Is there a simple way to get this comment in the systemd unit updated or 
document somewhere that it needs this kind of override to use the dhcp 
server?


Best regrads
Thore


On 7/10/21 11:24 AM, Adrian Bunk wrote:

On Sat, Mar 27, 2021 at 12:39:15AM +0100, Thore Kruess wrote:

...
cat /etc/systemd/system/freeradius.service.d/override.conf
[Service]
CapabilityBoundingSet = CAP_NET_ADMIN CAP_NET_BIND_SERVICE
CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN
CAP_DAC_OVERRIDE

systemd show confirms this parameter to be set, but I see the same error
as above.


Does AmbientCapabilities instead of CapabilityBoundingSet help?


Best regards,
Thore


cu
Adrian

Bug#990788: unblock: llvm-toolchain-9/1:9.0.1-17 (pre-approval)

[Graham Inggs]

Control: tags -1 + moreinfo confirmed

Hi Andreas

On Wed, 7 Jul 2021 at 16:09, Andreas Beckmann  wrote:
> I'd like to drop the Recommends: libomp-9-dev from clang-9
> libomp-*-dev are not co-installable and libomp-dev depends on
> libomp-11-dev. Having the Recomends on the non-default libomp-9-dev
> causes many upgrade scenarios from buster with --install-recommends
> enabled and libomp-dev installed to keep libomp-dev at the buster
> version (and therefore libomp-7-dev installed) if some bullseye package
> involved is built against clang-9 instead of clang-11.
> With this Recommends dropped, libomp-dev always gets upgraded to the
> bullseye version and libomp-11-dev gets installed.

Assuming it can happen soon, please go ahead upload to unstable, and
remove the moreinfo tag once it has built.

Regards
Graham

Bug#990213: pre-approval unblock: appstream/0.14.4-1

[Graham Inggs]

Control: tags -1 + moreinfo confirmed

Hi Matthias

On Wed, 23 Jun 2021 at 03:12, Matthias Klumpp  wrote:
> Let me know what you think!

Assuming it can happen soon, please go ahead upload to unstable, and
remove the moreinfo tag once it has built.

Regards
Graham

Bug#990156: [debian-mysql] Bug#990156: mariadb-server-10.3: Service configuration fails package upgrade

[Faustin Lammler]

Control: tags -1 moreinfo


signature.asc
Description: PGP signature

Bug#990878: talloc: FTBFS on kfreebsd

[Laurent Bigonville]

Source: talloc
Version: 2.1.16-2
Severity: important
Tags: patch ftbfs
Justification: fails to build from source (but built successfully in the past)

Hello,

tdb currently FTBFS on kfreebsd, this is due to waf trying to use clang
instead of gcc.

The attached patch fixes this by forcing gcc.

This is the same bug as #990877, so something might be wrong in samba
build system.

Kind regards,
Laurent Bigonville


-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
diff -Nru talloc-2.3.1/debian/rules talloc-2.3.1/debian/rules
--- talloc-2.3.1/debian/rules   2020-11-10 15:39:39.0 +0100
+++ talloc-2.3.1/debian/rules   2021-07-10 12:38:55.0 +0200
@@ -18,6 +18,7 @@
 conf_args += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
 conf_args += --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)
 conf_args += -v
+conf_args += --check-c-compiler=gcc
 
 %:
dh $@ --with python3

Bug#990877: tdb: FTBFS on kfreebsd

[Laurent Bigonville]

Source: tdb
Version: 1.3.18-1
Severity: important
Tags: patch ftbfs
Justification: fails to build from source (but built successfully in the past)
User: debian-...@lists.debian.org
Usertags: kfreebsd

Hello,

tdb currently FTBFS on kfreebsd, this is due to waf trying to use clang
instead of gcc.

The attached patch fixes this by forcing gcc.

Kind regards,
Laurent Bigonville

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
diff -Nru tdb-1.4.3/debian/rules tdb-1.4.3/debian/rules
--- tdb-1.4.3/debian/rules  2020-06-21 00:07:48.0 +0200
+++ tdb-1.4.3/debian/rules  2021-07-10 10:50:04.0 +0200
@@ -20,7 +20,7 @@
CPPFLAGS="$(CPPFLAGS)" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
./configure --prefix=/usr --disable-rpath-install \
--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
-   -v
+   -v --check-c-compiler=gcc
 
 get-packaged-orig-source:
./debian/build-orig.sh

Bug#990534: arduino: Arduino-IDE not starting witch Cinnamon Desktop.

[Carsten Schoenert]

Hello Sven,

please use Reply All so the BTS and all participants will get involved
into the message flow.

Am 05.07.21 um 21:35 schrieb Sven Wagner:
> Hi folks,
> 
>> Sven, you could please check where /u/b/java is pointing to? It should
>> look like this.
> 
>> $ ls -la /usr/bin/java
>> lrwxrwxrwx 1 root root 22 19. Jun 2017  /usr/bin/java ->
> /etc/alternatives/java
>> $ ls -la /etc/alternatives/java
>> lrwxrwxrwx 1 root root 43  8. Nov 2018  /etc/alternatives/java ->
> /usr/lib/jvm/java-11-openjdk-amd64/bin/java
> 
> my result is:
> 
> ls -la /etc/alternatives/java
> lrwxrwxrwx 1 root root 46  2. Jun 14:52 /etc/alternatives/java ->
> /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java*
> 
> So I tried reinstall of everything with openjdk-11 with
> 
> apt install --reinstall openjdk-11*
> 
> After this, the same result that /etc/alternatives/java is still
> pointing to 8 and not 11. So I did
> apt purge openjdk-8-jre-headless
> and now, everything is running fine again. I still do not understand
> where this openjdk-8 is coming from, but I am investigating.
> Thanks for all your help!

I expecting something like this, at least that somehow openjdk-8 was the
root of this problem.
We need to narrow down if openjdk-8-jre is really the problem and how to
ensure users have also installed openjdk-11-jre to get Arduino IDE working.

-- 
Regards
Carsten

Bug#985967: freeradius: Fails to start with permission denied when configuring to use privileged ports

[Adrian Bunk]

On Sat, Mar 27, 2021 at 12:39:15AM +0100, Thore Kruess wrote:
>...
> cat /etc/systemd/system/freeradius.service.d/override.conf
> [Service]
> CapabilityBoundingSet = CAP_NET_ADMIN CAP_NET_BIND_SERVICE
> CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN
> CAP_DAC_OVERRIDE
> 
> systemd show confirms this parameter to be set, but I see the same error
> as above.

Does AmbientCapabilities instead of CapabilityBoundingSet help?

> Best regards,
> Thore

cu
Adrian

Bug#990875: unblock: kvirc/4:5.0.0+dfsg-5

[Andrey Rahmatullin]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package kvirc

[ Reason ]
This fixes a crash when starting it on Wayland.

[ Impact ]
This allows using the app on Wayland.

[ Tests ]
I've checked the app on a KDE Wayland session on testing.

[ Risks ]
This shouldn't affect X11 users.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock kvirc/4:5.0.0+dfsg-5
diff -Nru kvirc-5.0.0+dfsg/debian/changelog kvirc-5.0.0+dfsg/debian/changelog
--- kvirc-5.0.0+dfsg/debian/changelog   2020-11-10 22:44:22.0 +0500
+++ kvirc-5.0.0+dfsg/debian/changelog   2021-07-10 12:26:08.0 +0500
@@ -1,3 +1,9 @@
+kvirc (4:5.0.0+dfsg-5) unstable; urgency=medium
+
+  * Fix a crash on Wayland (Closes: #935726).
+
+ -- Andrey Rahmatullin   Sat, 10 Jul 2021 12:26:08 +0500
+
 kvirc (4:5.0.0+dfsg-4) unstable; urgency=medium
 
   * Team upload.
diff -Nru kvirc-5.0.0+dfsg/debian/patches/series 
kvirc-5.0.0+dfsg/debian/patches/series
--- kvirc-5.0.0+dfsg/debian/patches/series  2020-11-10 22:44:22.0 
+0500
+++ kvirc-5.0.0+dfsg/debian/patches/series  2021-07-10 12:26:08.0 
+0500
@@ -5,3 +5,4 @@
 enable-optimisation-with-debug.patch
 fix-rfc-links.patch
 upstream_fix-build-with-Qt-5.15.patch
+upstream-wayland-fixes.patch
diff -Nru kvirc-5.0.0+dfsg/debian/patches/upstream-wayland-fixes.patch 
kvirc-5.0.0+dfsg/debian/patches/upstream-wayland-fixes.patch
--- kvirc-5.0.0+dfsg/debian/patches/upstream-wayland-fixes.patch
1970-01-01 05:00:00.0 +0500
+++ kvirc-5.0.0+dfsg/debian/patches/upstream-wayland-fixes.patch
2021-07-10 12:26:08.0 +0500
@@ -0,0 +1,52 @@
+Description: Fix a crash and set the window icon on Wayland.
+Origin: backport, 
https://github.com/kvirc/KVIrc/commit/c8a6812fc26d6c240d7b99b517835e7cb9607e68
+Bug: https://github.com/kvirc/KVIrc/issues/2479
+Bug-Debian: https://bugs.debian.org/935726
+Last-Update: 2021-07-10
+
+diff --git a/src/kvirc/kernel/KviIpcSentinel.cpp 
b/src/kvirc/kernel/KviIpcSentinel.cpp
+index bfa60e6..df5f0e3 100644
+--- a/src/kvirc/kernel/KviIpcSentinel.cpp
 b/src/kvirc/kernel/KviIpcSentinel.cpp
+@@ -172,6 +172,12 @@ bool kvi_sendIpcMessage(const char * message)
+   }
+ #elif defined(COMPILE_X11_SUPPORT) && defined(COMPILE_QX11INFO_SUPPORT)
+ 
++#if QT_VERSION >= QT_VERSION_CHECK(5, 2, 0)
++  if (!QX11Info::isPlatformX11()) {
++  return false;
++  }
++#endif
++
+   kvi_ipcLoadAtoms();
+ 
+   Window sentinel = kvi_x11_findIpcSentinel(kvi_ipc_get_xrootwin());
+@@ -196,6 +202,12 @@ KviIpcSentinel::KviIpcSentinel() : QWidget(nullptr)
+   setWindowFlags(Qt::FramelessWindowHint);
+   setWindowTitle("kvirc4_ipc_sentinel");
+ #elif defined(COMPILE_X11_SUPPORT) && defined(COMPILE_QX11INFO_SUPPORT)
++
++#if QT_VERSION >= QT_VERSION_CHECK(5, 2, 0)
++  if (!QX11Info::isPlatformX11()) {
++  return;
++  }
++#endif
+   kvi_ipcLoadAtoms();
+ 
+   XChangeProperty(kvi_ipc_get_xdisplay(), winId(), 
kvi_atom_ipc_sentinel_window, XA_STRING, 8,
+diff --git a/src/kvirc/ui/KviMainWindow.cpp b/src/kvirc/ui/KviMainWindow.cpp
+index a3c6c50..c1b9391 100644
+--- a/src/kvirc/ui/KviMainWindow.cpp
 b/src/kvirc/ui/KviMainWindow.cpp
+@@ -105,7 +105,10 @@ KviMainWindow::KviMainWindow(QWidget * pParent)
+   // We try to avois this as much as possible, since it forces the use of 
the low-res 16x16 icon
+   setWindowIcon(*(g_pIconManager->getSmallIcon(KviIconManager::KVIrc)));
+ #endif
+-
++#if QT_VERSION >= QT_VERSION_CHECK(5, 7, 0)
++  // set name of the app desktop file; used by wayland to load the window 
icon
++  QGuiApplication::setDesktopFileName("kvirc");
++#endif
+   setWindowTitle(KVI_DEFAULT_FRAME_CAPTION);
+ 
+   m_pActiveContext = nullptr;

Bug#990874: ITP: drf-yasg-nonfree -- Yet another Swagger generator

[Carsten Schoenert]

Package: wnpp
Severity: wishlist
Owner: Carsten Schoenert 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: drf-yasg-nonfree
  Version : 1.20.0
  Upstream Author : Cristi V. 
* URL : https://github.com/axnsan12/drf-yasg
* License : BSD-3-clause
  Programming Lang: Python
  Description : Yet another Swagger generator

 Generate real Swagger/OpenAPI 2.0 specifications from a Django Rest Framework
 API.
 Features of drf-yasg:
  * full support for nested Serializers and Schemas
  * response schemas and descriptions
  * model definitions compatible with codegen tools
  * customization hooks at all points in the spec generation process
  * JSON and YAML format for spec
  * bundles latest version of swagger-ui
(https://github.com/swagger-api/swagger-ui) and redoc
(https://github.com/Rebilly/ReDoc) for viewing the generated documentation
  * schema view is cacheable out of the box
  * generated Swagger schema can be automatically validated by
swagger-spec-validator (https://github.com/Yelp/swagger_spec_validator)
  * supports Django REST Framework API versioning with URLPathVersioning
and NamespaceVersioning; other DRF or custom versioning schemes are
not currently supported

Some parts of the upstream data are shipped pre-generated within the
source, the package built isn't able to rebuild these files from source
for various reasons. Mainly because the used JS files aren't packaged
yet for Debian.
This makes the resulting package non-free from the DFSG PoV. That's why
I decided to use the suffix '-nonfree' for now. Resulting also the binary
packages will go into non-free.

If someone is willing to help making this package DFSG compatible I'd
really be glad to take such an offer.

This package is a dependency for netbox I consider to package.

The package will get maintained within the Debian Python Team.

Bug#990708: [debian-mysql] Bug#990708: mariadb-server-10.5: upgrade problems due to galera-3 -> galera-4 switch

[Andreas Beckmann]

On 10/07/2021 09.16, Otto Kekäläinen wrote:

Seems this issue only happens with apt – not when using apt-get.


Yuck. Can you ask the apt developers whether this is intended? I always 
expected apt-get and apt to be functionally equivalent (i.e. to always 
take the same decisions when installing/upgrading/removing packages 
since they use the same resolver in the background).
(If they are not, testing apt, too, means doubling the number of 
piuparts tests...)


Have you tried default-mysql-server + (roundcube-core (or roundcube) or 
cacti)? This yields the unwanted behavior (removing default-mysql-server 
+ mariadb-server-10.3 without installing mariadb-server-10.5)) with 
apt-get in my piuparts tests both with and without --install-recommends.

I can find more examples that only work with --install-recommends.


Andreas

Bug#990069: closed by Debian FTP Masters (reply to Aurelien Jarno ) (Bug#990069: fixed in glibc 2.31-13)

[Olaf van der Spek]

Op di 6 jul. 2021 om 22:21 schreef Debian Bug Tracking System
:
> Changes:
>  glibc (2.31-13) unstable; urgency=medium
>  .
>[ Colin Watson ]
>* debian/debhelper.in/libc.postinst, script.in/nsscheck.sh: Look for
>  openssh-server package rather than ssh.  Closes: #990069

Hi,

I tried a buster -> unstable upgrade.
While the upgrade is waiting for a response to "Restart services
during package upgrades without asking?" ssh is still down.
It seems to stay down until the end of the apt run.

Greetings,

Olaf

Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 31902 files and directories currently installed.)
Preparing to unpack .../base-files_11.1_amd64.deb ...
Unpacking base-files (11.1) over (10.3+deb10u10) ...
Setting up base-files (11.1) ...
Installing new version of config file /etc/debian_version ...
Installing new version of config file /etc/dpkg/origins/debian ...
Installing new version of config file /etc/issue ...
Installing new version of config file /etc/issue.net ...
Updating /etc/profile to current default.
Updating /root/.profile to current default.
(Reading database ... 31902 files and directories currently installed.)
Preparing to unpack .../debianutils_4.11.2_amd64.deb ...
Unpacking debianutils (4.11.2) over (4.8.6.1) ...
Setting up debianutils (4.11.2) ...
(Reading database ... 31902 files and directories currently installed.)
Preparing to unpack .../archives/bash_5.1-3_amd64.deb ...
Unpacking bash (5.1-3) over (5.0-4) ...
Setting up bash (5.1-3) ...
update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to
provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode
(Reading database ... 31903 files and directories currently installed.)
Preparing to unpack .../bsdmainutils_12.1.7+nmu3_all.deb ...
renamed '/etc/default/bsdmainutils' -> '/etc/default/bsdmainutils.dpkg-remove'
renamed '/etc/cron.daily/bsdmainutils' ->
'/etc/cron.daily/bsdmainutils.dpkg-remove'
Unpacking bsdmainutils (12.1.7+nmu3) over (11.1.2+b1) ...
dpkg: warning: unable to delete old directory '/etc/calendar':
Directory not empty
Selecting previously unselected package bsdextrautils.
Preparing to unpack .../bsdextrautils_2.36.1-7_amd64.deb ...
Unpacking bsdextrautils (2.36.1-7) ...
Selecting previously unselected package gcc-10-base:amd64.
Preparing to unpack .../gcc-10-base_10.2.1-6_amd64.deb ...
Unpacking gcc-10-base:amd64 (10.2.1-6) ...
Setting up gcc-10-base:amd64 (10.2.1-6) ...
Selecting previously unselected package libgcc-s1:amd64.
(Reading database ... 31824 files and directories currently installed.)
Preparing to unpack .../libgcc-s1_10.2.1-6_amd64.deb ...
Unpacking libgcc-s1:amd64 (10.2.1-6) ...
Replacing files in old package libgcc1:amd64 (1:8.3.0-6) ...
Setting up libgcc-s1:amd64 (10.2.1-6) ...
Selecting previously unselected package libcrypt1:amd64.
(Reading database ... 31826 files and directories currently installed.)
Preparing to unpack .../libcrypt1_1%3a4.4.18-4_amd64.deb ...
Unpacking libcrypt1:amd64 (1:4.4.18-4) ...
Replacing files in old package libc6:amd64 (2.28-10) ...
Setting up libcrypt1:amd64 (1:4.4.18-4) ...
(Reading database ... 31831 files and directories currently installed.)
Preparing to unpack .../libc-l10n_2.31-13_all.deb ...
Unpacking libc-l10n (2.31-13) over (2.28-10) ...
Preparing to unpack .../locales_2.31-13_all.deb ...
Unpacking locales (2.31-13) over (2.28-10) ...
Selecting previously unselected package libcbor0:amd64.
Preparing to unpack .../libcbor0_0.5.0+dfsg-2_amd64.deb ...
Unpacking libcbor0:amd64 (0.5.0+dfsg-2) ...
Selecting previously unselected package libfido2-1:amd64.
Preparing to unpack .../libfido2-1_1.6.0-2_amd64.deb ...
Unpacking libfido2-1:amd64 (1.6.0-2) ...
Preparing to unpack .../libselinux1_3.1-3_amd64.deb ...
Unpacking libselinux1:amd64 (3.1-3) over (2.8-1+b1) ...
Setting up libselinux1:amd64 (3.1-3) ...
(Reading database ... 31844 files and directories currently installed.)
Preparing to unpack .../openssh-sftp-server_1%3a8.4p1-5_amd64.deb ...
Unpacking openssh-sftp-server (1:8.4p1-5) over (1:7.9p1-10+deb10u2) ...
Preparing to unpack .../openssh-client_1%3a8.4p1-5_amd64.deb ...
Unpacking openssh-client (1:8.4p1-5) over (1:7.9p1-10+deb10u2) ...
Selecting previously unselected package runit-helper.
Preparing to unpack .../runit-helper_2.10.3_all.deb ...
Unpacking runit-helper (2.10.3) ...
Preparing to unpack .../openssh-server_1%3a8.4p1-5_amd64.deb ...
Unpacking openssh-server (1:8.4p1-5) over (1:7.9p1-10+deb10u2) ...
Preparing to unpack .../libc6_2.31-13_amd64.deb ...
Checking for services that may need to be restarted...
Checking init scripts...
Unpacking libc6:amd64 (2.31-13) over (2.28-10) ...
Setting up libc6:amd64 (2.31-13) ...
Checking for services that may need to be restarted...
Checking init scripts...
Configuring libc6:amd64
---

There are services installed on your system which need to be restarted
when certain libraries, such as libpam, libc, and libssl, are

Bug#990708: [debian-mysql] Bug#990708: mariadb-server-10.5: upgrade problems due to galera-3 -> galera-4 switch

[Otto Kekäläinen]

Hello!

Seems this issue only happens with apt – not when using apt-get.

Olaf's scenario with apt-get upgrades fine:
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/jobs/1748579

The exact same with apt-get -> apt fails:
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/jobs/1748579
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/commit/c8ed387f91be4f7a98ccb768935a4725a9f10cd4