date:20220102

Bug#1003041: krita: Krita 4.4.2 on bullseye crashes most of the time when I try to apply filters on a transparency layer.

2022-01-02 Thread Safi ud Din Khan

Package: krita
Version: 1:4.4.2+dfsg-1: amd64

Dear Maintainer,

Krita 4.4.2 on Bullseye crashes most of the time when I try to apply
Gaussian Blur or any other filter on a transparency mask unless I disable
the preview option. It happens when I try to apply other filters as well.
I have tested it by installing Krita on a fresh Debian Bullseye on a
virtual machine as well and it happens there as well.

Here is the console output of Krita when the crash occurs.

safi@safi-pc:~$ krita

(process:12176): Gtk-WARNING **: 12:27:33.157: Locale not supported by C
library.
Using the fallback 'C' locale.
Invalid profile :  "/usr/share/color/icc/colord/Crayons.icc" "Crayon Colors"
Invalid profile :  "/usr/share/color/icc/colord/x11-colors.icc" "X11 Colors"
Could not set current file 0 "brushes/rake_sparse.png"
krita.general: Bundle is broken. File "brushes/rake_sparse.png" is missing
Could not set current file 0 "brushes/rock_pitted.gih"
krita.general: Bundle is broken. File "brushes/rock_pitted.gih" is missing
Could not set current file 0 "brushes/square_rough.png"
krita.general: Bundle is broken. File "brushes/square_rough.png" is missing
krita.general: Due to missing files and wrong entries in the manifest,
 "/usr/share/krita/bundles/RGBA_brushes.bundle"  will be recreated.
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/Craig_02.png" 0
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/DA_RGBA bluegreen_small.png" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/DA_RGBA bluegreen_small1.png" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/DA_Triangle grain.png" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/Mountain_Brush_01.png" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/RGBA anim 01.gih" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
Could not set current file 0 "brushes/rake_sparse.png"
Could not set current file 0 "brushes/rock_pitted.gih"
Could not set current file 0 "brushes/square_rough.png"
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_01_Thick-dry.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_02_Thickpaint.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_03_Rake.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_04_Impasto.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_05_Impasto-details.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_06_Rock.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "preview.png" 0
QBuffer::setBuffer: Buffer is open
krita.general: Could not open preview.png
krita.lib.store: KoStore: You must open before writing

krita.general: Could not write preview.png
krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "META-INF/manifest.xml" 0

Bug#1003040: ITP: asdf-astropy -- ASDF serialization support for astropy

2022-01-02 Thread Ole Streicher


Package: wnpp
Severity: wishlist
Owner: Ole Streicher 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-pyt...@lists.debian.org, 
debian-as...@lists.debian.org

* Package name: asdf-astropy
  Version : 0.1.2
  Upstream Author : The ASDF Developers
* URL : https://github.com/astropy/asdf-astropy
* License : BSD-3-Clause
  Programming Lang: Python
  Description : ASDF serialization support for astropy

This package includes plugins that provide ASDF serialization support
for astropy objects. The plugins are automatically enabled when the
package is installed. ASDF (Advanced Scientific Data Format) is a
proposed next generation interchange format for scientific data,
mainly used by the Space Telescope Science Institude (STScI).

It is a new build dependency of the gwcs package. I will
maintain it within the Debian Astro team in Salsa:

https://salsa.debian.org/debian-astro-team/asdf-astropy

Best regards

Ole

Bug#1003039: node-terser: Please update node-commander dependency to version 8

2022-01-02 Thread Yadd

Package: node-terser
Version: 4.1.2-9
Severity: important
Tags: patch

Hi,

node-commander 8 changed option parsing. Here is a proposed patch to be
used in replacement of 1001_use_commander_4.patch
Description: support node module commander release 8
 same patch than uglifyjs
Author: Yadd 
Forwarded: no
Last-Update: 2022-01-03

--- a/bin/uglifyjs
+++ b/bin/uglifyjs
@@ -28,6 +28,15 @@
 program.version(info.name + " " + info.version);
 program.parseArgv = program.parse;
 program.parse = undefined;
+var argv = [];
+process.argv.forEach(function(arg){
+  if(arg.match(/^-([pcmbode]+)$/)) {
+argv = argv.concat(RegExp.$1.split('').map(s => { return '-'+s }));
+  }
+  else argv.push(arg);
+});
+process.argv = argv;
+
 if (process.argv.includes("ast")) program.helpInformation = describe_ast;
 else if (process.argv.includes("options")) program.helpInformation = 
function() {
 var text = [];
@@ -65,10 +74,11 @@
 program.option("--warn", "Print warning messages.");
 program.option("--wrap ", "Embed everything as a function with “exports” 
corresponding to “name” globally.");
 program.arguments("[files...]").parseArgv(process.argv);
-if (program.configFile) {
-options = JSON.parse(read_file(program.configFile));
+const opts = program.opts();
+if (opts.configFile) {
+options = JSON.parse(read_file(opts.configFile));
 }
-if (!program.output && program.sourceMap && program.sourceMap.url != "inline") 
{
+if (!opts.output && opts.sourceMap && opts.sourceMap.url != "inline") {
 fatal("ERROR: cannot write source map to STDOUT");
 }
 [
@@ -82,83 +92,83 @@
 "toplevel",
 "wrap"
 ].forEach(function(name) {
-if (name in program) {
-options[name] = program[name];
+if (name in opts) {
+options[name] = opts[name];
 }
 });
-if ("ecma" in program) {
-if (program.ecma != (program.ecma | 0)) fatal("ERROR: ecma must be an 
integer");
-options.ecma = program.ecma | 0;
+if ("ecma" in opts) {
+if (opts.ecma != (opts.ecma | 0)) fatal("ERROR: ecma must be an integer");
+options.ecma = opts.ecma | 0;
 }
-if (program.beautify) {
-options.output = typeof program.beautify == "object" ? program.beautify : 
{};
+if (opts.beautify) {
+options.output = typeof opts.beautify == "object" ? opts.beautify : {};
 if (!("beautify" in options.output)) {
 options.output.beautify = true;
 }
 }
-if (program.comments) {
+if (opts.comments) {
 if (typeof options.output != "object") options.output = {};
-options.output.comments = typeof program.comments == "string" ? 
program.comments : "some";
+options.output.comments = typeof opts.comments == "string" ? opts.comments 
: "some";
 }
-if (program.define) {
+if (opts.define) {
 if (typeof options.compress != "object") options.compress = {};
 if (typeof options.compress.global_defs != "object") 
options.compress.global_defs = {};
-for (var expr in program.define) {
-options.compress.global_defs[expr] = program.define[expr];
+for (var expr in opts.define) {
+options.compress.global_defs[expr] = opts.define[expr];
 }
 }
-if (program.keepClassnames) {
+if (opts.keepClassnames) {
 options.keep_classnames = true;
 }
-if (program.keepFnames) {
+if (opts.keepFnames) {
 options.keep_fnames = true;
 }
-if (program.mangleProps) {
-if (program.mangleProps.domprops) {
-delete program.mangleProps.domprops;
+if (opts.mangleProps) {
+if (opts.mangleProps.domprops) {
+delete opts.mangleProps.domprops;
 } else {
-if (typeof program.mangleProps != "object") program.mangleProps = {};
-if (!Array.isArray(program.mangleProps.reserved)) 
program.mangleProps.reserved = [];
+if (typeof opts.mangleProps != "object") opts.mangleProps = {};
+if (!Array.isArray(opts.mangleProps.reserved)) 
opts.mangleProps.reserved = [];
 }
 if (typeof options.mangle != "object") options.mangle = {};
-options.mangle.properties = program.mangleProps;
+options.mangle.properties = opts.mangleProps;
 }
-if (program.nameCache) {
-options.nameCache = JSON.parse(read_file(program.nameCache, "{}"));
+if (opts.nameCache) {
+options.nameCache = JSON.parse(read_file(opts.nameCache, "{}"));
 }
-if (program.output == "ast") {
+if (opts.output == "ast") {
 options.output = {
 ast: true,
 code: false
 };
 }
-if (program.parse) {
-if (!program.parse.acorn && !program.parse.spidermonkey) {
-options.parse = program.parse;
-} else if (program.sourceMap && program.sourceMap.content == "inline") {
+if (opts.parse) {
+if (!opts.parse.acorn && !opts.parse.spidermonkey) {
+options.parse = opts.parse;
+} else if (opts.sourceMap && opts.sourceMap.content == "inline") {
 fatal("ERROR: inline source map only works with built-in parser");
 }
 }
 if (~program.rawArgs.indexOf("--rename")) {
 options.rename = true;
-} else if (!program.rename) {
+} else if (!opts.rename) {

Bug#990128: libcurl4-gnutls-dev: Un-installable in multiarch environment again in version 7.80.0-3: /usr/bin/curl-config differs

2022-01-02 Thread Michael Schmeing


Hello,

a quite similar bug has been reintroduced in version 7.80.0-3 of 
libcurl4-gnutls-dev:
The package is again unistallable in multiarch environments due to 
differences in libcurl4-gnutls-dev. This time, it is the -L linker 
options that contain the architecture triplet (e.g. amd64-linux-gnu, see 
attached diff file).


Should this new difference in curl-config be handled by re-opening this 
bug report or should I create a new one?


Best regards
Michael Schmeing

--
Michael Schmeing
Kahlhorststraße 36A
23562 Lübeck
E-Mail: mich...@michael-schmeing.de
Tel.: +49 451 30406604
Mobil: +49 176 22961510
--- amd64/usr/bin/curl-config	2021-12-26 17:22:18.0 +0100
+++ i386/usr/bin/curl-config	2021-12-26 17:22:18.0 +0100
@@ -152,7 +152,7 @@
 --libs)
 CURLLIBDIR=""
 if test "Xyes" = "Xno"; then
-  echo ${CURLLIBDIR}-lcurl -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lpsl -lnettle -lgnutls -L/usr/lib/x86_64-linux-gnu/mit-krb5 -lgssapi_krb5 -llber -lldap -llber -lzstd -lbrotlidec -lz -pthread
+  echo ${CURLLIBDIR}-lcurl -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lpsl -lnettle -lgnutls -L/usr/lib/i386-linux-gnu/mit-krb5 -lgssapi_krb5 -llber -lldap -llber -lzstd -lbrotlidec -lz -pthread
 else
   echo ${CURLLIBDIR}-lcurl
 fi
@@ -163,7 +163,7 @@
 
 --static-libs)
 if test "Xyes" != "Xno" ; then
-  echo -Wl,-Bstatic -lcurl -Wl,-Bdynamic -Wl,-z,relro -Wl,-z,now -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lpsl -lnettle -lgnutls -L/usr/lib/x86_64-linux-gnu/mit-krb5 -lgssapi_krb5 -llber -lldap -llber -lzstd -lbrotlidec -lz -pthread
+  echo -Wl,-Bstatic -lcurl -Wl,-Bdynamic -Wl,-z,relro -Wl,-z,now -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lpsl -lnettle -lgnutls -L/usr/lib/i386-linux-gnu/mit-krb5 -lgssapi_krb5 -llber -lldap -llber -lzstd -lbrotlidec -lz -pthread
 else
   echo "curl was built with static libraries disabled" >&2
   exit 1

Bug#811294: ITP: tabview -- curses command-line CSV and list (tabular data) viewer

2022-01-02 Thread Louis-Philippe Véronneau

On Sun, 17 Jan 2016 18:55:20 +0100 Yuri D'Elia  wrote:
> Package: wnpp
> Severity: wishlist
> Owner: "Yuri D'Elia" 
> 
> * Package name: tabview
>   Version : 1.4.1
>   Upstream Author : Scott Hansen 
> * URL : https://github.com/firecat53/tabview
> * License : MIT
>   Programming Lang: Python
>   Description : curses command-line CSV and list (tabular data) viewer
> 
> tabview is both a minimal, stand-alone curses command-line CSV/tabular-data
> viewer and a Python module that can be used to view basic Python types 
> directly
> in an interactive spreadsheet.
> 
> The curses interface offers VIM-like keyboard bindings, sorting and full-text
> incremental search.
> 
> ---
> 
> There are currently very few alternatives to tabview in debian. I've used "sc"
> and "teapot" (not in Debian) to the same extent, however both are complete
> spreadsheet programs (with sc requiring an extra "import" step), whereas
> tabview allows to just view a csv/tsv file easily.
> 
> tabview is both helpful stand-alone, but also works greatly when used in
> combination with ipython or any interactive python session, allowing one to
> browse through a large data table visually. To this extent, I'm using tabview
> heavily with the scipy stack.
> 
> I'm planning to maintain this package in the python-modules team.
> 
> 

Hello!

I see that you've done some work packaging this module in Debian already:

https://salsa.debian.org/python-team/packages/tabview/

I'm currently packaging CleverCSV and tabview is an optional dependency.
I was wondering if you were planning on finishing the work for tabview.

For what it's worth, I'd be happy to mentor you and sponsor this package
if you commit to maintaining it in Debian :)

Cheers,

-- 
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1003038: mkfs.hfs does not respect the -v option when creating an HFS volume

2022-01-02 Thread Glenn Washburn

Package: hfsprogs
Version: 540.1.linux3-4

Hello Maintainers,

Creating an HFS volume with a volume name other than the default of
"untitled" is currently not possible. It does appear that it should be
possible. Here is output exhibiting this issue:

==
# mkfs.hfs -b 512 -v 'grub' -h /tmp/hfs.img 
Initialized /tmp/hfs.img as a 5120 MB HFS volume
# fsck.hfs /tmp/hfs.img

** /tmp/hfs.img

   Executing fsck_hfs (version 540.1-Linux).

** Checking HFS volume.

   The volume name is untitled
** Checking extents overflow file.
** Checking catalog file.
** Checking catalog hierarchy.
** Checking volume bitmap.
** Checking volume information.
** The volume untitled appears to be OK.
==

Using -N to print the parameters shows that at least the option parsing
allows this:

==
# mkfs.hfs -N -b 512b -v 'grub' -h /tmp/hfs.img
0 sectors at 512 bytes per sector
HFS format parameters:
volume name: "grub"
block-size: 262144
total blocks: 20480
first free catalog node id: 16
initial catalog file size: 1048576
initial extents file size: 1048576
file clump size: 1048576
==

Looking at the package source, I see that HFS volume creation is added
as a debian package patch and not part of the upstream source in patch
file 
debian/patches/0005-Re-add-support-for-creating-legacy-HFS-filesystems.patch.
The issue appears to be that the volume name passed in as the -v option
argument and being written to the hfs parameters struct is being
unconditionally overritten in line 325 of the patch file with the
default volume name. This can be fixed by swapping the first two
aruments to bcopy on that line, however, the comment and the lines
directly above it lead me to believe there's potentially more to it.

This is causing GRUB HFS tests to fail and it would be nice to get them
passing again without disabling the failing test.

Thanks,
Glenn

Bug#1003037: astra-toolbox: FTBFS: error: parameter packs not expanded with '...'

2022-01-02 Thread Andreas Beckmann

Source: astra-toolbox
Version: 1.8.3-10
Severity: serious
Tags: ftbfs
Justification: fails to build from source

Hi,

astra-toolbox recently started to FTBFS, probably due to some updated
toolchain package or build dependency.:

/usr/bin/nvcc -gencode=arch=compute_35,code=sm_35 
-gencode=arch=compute_50,code=sm_50 -gencode=arch=compute_60,code=sm_60 
-gencode=arch=compute_60,code=compute_60  -I../build/linux/../.. 
-I../build/linux/../../include -DASTRA_CUDA -c ../build/linux/../../cuda
/3d/mem3d.cu -Xcompiler -fPIC -DPIC -o cuda/3d/.libs/mem3d.o

/usr/include/c++/11/bits/std_function.h:435:145: error: parameter packs not 
expanded with '...':
  435 | function(_Functor&& __f)
  | 
^ 
/usr/include/c++/11/bits/std_function.h:435:145: note: '_ArgTypes'
/usr/include/c++/11/bits/std_function.h:530:146: error: parameter packs not 
expanded with '...':
  530 | operator=(_Functor&& __f)
  | 
 ^ 
/usr/include/c++/11/bits/std_function.h:530:146: note: '_ArgTypes'
make[2]: *** [Makefile:361: cuda/3d/mem3d.lo] Error 1


Andreas


astra-toolbox_1.8.3-10.log.gz
Description: application/gzip

Bug#1003036: ITP: golang-github-fatih-camelcase -- Split a camelcase word into a slice of words in Go

2022-01-02 Thread Mason Giles


X-Debbugs-CC: debian-de...@lists.debian.org, debian...@lists.debian.org
Package: wnpp
Severity: wishlist
Owner: "Mason Giles" 

* Package name    : golang-github-fatih-camelcase
  Version : 1.0.0-1
  Upstream Author : Fatih Arslan
* URL : https://github.com/fatih/camelcase
* License : Expat
  Programming Lang: Go
  Description : Split a camelcase word into a slice of words in Go

 CamelCase is a Go package to split the words of a camelcase type string
 into a slice of words. It can be used to convert a camelcase word (lower
 or upper case) into any type of word.

As with all Go packages, it should be team-maintained within the Debian Go
Packaging Team.

This package is part of the dependency tree of an attempt to package 
LiteIDE:

- liteide
  - gocode
    - gotools
  - golang-github-visualfc-fastmod
  - golang-github-visualfc-goversion
  - gomodifytags
    - golang-github-fatih-camelcase (*)
    - golang-github-fatih-structtag

Bug#1003008: Error 134633601: Error while parsing number"

2022-01-02 Thread Colin Watson

Control: severity -1 critical

On Sun, Jan 02, 2022 at 09:14:54PM +0300, Eugene Berdnikov wrote:
>  After upgrade grub-legacy from 0.97-78 to 0.97-79 installation fails
>  with message "Error 134633601: Error while parsing number":
> 
> -
> grub> root (hd0,0)
> root (hd0,0)
>  Filesystem type is ext2fs, partition type 0x8065e03
> grub> setup (hd0)
> setup (hd0)
>  Checking if "/boot/grub/stage1" exists... no
>  Checking if "/grub/stage1" exists... yes
>  Checking if "/grub/stage2" exists... yes
>  Checking if "/grub/e2fs_stage1_5" exists... yes
>  Running "embed /grub/e2fs_stage1_5 (hd-141250989)"... failed (this is not 
> fatal)
>  Running "embed /grub/e2fs_stage1_5 (hd-141250989,-"... failed (this is not 
> fatal)
>  Running "install /grub/stage1 (hd-141250989) /grub/stage2 p /grub/menu.lst 
> "... failed
> 
> Error 134633601: Error while parsing number
> -
> 
>  Observed on all updated hosts (about ten in my own). Rollback to 0.97-78
>  resolves the problem (with the same config files).

Ugh, sorry about this.  I didn't actually change any patches against the
upstream code in 0.97-79, so this must have been broken by the mere act
of rebuilding it, I think.  I'll see if I can construct a suitable test
environment.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#1002978: Another GPU hang

2022-01-02 Thread CJ Fearnley

I rebooted with the GRUB options intel_idle.max_cstate=1
i915.disable_power_well=1 i915.enable_dc=0 which my research shows
sometimes helps with these kinds of GPU hangs.

For quite some time performance was acceptable, but less than 20 hours
later I triggered a GPU hang by switching desktops rapidly in fvwm.
I was executing my keyboard equivalents for fvwm's 'Desk 0 9' followed by
'Scroll +0   +100' followed by 'Scroll +0   -100' followed by 'Desk 0 11'
in repeated cycling when the system hung.

Before the hang, the dmesg output reports three lines with 'perf:
interrupt took too long'. These were minor hiccups/freezes that failed to
trigger a crash/CPU hang error in the logs. But I consider them related to
the problem. I was again changing desktops and moving around my desktops
using my keyboard shortcuts mentioned above and the i915 driver could
not cope. Back in Jessie this kind of work was routine for me with no
fear of triggering kernel stack dumps. The i915 driver appears to have
developed major bugs at least with my chipset.

I have attached dmesg output capturing boot messages and
the crash/hang. The other file contains the output of 'cat
/sys/class/drm/card0/error'.

I am planning to reboot soon to try another test, since daily GPU hangs
will slow my productivity unacceptibly. I need to keep debugging in the
hopes that I can find a solution.

-- 
CJ Fearnley |   LinuxForce Inc.
c...@linuxforce.net  |   Hosting and Linux Consulting
https://www.LinuxForce.net  |   https://blog.LinuxForce.net
[0.00] Linux version 5.10.0-10-amd64 (debian-ker...@lists.debian.org) 
(gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 
2.35.2) #1 SMP Debian 5.10.84-1 (2021-12-08)
[0.00] Command line: BOOT_IMAGE=/boot/vmlinuz-5.10.0-10-amd64 
root=/dev/mapper/precession-root ro quiet pcie_aspm=force 
intel_idle.max_cstate=1 i915.disable_power_well=1 i915.enable_dc=0
[0.00] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point 
registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[0.00] x86/fpu: Enabled xstate features 0x3, context size is 576 bytes, 
using 'standard' format.
[0.00] BIOS-provided physical RAM map:
[0.00] BIOS-e820: [mem 0x-0x0009d7ff] usable
[0.00] BIOS-e820: [mem 0x0009d800-0x0009] reserved
[0.00] BIOS-e820: [mem 0x000e-0x000f] reserved
[0.00] BIOS-e820: [mem 0x0010-0x1fff] usable
[0.00] BIOS-e820: [mem 0x2000-0x201f] reserved
[0.00] BIOS-e820: [mem 0x2020-0x3fff] usable
[0.00] BIOS-e820: [mem 0x4000-0x401f] reserved
[0.00] BIOS-e820: [mem 0x4020-0xbad92fff] usable
[0.00] BIOS-e820: [mem 0xbad93000-0xbadd9fff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbadda000-0xbade0fff] ACPI data
[0.00] BIOS-e820: [mem 0xbade1000-0xbade1fff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbade2000-0xbae04fff] reserved
[0.00] BIOS-e820: [mem 0xbae05000-0xbae05fff] usable
[0.00] BIOS-e820: [mem 0xbae06000-0xbae17fff] reserved
[0.00] BIOS-e820: [mem 0xbae18000-0xbae24fff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbae25000-0xbae48fff] reserved
[0.00] BIOS-e820: [mem 0xbae49000-0xbae8bfff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbae8c000-0xbaff] usable
[0.00] BIOS-e820: [mem 0xbb80-0xbf9f] reserved
[0.00] BIOS-e820: [mem 0xfed1c000-0xfed1] reserved
[0.00] BIOS-e820: [mem 0xff00-0x] reserved
[0.00] BIOS-e820: [mem 0x0001-0x00023fdf] usable
[0.00] NX (Execute Disable) protection: active
[0.00] SMBIOS 2.7 present.
[0.00] DMI: BIOSTAR Group H61MU3/H61MU3, BIOS 4.6.4 04/07/2011
[0.00] tsc: Fast TSC calibration using PIT
[0.00] tsc: Detected 2394.344 MHz processor
[0.000831] e820: update [mem 0x-0x0fff] usable ==> reserved
[0.000834] e820: remove [mem 0x000a-0x000f] usable
[0.000843] last_pfn = 0x23fe00 max_arch_pfn = 0x4
[0.000847] MTRR default type: uncachable
[0.000848] MTRR fixed ranges enabled:
[0.000850]   0-9 write-back
[0.000851]   A-B uncachable
[0.000852]   C-C write-protect
[0.000853]   D-E7FFF uncachable
[0.000854]   E8000-F write-protect
[0.000854] MTRR variable ranges enabled:
[0.000856]   0 base 0 mask E write-back
[0.000857]   1 base 2 mask FC000 write-back
[0.000859]   2 base 0BB80 mask FFF80 uncachable
[0.000860]   3 base

Bug#1003035: ITP: python-clevercsv -- Mutable set data type that remembers the order of its entries

2022-01-02 Thread Louis-Philippe Véronneau

Package: wnpp
Severity: wishlist
Owner: Louis-Philippe Véronneau 

Package name: python-clevercsv
Version : 0.7.1
URL : https://github.com/alan-turing-institute/CleverCSV
License : Expat
Programming Lang: Python
Description : Drop-in replacement for the Python csv package with
improved dialect detection

CleverCSV provides a drop-in replacement for the Python csv package with
improved dialect detection for messy CSV files. It also provides a handy
command line tool that can standardize a messy file or generate Python
code to import it.

This package is required to upload deepdiff version 5.6.0.

I'm planning to maintain this package in the Python Team.

-- 
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄


OpenPGP_signature
Description: OpenPGP digital signature

Bug#967275: Bug#967582: libgtkdatabox: depends on deprecated GTK 2

2022-01-02 Thread Felipe Castro

Hi Graham, nice to hear all this!

Klavaro is again linking against the library externally, from release 3.12,
see:

https://sourceforge.net/p/klavaro/news/2021/04/release-312/


Em dom., 2 de jan. de 2022 às 10:11, Graham Inggs 
escreveu:

> Control: tags -1 + pending fixed-in-experimental
> Control: block 967275 by -1
> Control: severity 967275 important
> Control: block 967831 by -1
> Control: severity 967831 important
>
> Hi Felipe
>
> On Sun, 6 Jun 2021 at 23:42, Felipe Castro  wrote:
> > Hi, I'm the new upstream maintainer of GtkDatabox and we have released
> version 1.0.0 this year, which depends now on GTK3, please update it on
> Debian.
> > The packages which depend on it are klavaro, xoscope and brp-pacu.
> > From those, the only upstream which still depends on old gtkdatabox is
> brp-pacu, but there is a fork which has done the upgrade to use the new
> GTK3 version at GitHub, see: https://github.com/matthew-dews/brp-pacu
> > The problem is that they have not released this new version yet, but I
> could provide another fork and release, if that is the case.
>
> Thanks for your work on these packages!
>
> I've uploaded libtgkdatabox 1.0.0 to experimental. Once it clears NEW
> [1], I will prepare uploads of xoscope and brp-pacu which I have
> already tested.  klavaro seems to be using an embedded copy of
> libgtkdatabox.
>
> Regards
> Graham
>
>
> [1] https://ftp-master.debian.org/new.html
>

Bug#715900: Bug fixed in fact!

2022-01-02 Thread Hu Zheng


https://gitee.com/huzheng/stardict-3.0.7/commit/d9d480bdae9c6a95df1662f4a4a34d9de57d78f4




=

不带参数运行这个程序啊！要有正确的输入！
=












Hu Zheng


13017203...@139.com







电子名片新出VIP模板啦，快来体验>>




扫一扫,


快速添加名片到手机

Bug#1003034: ITP: obs-scene-collection-manager -- plugin for OBS Studio to generate sets of scenes

2022-01-02 Thread Joao Eriberto Mota Filho

Package: wnpp
Severity: wishlist
Owner: Joao Eriberto Mota Filho 
X-Debbugs-Cc: debian-de...@lists.debian.org, Exeldro 

* Package name: obs-scene-collection-manager
  Version : 0.0.2
  Upstream Author : Exeldro 
* URL : 
https://obsproject.com/forum/resources/scene-collection-manager.1434/
* License : GPL-2
  Programming Lang: C++
  Description : plugin for OBS Studio to generate sets of scenes

 This plugin allows the user to generate several sets of scenes to use
 in different scenarios. To choose and use a set of scenes, just click
 over a name in a menu. Also is possible to filter, backup and restore
 scene collections.
 .
 The Scene Collection Manager will appear on the main menu and on the
 Tools menu when installed.
 .
 This plugin is compatible with OBS 26 or higher.

Bug#1003033: cowdancer: harden package verification

2022-01-02 Thread Philippe Cerfon

Source: cowdancer
Version: 0.89
Severity: wishlist
Tags: security


Hey.

I was looking a bit through the code of cowbuilder and qemubuilder.

E.g. for qemubuilder, the manpage already says:
"The possible configuration options are as follows.  Others are ignored."

Altough, it seemed in the code it would in fact respect ALLOWUNTRUSTED.

However, it doesn't seem to respect DEBOOTSTRAPOPTS? Taking just these
instead:
debootstrap_command_line[1] = "--arch";
debootstrap_command_line[2] = pc->arch;
debootstrap_command_line[3] = "--foreign";
DEBOOTSTRAP_ADD_PARAM(pc->distribution);
DEBOOTSTRAP_ADD_PARAM(pc->buildplace);
DEBOOTSTRAP_ADD_PARAM(pc->mirror);
DEBOOTSTRAP_ADD_PARAM(NULL);

Especially if one has set something like:
DEBOOTSTRAPOPTS=('--force-check-gpg'
'--keyring=/usr/share/keyrings/debian-archive-keyring.gpg'
'--variant=buildd')
to make sure that gpg signatures with the keyring are really always
used (as far as I understand, debootstrap allows fallback to just
https otherwise).

Does it consider APTKEYRINGS? Or at least just copy the host systems
APT keyrings safely into the VM and use only these?

I haven't checked so much, whether it's already done properly for cowbuilder.

Thanks,
Philippe

Bug#1003009: notcurses FTBFS: notcurses-ffi exists in debian/tmp but is not installed to anywhere

2022-01-02 Thread nick black

this is addressed in more detail at
https://github.com/dankamongmen/notcurses/issues/2519.
i expect to have this fixed within the hour. sorry for the
annoyance.

Bug#1003009: notcurses FTBFS: notcurses-ffi exists in debian/tmp but is not installed to anywhere

2022-01-02 Thread nick black

reopen 1003009

i added -DBUILD_FFI_LIBRARY=off with the intention of no longer
building these three shared objects. looking at it now, however,
this CMake variable doesn't actually seem to guard their
building and installation, and thus it will not have the desired
effect. i'm fixing this upstream, and will build a -3 with the
necessary patch. sigh.

Bug#998383: nheko: nheko/{armel,armhf} has unsatisfiable dependency

2022-01-02 Thread Gilles Filippini


On Wed, 3 Nov 2021 14:25:41 +0200 Adrian Bunk  wrote:

Control: reassign -1 src:gst-plugins-good1.0 1.18.5-1
Control: retitle -1 gstreamer1.0-qt5 should again be built on armel/armhf
Control: affects -1 nheko

On Wed, Nov 03, 2021 at 12:03:20PM +0100, Sebastian Ramacher wrote:
> Source: nheko
> Version: 0.8.2-2
> Severity: serious
> X-Debbugs-Cc: sramac...@debian.org
> 
> nheko fails to migrate to testing since it depends on gstreamer1.0-qt5.

> This package is not available on armel and armhf.

With #894076 fixed, gstreamer1.0-qt5 builds again on armel/armhf.

I'll submit a MR for that.


Hi Adrian,
Any progress on this topic?
Thanks,
_g.



OpenPGP_signature
Description: OpenPGP digital signature

Bug#952808: Interest in helping maintain clojure-mode

2022-01-02 Thread Sean Whitton

Hello Michael Platt,

On Mon 21 Sep 2020 at 08:30AM -04, Michael Platt wrote:

> Hi Mr. Whitton,
>
> I'm looking to do some work to start getting into helping maintain Debian.
> I use the OS and very much enjoy it as my everyday development system.  I
> am also a fan of Emacs and use it for personal development applications,
> and Clojure and was looking through the Debian list of packages requesting
> maintainers.  Obviously I've never done something like this before but I
> would be happy to come on board and help out in any way possible with the
> packaging.  Let me know if you still need someone and don't mind me coming
> on to help.

I'm sorry you never got a reply to this.  Debian's bug tracking system
does not copy bug submitters on follow-up messages by default.

Are you still interested?

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1003032: debootstrap: harden signature checking

2022-01-02 Thread Philippe Cerfon

Package: debootstrap
Version: 1.0.126+nmu1
Severity: normal
Tags: security


Hey there.

As far as I understood it, debootstrap defaults neither to
--no-check-gpg nor to --force-check-gpg, but instead, if a
keyring is speicified for some distribution and if that file
is available, it uses (and verifies) these (and hopefully
fails if anything fails later on).

However, it also:
- falls back to https (?)
- correct me if I'm wrong, falls back to no verification if
  no key file was specified for the distribution or the file
  wasn't found


That seems to make to too easy to accidentally install
untrusted code.

https is generally questionable, given the broken CA-model.
There are some 150 CAs in the Mozilla CA bundle, and on top
of these thousands of intermediate CAs. It seems far too
easy for an attacker to fake a certificate if that's really
desired.


So my suggestion would be:
- defaut to --force-check-gpg
- add some --check-gpg-but-fallback-to-https option
  that is the current behaviour
- if either the /usr/share/debootstrap/scripts/ for some
  distro doesn't name a keyring file or that file isn't
  readable, fail unless --no-check-gpg is given.
  Yes, that also includes failure if
  --check-gpg-but-fallback-to-https was given because likely
  the keyring file should be just there.


Cheers,
Philippe

Bug#1003031: RFA: projectile

2022-01-02 Thread Sean Whitton

Package: wnpp
Severity: normal
X-Debbugs-Cc: debian-emac...@lists.debian.org
Control: affects -1 src:projectile

I request an adoptor for the projectile package.  I haven't used it for
some time, as I'm now using the built-in package.el for everything for
which I used to use projectile.

This is a team-maintained package, so the adoptor should either replace
me in Uploaders:, or alternatively take the package out of the team's
hands.

The package is maintained using git-debrebase, using the workflow
described in dgit-maint-debrebase(7).  That's been working well, so I'd
encourage any adopter to continue using the tool.

The package description is:
 This library enhances Emacs with easy project management and
 navigation. The concept of a project is simple: just a folder
 containing a special file.  Currently git, mercurial, darcs and
 bazaar repos are considered projects by default.  So are lein, maven,
 sbt, scons, rebar and bundler projects.  If you want to mark a folder
 manually as a project just create an empty .projectile file in it.
 .
 Some of Projectile's features:
 .
   * jump to a file in project
   * jump to files at point in project
   * jump to a directory in project
   * jump to a file in a directory
   * jump to a project buffer
   * jump to a test in project
   * toggle between files with same names but different extensions
 (e.g. `.h` <-> `.c/.cpp`, `Gemfile` <-> `Gemfile.lock`)
   * toggle between code and its test (e.g. `main.service.js` <->
 `main.service.spec.js`)
   * jump to recently visited files in the project
   * switch between projects you have worked on
   * kill all project buffers
   * replace in project
   * multi-occur in project buffers
   * grep in project
   * regenerate project etags or gtags
   * visit project in dired
   * run make in a project with a single key chord

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#904233: RFA: persp-projectile

2022-01-02 Thread Sean Whitton

control: title -1 O: persp-projectile -- integrate perspective.el with 
projectile

Hello,

On Sun 22 Jul 2018 at 01:31PM +08, Sean Whitton wrote:

> Package: wnpp
> Severity: normal
>
> I request an adoptor for the persp-projectile package.
>
> This package is no longer in my ~/.emacs.d/init.el and it would be
> better if someone who actually uses the package maintains it.
>
> This is a team-maintained package, so the adoptor should either replace
> me in Uploaders:, or alternatively take the package out of the team's
> hands.
>
> The package description is:
>  With this library, Emacs will create a separate perspective for each
>  Projectile project.
>  .
>  See the documentation for elpa-persp and elpa-projectile for more
>  details.

I hereby orphan persp-projectile.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#952807: RFA: cider

2022-01-02 Thread Sean Whitton

control: retitle -1 O: cider -- Clojure IDE for Emacs

Hello,

On Sat 29 Feb 2020 at 08:28AM -07, Sean Whitton wrote:

> Package: wnpp
> Severity: normal
>
> I request an adoptor for CIDER.
>
> Updating CIDER to new upstream releases is more work than typical Emacs
> addons, because it is tightly coupled to Clojure.  The current upstream
> release, in particular, requires a lot of work to get the -doc packages
> to include the new docs.
>
> This is a team-maintained package, so the adoptor should either replace
> me in Uploaders:, or alternatively take the package out of the team's
> hands.
>
> The package description is:
>  CIDER is the Clojure(Script) Interactive Development Environment that Rocks
>  .
>  While clojure-mode provides Emacs support for editing Clojure source files,
>  CIDER's cider-mode provides support for interacting with a running Clojure
>  process for compilation, debugging, looking up definitions and more.

I hereby orphan cider.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1003009: notcurses FTBFS: notcurses-ffi exists in debian/tmp but is not installed to anywhere

2022-01-02 Thread nick black

thanks, this ought be fixed in an hour or two.

Bug#998485: gjiten: FTBFS: configure.in:8: error: AM_INIT_AUTOMAKE expanded multiple times

2022-01-02 Thread Adrian Bunk

Hi Ludovic,

are you still maintaining this package, or should it be moved to QA 
maintainance?

The FTBFS is trivial to fix, but there is a point that someone should 
also upgrade to new upstream code (assuming the new upstream is usable).

Thanks
Adrian

On Fri, Nov 05, 2021 at 11:59:03AM +0900, notebook wrote:
> Hi,
> 
> maybe it's a good chance to change to the new updated version of gjiten at
> https://github.com/DarkTrick/gjiten
> 
> The new version might also encounter packaging problems, but it uses more 
> recent technology and updates; It's probably more worthful to spend time 
> there than in the 10 year old package*
> 
> 
> Regards
> Chris - DarkTrick
> 
> 
> * Yes, I'm trying to promote my updates here :)

Bug#1002986: libguestfs-tools: Depends on guestfs-tools that is not in the archive

2022-01-02 Thread Hilko Bengen

* Laurent Bigonville:

> It looks like libguestfs-tools version 1:1.46.2-1 in depending on
> guestfs-tools that is not in the archive making the package uninstalable
>
> guestfs-tools is currently stuck in the new queue

Right. Let's  just wait. (Or do you know of a way to speed this up?)

Cheers,
-Hilko

Bug#1001308: license clarification

2022-01-02 Thread Gürkan Myczko


thank you for your rfp, however there's this:

Assets (graphics, levels, etc.) are available under 
Attribution-NonCommercial-ShareAlike 4.0 International therefore the 
game may not be sold without permission with these intact.

Bug#1002992: sub...@bugs.debian.org

2022-01-02 Thread Alec Leamas

Made a new upload to mentors after syncing my git tree with salsa. 
Basically means that the VCS headers which was broken now should be OK


--alec

Bug#1002591: misdetects socket activated ssh

2022-01-02 Thread Marc Haber

On Sun, Jan 02, 2022 at 09:25:49PM +0100, Thomas Liske wrote:
> Looks like a systemd/cgroup related change in bullseye, buster seems
> not to be affected.

That sounds correct, I had attributed this behavior to some ssh updates
in the past.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Bug#712979: debbugs: get_bug_log can incorrectly return an e-mail body with xsi:type="xsd:long"

2022-01-02 Thread Don Armstrong

On Sun, 02 Jan 2022, Bastian Venthur wrote:
> On 01.01.22 22:05, Don Armstrong wrote:
> > I'm currently working on it, but my available time is so minimal,
> > that additional help would be welcome.
> 
> Awesome news! Is there some repository to check out? I'd love to help if I
> can.

Not publicly yet; I need to get more of the architecture in place before
it can be reasonably collaborated on.

But I hope to have it in a place that others can collaborate with me in
the next 6 months or so.

-- 
Don Armstrong  https://www.donarmstrong.com

Our days are precious, but we gladly see them going
If in their place we find a thing more precious growing
A rare, exotic plant, our gardener's heart delighting
A child whom we are teaching, a booklet we are writing
 -- Frederick Rükert _Wisdom of the Brahmans_ 
 [Hermann Hesse _Glass Bead Game_]

Bug#1002982: elpa-org: post-installation script subprocess returned error exit status 1

2022-01-02 Thread Gregory Mounie

Package: elpa-org
Version: 9.5.2+dfsh-1
Followup-For: Bug #1002982

Dear Maintainer,

After installation, org-version.el is missing (not auto-generated ?) in 
/usr/share/emacs/site-lisp/elpa-src/org-9.5.2/ and soft-linked in 
/usr/share/emacs/site-lisp/elpa/org-9.5.2/

Then the elpa-org 9.5.2 loads the org-version.el from default org 9.3 from 
emacs 27.1 ( /usr/share/emacs/27.1/lisp/org/org-version.el )
 
To reproduce the loading of the wrong file:
emacs -q

then in emacs

M-x org-reload

give the following message:
Successfully reloaded Org
Org mode version N/A (N/A !!check installation!! @ 
/usr/share/emacs/site-lisp/elpa/org-9.5.2/)


The full text of the *Messages* buffer at the org-reload execution. Note the 
directory of the loading of org-version (last previous last loading)

Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-comint...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-core...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-emacs-lisp...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-eval...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-exp...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-lob...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-ref...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-table...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-tangle...done
Loading /usr/share/emacs/27.1/lisp/obarray...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-compat...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-entities...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-faces...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-footnote...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-keys...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-list...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-macro...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-macs...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-pcomplete...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-src...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-table...done
Loading /usr/share/emacs/27.1/lisp/org/org-version.el (source)...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org...done
The following features were found in load-path, please check if that’s correct:
(obarray org-version)
Successfully reloaded Org
Org mode version N/A (N/A !!check installation!! @ 
/usr/share/emacs/site-lisp/elpa/org-9.5.2/)


*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages elpa-org depends on:
ii  dh-elpa-helper  2.0.10
ii  elpa-htmlize1.56-1
ii  emacsen-common  3.0.4

Versions of packages elpa-org recommends:
ii  emacs  1:27.1+1-3.1
ii  emacs-gtk [emacs]  1:27.1+1-3.1+b1

Versions of packages elpa-org suggests:
ii  ditaa  0.10+ds1-1.2
ii  org-mode-doc   9.4.0-2
ii  texinfo6.8-3
ii  texlive-fonts-recommended  2021.20211217-1
ii  texlive-latex-extra2021.20211217-1

-- debconf-show failed

Bug#1003029: xboxdrv: FTBFS with SCons 4.2.0+

2022-01-02 Thread GCS

Source: xboxdrv
Version: 0.8.8-2
Severity: important
Tags: patch

Hi,

SCons 4.3.0 was released some time ago. I've packaged it and would
like to upload it in the next day or so. Your package FTBFS with that,
for which a patch is attached to fix it.

Regards,
Laszlo/GCS
Description: SCons 4.2.0 no longer has env.has_key()
 Check env as an array.
Author: Laszlo Boszormenyi (GCS) 
Forwarded: no
Last-Update: 2022-01-02

---

--- xboxdrv-0.8.8.orig/SConstruct
+++ xboxdrv-0.8.8/SConstruct
@@ -41,7 +41,7 @@ def build_bin2h(target, source, env):
 with open(target[0].get_path(), "w") as fout:
 fout.write("// autogenerated by scons Bin2H builder, do not edit by hand!\n\n")
 
-if env.has_key("BIN2H_NAMESPACE"):
+if "BIN2H_NAMESPACE" in env:
 fout.write("namespace %s {\n\n" % env["BIN2H_NAMESPACE"])
 
 # write down data
@@ -67,7 +67,7 @@ def build_bin2h(target, source, env):
 for src in source], ",\n"))
 fout.write("\n}\n\n")
 
-if env.has_key("BIN2H_NAMESPACE"):
+if "BIN2H_NAMESPACE" in env:
 fout.write("} // namespace %s\n\n" % env["BIN2H_NAMESPACE"])
 
 fout.write("/* EOF */\n")

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

2022-01-02 Thread Guilhem Moulin

Package: roundcube
Severity: important
Tags: security
Control: found -1 1.3.17+dfsg.1-1~deb10u1
Control: found -1 1.4.12+dfsg.1-1~deb11u1
Control: fixed -1 1.5.1+dfsg-1

In a recent post roundcube webmail upstream has announced a fix for a
cross-site scripting (XSS) vulnerability via HTML messages with
malicious CSS content.

Upstream fix for the 1.4 LTS branch:
https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8

There was no new 1.3 LTS release but AFAICT 1.3 is affected as well and
the same fix applies.

-- 
Guilhem.

[0] https://roundcube.net/news/2021/12/30/security-update-1.4.13-released
https://roundcube.net/news/2021/12/30/update-1.5.2-released


signature.asc
Description: PGP signature

Bug#1002998: firejail-profiles: telegram-desktop not working with firejail

2022-01-02 Thread piorunz


Yes, that worked! Thank you!


On 02/01/2022 15:48, Reiner Herrmann wrote:

Hi,

On Sun, Jan 02, 2022 at 02:58:26PM +, piorunz wrote:

Before upgrade to Testing, everything was working fine.
Something is wrong with firejail profile?
I request assistance. Thank you.


This sounds similar to this upstream issue:
  https://github.com/netblue30/firejail/issues/4488

This was fixed by adding "whitelist /usr/share/TelegramDesktop"
to the telegram.profile.
Can you please check if that also works for you?

Thanks.

Kind regards,
   Reiner



--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Bug#1003026: linux-image-5.15.0-2-amd64: iwlwifi fails to initialize AX201 due to firmware error

2022-01-02 Thread Abhijit Hoskeri

Package: src:linux
Version: 5.15.5-2
Severity: important
Tags: upstream
X-Debbugs-Cc: abhijithosk...@gmail.com

On the 5.15 and newer kernels (I have tried 5.16-rc7 from experimental),
iwlwifi fails to start up, complaining of a firmware error:

5.10.0 kernel works as expected. However, it loads 
iwlwifi-QuZ-a0-hr-b0-59.ucode.

I attempted to force 5.15 to load the above, but that leads to the same
result.


Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: enabling device (0100 
-> 0102)
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: failed to 
load iwlwifi-QuZ-a0-hr-b0-66.ucode (-2)
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: Direct firmware load 
for iwlwifi-QuZ-a0-hr-b0-66.ucode failed with error -2
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: failed to 
load iwlwifi-QuZ-a0-hr-b0-65.ucode (-2)
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: Direct firmware load 
for iwlwifi-QuZ-a0-hr-b0-65.ucode failed with error -2
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: failed to 
load iwlwifi-QuZ-a0-hr-b0-64.ucode (-2)
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: Direct firmware load 
for iwlwifi-QuZ-a0-hr-b0-64.ucode failed with error -2
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: 
direct-loading firmware iwlwifi-QuZ-a0-hr-b0-63.ucode
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: api flags index 2 
larger than supported by driver
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: TLV_FW_FSEQ_VERSION: 
FSEQ Version: 89.3.35.37
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: loaded firmware version 
63.c04f3485.0 QuZ-a0-hr-b0-63.ucode op_mode iwlmvm
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: failed to 
load iwl-debug-yoyo.bin (-2)
Jan 02 13:04:12 littlebox kernel: iwlwifi :00:14.3: Detected Intel(R) Wi-Fi 
6 AX201 160MHz, REV=0x354
Jan 02 13:04:12 littlebox kernel: iwlwifi :00:14.3: Detected RF HR B3, 
rfid=0x10a100
Jan 02 13:04:12 littlebox kernel: iwlwifi :00:14.3: base HW address: 
64:79:f0:c8:dc:5a
Jan 02 13:04:12 littlebox kernel: iwlwifi :00:14.3 wlo1: renamed from wlan0

...

Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: Microcode SW error 
detected. Restarting 0x0.
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: Start IWL Error Log 
Dump:
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: Transport status: 
0x004B, valid: 6
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: Loaded firmware 
version: 63.c04f3485.0 QuZ-a0-hr-b0-63.ucode
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0071 | 
NMI_INTERRUPT_UMAC_FATAL
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x22F0 | 
trm_hw_status0
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | 
trm_hw_status1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004CAD42 | branchlink2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004C2DBC | 
interruptlink1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004C2DBC | 
interruptlink2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004C2F1C | data1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x1000 | data2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | data3
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | beacon time
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x00025B0E | tsf low
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | tsf hi
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | time gp1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0002B8A5 | time gp2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0001 | uCode 
revision type
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x003F | uCode 
version major
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0xC04F3485 | uCode 
version minor
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0351 | hw version
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x18C89004 | board 
version
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x8037FD22 | hcmd
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0002 | isr0
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | isr1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x08F04002 | isr2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x00C37FCC | isr3
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | isr4
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | last cmd Id
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004C2F1C | wait_event
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | l2p_control
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | 
l2p_duration
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x |

Bug#1003025: gr-iio prevents import of python3-libiio

2022-01-02 Thread Balbir Thomas

Package: gr-iio
Version: 0.3-9+b4
Severity: normal

Dear Maintainer,

The gr-iio package installs
/usr/lib/python3/dist-packages/iio/__init__.py.

As a result when any application evaluates

   import iio 

The above listed file is evaluated. However this is usually
not what is intended. Instead most applications expect
to evaluate the file

/usr/lib/python3/dist-packages/iio.py

installed by python3-libiio

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/6 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gr-iio depends on:
ii  libc6 2.31-13+deb11u2
ii  libgcc-s1 10.2.1-6
ii  libgnuradio-iio1  0.3-9+b4
ii  libgnuradio-pmt3.8.2  3.8.2.0-14
ii  libgnuradio-runtime3.8.2  3.8.2.0-14
ii  liblog4cpp5v5 1.1.3-3
ii  libpython3.9  3.9.2-1
ii  libstdc++610.2.1-6
ii  python3   3.9.2-3

gr-iio recommends no packages.

gr-iio suggests no packages.

-- no debconf information

Bug#1003024: ITP: libimage-scale-perl -- fast, high-quality fixed-point image resizing

2022-01-02 Thread Paul Gevers

Package: wnpp
Severity: wishlist
Owner: Paul Gevers 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libimage-scale-perl
  Version : 0.14
  Upstream Author : Andy Grundman 
* URL : https://metacpan.org/release/Image-Scale
* License : GPL2+
  Programming Lang: Perl
  Description : fast, high-quality fixed-point image resizing

Image::Scale implements several resizing algorithms with a focus on low
overhead, speed and minimal features. Algorithms available are:

GD's copyResampled (floating-point)

GD's copyResampled fixed-point (useful on embedded devices/NAS devices)

GraphicsMagick's assortment of resize filters (floating-point)

GraphicsMagick's Triangle filter in fixed-point

Supported image formats include JPEG, GIF, PNG, and BMP for input, and JPEG
and PNG for output.

This module came about because the need to improve the very slow
performance of floating-point resizing algorithms on platforms without
a floating-point unit, such as ARM devices like the SheevaPlug, and
the Sparc-based ReadyNAS Duo. Previously it would take many seconds to
resize using GD on the ReadyNAS but the conversion to fixed-point with
a little assembly code brings this down to the range of well under 1
second.

I intent to maintain this package under the Perl Team umbrella. This
package is a dependency of Logitech Squeezebox which I also ITP.

Bug#1003023: ITP: python-django-pint -- Django Quantity Field

2022-01-02 Thread Michael Fladischer

Package: wnpp
Severity: wishlist
Owner: Michael Fladischer 
X-Debbugs-Cc: debian-de...@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-django-pint
  Version : 0.6.3
  Upstream Author : Ben Harling 
* URL : https://github.com/CarliJoy/django-pint/
* License : Expat
  Programming Lang: Python
  Description : Django Quantity Field

 A small Django field extension allowing you to store quantities in certain
 units and perform conversions easily. Uses pint behind the scenes. Also
 contains a form field class and form widget that allows a user to choose
 alternative units to input data. The cleaned_data will output the value in the
 base_units defined for the field, eg: you specify you want to store a value in
 grams but will allow users to input either grams or ounces.

I intend to maintain this as part of the DPT.

-BEGIN PGP SIGNATURE-

iQFFBAEBCgAvFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAmHSFtIRHGZsYWRpQGRl
Ymlhbi5vcmcACgkQ/9PIi5l90WrHBAf/RmsRWUfCu8mewsdh+Kiep+Bhd/bCFwxr
Lygt22KUY/cHlS8/JjB9MPADqck1Uj8PsauU9WZcuZM0gFa+B7gA3fX0RoBWsten
8rm2k8TSo8am2im7yKjLFx+WXRkaNQ88VJXaiCT9hGQf67TOV2RD+6QjsPkGLZ7L
BuTblYpF3NY5I1VpfwZYN41GACNEFTjGOg/LN2whnEkAY1udRIAbT+eX43yrvW5+
FKqpU1rZhGH6DlpeXtaluKYSJ/gFJWv3tvdqAxE1FDiDVprBAXPSAGqC0DfgYeUM
cP0mUTkOmWf7i8XY3cUR46wndq7T1cmW/nGpQTv2o4fzloJ4fMAvPQ==
=QhJl
-END PGP SIGNATURE-

Bug#1003022: websocketpp: FTBFS with SCons 4.2.0+

2022-01-02 Thread GCS

Source: websocketpp
Version: 0.8.2-3
Severity: important
Tags: patch

Hi,

SCons 4.3.0 was released some time ago. I've packaged it and would
like to upload it in the next day or so. Your package FTBFS with that,
for which a patch is attached to fix it.

Regards,
Laszlo/GCS
Description: SCons 4.2.0 no longer has env_cpp11.has_key()
 Check env_cpp11 as an array.
Author: Laszlo Boszormenyi (GCS) 
Forwarded: no
Last-Update: 2022-01-02

---

--- websocketpp-0.8.2.orig/examples/broadcast_server/SConscript
+++ websocketpp-0.8.2/examples/broadcast_server/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs]
prgs += env_cpp11.Program('broadcast_server', ["broadcast_server.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/debug_client/SConscript
+++ websocketpp-0.8.2/examples/debug_client/SConscript
@@ -14,7 +14,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs] + [tls_libs]
prgs += env_cpp11.Program('debug_client', ["debug_client.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/debug_server/SConscript
+++ websocketpp-0.8.2/examples/debug_server/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs]
prgs += env_cpp11.Program('debug_server', ["debug_server.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/dev/SConscript
+++ websocketpp-0.8.2/examples/dev/SConscript
@@ -11,7 +11,7 @@ env_cpp11 = env_cpp11.Clone ()
 
 prgs = []
 
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
BOOST_LIBS_CPP11 = boostlibs(['unit_test_framework','system','timer','chrono'],env_cpp11) + [platform_libs] + [polyfill_libs]
prgs += env_cpp11.Program('main', ["main.cpp"], LIBS = BOOST_LIBS_CPP11)
 
--- websocketpp-0.8.2.orig/examples/echo_client/SConscript
+++ websocketpp-0.8.2/examples/echo_client/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs] + ['z']
prgs += env_cpp11.Program('echo_client', ["echo_client.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/echo_server/SConscript
+++ websocketpp-0.8.2/examples/echo_server/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs]
prgs += env_cpp11.Program('echo_server', ["echo_server.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/echo_server_both/SConscript
+++ websocketpp-0.8.2/examples/echo_server_both/SConscript
@@ -14,7 +14,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs] + [tls_libs]
prgs += env_cpp11.Program('echo_server_both', ["echo_server_both.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/echo_server_tls/SConscript
+++ websocketpp-0.8.2/examples/echo_server_tls/SConscript
@@ -14,7 +14,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs] + [tls_libs]
prgs += env_cpp11.Program('echo_server_tls', ["echo_server_tls.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/external_io_service/SConscript
+++ websocketpp-0.8.2/examples/external_io_service/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] +

Bug#1003021: x11-utils: luit - please upgrade

2022-01-02 Thread Thomas Dickey

Package: x11-utils
Version: 7.7+5
Severity: normal

Dear Maintainer,

   * The version of luit in x11-utils is very old, and its nominal upstream
 is defunct.

 https://lists.x.org/archives/xorg-devel/2018-August/057386.html

 See this for a summary of the relationship of "xorg luit" to luit:

 https://invisible-island.net/luit/#metrics

   * Prior discussion with the package maintainers had no effect.

   * To remedy the situation, I propose to
   
 a) modify x11-utils, making its copy of luit configurable via
the alternatives feature (renaming it to "luit1", accessed as "luit")

 b) to provide an up-to-date package for luit as "luit2", also
of course configurable via the alternatives feature.

 c) After some time, the copy in x11-utils can be replaced by a
"recommends".

 Incidentally, doing this would fix #816289

The point of this bug report is to get feedback on "a" (modify x11-utils).

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages x11-utils depends on:
ii  libc6   2.33-1
ii  libfontconfig1  2.13.1-4.2
ii  libfontenc1 1:1.1.4-1
ii  libgl1  1.3.4-2+b1
ii  libx11-62:1.7.2-2+b1
ii  libx11-xcb1 2:1.7.2-2+b1
ii  libxaw7 2:1.0.13.1-20191125
ii  libxcb-shape0   1.14-3
ii  libxcb1 1.14-3
ii  libxcomposite1  1:0.4.5-1
ii  libxext62:1.3.4-1
ii  libxft2 2.3.2-2
ii  libxi6  2:1.8-1
ii  libxinerama12:1.1.4-2
ii  libxkbfile1 1:1.1.0-1
ii  libxmu6 2:1.1.2-2+b3
ii  libxmuu12:1.1.2-2+b3
ii  libxrandr2  2:1.5.2-1
ii  libxrender1 1:0.9.10-1
hi  libxt6  1:1.2.0-20190617
ii  libxtst62:1.2.3-1
ii  libxv1  2:1.0.11-1
ii  libxxf86dga12:1.1.4-1+b3
ii  libxxf86vm1 1:1.1.4-1+b2

x11-utils recommends no packages.

Versions of packages x11-utils suggests:
ii  mesa-utils  8.4.0-1+b2

-- no debconf information

Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)

2022-01-02 Thread Tobias Frost

On Sun, Jan 02, 2022 at 04:31:01PM +0100, Michael Biebl wrote:
> On 02.01.22 16:12, Tobias Frost wrote:
> 
> > Filesystem ia an ext4 on a lvm, backed by a raid1.
> 
> Does the file system support xattr and acl?

I guess so, but ACLs are nothing I use normally, so I cant tell if I use them
correctly... 

root@thecus:/var/log/journal# touch test.txt
root@thecus:/var/log/journal# setfattr -n user.test -v "xattr test string" 
test.txt
root@thecus:/var/log/journal# getfattr test.txt
# file: test.txt
user.test


root@thecus:/var/log/journal# getfacl test.txt
# file: test.txt
# owner: root
# group: systemd-journal
user::rw-
group::r-x  #effective:r--
group:adm:r-x   #effective:r--
group:4294967295:r-x#effective:r--
mask::r--
other::r--


Albeith, I cannot set ACLs in /var/log/journal:

setfacl --modify="u:unifi:rw" test.txt
setfacl: test.txt: Malformed access ACL 
`user::rw-,user:unifi:rw-,group::r-x,group:adm:r-x,group:4294967295:r-x,mask::rwx,other::r--':
 Duplicate entries at entry 5

Same command in /var/log works:

root@thecus:/var/log# touch test.txt ; setfacl --modify="u:unifi:rw" test.txt 
root@thecus:/var/log# getfacl test.txt 
# file: test.txt
# owner: root
# group: root
user::rw-
user:unifi:rw-
group::r--
mask::rw-
other::r--


root@thecus:/var/log# 
root@thecus:/var/log# ls -lad journal/
drwxr-sr-x+ 3 root systemd-journal 4096 Jan  2 21:33 journal/
root@thecus:/var/log# getfacl journal/
# file: journal/
# owner: root
# group: systemd-journal
# flags: -s-
user::rwx
group::r-x
group:adm:r-x
group:4294967295:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:adm:r-x
default:group:4294967295:r-x
default:mask::r-x
default:other::r-x

root@thecus:/var/log# mount | grep journal
root@thecus:/var/log#

Bug#1002252: [Pkg-electronics-devel] Bug#1002252: pcb-rnd: FTBFS: dh_auto_test: error: make -j4 test VERBOSE=1 returned exit code 2

2022-01-02 Thread Bdale Garbee

severity 1002252 important
thanks

Lucas Nussbaum  writes:

> During a rebuild of all packages in sid, your package failed to build
> on amd64.

It looks like noise from the latest librnd version is causing a pcb-rnd
test failure.  There is no operational bug in either the library or the
application pcb-rnd.

Upstream reports this is already fixed in their tree, and will
apparently be in the next librnd release due in March.  Upstream really
hates when I pull patches out of his tree to make off-cycle updates, so
unless this actually causes someone an operational problem with the
existing binary packages, my intent is to just package the next librnd
release as soon as possible.

Bdale

signature.asc
Description: PGP signature

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

2022-01-02 Thread Andres Salomon

On Sun, 2 Jan 2022 20:15:01 +0100
Moritz Muehlenhoff  wrote:

> On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> > How should I handle this? NMU to sid, let people try it out, and
> > then deal with buster/bullseye?  
> 
> Yeah, let's proceed with unstable first in any case.
> 
> > Upload everything all at once? I'm also
> > going to try building for buster, unless the security team doesn't
> > think I should bother.  
> 
> I saw
> https://salsa.debian.org/dilinger/chromium/-/commit/5c05f430e192961527ec9a64bbaa64401dc14d95
> , but buster now also includes LLVM/clang 11 (it was introduced to
> support a more recent Rust toolchain needed for Firefox), so you
> might be reduce complexity here further:
> https://tracker.debian.org/pkg/llvm-toolchain-11
> 
> It's in buster-proposed-updates since there hasn't been a point
> release since, but for the purposes of buster-security builds, it
> doesn't matter (they chroots have been modified to includen
> buster-proposed-updates temporarily):

Ah, very helpful, thanks! I'll give buster a try (just created
the 'v96-buster' branch). Between that and various backports, I think
we might be in good shape.

Bug#1002591: misdetects socket activated ssh

2022-01-02 Thread Thomas Liske

Hi Marc,


On Sat, 2022-01-01 at 20:55 +0100, Marc Haber wrote:
> Sure:
> 1 [1/4996]mh@torres:~ $ pgrep ssh
> 315675
> 315738
> [2/4997]mh@torres:~ $ sudo cat /proc/315675/cgroup
> [sudo] password for mh on torres: 
> 0::/user.slice/user-1001.slice/session-296.scope
> [3/4998]mh@torres:~ $ sudo cat /proc/315738/cgroup
> 0::/user.slice/user-1001.slice/session-296.scope
> [4/4999]mh@torres:~ $ 
> 

thanks! Needrestart should ignore those ssh instances since there is a
user slice cgroup. It does not work due to this check[1] in
needrestart.

[1] https://github.com/liske/needrestart/blob/v3.5/needrestart#L637

Looks like a systemd/cgroup related change in bullseye, buster seems
not to be affected.


Regards,
Thomas


> > As a workaround you might blacklist sshd in needrestart but I think
> > a
> > generic approach handling socket activation services in needrestart
> > would be better. Therefore needrestart need a way to detect if the
> > process belongs to a socket activated service.
> 
> It is also possible to mask ssh.service entirely in systemd. But of
> couse having the heuristic fixed would be better.
> 
> Greetings
> Marc
>

Bug#908941: unarchiving 908941, reopening 908941

2022-01-02 Thread Andreas Beckmann


rpyc | 5.0.1-1   | new| source

Bug#1003020: openblas breaks hypre autopkgtest on armhf: test times out after 2:47h

2022-01-02 Thread Paul Gevers


Source: openblas, hypre
Control: found -1 openblas/0.3.19+ds-1
Control: found -1 hypre/2.22.1-3
Severity: serious
Tags: sid bookworm
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of openblas the autopkgtest of hypre fails in 
testing when that autopkgtest is run with the binary packages of 
openblas from unstable on armhf due to a timeout after 2:47 h. It passes 
when run with only packages from testing in about 9-12 minutes. In 
tabular form:


   passfail
openblas   from testing0.3.19+ds-1
hypre  from testing2.22.1-3
all others from testingfrom testing

I copied some of the output at the bottom of this report, but as the 
test times out, I suspect it just hangs and there's not much useful to see.


Currently this regression is blocking the migration of openblas to 
testing [1]. Due to the nature of this issue, I filed this bug report 
against both packages. Can you please investigate the situation and 
reassign the bug to the right package?


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=openblas

https://ci.debian.net/data/autopkgtest/testing/armhf/h/hypre/17988587/log.gz

Building tests for HYPRE
rm -f *.o *.obj
rm -rf pchdir tca.map *inslog*
mpicc -I/usr/include/hypre -I/usr/include/superlu 
-I/usr/include/superlu-dist -pthread 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o ij.o ij.c
Building ij ... mpicc -o ij ij.o -L/lib -lHYPRE -Wl,-rpath,/lib 
 -L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
ij_assembly.o ij_assembly.c
Building ij_assembly ... mpicc -o ij_assembly ij_assembly.o -L/lib 
-lHYPRE -Wl,-rpath,/lib 
-L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
sstruct.o sstruct.c
Building sstruct ... mpicc -o sstruct sstruct.o -L/lib -lHYPRE 
-Wl,-rpath,/lib  -L/usr/lib/arm-linux-gnueabihf/openmpi/lib 
-lmpi -lm mpicc -I/usr/include/hypre -I/usr/include/superlu 
-I/usr/include/superlu-dist -pthread 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o struct.o 
struct.c
Building struct ... mpicc -o struct struct.o -L/lib -lHYPRE 
-Wl,-rpath,/lib  -L/usr/lib/arm-linux-gnueabihf/openmpi/lib 
-lmpi -lm mpicc -I/usr/include/hypre -I/usr/include/superlu 
-I/usr/include/superlu-dist -pthread 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
ams_driver.o ams_driver.c
Building ams_driver ... mpicc -o ams_driver ams_driver.o -L/lib -lHYPRE 
-Wl,-rpath,/lib  -L/usr/lib/arm-linux-gnueabihf/openmpi/lib 
-lmpi -lm mpicc -I/usr/include/hypre -I/usr/include/superlu 
-I/usr/include/superlu-dist -pthread 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
maxwell_unscaled.o maxwell_unscaled.c
Building maxwell_unscaled ... mpicc -o maxwell_unscaled 
maxwell_unscaled.o -L/lib -lHYPRE -Wl,-rpath,/lib 
-L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
struct_migrate.o struct_migrate.c
Building struct_migrate ... mpicc -o struct_migrate struct_migrate.o 
-L/lib -lHYPRE -Wl,-rpath,/lib 
-L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
sstruct_fac.o sstruct_fac.c
Building sstruct_fac ... mpicc -o sstruct_fac sstruct_fac.o -L/lib 
-lHYPRE -Wl,-rpath,/lib 
-L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o ij_mv.o 
ij_mv.c
Building ij_mv ... mpicc -o ij_mv ij_mv.o -L/lib -lHYPRE -Wl,-rpath,/lib 
 -L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include

Bug#1003017: dulwich: autopkgtest regression: src/debian/tests/testsuite3: 10: -m: not found

2022-01-02 Thread Paul Gevers


Source: dulwich
Version: 0.20.26-1
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent upload of dulwich the autopkgtest of dulwich fails in 
testing when that autopkgtest is run with the binary packages of dulwich 
from unstable. It passes when run with only packages from testing. In 
tabular form:


   passfail
dulwichfrom testing0.20.26-1
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration to testing [1]. Can 
you please investigate the situation and fix it?


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=dulwich

https://ci.debian.net/data/autopkgtest/testing/amd64/d/dulwich/17999494/log.gz

= Running tests with python3.9 ==
/tmp/autopkgtest-lxc.n4tqfogv/downtmp/build.r97/src/debian/tests/testsuite3: 
10: -m: not found

autopkgtest [23:08:36]: test testsuite3



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1003016: node-chart.js breaks cacti autopkgtest: did Chart.js just got renamed to chart.js?

2022-01-02 Thread Paul Gevers


Source: node-chart.js
Control: found -1 node-chart.js/3.7.0+~0.1.9-1
Severity: serious
Tags: sid bookworm
User: debian...@lists.debian.org
Usertags: breaks needs-update
Control: affects -1 cacti python3-ontospy

[X-Debbugs-CC: debian...@lists.debian.org 
python3-onto...@packages.debian.org]


Dear maintainer(s),

[I'm also the maintainer of the cacti package in Debian]

With a recent upload of node-chart.js the autopkgtest of cacti fails in 
testing when that autopkgtest is run with the binary packages of 
node-chart.js from unstable. It passes when run with only packages from 
testing. In tabular form:


   passfail
node-chart.js  from testing3.7.0+~0.1.9-1
cacti  from testing1.2.19+ds1-2
all others from testingfrom testing

I copied some of the output at the bottom of this report. The cacti 
autopkgtest is a simple recursive web crawl of the web app. The test 
fails because it can't find Chart.js while it expect it to be there. 
Chart.js used to be linked in from libjs-chart.js. There is a chart.js 
in the new version, is that just the renamed version of Chart.js? If 
that's the case, can a symlink be provided to enable reverse 
dependencies to just keep on working? (Same for other files that got 
renamed)


Currently this regression is blocking the migration of node-chart.js to 
testing [1]. Can you please investigate the situation? If you think that 
reverse Depends should just move on, please clone and reassign the bug 
to all reverse dependencies that use Chart.js (or other files that got 
renamed/dropped).


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=node-chart.js

https://ci.debian.net/data/autopkgtest/testing/amd64/c/cacti/17997504/log.gz

2022-01-01 21:11:48 - ERROR PHP WARNING: 
md5_file(/usr/share/cacti/site/lib/../include/js/Chart.js): failed to 
open stream: No such file or directory in file: 
/usr/share/cacti/site/lib/functions.php  on line: 6072
2022-01-01 21:11:48 - CMDPHP PHP ERROR WARNING Backtrace: 
(/automation_tree_rules.php[68]:top_header(), 
/lib/functions.php[4155]:include_once(), 
/include/top_header.php[34]:html_common_header(), 
/lib/html.php[2566]:get_md5_include_js(), 
/lib/functions.php[6089]:get_md5_hash(), 
/lib/functions.php[6072]:md5_file(), CactiErrorHandler())


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1000572: fix

2022-01-02 Thread Thomas Lange

This is now fixed in the master branch

https://github.com/faiproject/fai/commit/2726525da7fbcd73ff5e949516890fa80ffb6783

-- 
viele Grüße Thomas

Bug#959407: Not needed for Debian Python Packages

2022-01-02 Thread Scott Kitterman

We now have a more general solution for PEP 517/518 (and PEP 621) based 
packages in pybuild using a different approach.  This package is not needed to 
support Deiban Python package building.

Scott K

signature.asc
Description: This is a digitally signed message part.

Bug#1003015: Makefile creates a symlink testing/buster -> unstable/sid, while it should be testing/bookworm -> unstable/sid

2022-01-02 Thread Daniel Leidert

Package: debian-cd
Version: 3.1.35
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The Makefile contains this code:

# Make sure unstable/sid points to testing/buster, as there is no build
# rule for unstable/sid.
unstable-map:
$(Q)if [ ! -d $(BASEDIR)/data/sid ] ; then \
ln -s buster $(BASEDIR)/data/sid ; \
fi
$(Q)if [ ! -d $(BASEDIR)/tools/boot/sid ] ; then \
ln -s buster $(BASEDIR)/tools/boot/sid ; \
fi

This clearly needs to be updated to "bookworm".

Regards, Daniel



- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debian-cd depends on:
ii  apt2.3.13
ii  bc 1.07.1-3+b1
ii  bzip2  1.0.8-5
ii  cpp4:11.2.0-2
ii  curl   7.80.0-3
ii  dctrl-tools [grep-dctrl]   2.24-3+b1
ii  dpkg-dev   1.21.1
ii  genisoimage9:1.1.11-3.2
pn  libcompress-zlib-perl  
pn  libdigest-md5-perl 
ii  libdpkg-perl   1.21.1
ii  libfile-slurp-perl .32-1
ii  libyaml-libyaml-perl   0.83+ds-1
ii  lynx   2.9.0dev.10-1
ii  make   4.3-4.1
ii  perl [libdigest-sha-perl]  5.32.1-6
ii  tofrodos   1.7.13+ds-5
ii  wget   1.21.2-2+b1
ii  xorriso1.5.4-2

Versions of packages debian-cd recommends:
ii  dosfstools   4.2-1
ii  hfsutils 3.2.6-15
ii  isolinux 3:6.04~git20190206.bf6db5b4+dfsg1-3
ii  mtools   4.0.33-1+really4.0.32-1
ii  syslinux-common  3:6.04~git20190206.bf6db5b4+dfsg1-3

debian-cd suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmHR/eIACgkQS80FZ8KW
0F13VQ/+LLRXQP6vVxion6boTgg9LEEEnaUPHeprePLNoe5hA0S0wFnIyt3fU/w/
+/QVs4csEpZkLK397gAqR3/au5I/UGzW24lYwMwCtnRdZlwMeYnsRoQx1MPhWerb
oX53/kfbesUDT8TOT3TZnNtZg2d2wZlH7+KUA6BrHjlRNFLxYrh7CBYzQ14CxVz0
pCxtyub1RQKUFGhfJ/Sv+C70sStiooECpMoLPmQhvC0XWoZU0E+ZJPkUJTFzeIvJ
a3hclib2BNzFTTduPKG8SYgytfTyHKrkZx81J1s9955ZDEMxqoc+QnpuaNFqW2yJ
dqyJorijFYki5rnw4p70zzWtX3VDaQkVxtrDPmTmKa9V+HB57/Vw7nk8Jw0KnKxC
vdRWYH5WVobeNLdJ5rzgZRhlaeqf99DHFcUhTp7oK9kxheqxlnvKskGdCPvlG+2b
ocIx7okMxTWRQYXuzUW0x6U+oQq+2hrTW8Ia9894APNswdsbYw6aNkAydWs2WsOs
z/c1wE7M1WdDpYCTGLewIo6kdzaD5NXg4ACwZozJPRjjrdjWvEL/tX7QANbkHxbY
G1TRv8I+sWb2uEYRqPEhBX6BA555QJo6srYUuzyYROG/fvOX3moR3AIVY8N+RWiU
qKHt63FXf7ClQxY92tq3kpk+jmhIVEaGE2axZ+KBpx0dtcwny9s=
=eDGz
-END PGP SIGNATURE-

Bug#1003014: make_disc_trees.pl misdetects files missing for debootstrap when a proxy is used to retrieve packages - essentially making the installer ignore packages on the CDROM

2022-01-02 Thread Daniel Leidert

Package: debian-cd
Version: 3.1.35
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I was recently building custom images using simple-cdd, and for some reason the
installer was completely ignoring the packages shipped with the media. With
some digging I found the installer reporting:

cdrom-detect: Base system not installable from CD, requesting choose-mirror

With some more digging I found that make_disc_trees.pl was reporting:

5 files missing for debootstrap, not creating base_installable

But the relevant make_disc_tree.log file only contained this at the end:

Missing debootstrap-required I:
Missing debootstrap-required Using
Missing debootstrap-required auto-detected
Missing debootstrap-required proxy:
Missing debootstrap-required http://127.0.0.1:8000/

So actually there were no packages missing. Disabling the proxy then "fixed"
the issue. There were no more complaints by make_disc_trees.pl, and the
installer was using all the package put on the CD.

So we somehow need to ignore messages like the above, which do not indicate
packages missing.

Regards, Daniel



- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debian-cd depends on:
ii  apt2.3.13
ii  bc 1.07.1-3+b1
ii  bzip2  1.0.8-5
ii  cpp4:11.2.0-2
ii  curl   7.80.0-3
ii  dctrl-tools [grep-dctrl]   2.24-3+b1
ii  dpkg-dev   1.21.1
ii  genisoimage9:1.1.11-3.2
pn  libcompress-zlib-perl  
pn  libdigest-md5-perl 
ii  libdpkg-perl   1.21.1
ii  libfile-slurp-perl .32-1
ii  libyaml-libyaml-perl   0.83+ds-1
ii  lynx   2.9.0dev.10-1
ii  make   4.3-4.1
ii  perl [libdigest-sha-perl]  5.32.1-6
ii  tofrodos   1.7.13+ds-5
ii  wget   1.21.2-2+b1
ii  xorriso1.5.4-2

Versions of packages debian-cd recommends:
ii  dosfstools   4.2-1
ii  hfsutils 3.2.6-15
ii  isolinux 3:6.04~git20190206.bf6db5b4+dfsg1-3
ii  mtools   4.0.33-1+really4.0.32-1
ii  syslinux-common  3:6.04~git20190206.bf6db5b4+dfsg1-3

debian-cd suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmHR/WUACgkQS80FZ8KW
0F3rbBAAzjD2Il4Oqjxj69IBaJe5luKnFOX8L66WEY6yG05MKGzJfICWKuuATHyy
B4wVFRhslM+4LvxcIqsY+V5ruFKssy1QxHRxRC6tQZ2gpwlGn5UzaA7chrPJ/Mgc
mEY3zgsiw7HiK0Vf4zBmT21G3op1jzTpoEiey8IPbIhA8KVv3b8agkt/aqTyIUna
GlEoxnAqRvcRgtcM0Xkk1JhriPlU6IKSBsvr+0vmMoXzDYC0Yss2WtRP/R8zrmU/
3ae2yQSXNq8knclIftQQunufDounOgjyTr8WPk2iFVkb9HtEAi/EGbnkiR4i7ssm
EXOHh6lyw4SKlEC0Fz3jrvqBoESaDALUFus3vIpwvHZ9oEg9rY9sxU5JYIpgVM6g
lVrochACh0gifIiM8fL30FEYhkT1AtYh3AHH59SrzSS5rmUjyE/0GdZKRAwDFRvN
RbbcqArFuR3hQmC08GuMrktAQNciwtDpiMhY/IZEvv3uV7R9pKbO+Xw4g8QIGS8+
XutWfsIlJWojm1p2msAZZ39kvz7+6PjNaxhc+mxcd84fYADEOeXifsdIpJUs3aFT
yzRToheDrjFoB4ZP79atvE+WJ/e8CZJoKqgmvvoR2BjjIS5TYZHng2ugZihhqMks
hEAvVDs0AmHPvvJHcrvVIwuhjWQl+B9dxqH0DeGT7ypPfY7M4Jk=
=F62J
-END PGP SIGNATURE-

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

2022-01-02 Thread Moritz Muehlenhoff

On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> How should I handle this? NMU to sid, let people try it out, and then
> deal with buster/bullseye?

Yeah, let's proceed with unstable first in any case.

> Upload everything all at once? I'm also
> going to try building for buster, unless the security team doesn't
> think I should bother.

I saw
https://salsa.debian.org/dilinger/chromium/-/commit/5c05f430e192961527ec9a64bbaa64401dc14d95
 ,
but buster now also includes LLVM/clang 11 (it was introduced to support a more 
recent Rust
toolchain needed for Firefox), so you might be reduce complexity here further:
https://tracker.debian.org/pkg/llvm-toolchain-11

It's in buster-proposed-updates since there hasn't been a point release since, 
but for
the purposes of buster-security builds, it doesn't matter (they chroots have 
been modified
to includen buster-proposed-updates temporarily):

I'd say if it works out without additional overhead, let's also update 
buster-security,
but it's also important not to overstretch the time/resources, so focusing on 
bullseye and
EOLing buster is also an option for sure.

Cheers,
Moritz

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

2022-01-02 Thread Matthias Andree


Am 02.01.22 um 17:11 schrieb Karsten:

Basically you can install the self-signed certificate (if you or a
trusted party signed it, and you have transmitted it over a secure
channel, for instance, via SFTP or SCP) into the trust store (assuming
it suits both the TLS server and the signing CA roles - which was set
when you created it).

Just for understanding - the installation is the public certificate of the 
server,
or must be a special file derived from the private certificate?


"It depends" - on how you exactly you generated it - even if you only
created it with "openssl req -x509 ...", the openssl configuration files
matter.

Normally, 1. the client's trust store (OpenSSL on the fetchmail
computer) needs the CA certificate, i. e. one with the CA flag set to
true in the basicConstraints, or basicContraints missing, see the
x509(1ssl) manual page under CERTIFICATE EXTENSIONS. 2. Then, the server
needs to present a certificate that is suitable as "SSL Server"
(extendedKeyUsage = serverAuth) role.

See the x509v3_config(5ssl) manual page for details.

If your server's certificate does not fulfill both criteria, you better
start over and set up a ca (and store its private key password-protected
in a safe place, as you seldomly need it), and a separate server cert
signed by your own ca. easy-rsa may help with that. Check
/usr/share/doc/easy-rsa, easy-rsa has README files, but no manual page.

To check:

openssl x509 -noout -text -in whatever.crt    # or whatever.pem
shows you that, here for a CA certificate:

    X509v3 Basic Constraints:
    CA:TRUE
...
    X509v3 Key Usage:
    Certificate Sign, CRL Sign

The TLS  server has

    X509v3 Basic Constraints:
    CA:FALSE
...
   X509v3 Extended Key Usage:
    TLS Web Server Authentication

Some of this may not be enforced in currently shipping fetchmail
versions, but since a lot of public foot-shooting was involved in
third-party documentation that advised trust-on-first-use schemes
without warning people of the dangers involved, future versions might
actually tighten things even more, so, f.i. validate CA flags of all but
the server certificate.

I don't currently use Debian or derivatives as so you need to check
[update-]ca-certificates documentation and configuration to be sure that
your certificate is (a) put in the right place where
update-ca-certificate finds it, (b) "enabled" in configuration and
processed into the output trust store, and (c) not in a place where it
will be removed on system upgrades. dpkg-reconfigure ca-certificates -
possibly with some modified priority option - might be required.

That stackexchange link in the earlier message hints that there were
changes somewhen in the past, and also be sure to re-check documentation
since the answer there is older than Debian 11.



No, where does that access happen? The trust store is local to your
computer and fetchmail might use your system's DNS resolver (which can
have privacy implications) and will connect to the servers you point it to.

First you send your certificate to the public CA to sign it.
Then an client must connect the CA to proove that the public certificate is 
correct signed.

Correct or wrong?


If I am my own CA, I am not sending something anywhere. I install the ca
certificate on my clients' trust stores, put its (the CA) private keys
on a CD or USB key so it's not left on my computer (let alone on my
server), and that's it. I've been doing that for more than a dozen
years; for public services however Let's Encrypt is a viable alternative.

Bug#1003012: bash: Corrupted multibyte characters in command substitutions

2022-01-02 Thread Frank Heckenbach

Package: bash
Version: 5.1-2+b3
Severity: critical
Justification: breaks unrelated software
Tags: patch upstream l10n

I've reported this bug on bug-bash:
https://lists.gnu.org/archive/html/bug-bash/2022-01/msg0.html

only to learn that it's known and not fixed for months (it was known
before bullseye was released, so a timely fix would have prevented
the bug ever reaching stable):
https://savannah.gnu.org/patch/?10035

I'm reporting it as critical because it causes silent data
corruption and potentially affects each bash script in the system.

Since the bash developers don't seem to take that seriously, I'm
asking the Debian maintainers to put out a fixed version ASAP to
prevent further damage -- hopefully as a security patch. (I'm no
expert in writing exploits, but I think it's quite possible such a
bug can be exploited. I hope you don't have to wait for an actual
exploit in order to fix the bug.)

Both reports listed above contain a patch. They're different, but
either one will fix the immediate problem.

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-9-amd64 (SMP w/24 CPU threads)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bash depends on:
ii  base-files   11.1+deb11u2
ii  debianutils  4.11.2
ii  libc62.31-13+deb11u2
ii  libtinfo66.2+20201114-2

Versions of packages bash recommends:
ii  bash-completion  1:2.11-2

Versions of packages bash suggests:
pn  bash-doc  

-- no debconf information

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

2022-01-02 Thread Andres Salomon




On 1/2/22 12:53 PM, Mattia Rizzolo wrote:

On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:

I've got 96.0.4664.110 building on both bullseye and sid

Trying it, I see it still build-depends on python-jinja2.  That package
is now gone, so it's not actually buildable in sid anymore.

Correlated, do you know how long do they plan on keeping using python2?
That's plainly unsuitable, it really is not going to last much longer in
debian.



Sorry, I hadn't pushed the commits yet. I just did, but like I said I 
still need to clean 'em up.

Bug#1003011: xkb-data: character infinity bepo AFNOR variant

2022-01-02 Thread Guillonneau Jean-Paul

Package: xkb-data
Version: 2.29-2
Severity: minor

Dear Maintainer,

the code for the character "∞" for the "French (Bepo, ergonomic, Dvorak way,
AFNOR)"
(line 630 in the file /usr/share/X11/xkb/symbols/fr) seems wrong. Should be
U221E,
not UFDD7.

Regards.

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1003010: fonts-liberation2: please Provides fonts-liberation

2022-01-02 Thread Martin-Éric Racine

Package: fonts-liberation2
Version: 2.1.5-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

It would be desirable for fonts-liberation2 to Provides fonts-liberation so as 
to avoid installing two versions of essentially the same font.

- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/8 CPU threads)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmHR8oMACgkQrh+Cd8S0
17Z7+RAAp5YKO9j36vycnMIvKSJP16hMis0Ua8kRKPbQD5yxHZ2esxA924Po5Owr
DJPfBbHwiMBnZb4FQjDaHYBg+U7HN2ZWZuDJLFPszQr8p9eR+8GA3Wo2WxDTP9Es
YsYia92X2Ay+T4Dq+OhEIQLdL7Dd72s8+BFpDqDWaZ+EAPNgsXFQneKpdCNS3y5w
edw8ToH8xaDUnYILjBN7sD1f80RnA2oa6PbauVU+3CS41lsQ4vDZbFyR7Nedtl6n
+C+HLmxwDHjd2SrvjCjBKkY7IZWMIzvt0fJb7LAoQ39w7+kqeCeTcbb28T+wjyFB
hgPk30LStOgYCB9dQfhajrwt/rL+4/6ICy82BD7TRMOAhyiO8Z9zNViv151aPuMT
6BWSZAM1bjWBdAxDqWgaif9ByZnm7ba/n4NGTOyeQ2MX43HIn21DR1lNypLKsB6J
t1q21TdeZNSmVJR02EtUZ6MhgXtCMJZoubb1uMkpQkeNuBv828mI0iqkCwMAnjfx
Z2yYXDcaL7swtgBifGMtx4gtLJO54bFZ/7391f/AX7V1F07zFy0yiM1P7FY5jAkB
xQ+wHVqGRIeSe0g9j40vQMH9u2T7GkgMCZDcraAiPTREZxUMpSc34o+DgnqOhAfZ
6U9cUH7iMvUfVyID/X3FQASnwjXrV2ALRRG+3tZmuIaTU4GnXKo=
=k7Xm
-END PGP SIGNATURE-

Bug#1003009: notcurses FTBFS: notcurses-ffi exists in debian/tmp but is not installed to anywhere

2022-01-02 Thread Adrian Bunk

Source: notcurses
Version: 3.0.3+dfsg.1-1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=notcurses=3.0.3%2Bdfsg.1-1

...
   dh_missing -a -O--buildsystem=cmake
dh_missing: warning: usr/lib/x86_64-linux-gnu/libnotcurses-ffi.so exists in 
debian/tmp but is not installed to anywhere 
dh_missing: warning: usr/lib/x86_64-linux-gnu/libnotcurses-ffi.so.3 exists in 
debian/tmp but is not installed to anywhere 
dh_missing: warning: usr/lib/x86_64-linux-gnu/libnotcurses-ffi.so.3.0.3 exists 
in debian/tmp but is not installed to anywhere 
dh_missing: warning: usr/lib/x86_64-linux-gnu/pkgconfig/notcurses-ffi.pc exists 
in debian/tmp but is not installed to anywhere 
dh_missing: error: missing files, aborting
The following debhelper tools have reported what they installed (with 
files per package)
 * dh_install: libnotcurses++-dev (6), libnotcurses++3 (2), 
libnotcurses-core-dev (45), libnotcurses-core3 (4), libnotcurses-dev (5), 
libnotcurses3 (2), notcurses-bin (18), notcurses-data (10), python3-notcurses 
(0)
 * dh_installdocs: libnotcurses++-dev (0), libnotcurses++3 (0), 
libnotcurses-core-dev (0), libnotcurses-core3 (0), libnotcurses-dev (0), 
libnotcurses3 (0), notcurses-bin (0), notcurses-data (0), python3-notcurses (0)
 * dh_installman: libnotcurses++-dev (0), libnotcurses++3 (0), 
libnotcurses-core-dev (0), libnotcurses-core3 (0), libnotcurses-dev (0), 
libnotcurses3 (0), notcurses-bin (0), notcurses-data (0), python3-notcurses (0)
If the missing files are installed by another tool, please file a bug 
against it.
When filing the report, if the tool is not part of debhelper itself, 
please reference the
"Logging helpers and dh_missing" section from the "PROGRAMMING" guide 
for debhelper (10.6.3+).
  (in the debhelper package: /usr/share/doc/debhelper/PROGRAMMING.gz)
Be sure to test with dpkg-buildpackage -A/-B as the results may vary 
when only a subset is built
If the omission is intentional or no other helper can take care of this 
consider adding the
paths to debian/not-installed.

Remember to be careful with paths containing "x86_64-linux-gnu", where 
you might need to
use a wildcard or (assuming compat 13+) e.g. ${DEB_HOST_MULTIARCH} in 
debian/not-installed
to ensure it works on all architectures (see #961104).
make: *** [debian/rules:14: binary-arch] Error 25

Bug#1003008: Error 134633601: Error while parsing number"

2022-01-02 Thread Eugene Berdnikov

Package: grub-legacy
Version: 0.97-79
Severity: Normal

 After upgrade grub-legacy from 0.97-78 to 0.97-79 installation fails
 with message "Error 134633601: Error while parsing number":

-
grub> root (hd0,0)
root (hd0,0)
 Filesystem type is ext2fs, partition type 0x8065e03
grub> setup (hd0)
setup (hd0)
 Checking if "/boot/grub/stage1" exists... no
 Checking if "/grub/stage1" exists... yes
 Checking if "/grub/stage2" exists... yes
 Checking if "/grub/e2fs_stage1_5" exists... yes
 Running "embed /grub/e2fs_stage1_5 (hd-141250989)"... failed (this is not 
fatal)
 Running "embed /grub/e2fs_stage1_5 (hd-141250989,-"... failed (this is not 
fatal)
 Running "install /grub/stage1 (hd-141250989) /grub/stage2 p /grub/menu.lst 
"... failed

Error 134633601: Error while parsing number
-

 Observed on all updated hosts (about ten in my own). Rollback to 0.97-78
 resolves the problem (with the same config files).

 Package versions:

ii  grub-legacy0.97-79  amd64GRand Unified Bootloader (Legacy 
version)
ii  grub-common2.04-20  amd64GRand Unified Bootloader (common 
files)
ii  libc6-i386 2.33-1   amd64GNU C Library: 32-bit shared 
libraries for AMD64

 Debian version: Debian GNU/Linux bookworm/sid (64bit)
-- 
 Eugene Berdnikov

Bug#1003007: libvirt-php FTBFS with PHP 8.1

2022-01-02 Thread Adrian Bunk

Source: libvirt-php
Version: 0.5.5-3
Severity: serious
Tags: ftbfs bookworm sid

https://buildd.debian.org/status/fetch.php?pkg=libvirt-php=amd64=0.5.5-3%2Bb1=1641147267=0

...
In file included from ../../src/libvirt-php.c:19:
../../src/libvirt-php.h:161:26: error: expected ‘;’, ‘,’ or ‘)’ before 
‘TSRMLS_DC’
  161 | void set_error(char *msg TSRMLS_DC);
  |  ^
../../src/libvirt-php.h:162:35: error: expected ‘;’, ‘,’ or ‘)’ before 
‘TSRMLS_DC’
  162 | void set_error_if_unset(char *msg TSRMLS_DC);
  |   ^
../../src/libvirt-php.h:163:1: warning: parameter names (without types) in 
function declaration
  163 | void reset_error(TSRMLS_D);
  | ^~~~
...

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

2022-01-02 Thread Moritz Muehlenhoff

On Sun, Jan 02, 2022 at 06:53:51PM +0100, Mattia Rizzolo wrote:
> Correlated, do you know how long do they plan on keeping using python2?
> That's plainly unsuitable, it really is not going to last much longer in
> debian.

Current state of the Python 3 upstream migration can be found here:
https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/python3_migration.md

So it sounds like it's almost ready except tests. But the migration
doesn't seem like a top priority either, 
https://bugs.chromium.org/p/chromium/issues/detail?id=941669
dates back to March 2019...

Cheers,
Moritz

Bug#992649: run-parts in /usr/bin breaks systemd-cron

2022-01-02 Thread Alexandre Detiste

Hi,

I found this bug by luck.
I miss the context (why ? UsrMerge ?)

I can build systemd-cron like this during the transition:

./configure --runparts="/usr/bin/env run-parts"

Greetings,

Alexandre Detiste

Bug#1003006: graphviz: please migrate Recommends fonts-liberation to fonts-liberation2

2022-01-02 Thread Martin-Éric Racine

Package: graphviz
Version: 2.42.2-5
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please migrate the Recommends on fonts-liberation to fonts-liberation2.

Thanks!

- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/8 CPU threads)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages graphviz depends on:
ii  libc6  2.33-1
pn  libcdt5
pn  libcgraph6 
ii  libexpat1  2.4.2-1
ii  libgd3 2.3.0-2
ii  libglib2.0-0   2.70.2-1
pn  libgts-0.7-5   
pn  libgvc6
pn  libgvpr2   
pn  liblab-gamut1  
ii  libx11-6   2:1.7.2-2+b1
pn  libxaw7
pn  libxmu6
pn  libxt6 

Versions of packages graphviz recommends:
pn  fonts-liberation  

Versions of packages graphviz suggests:
pn  graphviz-doc  
pn  gsfonts   

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmHR6LsACgkQrh+Cd8S0
17bY7BAAhD+QAUuA4J+RbMonwWzR7srTapAgZlLz0YMqTevLE8cXuW+aKJPXVsj7
nCz1CVzCwjt77tuvalN2ZZjSDfs081+fQ82bq4oS5aQC3rfviy38r+/J8ljYBzoS
e5ZtlMv11UCrSBy1A/71w4jFA+LVi8sTuxQ7yYX0uhNtxIca9vnnsQ5RyQkjXeZj
5chXAuMe9VsqmGOPF/8K1+HKnRQN7hfNizRGWN2KcqAO7PD/M+dp5mHymV+3f5oK
mSuJAXz85/OPEL6zB502TSCe2GpBapSMCAMbJj+aCtbWTKc0FZ3080NywMaFjQQq
rp5bILv/2ePitPnS4YsVmS2eo4a+m+P2TXB/YpFppw4YXf62ojyM/FwTWDcZo6fC
1z/7GPJ3J31SNDFuqV5gBLbV7IBmw4vCrCQNysMe4jlKCrZcj5AU4MXDnrKngkwk
1qjRrNdsGrX8YJmjxemR6XyWnwf67UGGYevdf5AR4bC4lG6oUSG2e+ZIVEKPxqFG
vrfUrk+nUa0iHRYEnxiVzWfc/QkAPPlHnbZuK4XK0T2QDGyDAVDiO/Lx6LlNuXFP
RxgJ8W4W5ERjPoikYOwERclfChuvtKUU3TzKQ6vlv/iSCazHrbpSpreO0JezwrkM
VEiTyuR3voUPTrMSlI5vOwGAubGc+8/yfuXAcVBqjmx7lTLEfW8=
=exER
-END PGP SIGNATURE-

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

2022-01-02 Thread Mattia Rizzolo

On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> > I've got 96.0.4664.110 building on both bullseye and sid

Trying it, I see it still build-depends on python-jinja2.  That package
is now gone, so it's not actually buildable in sid anymore.

Correlated, do you know how long do they plan on keeping using python2?
That's plainly unsuitable, it really is not going to last much longer in
debian.

> > the v96 branch of https://salsa.debian.org/dilinger/chromium

FWIW, I'm trying to build it myself as well (after injecting an old
python-jinja2 and an old python-markupsafe).

> Alright, crashes are solved and the packages are now usable. After some
> cleanups (listing CVEs in changelogs,

This doesn't seem to be done as of the current tip of you v96 branch.

> merging/pushing a bunch of
> commits in my branch, possibly dropping strong stack protection from
> builds to silence warnings from older clang versions, and going through
> lintian errors/warnings), it should be ready to upload.

TBH, I don't think I am able to judge the appropriateness of most of
those changes...
Though I suspect I could close most of my eyes and upload it to
unstable: can't be much worse than what we have...

> How should I handle this? NMU to sid, let people try it out, and then
> deal with buster/bullseye? Upload everything all at once?

Procedure would be NMU to unstable first, IMHO.

> I also haven't heard from anyone on the chromium team yet - should I
> add myself as an uploader and do a normal (non-NMU) upload? Do any of
> them care?

Without hearing from them, adding yourself to Uploaders would be
inappropriate.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

signature.asc
Description: PGP signature

Bug#916749: systemd-cron: Tries to launch unreachable commands

2022-01-02 Thread Alexandre Detiste

control: reassign -1 dma

Hi,

This looks more like normal behaviour.

tchet@brix ~ $ [ -x /usr/sbin/dma ] && /usr/sbin/dma -q1
tchet@brix ~ $ echo $?
1

The crontab should maybe have been written this way, to always return "true".

[ -x /usr/sbin/dma ] && /usr/sbin/dma -q1 || true


I'm assigningg the bug to "dma".
dma maintainers can close it if they feel so.

Greetings,


Package: systemd-cron
Version: 1.5.14-2
Severity: important

Dear Maintainer,

I just switched from cron to systemd cron. I now have every 5 mintes
following email :

* cron-dma-root-0.service - [Cron] "*/5 * * * * root [ -x
/usr/sbin/dma ] && /usr/sbin/dma -q1"
   Loaded: loaded (/etc/cron.d/dma; generated)
   Active: failed (Result: exit-code) since Tue 2018-12-18 09:10:03
CET; 74ms ago
 Docs: man:systemd-crontab-generator(8)
  Process: 8569 ExecStart=/bin/sh
/run/systemd/generator/cron-dma-root-0.sh (code=exited,
status=1/FAILURE)
 Main PID: 8569 (code=exited, status=1/FAILURE)

Dec 18 09:10:03 ot-fixe-008 systemd[1]: Starting [Cron] "*/5 * * * *
root [ -x /usr/sbin/dma ] && /usr/sbin/dma -q1"...
Dec 18 09:10:03 ot-fixe-008 systemd[1]: cron-dma-root-0.service: Main
process exited, code=exited, status=1/FAILURE
Dec 18 09:10:03 ot-fixe-008 systemd[1]: cron-dma-root-0.service:
Failed with result 'exit-code'.
Dec 18 09:10:03 ot-fixe-008 systemd[1]: Failed to start [Cron] "*/5 *
* * * root [ -x /usr/sbin/dma ] && /usr/sbin/dma -q1".
Dec 18 09:10:03 ot-fixe-008 systemd[1]: cron-dma-root-0.service:
Triggering OnFailure= dependencies.

/usr/sbin/dma does not exist, thus the action should not be executed.

Bug#1002738: Info received (Bug#1002738: redis-server: Default systemd unit file system protection settings prevent writing of logfiles, crashing redis)

2022-01-02 Thread Chris Lamb

Hi Johannes,

> TLDR, if you want, feel free to close this ticket, I'll reopen it if
> something changes downstream.

Thanks for your mail. I'm happy to keep this bug open in case
something comes up, but I'm not sure what I would do if we could
definitively demonstrate a bug in Redis' unit file.

That is to say, the only solution (whatever the cause might turn out
to be) would seem to be to remove all of the hardening features from
the unit file... hardly the right solution here. :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#715900: Bug fixed!

2022-01-02 Thread 肖盛文



在 2022/1/2 16:21, Hu Zheng 写道:

See:
https://gitee.com/huzheng/stardict-3.0.7/commit/d9d480bdae9c6a95df1662f4a4a34d9de57d78f4


The bug still partly exist:

atzlinux@debian:/tmp/ec50-report/crash$ 
/usr/lib/stardict-tools/fest2dict asdfasd

Segmentation fault
atzlinux@debian:/tmp/ec50-report/crash$ echo $?
139


This is fixed:

atzlinux@debian:/tmp/ec50-report/crash$ echo asdasdf > /tmp/a
atzlinux@debian:/tmp/ec50-report/crash$ 
/usr/lib/stardict-tools/fest2dict /tmp/a

atzlinux@debian:/tmp/ec50-report/crash$ echo $?
0

also see: 
https://gitee.com/huzheng/stardict-3.0.7/commit/d9d480bdae9c6a95df1662f4a4a34d9de57d78f4#note_8137981




OpenPGP_0x00186602339240CB.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1003005: elkcode FTBFS with libxc 5.1.7

2022-01-02 Thread Adrian Bunk

Source: elkcode
Version: 6.3.2-2
Severity: serious
Tags: ftbfs bookworm sid
Control: close -1 7.2.42-1

https://buildd.debian.org/status/package.php?p=elkcode=sid

...
mpif90 `dpkg-buildflags --get FFLAGS` `dpkg-buildflags --get CPPFLAGS` -Wall 
-ffast-math -funroll-loops -fopenmp -fallow-argument-mismatch `dpkg-buildflags 
--get LDFLAGS` -o elk modmain.o modmpi.o libxc_funcs.o libxc.o libxcifc.o 
modxcifc.o modfxcifc.o moddftu.o modrdm.o modphonon.o modscdft.o modtest.o 
modrandom.o modstore.o modpw.o modvars.o modtddft.o modgw.o modulr.o modjx.o 
modomp.o mkl_stub.o mkl_init.o oblas_stub.o oblas_init.o blis_stub.o 
blis_init.o w90_stub.o modw90.o zfftifc_fftw.o elk.o zbsht.o zfsht.o rbsht.o 
rfsht.o projsbf.o fsmooth.o nfftifc.o rfinp.o splint.o spline.o wsplint.o 
wsplintp.o splintwp.o sphcover.o r3frac.o genvsig.o gencfun.o zfpack.o 
addlorbcnd.o rfint.o sortidx.o gengkvec.o pade.o pades.o rfint0.o zfinp.o 
symrvf.o genapwfr.o rfcopy.o rhomagsh.o genylmg.o olpaa.o readfermi.o factr.o 
writechg.o zflmconj.o rminv.o zminv.o rlmrot.o rotrflm.o ztorflm.o rotzflm.o 
rfmtlm.o genzrm.o gensfacgp.o zmctmu.o zmctm.o hmlfv.o olpfv.o axangsu2.o 
checkmt.o symrf.o z2mm.o z2mctm.o z2mmct.o writefermi.o findnjcmax.o findscq.o 
plot1d.o plot2d.o plot3d.o hmllolo.o olprad.o occupy.o findkpt.o zfmtint.o 
rotrfmt.o forcek.o eveqnfvr.o findsym.o genvbmatk.o wigner3jf.o wigner6j.o 
mixbroyden.o zftrf.o gensocfr.o getcfgq.o wigner3j.o moke.o sfacinit.o 
sfacrho.o sfacmag.o gradwfcr2.o symrvfmt.o oepmain.o oepresk.o oepvcl.o 
oepvclk.o dbxcplot.o writehmlbse.o hmldbse.o hmldbsek.o dielectric_bse.o 
genidxbse.o writeevbse.o genwfpw.o writewfpw.o getwfpw.o genexpmat.o elnes.o 
potefield.o eulerrot.o fermisurfbxsf.o symmetry.o findsymcrys.o findsymsite.o 
plotpt1d.o writedos.o findprimcell.o proj2d.o nonlinopt.o vecplot.o wfcrplot.o 
energykncr.o eveqnss.o gendmatk.o gensdmat.o ggamt_1.o ggair_1.o ggamt_sp_1.o 
ggair_sp_1.o ggamt_2a.o ggair_2a.o ggamt_2b.o ggair_2b.o ggamt_sp_2a.o 
ggair_sp_2a.o ggamt_sp_2b.o ggair_sp_2b.o genspecies.o writeemd.o writeexpmat.o 
rotdmat.o hrmdmat.o reademd.o emdplot.o rfhkintp.o emdplot3d.o emdplot2d.o 
emdplot1d.o plotpt3d.o plotpt2d.o writeevsp.o torque.o ssfsmjx.o wxcplot.o 
effmass.o genlmirep.o ssfext.o sstask.o spiralsc.o genscss.o genfspecies.o 
writespecies.o exxengy.o exxengyk.o xc_c_tb09.o elfplot.o potplot.o mae.o 
writestate.o readstate.o rotaxang.o axangrot.o dmatls.o gendmat.o numlist.o 
sbesseldm.o genvchi0.o genspchi0.o vclcore.o hmlxbse.o hmlxbsek.o genvmatk.o 
writeepsinv.o putepsinv.o curden.o curdenk.o hflocal.o dielectric.o bdipole.o 
roteuler.o lopzflm.o eveqnfvz.o rhomag.o hmlaa.o hmlalo.o gencore.o gentau.o 
gentauk.o hmlistl.o olpistl.o gengclg.o hmlrad.o rhonorm.o rfmtsm.o olplolo.o 
genshtmat.o allatoms.o rtozflm.o rtozfmt.o gauntyry.o fderiv.o moment.o 
sctovec.o match.o writeinfo.o rfpack.o gaunt.o readinput.o ztorfmt.o 
putevecfv.o zfmtinp.o zfcmtinp.o writelinen.o writekpts.o rfmtinp.o brzint.o 
rhocore.o writelat.o mtdmin.o atpstep.o potcoul.o zfmtconj.o symrfmt.o 
putpmat.o eveqnz.o olpalo.o checkfsm.o rhoplot.o potnucl.o potxc.o erf.o 
gradzf.o writegeom.o linengy.o bandstr.o gengvc.o gengclq.o closefiles.o 
writefsm.o eveqn.o rhomagk.o factnm.o atom.o radnucl.o charge.o genrmesh.o 
genapwlofr.o wavefmt.o genzrho.o potks.o sbessel.o clebgor.o hermite.o 
findband.o genbs.o gencfrc.o genws.o chargemt.o gndstate.o addbfsm.o initoep.o 
orthevsv.o fermisurf.o findswidth.o gradrf.o dos.o gradzfmt.o nuclei.o 
writesym.o zftzf.o polynm.o rdirac.o zfmtftoc.o rfmtftoc.o gradrfmt.o 
genzvclmt.o getevalfv.o mixlinear.o gengvec.o putevalfv.o rfmtpack.o zfmtpack.o 
writestrain.o writeforces.o r3mv.o r3mtv.o r3cross.o r3minv.o r3mdet.o r3mm.o 
r3mtm.o r3mmt.o r3vo.o symvec.o curdenplot.o hartfock.o eveqnhf.o zpotclmt.o 
genlofr.o rfinpc.o eveqnit.o genzfrm.o gengqrf.o writepmat.o genwfsv.o 
writelsj.o writesf.o rzfinp.o genjlgprmt.o gridsize.o sphcrd.o writeiad.o 
readspecies.o i3mtv.o writeeval.o i3minv.o i3mdet.o genevfsv.o getpmat.o 
timesec.o mixpack.o mixerifc.o symmat.o rhoinit.o maginit.o rvfcross.o 
eveqnfv.o energynn.o rfinterp.o rfplot.o geomopt.o ylmroty.o ylmrot.o gcd.o 
sdelta.o stheta.o sdelta_mp.o stheta_mp.o sdelta_fd.o stheta_fd.o sdelta_sq.o 
stheta_sq.o sdelta_lr.o stheta_lr.o mossbauer.o gentpmae.o symveca.o massnucl.o 
wavefcr.o gradwf2.o geomplot.o findngkmax.o reciplat.o genrlmv.o genvmat.o 
putoccsv.o getoccsv.o curlrvf.o latvstep.o energy.o delevec.o rdiracint.o 
rzfmtinp.o genstrain.o genstress.o writestress.o rschrodint.o mixadapt.o 
genffacgp.o genidxlo.o writeengy.o genpmatk.o putevecsv.o getevecsv.o 
writegclq.o putevalsv.o genppts.o force.o vecfbz.o rfirsm.o gengclgq.o 
findsymlat.o grad2rfmt.o findqpt.o zftwfir.o symrfir.o symrvfir.o getevalsv.o 
genjlgpr.o init0.o init1.o init2.o init3.o init4.o genpmat.o putkmat.o 
getkmat.o genkmat.o genexpmt.o epsinv.o getevecfv.o zfmtctof.o wfplot.o 
straingkq.o symdmat.o genylmv.o nesting.o eveqnsv.o

Bug#715859: Bug fixed!

2022-01-02 Thread 肖盛文


Control: tags -1 pending


Thanks you for fix this bug in upstream!


在 2022/1/2 16:14, Hu Zheng 写道:

See:
https://gitee.com/huzheng/stardict-3.0.7/commit/d9d480bdae9c6a95df1662f4a4a34d9de57d78f4





Hu Zheng

13017203...@139.com

电子名片新出VIP模板啦，快来体验>> 

扫描二维码添加名片到手机

扫一扫,

快速添加名片到手机


--
肖盛文 xiao sheng wen Faris Xiao
微信(wechat)：atzlinux
《铜豌豆 Linux》https://www.atzlinux.com
基于 Debian 的 Linux 中文 桌面 操作系统
Debian QA page:https://qa.debian.org/developer.php?login=atzlinux%40sina.com
GnuPG Public Key: 0x00186602339240CB



OpenPGP_0x00186602339240CB.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002975: capnproto: please migrate capnproto 0.8.0 from experimental to unstable -> testing

2022-01-02 Thread tony mancill

On Sat, Jan 01, 2022 at 05:12:15PM -0800, tony mancill wrote:

Transition request is #1003004.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003004

Bug#1003004: transition: capnproto

2022-01-02 Thread tony mancill

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi Release Team,

capnproto 0.8.0 has been in experimental for over a year now [1], so
there is already an auto-transition page [2].

All of the reverse dependencies *except* for clickhouse should smoothly.
clickhouse [3] is FTBFS against 0.8.0, but the package has already been
removed from testing due to FTBFS against gcc 11 [4].  Given that
clickhouse isn't receiving much attention and we have received requests
to update captnproto, we would like to proceed with the transition.

Thank you,
tony

[1] https://tracker.debian.org/pkg/capnproto
[2] https://release.debian.org/transitions/html/auto-capnproto.html
[3] https://tracker.debian.org/pkg/clickhouse
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996130

Ben file:

title = "capnproto";
is_affected = .depends ~ "libcapnp-0.7.0" | .depends ~ "libcapnp-0.8.0";
is_good = .depends ~ "libcapnp-0.8.0";
is_bad = .depends ~ "libcapnp-0.7.0";


signature.asc
Description: PGP signature

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

2022-01-02 Thread Karsten

Am 02.01.22 um 16:07 schrieb Matthias Andree:
> Am 02.01.22 um 14:03 schrieb Karsten:
>> Am 02.01.22 um 12:15 schrieb Matthias Andree:
 I am the owner of the domain so nobody is hijacked!
>>> Are you the owner of "mydomain.de" or of the unnamed domain you intended
>>> not to show to the public?
>> Do you want to help with this new certificate issue or discuss the ownership 
>> of domains?
> 
> In this case, the latter. There are dedicated domain names for everyone
> to use for documentation and test purposes,
> https://datatracker.ietf.org/doc/html/rfc6761#section-6.5

Aha - O.K.

>> With the search "install OpenSSL trust store" i could find this article:
>> https://support.code42.com/CP/Admin/On-premises/6/Configuring/Use_OpenSSL_to_install_a_keystore
>> that explains much of the stuff, but not how to use an self-signed 
>> certificate.
> 
> https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list/
> but check the fine print and lower rated comments, too -- for recent
> ca-certificates packages.

Thank you - that is very helpful.

> Basically you can install the self-signed certificate (if you or a
> trusted party signed it, and you have transmitted it over a secure
> channel, for instance, via SFTP or SCP) into the trust store (assuming
> it suits both the TLS server and the signing CA roles - which was set
> when you created it).

Just for understanding - the installation is the public certificate of the 
server,
or must be a special file derived from the private certificate?

>>
>> This worked for more then 5 years with TLS1.2 without any problem.
>> Why this must be a problem now?
> 
> Because "working" does not imply "working safely and securely".

Yes - but the connection was still encrypted and not plain text.
The connection was just not secure against all forms of attacks.

>> Take the example Mozilla and please explain why it works without an "OpenSSL 
>> trust store" ?
> 
> 
> Mozilla applications ship with their own trust store and do not use
> OpenSSL, but incorporate their own TLS library called NSS.

O.K. But how this helps to connect to a server with self-signed certificates?

>> O.K. Then you have no request to this CA-servers for every connect to a 
>> server with a certificate, but every private
>> server is registered there and every client will request the "trust" once to 
>> access the server.
>> So you can made a profil who is using a server. That's the simple goal of it.
> 
> 
> No, where does that access happen? The trust store is local to your
> computer and fetchmail might use your system's DNS resolver (which can
> have privacy implications) and will connect to the servers you point it to.

First you send your certificate to the public CA to sign it.
Then an client must connect the CA to proove that the public certificate is 
correct signed.

Correct or wrong?

> It uses OpenSSL's unless you override that (see man fetchmail for
> --ssl... options).

I promise to take the time to learn this part about using OpenSSL.

> I understand, but too many variables involved and neither of us has time
> for guesswork. I don't know how your CA (even if only implied for that
> certificate) is set up or whatever else is needed, and I don't intend to
> do consulting.

I only used this silly OpenSSL command to generate the self-signed certificate 
and filled the questions OpenSSL asked.
It should not be much more complicate to use a local trust store.

> Figuratively speaking, you need to learn how to fish, not be given the fish.

Fishing get's more and more complex.
But it's true and i must learn it.

>> When this is a standard procedure, why it is not possible to find existing 
>> examples how to handle it?
>> Why it is still possible to fetch Data with TLS1.2 from the FTP-Server 
>> without similar problems?
> 
> fetchmail doesn't do FTP, and FTP is being phased out because it's hard
> to get right with its two connections, active/passive mode,
> firewalls/NAT/conntrack, TLS being added afterwards and I guess it was
> superseded by many other protocols that either tunnel through SSH or use
> one TLS connection, for instance, DAV.

That's the way i thought it is working.
TLS is used to establish a secure encrypted connection and afterwards the rest 
is tunneled through it?
Then it is not crucial how complex the protocol is.
when two or more ports are needed then more secure connections must be 
established.

> It is probably not about TLS version numbers anyways, but generally
> tightened security. You upgraded the entire client system, and that
> brought a lot of changes.
> https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1
> might also be involved.

I have to go through each different service that uses encryption, email, ftp, 
xmpp, etc.
Maybe i will find a general better way to manage the certificates for 
encryption.

Thank you for your invested time!
karsten

Bug#978040: Warning: (9034) "crtbeginS.o" not found (on non-intel architectures)

2022-01-02 Thread Paul Gevers


Hi,

On 02-01-2022 14:29, Abou Al Montacir wrote:
If you check on a porter box for ARM or power PC, you will find only arm 
or ppc related ifdefs.

So it works for all architectures, but not multiarch.


Isn't multiarch only properly working on some combinations anyways? E.g. 
i386 can be multiarch on an amd64 capable computer. And armhf (and 
sometimes armel) can be multiarch on (most) arm64 capable hosts? I 
understood not all combinations currently (or ever) make sense.


I just checked the configuration on armhf and there wasn't a path to gcc 
in the configuration. Shortly after I realized that's probably because 
gcc wasn't installed. So while I checked armel, I installed gcc 
alongside and after dpkg-reconfigure I got this on armel:

"""
#ifdef cpuaarch64
-Fl/usr/lib/gcc/arm-linux-gnueabi/11
#endif
"""
The cpuaarch64 bit part doesn't look correct, maybe that's because this 
is inside an lxc on an arm64 host, so maybe the detection goes wrong.


And then on armel I got:
#ifdef cpuaarch64
-Fl/usr/lib/gcc/arm-linux-gnueabihf/11
#endif

On arm64
#ifdef cpuaarch64
-Fl/usr/lib/gcc/aarch64-linux-gnu/11
#endif

If we can safely suppose that all Debian architectures are using the 
very same GCC version and path, then we can remove the ifdef and have a 
generic path that works for mutiarch with a minimal effort.


But shouldn't the path depend on for which architecture your building?


However, it is true that if a new gcc version is installed after FPC
then the logic will fall down.


Can't we use a wildcard for the version number? I mean, after 11 comes
12 and 13 and ...
The wildcards work but only for one directory level. This means 
/path/to/* and /path/to/prefix*  will work, but not /path/to/*/* or 
/path/to/prefix*/*


Ack.


If this is judged OK, I propose to close this ticket


As long as we have a new fpc in every Debian release, we're fine in
Debian, but e.g. Ubuntu users may experience issues when they carry the
same fpc over to a new version of Ubuntu that comes with a new gcc
version. So I don't think it's nice.
If we can add a trigger then we can run dpkg-reconfigure 
fp-compiler-${VERSION} and get it updated.
I'm not sure your allowed to run dpkg-reconfigure on a trigger as that 
requires admin interaction. That sounds weird. As an admin I wouldn't 
expect my configuration to get updated (when installing an "unrelated" 
package). And we would want to have a trigger on gcc upgrade? I don't 
know how triggers work exactly, but wouldn't gcc need to provide the 
trigger then?


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002376: python-aiosqlite: FTBFS: AttributeError: module 'mistune' has no attribute 'BlockGrammar'

2022-01-02 Thread Benjamin Hof

On Sunday, 02 January 2022, 13:15 +0100, Benjamin Hof wrote:
> compatible to mistune v2

At the moment this is not the case.

Bug#1003003: libqalculate FTBFS on architectures where char is unsigned

2022-01-02 Thread Adrian Bunk

Source: libqalculate
Version: 3.22.0-1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/package.php?p=libqalculate

...
FAIL: unittest
==

[32m
./tests/variables.batch - 11 tests passed

[0m[32m
./tests/units.batch - 13 tests passed

[0m[31m
Mismatch detected at line 42
char(0xD8)
expected ''Ø''
received '"Ø"'

[0mRunning all unit tests

Running unit tests from 'variables.batch'
Running unit tests from 'units.batch'
Running unit tests from 'strings.batch'
FAIL unittest (exit status: 1)


Testsuite summary for libqalculate 3.22.0

# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

See src/test-suite.log

make[4]: *** [Makefile:835: test-suite.log] Error 1

Bug#1002404: borgbackup: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p 3.9 returned exit code 13

2022-01-02 Thread Gianfranco Costamagna

control: close -1
control: severity -1 normal

Hello Lucas, I tried on reproducible builds, and I saw some failures some time 
ago, but I retried today and everything was good.
So I presume something in the build-deps got fixed in the meanwhile?

e.g.

https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/borgbackup_1.1.17-1.rbuild.log.gz

G.

On Wed, 22 Dec 2021 08:50:10 +0100 Lucas Nussbaum  wrote:
> Source: borgbackup
> Version: 1.1.17-1
> Severity: serious
> Justification: FTBFS
> Tags: bookworm sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-20211220 ftbfs-bookworm
> 
> Hi,
> 
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
> 
> 
> Relevant part (hopefully):
> > make[1]: Entering directory '/<>'
> > python3 setup.py build_ext --inplace
> > Detected and preferring liblz4 over bundled LZ4
> > Detected and preferring libb2 over bundled BLAKE2
> > Detected and preferring libzstd over bundled ZSTD
> > Detected and preferring libxxhash over bundled XXHASH
> > running build_ext
> > skipping 'src/borg/algorithms/msgpack/_packer.cpp' Cython extension 
> > (up-to-date)
> > skipping 'src/borg/algorithms/msgpack/_unpacker.cpp' Cython extension 
> > (up-to-date)
> > skipping 'src/borg/compress.c' Cython extension (up-to-date)
> > skipping 'src/borg/crypto/low_level.c' Cython extension (up-to-date)
> > skipping 'src/borg/hashindex.c' Cython extension (up-to-date)
> > skipping 'src/borg/item.c' Cython extension (up-to-date)
> > skipping 'src/borg/chunker.c' Cython extension (up-to-date)
> > skipping 'src/borg/algorithms/checksums.c' Cython extension (up-to-date)
> > skipping 'src/borg/platform/posix.c' Cython extension (up-to-date)
> > skipping 'src/borg/platform/linux.c' Cython extension (up-to-date)
> > skipping 'src/borg/platform/syncfilerange.c' Cython extension (up-to-date)
> > building 'borg.algorithms.msgpack._packer' extension
> > x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g 
> > -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat 
> > -Werror=format-security -g -fwrapv -O2 -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC 
> > -D__LITTLE_ENDIAN__=1 -I/usr/include -I/usr/include -I/usr/include 
> > -I/usr/include -I/usr/include -I/usr/include -I/usr/include/python3.9 -c 
> > src/borg/algorithms/msgpack/_packer.cpp -o 
> > build/temp.linux-x86_64-3.9/src/borg/algorithms/msgpack/_packer.o
> > x86_64-linux-gnu-g++ -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g 
> > -fwrapv -O2 -Wl,-z,relro -Wl,-z,now -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 
> > build/temp.linux-x86_64-3.9/src/borg/algorithms/msgpack/_packer.o -o 
> > /<>/src/borg/algorithms/msgpack/_packer.cpython-39-x86_64-linux-gnu.so
> > building 'borg.algorithms.msgpack._unpacker' extension
> > x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g 
> > -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat 
> > -Werror=format-security -g -fwrapv -O2 -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC 
> > -D__LITTLE_ENDIAN__=1 -I/usr/include -I/usr/include -I/usr/include 
> > -I/usr/include -I/usr/include -I/usr/include -I/usr/include/python3.9 -c 
> > src/borg/algorithms/msgpack/_unpacker.cpp -o 
> > build/temp.linux-x86_64-3.9/src/borg/algorithms/msgpack/_unpacker.o
> > x86_64-linux-gnu-g++ -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g 
> > -fwrapv -O2 -Wl,-z,relro -Wl,-z,now -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 
> > build/temp.linux-x86_64-3.9/src/borg/algorithms/msgpack/_unpacker.o -o 
> > /<>/src/borg/algorithms/msgpack/_unpacker.cpython-39-x86_64-linux-gnu.so
> > building 'borg.compress' extension
> > x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g 
> > -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat 
> > -Werror=format-security -g -fwrapv -O2 -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC 
> > -DBORG_USE_LIBLZ4=YES -DBORG_USE_LIBB2=YES -DBORG_USE_LIBZSTD=YES 
> > -DBORG_USE_LIBXXHASH=YES -DXXH_PRIVATE_API=YES -I/usr/include 
> > -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include 
> > -I/usr/include/python3.9 -c src/borg/compress.c -o 
> > build/temp.linux-x86_64-3.9/src/borg/compress.o
> > x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g 
> > -fwrapv -O2 -Wl,-z,relro -Wl,-z,now -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 
> > build/temp.linux-x86_64-3.9/src/borg/compress.o -llz4 -lzstd -o 
> >

Bug#998244: lists.debian.org: request for debian-math mailing list

2022-01-02 Thread Nilesh Patra

Hi Listmasters,

Gentle ping on this?

Since it has been a while now, and there are interested people, enabling a list 
will help us.
Could you please consider processing the request whenever you have time?

Regards,
Nilesh

On Tue, 14 Dec 2021 15:43:50 + Tobias Hansen  wrote:
> Hi Cord,
> 
> I am also in favor of the creation of this list. I think we could then close 
> down debian-science-sagem...@alioth-lists.debian.net and move these 
> discussions to debian-math.
> 
> Best,
> Tobias
> 
> On Sat, 13 Nov 2021 16:45:48 +0530 "Nilesh Patra"  wrote:
> > Dear list masters,
> > 
> > Since a few people already responded on this bug, and other folks
> > already showed interest in joining the team[1], would you please consider to
> > process this mailing list request now?
> > 
> > [1]: https://lists.debian.org/debian-science/2021/10/msg00034.html
> > 
> > Thanks a lot for your work,
> > Nilesh
> > 
> > 
> 
> 


signature.asc
Description: PGP signature

Bug#1002998: firejail-profiles: telegram-desktop not working with firejail

2022-01-02 Thread Reiner Herrmann

Hi,

On Sun, Jan 02, 2022 at 02:58:26PM +, piorunz wrote:
> Before upgrade to Testing, everything was working fine.
> Something is wrong with firejail profile?
> I request assistance. Thank you.

This sounds similar to this upstream issue:
 https://github.com/netblue30/firejail/issues/4488

This was fixed by adding "whitelist /usr/share/TelegramDesktop"
to the telegram.profile.
Can you please check if that also works for you?

Thanks.

Kind regards,
  Reiner


signature.asc
Description: PGP signature

Bug#1003002: autopkgtest-virt-qemu: Console setup issue on armhf

2022-01-02 Thread Christian Kastner

Package: autopkgtest
Version: 5.19
Severity: normal

It looks as if one of the necessary consoles is not set up properly on
armhf (it worked fine for me on arm64):

$ sudo autopkgtest-build-qemu \
--architecture armhf \
--mirror http://deb.debian.org/debian \
unstable armhf.img

...

$ autopkgtest libocas -- qemu \
--dpkg-architecture armhf \
-d --show-boot \
armhf.img

produces

  | host login: autopkgtest-virt-qemu: DBG: expect: found "'login prompt on 
serial console'"
  | autopkgtest-virt-qemu: DBG: expect: b'ok'
  | autopkgtest-virt-qemu: DBG: setup_shell(): no default shell on hvc1 or ttyS1
  | qemu-system-arm: terminating on signal 15 from pid 1316826 
(/usr/bin/python3)
  | autopkgtest-virt-qemu: DBG: cleanup...
  | : failure: The VM does not start a root shell on ttyS1 or hvc1 
already. The only other supported login mechanism is through --user and 
--password on the guest ttyS0

[By the way, libocas is just a tiny library with no dependencies that I tend to 
use
as a smoke test.]

Best,
Christian

Bug#1002979: FTBFS with camlp5 8.00.02

2022-01-02 Thread Guillaume Brochu

Dear Stéphane,


Many thanks for this report.

This link gives more details about this specific problem with the old
geneweb 6.08:
https://issueexplorer.com/issue/camlp5/camlp5/82

The solution would be to migrate to geneweb 7 (see also bug #986285 about
the expected migration to geneweb 7).

However, this will require a lot of time to implement & test, since geneweb
7 is very different from geneweb 6.

As a result, geneweb might be removed from testing for some weeks or months
following the landing of the new ocaml/camlp5 in unstable.

With best regards,


Guillaume Brochu


Le dim. 2 janv. 2022 à 00:12, Stéphane Glondu  a écrit :

> Source: geneweb
> Version: 6.08+git20181019+dfsg-3
> Severity: important
> Tags: ftbfs
>
> Dear Maintainer,
>
> Your package FTBFS with camlp5 8.00.02 with the following error:
> > camlp5r pa_extend.cmo q_MLast.cmo -o pa_macro5.ppo pa_macro5.ml
> > File "pa_macro5.ml", line 162, characters 51-52:
> > While expanding quotation "patt":
> > Parse error: end of input expected after [patt] (in [patt_eoi])
>
> This was discovered while preparing the transition to OCaml 4.13.1.
>
> Packages rebuilt with OCaml 4.13.1 are available at:
>
>   https://ocaml.debian.net/transitions/ocaml-4.13.1/
>
>
> Cheers,
>
> --
> Stéphane
>
> -- System Information:
> Debian Release: bookworm/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE
> not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>

Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)

2022-01-02 Thread Michael Biebl


On 02.01.22 16:12, Tobias Frost wrote:


Filesystem ia an ext4 on a lvm, backed by a raid1.


Does the file system support xattr and acl?




OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002961: [Pkg-pascal-devel] Bug#1002961: src:castle-game-engine: fails to migrate to testing for too long: FTBFS on armel

2022-01-02 Thread Paul Gevers


Hi Abou,

On 02-01-2022 14:22, Abou Al Montacir wrote:
The issue is that there seem to be a bug in the compiler. However, I'm 
not able to understand what kind of issue and cloud not produce a small 
code that triggers it.


Moreover, it seems that the bug itself is triggered only when running 
the full battery of tests. Then the failing test starts to fail.
If the test is ran alone (after a machine reboot, or after a while) then 
it will succeed, but it one runs it after running the full test suite 
then it will fail systematically.


No clue how to go forward and no enough information to open an upstream 
compiler bug.
Moreover CGE upstream think we should abandon armel (and other non 
widely used architectures) as a target for CGE, but I think myself it is 
a good test for the compiler and tend to think we should  keep it.


I agree with you. However, as a Release Team member, I also want to 
prevent packages from being out-of-sync for too long. So, what I suggest 
in this case is to temporarily disable the test on armel until we have 
figured out how to fix the situation. That way the package can migrate 
to testing, without making the situation much worse there.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

2022-01-02 Thread Karsten

Am 02.01.22 um 15:28 schrieb Matthias Andree:
>>> Untrue. Messages were fetched without proper protection from
>>> MITM/eavesdropping attacks, unless you were using *other* options to
>>> ensure authenticity of the server. Which I doubt, else you would have
>>> asked specific questions about fetchmail options.
>> That's true - but you change the privacy with an voluntary registration at 
>> an CA-authority.
> 
> I don't see anyone suggested that, but tell me how...

It started with Internet browsers wanting confirmation every time an https 
certificate is not publicly verifiable.
The key point of surveillance is to get people to disclose private 
communications and servers.

For example, with Tor, all traffic goes through only one or a few outbound 
servers, so it's easy to see who is using
such evil technology. Packets can be correlated over the time.

>> The people that can make MITM/eavesdropping attacks can fake an CA-authority 
>> too.
> 
> ...that CA certificate would make it into your trust store. There used
> to be ill-advised instructions by fourth parties that gave the wrong
> advise to download and storing the server's certificate into the trust
> store. If the faked CA authority certificate is not in your trust store,
> certificate validation will flag the missing trust anchor or issue
> "self-signed certificate" errors.

This point is not clear.
When you have a copy of the downloaded public certificate you can check against 
it or not?
So when somebody tries to fake the certificate without having the private 
certificate this should be conspicuous.
In this case i understand the sense of this trust store.

> 
> In practice, Linux and BSD distros usually deploy the CAs from Mozilla's
> CA Program https://blog.mozilla.org/security/category/ca-program/ and
> Mozilla have banned CAs that were abusive.

This is definitely a coin with two sides.

>> Do you think it is possible to make thousands of MITM/eavesdropping attacks 
>> parallel for every private server?
> 
> 
> You can safely bet it happens at scale, and million-fold each and every
> day. The question is who will make the faked CA authority trustworthy?

When possible you should check the fingerprint of the used certificate.
After checking this certificate and connection can be trusted. Right?

> Company networks with malware-scanning outside proxies, free WiFi sites,
> you name it.
> 
> You don't verify, you don't know.

Not for every website of course, but for a private account that is used daily.

>> Can you please recommend *other* options to ensure more security with self 
>> signed certificates?
> 
> See my previous messages, put the CA certificate (not private key) that
> signed your server's certificate into the OpenSSL trust store of the
> computer running fetchmail, or into a local place that you point
> fetchmail to. That won't work without reading documentation on how
> certification chains and trust delegation work. In the Debian world,
> things revolve around update-ca-certificates from the ca-certificates
> package.

Is there any documentation for DAU's (dumbest presumed user) out there?
With examples how to use it?

> That's not what I wrote, but the logic you refer to is why fetchmail 6.4
> - finally - forbids unverified certificates by default.
> Meaning: No more connection to sites with incomplete certification
> chains or where the certification chain cannot be anchored to a trusted CA.

I agree (in the meantime) that this is a useful pedagogical method. :-)

>> Why have older fetchmail versions made proper trust verification optional? 
>> :-)
> 
> 6.3 appeared in 2005, before E. Snowden hat blown the whistle and before
> web browsers started to flag sites with unverified certification chains
> as insecure - and 6.3.X has kept compatibility and defaults.

That was good for users like me.

> Before this turns into more gossip, I propose to close the bug report
> now. Do that by replying to 1002910-cl...@bugs.debian.org instead of the
> 1002910@ address.

Yes - this is a feature and not a bug.
But it would be still wonderful if the lazy users have a chance to use 
encryption without studying documentation for weeks.

Cheers
karsten

Bug#1002999: ftp.debian.org: RM: cairodevice -- ROM: Retired upstream

2022-01-02 Thread Dirk Eddelbuettel



retitle -1 RM: r-cran-cairodevice -- ROM: Retired upstream
thanks

Somehow I mess the form up more often than not with the emacs helper
debian-bug being a little out of whack. Sorry about that.

Dirk

On 2 January 2022 at 09:00, Dirk Eddelbuettel wrote:
| 
| Package: ftp.debian.org
| Severity: normal
| 
| The cairoDevice package (source cairodevice for us, binary
| r-cran-cairodevice) was the first 'Cairo' device for R, it has been replaced
| by the actively maintained 'Cairo' package (r-cran-cairo for us).  It was now
| retired at CRAN. We should remove it too.
| 
| The only reverse depends is a meta package.
| 
| Dirk
| 
| --
| https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

-- 
https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)

2022-01-02 Thread Tobias Frost

On Sun, Jan 02, 2022 at 03:24:57PM +0100, Michael Biebl wrote:
> 
> Control: tags -1 + moreinfo unreproducible
> 
> On 02.01.22 14:52, Tobias Frost wrote:
> 
> > Please let me know if there are additional details I could supply.
> > 
> 
> 
> Can you provide steps how to reproduce the issue?

> More details how the container is constructed, which fs is used etc. might
> help as well.

When I find a way to reproduce, I'll let you know.

I ran into it by "apt upgrade" after changing sources.list from buster to 
bullseye.
The container created with debootstrap, possibly a stretch release at that 
debootstrap time (IIRC).

Filesystem ia an ext4 on a lvm, backed by a raid1.

> What does
> SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create --prefix /var/log/journal
> say?

thecus:/home/tobi# machinectl shell ubiquiti
Connected to machine ubiquiti. Press ^] three times within 1s to exit session.
root@thecus:~# SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create --prefix 
/var/log/journal
Looking for configuration files in (higher priority first):
/etc/tmpfiles.d
/run/tmpfiles.d
/usr/local/lib/tmpfiles.d
/usr/lib/tmpfiles.d
/lib/tmpfiles.d
SELinux enabled state cached to: disabled
Skipping overridden file '/usr/lib/tmpfiles.d/screen-cleanup.conf'.
Reading config file "/usr/lib/tmpfiles.d/dbus.conf"…
Entry "/var/lib/dbus" does not match any include prefix, skipping.
Entry "/var/lib/dbus/machine-id" does not match any include prefix, skipping.
Reading config file "/usr/lib/tmpfiles.d/debian.conf"…
Entry "/run/shm" does not match any include prefix, skipping.
Entry "/run/sendsigs.omit.d" does not match any include prefix, skipping.
Entry "/etc/mtab" does not match any include prefix, skipping.
Reading config file "/usr/lib/tmpfiles.d/home.conf"…
Entry "/home" does not match any include prefix, skipping.
Entry "/srv" does not match any include prefix, skipping.
Reading config file "/usr/lib/tmpfiles.d/journal-nocow.conf"…
Entry "/var/log/journal" matches include prefix "/var/log/journal".
Entry "/var/log/journal/0168a64537e84260bcb1172567dbc16e" matches include 
prefix "/var/log/journal".
Entry "/var/log/journal/remote" matches include prefix "/var/log/journal".
Reading config file "/usr/lib/tmpfiles.d/legacy.conf"…
Entry "/var/lock" does not match any include prefix, skipping.
Entry "/run/lock/subsys" does not match any include prefix, skipping.
/usr/lib/tmpfiles.d/legacy.conf:24: Ignoring entry r! "/forcefsck" because 
--boot is not specified.
/usr/lib/tmpfiles.d/legacy.conf:25: Ignoring entry r! "/fastboot" because 
--boot is not specified.
/usr/lib/tmpfiles.d/legacy.conf:26: Ignoring entry r! "/forcequotacheck" 
because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/passwd.conf"…
/usr/lib/tmpfiles.d/passwd.conf:3: Ignoring entry r! "/etc/gshadow.lock" 
because --boot is not specified.
/usr/lib/tmpfiles.d/passwd.conf:4: Ignoring entry r! "/etc/shadow.lock" because 
--boot is not specified.
/usr/lib/tmpfiles.d/passwd.conf:5: Ignoring entry r! "/etc/passwd.lock" because 
--boot is not specified.
/usr/lib/tmpfiles.d/passwd.conf:6: Ignoring entry r! "/etc/group.lock" because 
--boot is not specified.
/usr/lib/tmpfiles.d/passwd.conf:7: Ignoring entry r! "/etc/subuid.lock" because 
--boot is not specified.
/usr/lib/tmpfiles.d/passwd.conf:8: Ignoring entry r! "/etc/subgid.lock" because 
--boot is not specified.
Reading config file "/etc/tmpfiles.d/screen-cleanup.conf"…
Entry "/run/screen" does not match any include prefix, skipping.
Reading config file "/usr/lib/tmpfiles.d/systemd-nologin.conf"…
/usr/lib/tmpfiles.d/systemd-nologin.conf:11: Ignoring entry F! "/run/nologin" 
because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/systemd-pstore.conf"…
Entry "/var/lib/systemd/pstore" does not match any include prefix, skipping.
Reading config file "/usr/lib/tmpfiles.d/systemd-tmp.conf"…
Entry "/tmp/systemd-private-7ca11069754049cab705a4d6f1b76e98-*" does not match 
any include prefix, skipping.
Entry "/tmp/systemd-private-7ca11069754049cab705a4d6f1b76e98-*/tmp" does not 
match any include prefix, skipping.
Entry "/var/tmp/systemd-private-7ca11069754049cab705a4d6f1b76e98-*" does not 
match any include prefix, skipping.
Entry "/var/tmp/systemd-private-7ca11069754049cab705a4d6f1b76e98-*/tmp" does 
not match any include prefix, skipping.
/usr/lib/tmpfiles.d/systemd-tmp.conf:17: Ignoring entry R! 
"/tmp/systemd-private-*" because --boot is not specified.
/usr/lib/tmpfiles.d/systemd-tmp.conf:18: Ignoring entry R! 
"/var/tmp/systemd-private-*" because --boot is not specified.
Entry "/var/lib/systemd/coredump/.#core*.7ca11069754049cab705a4d6f1b76e98*" 
does not match any include prefix, skipping.
/usr/lib/tmpfiles.d/systemd-tmp.conf:23: Ignoring entry r! 
"/var/lib/systemd/coredump/.#*" because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/systemd.conf"…
Entry "/run/user" does not match any include prefix, skipping.

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

2022-01-02 Thread Matthias Andree

Am 02.01.22 um 14:03 schrieb Karsten:

Am 02.01.22 um 12:15 schrieb Matthias Andree:

I am the owner of the domain so nobody is hijacked!

Are you the owner of "mydomain.de" or of the unnamed domain you intended
not to show to the public?

Do you want to help with this new certificate issue or discuss the ownership of
domains?

In this case, the latter. There are dedicated domain names for everyone
to use for documentation and test purposes,
https://datatracker.ietf.org/doc/html/rfc6761#section-6.5

With the search "install OpenSSL trust store" i could find this article:
https://support.code42.com/CP/Admin/On-premises/6/Configuring/Use_OpenSSL_to_install_a_keystore
that explains much of the stuff, but not how to use an self-signed certificate.

https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list/
but check the fine print and lower rated comments, too -- for recent
ca-certificates packages.

Basically you can install the self-signed certificate (if you or a
trusted party signed it, and you have transmitted it over a secure
channel, for instance, via SFTP or SCP) into the trust store (assuming
it suits both the TLS server and the signing CA roles - which was set
when you created it).

This worked for more then 5 years with TLS1.2 without any problem.
Why this must be a problem now?

Because "working" does not imply "working safely and securely".

Take the example Mozilla and please explain why it works without an "OpenSSL trust
store" ?

Mozilla applications ship with their own trust store and do not use
OpenSSL, but incorporate their own TLS library called NSS.

Untrue. Mozilla's certificates are installed for offline use by Debian,
Fedora, FreeBSD and derived distros under names such as ca-certificates,
ca_root_nss or similar. AFAICS and up to and including OpenSSL 3.0.0,
OpenSSL does not perform Online Certificate Status Protocol (OCSP)
polls, so no calling home involved to date.

O.K. Then you have no request to this CA-servers for every connect to a server
with a certificate, but every private
server is registered there and every client will request the "trust" once to
access the server.
So you can made a profil who is using a server. That's the simple goal of it.

No, where does that access happen? The trust store is local to your
computer and fetchmail might use your system's DNS resolver (which can
have privacy implications) and will connect to the servers you point it to.

Thanks - but now i still have no idea where to search for the trust store of
fetschmail?

It uses OpenSSL's unless you override that (see man fetchmail for
--ssl... options).

Why it is not possible to give the needed commands like before, like
openssl req -x509 -newkey rsa:4096 -keyout /etc/exim4/exim.key.pem -out
/etc/exim4/exim.cert.pem -days 365 -nodes ?

The reason is the lack of understanding what has changed and what must be done
and not to bother you.

I understand, but too many variables involved and neither of us has time
for guesswork. I don't know how your CA (even if only implied for that
certificate) is set up or whatever else is needed, and I don't intend to
do consulting.

Figuratively speaking, you need to learn how to fish, not be given the fish.

When this is a standard procedure, why it is not possible to find existing
examples how to handle it?
Why it is still possible to fetch Data with TLS1.2 from the FTP-Server without
similar problems?

fetchmail doesn't do FTP, and FTP is being phased out because it's hard
to get right with its two connections, active/passive mode,
firewalls/NAT/conntrack, TLS being added afterwards and I guess it was
superseded by many other protocols that either tunnel through SSH or use
one TLS connection, for instance, DAV.

It is probably not about TLS version numbers anyways, but generally
tightened security. You upgraded the entire client system, and that
brought a lot of changes.
https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1
might also be involved.

Bug#1003000: RM: rgtk2 -- ROM: Retired upstream

2022-01-02 Thread Dirk Eddelbuettel



Package: ftp.debian.org
Severity: normal

The RGtk2 package (source rgtk2 for us, binary r-cran-rgtk2) was an important
package in its day in bringing a modern and pretty UI framework to R across
different OS, and I looked after it for 15 years.

It never made the move to Gtk3 though, and usage moved more and more to
dashboard in browsers instead. Consequently, RGtk2 was now retired at
CRAN. We should remove it too.

The only reverse depends is a meta package.

Dirk

--
https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#1002999: ftp.debian.org: RM: cairodevice -- ROM: Retired upstream

2022-01-02 Thread Dirk Eddelbuettel



Package: ftp.debian.org
Severity: normal

The cairoDevice package (source cairodevice for us, binary
r-cran-cairodevice) was the first 'Cairo' device for R, it has been replaced
by the actively maintained 'Cairo' package (r-cran-cairo for us).  It was now
retired at CRAN. We should remove it too.

The only reverse depends is a meta package.

Dirk

--
https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#997748: libcomps: FTBFS: There is a syntax error in your configuration file: Missing parentheses in call to 'print'. Did you mean print(os.environ['LD_LIBRARY_PATH'])? (conf.py, line 23)

2022-01-02 Thread Holger Levsen

On Sun, Jan 02, 2022 at 03:36:11PM +0100, Frédéric Pierret wrote:
> Yes it's enough. I'm already adding it in libcomps. I should upload soon :)

cool! & thank you!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Plastic bottles: made to last forever, designed to throw away.


signature.asc
Description: PGP signature

Bug#1002998: firejail-profiles: telegram-desktop not working with firejail

2022-01-02 Thread piorunz

Package: firejail-profiles
Version: 0.9.66-2
Severity: important
X-Debbugs-Cc: pior...@gmx.com

Dear Maintainer,

I have used telegram-desktop with firejail on Debian 10. Everything was working
fine.
Two days ago, I updated to Debian Testing. System is clean and everything else
is working.
Only telegram-desktop is failing to work with firejail profile.

Terminal output:
$ firejail telegram-desktop
Reading profile /etc/firejail/telegram-desktop.profile
Reading profile /etc/firejail/telegram.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 825717, child pid 825720
Warning: An abstract unix socket for session D-BUS might still be available.
Use --net or remove unix from --protocol set.
Warning: skipping crypto-policies for private /etc
Warning: skipping pki for private /etc
Warning fcopy: skipping /etc/pulse/client.conf.d/01-enable-autospawn.conf,
cannot find inode
Private /etc installed in 13.33 ms
Private /usr/etc installed in 0.00 ms
Child process initialized in 81.10 ms

Parent is shutting down, bye...

Before upgrade to Testing, everything was working fine.
Something is wrong with firejail profile?
I request assistance. Thank you.


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (100, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-2-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firejail-profiles depends on:
ii  firejail  0.9.66-2

firejail-profiles recommends no packages.

firejail-profiles suggests no packages.

-- no debconf information

Bug#999806: pygattlib: Misbuild with multiple supported python versions

2022-01-02 Thread Sascha Steinbiss

Hi Nobuhiro,

[...]
> Python3.10 has been introduced in Ubuntu, and as part of the rebuild
> of packages against 3.10 I noticed that pygattlib misbuilds, linking
> both the python3.9 and python3.10 extensions against the same version
> of libboost_python instead of linking each against the matching
> version.
> 
> The attach patch fixes the build so that each binary extension will
> always be built against the matching libboost_python.

This bug is causing my dependent package gnome-keysign to drop out of
testing soon, so I would be happy to NMU this patch if you are fine with
that. Please let me know if you have any objections, otherwise I will
prepare a NMU in a week or so.

Thanks, and have a happy new year!
Sascha

Bug#997748: libcomps: FTBFS: There is a syntax error in your configuration file: Missing parentheses in call to 'print'. Did you mean print(os.environ['LD_LIBRARY_PATH'])? (conf.py, line 23)

2022-01-02 Thread Frédéric Pierret


Hi,

Le 1/2/22 à 15:10, Holger Levsen a écrit :

hi,

On Sun, Oct 24, 2021 at 01:39:00PM +0200, Lucas Nussbaum wrote:

Source: libcomps
Version: 0.1.15-4
Severity: serious

[...]

During a rebuild of all packages in sid, your package failed to build
on amd64.

[...]

Running Sphinx v4.2.0

Configuration error:
There is a syntax error in your configuration file: Missing parentheses in call 
to 'print'. Did you mean print(os.environ['LD_LIBRARY_PATH'])? (conf.py, line 
23)

make[5]: *** [src/python/docs/CMakeFiles/pydocs.dir/build.make:122: pydocs] 
Error 2


It seems to me we can fix this bug by simply taking the patch from
https://github.com/rpm-software-management/libcomps/commit/5eebd94a7ce855979eb014595256eee17ee6b359

Can someone confirm? I'd be happy to sponsor an upload again :)




Yes it's enough. I'm already adding it in libcomps. I should upload soon :)

Frédéric


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002997: podman: Please provide a default /etc/containers/storage.conf

2022-01-02 Thread Philip

Package: podman
Version: 3.0.1+dfsg1-3+b2
Severity: wishlist

Dear Maintainer,

I had some problems running the dockerized version of the Unifi controller 
jacobalberty/unifi-docker
with podman on Debian.
On a Fedora system, starting the container only takes a few seconds.
On a Debian system, it can take about 5 minutes.

The reason is that on the Fedora system the mount-option metacopy=on
(see  [1] for this mount option) is set for the container overlayfs via a 
default /etc/containers/storage.conf.
That makes quite the difference for this specific image because it does a
`chown unifi:unifi /usr/lib/unifi` during startup.
chown-ing these 6k files is fast with metacopy=on (on Fedora).
Without the option (on Debian), I think the files will be copied instead of 
only their metadata, making it rather slow.

So the solution for me was to copy /etc/containers/storage.conf from a
Fedora system. If anyone has a similar problem, the file can be extracted from 
the
src rpm of the containers-common package which can be downloaded at [2].

IMO it would be useful if Debian would also include a default
/etc/containers/storage.conf.
Thanks for considering this!
However I'm not sure if metacopy=on is a good idea from a security
perspective.

Best
Philip

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon   2.0.25+ds1-1.1
ii  containernetworking-plugins  0.9.0-1+b6
ii  crun 0.17+dfsg-1
ii  golang-github-containers-common  0.33.4+ds1-1
ii  init-system-helpers  1.60
ii  iptables 1.8.7-1
ii  libc62.31-13+deb11u2
ii  libdevmapper1.02.1   2:1.02.175-2.1
ii  libgpgme11   1.14.0-1+b2
ii  libseccomp2  2.5.1-1+deb11u1

Versions of packages podman recommends:
ii  buildah   1.19.6+dfsg1-1+b6
ii  catatonit 0.1.5-2
ii  fuse-overlayfs1.4.0-1
ii  golang-github-containernetworking-plugin-dnsname  1.1.1+ds1-4+b7
ii  slirp4netns   1.0.1-2
ii  uidmap1:4.8.1-1

Versions of packages podman suggests:
pn  containers-storage  
pn  docker-compose  

-- no debconf information


[1]: 
https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html#metadata-only-copy-up
[2]: 
https://kojipkgs.fedoraproject.org//packages/containers-common/1/32.fc35/src/containers-common-1-32.fc35.src.rpm

Bug#999806: pygattlib: diff for NMU version 0~20201113-1.1

2022-01-02 Thread Mattia Rizzolo

Control: tags 999806 + pending


Dear maintainer,

I've prepared an NMU for pygattlib (versioned as 0~20201113-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.


-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
diffstat for pygattlib-0~20201113 pygattlib-0~20201113

 changelog   |8 
 patches/multiple-boost-python.patch |   27 +++
 patches/series  |1 +
 3 files changed, 36 insertions(+)

diff -Nru pygattlib-0~20201113/debian/changelog pygattlib-0~20201113/debian/changelog
--- pygattlib-0~20201113/debian/changelog	2020-12-23 09:44:47.0 +0100
+++ pygattlib-0~20201113/debian/changelog	2022-01-02 15:38:19.0 +0100
@@ -1,3 +1,11 @@
+pygattlib (0~20201113-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix misbuild with multiple supported Python3 versions.  Closes: #999806
+Thanks to Steve Langasek for the patch.
+
+ -- Mattia Rizzolo   Sun, 02 Jan 2022 15:38:19 +0100
+
 pygattlib (0~20201113-1) unstable; urgency=medium
 
   * Initial Release. (Closes: #977950)
diff -Nru pygattlib-0~20201113/debian/patches/multiple-boost-python.patch pygattlib-0~20201113/debian/patches/multiple-boost-python.patch
--- pygattlib-0~20201113/debian/patches/multiple-boost-python.patch	1970-01-01 01:00:00.0 +0100
+++ pygattlib-0~20201113/debian/patches/multiple-boost-python.patch	2022-01-02 15:37:47.0 +0100
@@ -0,0 +1,27 @@
+Description: fix libboost detection with multiple python versions
+ pygattlib always links against the first libboost_python.so it finds.
+ When building for multiple python versions, this is wrong; it should link
+ against the one matching the version of python we're building for.
+Author: Steve Langasek 
+Bug-Debian: https://bugs.debian.org/999806
+Last-Update: 2022-01-02
+
+Index: pygattlib-0~20201113/setup.py
+===
+--- pygattlib-0~20201113.orig/setup.py
 pygattlib-0~20201113/setup.py
+@@ -11,12 +11,8 @@
+ 
+ 
+ def get_boost_version(out=None):
+-if out is None:
+-out = subprocess.check_output(
+-r"ldconfig -p | grep -E 'libboost_python.*\.so '", shell=True)
+-
+-ver = os.path.splitext(out.split()[0][3:])[0].decode()
+-return ver
++return 'boost_python%s%s' \
++% (sys.version_info.major, sys.version_info.minor)
+ 
+ def tests():
+ # case: python3-py3x.so
diff -Nru pygattlib-0~20201113/debian/patches/series pygattlib-0~20201113/debian/patches/series
--- pygattlib-0~20201113/debian/patches/series	1970-01-01 01:00:00.0 +0100
+++ pygattlib-0~20201113/debian/patches/series	2022-01-02 15:37:18.0 +0100
@@ -0,0 +1 @@
+multiple-boost-python.patch


signature.asc
Description: PGP signature

Bug#1001981: [Pkg-privacy-maintainers] Bug#1001981: Bug#1001981: onioncircuits: Doesn't start: Permission denied: '/usr/local/lib/python3.9/dist-packages/usb-0.0.83.dev0.dist-info'

2022-01-02 Thread Sascha Steinbiss

severity 1001981 normal
thanks

FTR: The original reporter confirmed that removing the Python modules in
/usr/local got onioncircuits to start again. So lowering severity as
this is likely not a packaging bug breaking onioncircuits for everyone.

S.

On 23.12.21 12:58, Sascha Steinbiss wrote:
> Hi Richard,
> 
> thanks for your report. Let's see what I can do.
> 
>> clicking then launcher results in no visible action.
> 
> This is just in bullseye? Unfortunately I can't reproduce this,
> onioncircuits opens fine for me.
> 
>> Starting from shell
>> results in this:
>>
>> rz@rz-debian:~$ onioncircuits
> 
>> PermissionError: [Errno 13] Permission denied: 
>> '/usr/local/lib/python3.9/dist-
>> packages/usb-0.0.83.dev0.dist-info'
> 
> This is quite suspicious. There should no Python code installed by
> Debian packages in /usr/local [1]. It looks like something installed
> alongside the Debian-provided Python modules is interfering with
> operation of the pycountry module, which is a dependency of onioncircuits.
> Did you install any Python packages system-wide using pip or other means
> other than Debian packaging, maybe even using sudo? This may leave files
> around with permissions not including the rz user.
> 
> Can you please try uninstalling these files in
> /usr/local/lib/python3.9/dist-packages and try again? Thanks!
> 
> Cheers
> Sascha
> 
> [1] See Policy 9.1.2:
> https://www.debian.org/doc/debian-policy/ch-opersys.html#site-specific-programs
> 
> ___
> Pkg-privacy-maintainers mailing list
> pkg-privacy-maintain...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-privacy-maintainers
>

Bug#1002996: ITP: python-orjson -- fast, correct JSON library for Python

2022-01-02 Thread Agathe Porte


Package: wnpp
Severity: wishlist
Owner: Romain Porte 
X-Debbugs-Cc: debian-de...@lists.debian.org, deb...@microjoe.org, 
debian-fo...@lists.debian.org, debian-r...@lists.debian.org


* Package name    : python-orjson
  Version : 3.6.5
  Upstream Author : ijl 
* URL : https://github.com/ijl/orjson
* License : Apache-2.0 OR MIT
  Programming Lang: Rust
  Description : fast, correct JSON library for Python

This package is added as a dependency to a new release of the gftools
tool maintained by myself in the Debian Fonts Team.

I intent to maintain this package in the Debian Python Team (or Debian 
Rust Team depending on how packaging goes).

Bug#926037: systemd: localectl console keymap configuration delayed

2022-01-02 Thread Michael Biebl


On 02.01.22 14:49, Floris Bos wrote:

On 1/2/22 2:10 PM, Michael Biebl wrote:

On 02.01.22 13:32, Floris Bos wrote:
I recall in some cases it is also necessary to regenerate initramfs 
after a keyboard settings change.


E.g. when LUKS encryption is used and the user needs to be able to 
enter the password to unlock the disks in the console prior to the 
rest of the system being booted.


So just restarting one of the services actually may not be enough.


Well, I'm not yet convinced that doing this in localed is the correct 
place.
After all, if you run dpkg-reconfigure console-setup, it doesn't 
update the initramfs either, or does it?



It does on my Ubuntu box.

Not certain about upstream Debian.


it doesn't



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

2022-01-02 Thread Matthias Andree


Am 02.01.22 um 14:24 schrieb Karsten:

Am 02.01.22 um 12:28 schrieb Matthias Andree:

But it would be helpful for others what must be done to create and install this new 
"client side certificate" that

appears about 2018?

   I think the certificate issue was there right from the beginning.

Definitely no. Mails where fetched for about 5 years without any problem.

Untrue. Messages were fetched without proper protection from
MITM/eavesdropping attacks, unless you were using *other* options to
ensure authenticity of the server. Which I doubt, else you would have
asked specific questions about fetchmail options.

That's true - but you change the privacy with an voluntary registration at an 
CA-authority.



I don't see anyone suggested that, but tell me how...



The people that can make MITM/eavesdropping attacks can fake an CA-authority 
too.



...that CA certificate would make it into your trust store. There used
to be ill-advised instructions by fourth parties that gave the wrong
advise to download and storing the server's certificate into the trust
store. If the faked CA authority certificate is not in your trust store,
certificate validation will flag the missing trust anchor or issue
"self-signed certificate" errors.

In practice, Linux and BSD distros usually deploy the CAs from Mozilla's
CA Program https://blog.mozilla.org/security/category/ca-program/ and
Mozilla have banned CAs that were abusive.



Do you think it is possible to make thousands of MITM/eavesdropping attacks 
parallel for every private server?



You can safely bet it happens at scale, and million-fold each and every
day. The question is who will make the faked CA authority trustworthy?
Company networks with malware-scanning outside proxies, free WiFi sites,
you name it.

You don't verify, you don't know.



Can you please recommend *other* options to ensure more security with self 
signed certificates?


See my previous messages, put the CA certificate (not private key) that
signed your server's certificate into the OpenSSL trust store of the
computer running fetchmail, or into a local place that you point
fetchmail to. That won't work without reading documentation on how
certification chains and trust delegation work. In the Debian world,
things revolve around update-ca-certificates from the ca-certificates
package.




I'm caring about safety and privacy, that's the reason encryption with private 
certificates are used.

Nonsense. That's the reason why fetchmail 6.4.0 finally broke
compatibility with broken sites and finally (far too late) enforces
proper X.509 certificate chains to so-called trust anchors.

Can you explain this a little bit more please?

Using encryption with an self-signed certificate cannot be more nonsense then 
to use no encryption at all.
This makes no sense for me from a logic point.



That's not what I wrote, but the logic you refer to is why fetchmail 6.4
- finally - forbids unverified certificates by default.
Meaning: No more connection to sites with incomplete certification
chains or where the certification chain cannot be anchored to a trusted CA.



Why have older fetchmail versions made proper trust verification optional? :-)



6.3 appeared in 2005, before E. Snowden hat blown the whistle and before
web browsers started to flag sites with unverified certification chains
as insecure - and 6.3.X has kept compatibility and defaults.

Before this turns into more gossip, I propose to close the bug report
now. Do that by replying to 1002910-cl...@bugs.debian.org instead of the
1002910@ address.

Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)

2022-01-02 Thread Michael Biebl



Control: tags -1 + moreinfo unreproducible

On 02.01.22 14:52, Tobias Frost wrote:


Please let me know if there are additional details I could supply.




Can you provide steps how to reproduce the issue?
More details how the container is constructed, which fs is used etc. 
might help as well.


What does
SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create --prefix /var/log/journal
say?


OpenPGP_signature
Description: OpenPGP digital signature

1 2 >

1 - 100 of 143 matches

Mail list logo