Bug#581630: Bug#965491: dictconv: diff for NMU version 0.2-7.1

[Francesco Namuri]

Hello Adrian,
thank you so much.

Francesco

---
.''`. Francesco Namuri
: :' : https://hal.hierax.net/
`. `' «Dave, my mind is going. I can feel it. I'm a ...fraid.»
  `- 4096R/260F0067 - 320D D86E 1E25 6275 B28F  89D7 29CE ADC9 260F 0067

Il 19/01/2022 15:26 Adrian Bunk ha scritto:

Control: tags 581630 + patch
Control: tags 581630 + pending
Control: tags 965491 + patch
Control: tags 965491 + pending

Dear maintainer,

I've prepared an NMU for dictconv (versioned as 0.2-7.1) and uploaded
it to DELAYED/7. Please feel free to tell me if I should cancel it.

cu
Adrian

Bug#1004015: wontfix: supported only on 64bit

[Andreas Tille]

Hi Andrius,

Am Thu, Jan 20, 2022 at 08:31:58AM +0200 schrieb Andrius Merkys:
> Control: tags -1 + wontfix
> 
> ...
> The correct approach would be to limit kallisto architectures to 64bit
> and remove already existing binaries for 32bit. I am planning to do so.

If you plan to do so I wonder why you set this bug "wontfix" instead
of closing the bug with a reduced list of architectures.

Kind regards

 Andreas. 

-- 
http://fam-tille.de

Bug#1004064: apt-cdrom: Cannot convert Size to integer: out of range

[Arnaud Rebillout]

Package: apt
Version: 2.3.14
Severity: normal
User: de...@kali.org
Usertags: origin-kali

Dear Maintainer,

while working on the Kali Linux installer (which is just the Debian
installer with minor modifications), I hit a bug in apt.

The logs I get from the Kali installer go like this:

  base-installer: Writing new source list
  base-installer: Source list entries for this disc are:
  base-installer: deb cdrom:[Kali GNU/Linux rolling ...]/ kali-rolling main
  base-installer: Repeat this process for the rest of the CDs in your set.
  base-installer: E
  base-installer: :
  base-installer: Cannot convert 2538832704 to integer: out of range
  base-installer:
  base-installer: error: error while running apt-cdrom

The error 'Cannot convert ...' comes straight from apt [1]. The number
2538832704 is the size of a very big package in Kali. It's above MAX
INT, so I suspect that somewhere in the apt code, we try to parse Size
as an integer, instead of using a type unsigned long long.

After some more research, I found it:

  apt-pkg/indexcopy.cc
  
  bool PackageCopy::GetFile(string ,unsigned long long )
  {
 File = Section->FindS("Filename");
 Size = Section->FindI("Size");
 if (File.empty() || Size == 0)
return _error->Error("Cannot find filename or size tag");
 return true;
  }

This `FindI` should really be `FindUUL`.

A patch is on the way.

Thanks,

  Arnaud



[1]: https://salsa.debian.org/apt-team/apt/-/blob/main/apt-pkg/tagfile.cc#L770

Bug#1003599: transition: octave

[Rafael Laboissière]

* Sébastien Villemot  [2022-01-18 09:11]:


Le lundi 17 janvier 2022 à 11:03 +0100, Sébastien Villemot a écrit :


Thanks. octave 6.4.0-2 has been uploaded to unstable, and compiled on 
all release architectures.


The recompilation process is almost completed. The only remaining 
problem is octave-tisean which fails to rebuild on s390x (see #874116, 
which is a long-standing issue).


octave-tisean is a leaf package, so I suggest to remove it from 
testing, so that we can complete the transition.


Thanks for taking care of this transition, which went pretty smoothly, 
fortunately. Package octave-tisean is not active upstream since several 
years and it does not look like Bug#874116 is going to be fixed any soon.


Best,

Rafael Laboissière

Bug#1004063: transition: openmm

[Andrius Merkys]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hello,

I would like to request a transition slot for openmm
(experimental -> unstable) due to soname bump. Current ben tracker [1]
is OK, all reverse dependencies build fine.

Thanks,
Andrius

[1] https://release.debian.org/transitions/html/auto-openmm.html

Bug#1004015: wontfix: supported only on 64bit

[Andrius Merkys]

Control: tags -1 + wontfix

The upstream has confirmed kallisto is only supported on 64bit
architectures. This is even written in the requirements [1]. Earlier
versions did not support 64bit too. Interestingly, they used to compile
successfully on 32bit architectures. It is the tests who showcase the
lack of support on 32bit.

The correct approach would be to limit kallisto architectures to 64bit
and remove already existing binaries for 32bit. I am planning to do so.

https://pachterlab.github.io/kallisto/source

Andrius

Bug#931717:

[Rafał Łyziński]

Bug#1004062: offline help (keys, manual, release notes, FAQ)

[Trent W. Buck]

Package: inkscape
Version: 1.1.1-2~bpo11+1
Severity: wishlist

Currently Inkscape's Help menu just opens URLs.

   
https://sources.debian.org/src/inkscape/1.1.1-2%7Ebpo11+1/src/verbs.cpp/#L2051-L2101

My disadvantaged users do not have internet access, so currently they cannot 
get help.
This is already fixed for Help > Tutorials (apt install inkscape-tutorials).
Can this be extended to the rest of the Help menu?

The tutorials come from this repository:

https://gitlab.com/inkscape/inkscape-docs/documentation

Help > Keys comes from that same repository.
Help > Command Line Options comes from that same repository (./man/).

Help > Manual currently points to an third-party manual that is

   * written for the wrong Inkscape version,
   * doesn't support https, and
   * cannot be distributed by Debian (non-commercial clause).

However, there is a new first-party manual which is here:

https://gitlab.com/inkscape/inkscape-docs/manuals

It is available pre-rendered here (only for latest version, not guaranteed to 
be for the version Debian ships):

https://inkscape-manuals.readthedocs.io/en/latest/
https://inkscape-manuals.readthedocs.io/_/downloads/en/latest/pdf/
https://inkscape-manuals.readthedocs.io/_/downloads/en/latest/htmlzip/
https://inkscape-manuals.readthedocs.io/_/downloads/en/latest/epub/



I am happy if "Help > Keys" and "Help > Manual" work offline.
However here are some notes about the other options:

Help > FAQ I think must come from here, but I can't see HOW.

https://gitlab.com/inkscape/inkscape-web/

Help > New In This Version comes from Mediawiki, so is probably annoying.
This may be auto-generated elsewhere; I haven't found evidence of this.

https://wiki.inkscape.org/wiki/Release_notes/1.1

Help > Report a Bug &
Help > Donate are not useful offline.

Help > SVG 1.1 Specification &
Help > SVG 2.0 Specification link to w3.org.
I don't know if it's worth caring about those.

Help > About Memory &
Help > About Inkscape
are already working offline, they are in-app widgets.



-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-0.bpo.2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages inkscape depends on:
ii  libatkmm-1.6-1v5   2.28.0-3
ii  libboost-filesystem1.74.0  1.74.0-9
ii  libc6  2.31-13+deb11u2
ii  libcairo2  1.16.0-5
ii  libcairomm-1.0-1v5 1.12.2-4
ii  libcdr-0.1-1   0.1.6-2
ii  libdbus-glib-1-2   0.110-6
ii  libdouble-conversion3  3.1.5-6.1
ii  libfontconfig1 2.13.1-4.2
ii  libfreetype6   2.10.4+dfsg-1
ii  libgc1 1:8.0.4-3
ii  libgcc-s1  10.2.1-6
ii  libgdk-pixbuf-2.0-02.42.2+dfsg-1
ii  libglib2.0-0   2.66.8-1
ii  libglibmm-2.4-1v5  2.64.2-2
ii  libgomp1   10.2.1-6
ii  libgsl25   2.6+dfsg-2
ii  libgspell-1-2  1.8.4-1
ii  libgtk-3-0 3.24.24-4
ii  libgtkmm-3.0-1v5   3.24.2-2
ii  libharfbuzz0b  2.7.4-1
ii  libjpeg62-turbo1:2.0.6-4
ii  liblcms2-2 2.12~rc1-2
ii  libmagick++-6.q16-88:6.9.11.60+dfsg-1.3
ii  libpango-1.0-0 1.46.2-3
ii  libpangocairo-1.0-01.46.2-3
ii  libpangoft2-1.0-0  1.46.2-3
ii  libpangomm-1.4-1v5 2.42.1-1
ii  libpng16-161.6.37-3
ii  libpoppler-glib8   20.09.0-3.1
ii  libpoppler102  20.09.0-3.1
ii  libpotrace01.16-2
ii  libreadline8   8.1-1
ii  librevenge-0.0-0   0.0.4-6+b1
ii  librsvg2-common2.50.3+dfsg-1
ii  libsigc++-2.0-0v5  2.10.4-2
ii  libsoup2.4-1   2.72.0-2
ii  libstdc++6 10.2.1-6
ii  libvisio-0.1-1 0.1.7-1+b1
ii  libwpg-0.3-3   0.3.3-1
ii  libx11-6   2:1.7.2-1
ii  libxml22.9.10+dfsg-6.7
ii  libxslt1.1 1.1.34-4
ii  python33.9.2-3
ii  zlib1g 1:1.2.11.dfsg-2

Versions of packages inkscape recommends:
ii  aspell   0.60.8-3
ii  fig2dev  1:3.2.8-3+b1
ii  graphicsmagick-imagemagick-compat [imagemagick]  1.4+really1.3.36+hg16481-2
ii  libimage-magick-perl 8:6.9.11.60+dfsg-1.3
ii  libwmf-bin   0.2.8.4-17
ii  python3-lxml 4.6.3+dfsg-0.1+deb11u1
ii  python3-numpy  

Bug#1004061: openjdk-11-jre-headless: conffiles not removed: /etc/java-11-openjdk/security/blacklisted.certs

[Paul Wise]

Package: openjdk-11-jre-headless
Version: 11.0.14+9-1
Severity: normal
User: debian...@lists.debian.org
Usertags: obsolete-conffile adequate

The recent upgrade did not deal with obsolete conffiles properly.
Please use the dpkg-maintscript-helper support provided by
dh_installdeb to remove these obsolete conffiles on upgrade.

https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files
https://manpages.debian.org/man/1/dh_installdeb

This bug report brought to you by adequate:

https://bonedaddy.net/pabs3/log/2013/02/23/inadequate-software/

   $ p=openjdk-11-jre-headless ; adequate $p ; dpkg-query -W 
-f='${Conffiles}\n' $p | grep obsolete
   openjdk-11-jre-headless:amd64: obsolete-conffile 
/etc/java-11-openjdk/security/blacklisted.certs
   openjdk-11-jre-headless:amd64: py-file-not-bytecompiled 
/usr/share/gdb/auto-load/usr/lib/jvm/java-11-openjdk-amd64/jre/lib/server/libjvm.so-gdb.py
    /etc/java-11-openjdk/security/blacklisted.certs 
19e78890d61c0dfc65b291341c08beba obsolete

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openjdk-11-jre-headless depends on:
ii  ca-certificates-java  20190909
ii  java-common   0.72
ii  libasound2    1.2.6.1-1
ii  libc6 2.33-3
ii  libcups2  2.3.3op2-7
ii  libfontconfig1    2.13.1-4.2
ii  libfreetype6  2.11.1+dfsg-1
ii  libgcc-s1 11.2.0-13
ii  libharfbuzz0b 2.7.4-1
ii  libjpeg62-turbo   1:2.1.2-1
ii  liblcms2-2    2.12~rc1-2
ii  libnss3   2:3.73.1-1
ii  libpcsclite1  1.9.5-1
ii  libstdc++6    11.2.0-13
ii  util-linux    2.37.2-6
ii  zlib1g    1:1.2.11.dfsg-2

openjdk-11-jre-headless recommends no packages.

Versions of packages openjdk-11-jre-headless suggests:
ii  fonts-dejavu-extra    2.37-2
pn  fonts-indic   
ii  fonts-ipafont-gothic  00303-23
ii  fonts-ipafont-mincho  00303-23
ii  fonts-wqy-microhei    0.2.0-beta-3.1
ii  libnss-mdns   0.15.1-1

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Johannes Schauer Marin Rodrigues]

Hi Santiago,

Quoting Santiago Vila (2022-01-19 23:55:28)
> Hi. I've just added $DPKG_ROOT to every (old) change_owner and change_mode
> call.

thank you! I can confirm that with your 12.2 upload we were able to drop all
patches against base-files and DPKG_ROOT support works as expected:

https://salsa.debian.org/helmutg/dpkg-root-demo/-/jobs

Thanks again! :)

cheers, josch

signature.asc
Description: signature

Bug#1004060: systemd: breaks lightdm / lightdm-gtk-greeter

[Vincent Lefevre]

On 2022-01-20 05:08:53 +0100, Vincent Lefevre wrote:
> I've attached the logs from lightdm, but they may not really be useful.

There seem to be no additional messages compared to when it is working.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1003860: RFS: makemkv-oss/1.16.5-1 [ITP] -- Convert video that you own into free format that can be played everywhere

[Mathias Gibbens]

On Tue, 2022-01-18 at 18:31 -0500, Ben Westover wrote:
> Hello again, I've fixed some problems.
> 
> >    It dawned on me last night that maybe a simple use of
> > dh_install(1)'s
> > d/*.install file may be sufficient when coupled with a stub
> > d/rules.
> > Compat level 13 and later support variable substitution, which may
> > allow the architecture-specific path to be used from the install
> > file.
> > (Although I'll admit I haven't utilized this new capability, so
> > your
> > mileage may vary.)
> 
> I did some research on how those substitution variables worked, and I
> was able to build a much cleaner d/rules file that properly follows
> the 
> standard.

  Yay, that makes me very happy!

> 
> >    Have you been able to successfully backup/convert a DVD or Blu-
> > ray?
> > The issue I found with using libmatroska from bullseye is that the
> > code
> > would compile, but when actually using the resulting program it
> > would
> > either crash or fail to backup the disk. If that's resolved with
> > the
> > version in bookworm and up, that would be wonderful!
> 
> Unfortunately, I ran into the same trouble you did. I was able to 
> convert a DVD with no problems after reverting the patch and using
> the 
> bundled libraries, so the new version of the package has that patch 
> commented out now. I don't know enough about C(++) or these debug
> tools 
> to even begin figuring out this problem, so help with that would be 
> appreciated before we can get this sorted.

  I am not familiar with these libraries or their APIs, and the day I
spent looking into this issue last fall didn't bring any nice solution.
I expect it will probably be a very simple fix, but I don't have a good
guess about where to start. It may be worthwhile asking on the
debian-multime...@lists.debian.org list to see if someone on that team
could offer some assistance.

  It would be really great to use the system copies of the bundled
libraries, and I think ftpmaster will be much happier with the package
once that's done.

> 
> >    I would be very happy to provide feedback and assistance; I'm
> > only a
> > very new DM, so I cannot sponsor uploads. As you filed the ITP,
> > I'll
> > let you be the primary maintainer. I think working on these two
> > packages would be a good way for you to learn a lot about the
> > Debian
> > packaging process, as they're more than a trivial program, but not
> > too
> > complex to be overwhelming. We all learn by doing! :)
> 
> I'm definitely learning a lot. Thanks for all your help with this!

  Excellent! $DAYJOB is keeping me quite busy for now, but usually I've
got some free time on the weekends, which is when I do most of my
Debian packaging work. I'll do my best to keep helping you as you work
on these packages.

Mathias


signature.asc
Description: This is a digitally signed message part

Bug#1004019: Should forensics-extra drop the dependendency on smb-nat?

[Eriberto]

Em qua., 19 de jan. de 2022 às 09:48, Adrian Bunk  escreveu:
>
> Package: forensics-extra
> Version: 2.34
> Severity: serious
> Control: block 1004018 by -1
>
> Does the 25 year old smb-nat provide any functionality that is
> not also provided by Samba tools (that were originally written
> by the same author)?
>

Hi Adrian,

Thanks for your tip. I will remove this package from forensics-extra.

Cheers,

Eriberto

Bug#708533: libreoffice: connects to the print server (CUPS) when opening some document

[Vincent Lefevre]

Control: forwarded -1 https://bugs.documentfoundation.org/show_bug.cgi?id=146869

I've just reported the bug upstream.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1004059: iproute2: broken symlink: /usr/lib/tc/m_ipt.so -> m_xt.so

[Paul Wise]

Package: iproute2
Version: 5.16.0-1
Severity: minor
File: /usr/lib/tc/m_ipt.so
User: debian...@lists.debian.org
Usertags: adequate broken-symlink
Tags: patch

iproute2 5.16.0-1 introduced a broken symlink.

It looks like what happened is the upstream file that was the target of
the symlink got moved into the multi-arch path but the symlink defined
in debian/iproute2.links wasn't also moved to the multi-arch path and
at the same time the upstream build system added an equivalent symlink
into the multi-arch path.

So I think the only thing to do now is drop the now broken symlink from
the debian/iproute2.links file.

Here is some more information about the broken symlink:
   
   Log started: 2022-01-19  12:16:07
   apt-listchanges: Reading changelogs...
   apt-listchanges: Mailing root: apt-listchanges: changelogs for chianamo
   Preconfiguring packages ...
   apt-listchanges: Reading changelogs...
   Preconfiguring packages ...
   Preparing to unpack .../iproute2_5.16.0-1_amd64.deb ...
   Unpacking iproute2 (5.16.0-1) over (5.15.0-1) ...
   Setting up iproute2 (5.16.0-1) ...
   Processing triggers for man-db (2.9.4-4) ...
   Log ended: 2022-01-19  12:17:39
   
   $ adequate iproute2
   iproute2: broken-symlink /usr/lib/tc/m_ipt.so -> m_xt.so
   
   $ ls -l /usr/lib/tc/m_ipt.so
   lrwxrwxrwx 1 root root 7 Jan 14 06:57 /usr/lib/tc/m_ipt.so -> m_xt.so
   
   $ chase /usr/lib/tc/m_ipt.so
   chase: /usr/lib/tc/m_xt.so: No such file or directory
   
   $ apt-file search m_xt.so
   iproute2: /usr/lib/x86_64-linux-gnu/tc/m_xt.so
   
   $ ls -l /usr/lib/tc/ /usr/lib/x86_64-linux-gnu/tc/
   /usr/lib/tc/:
   total 0
   lrwxrwxrwx 1 root root 7 Jan 14 06:57 m_ipt.so -> m_xt.so
   
   /usr/lib/x86_64-linux-gnu/tc/:
   total 128K
   -rw-r--r-- 1 root root 23K Jan 14 06:57 experimental.dist
   lrwxrwxrwx 1 root root   7 Jan 14 06:57 m_ipt.so -> m_xt.so
   -rw-r--r-- 1 root root 15K Jan 14 06:57 m_xt.so
   -rw-r--r-- 1 root root 24K Jan 14 06:57 normal.dist
   -rw-r--r-- 1 root root 24K Jan 14 06:57 pareto.dist
   -rw-r--r-- 1 root root 23K Jan 14 06:57 paretonormal.dist
   -rw-r--r-- 1 root root 15K Jan 14 06:57 q_atm.so

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages iproute2 depends on:
ii  debconf [debconf-2.0]  1.5.79
ii  libbpf01:0.5.0-1
ii  libbsd00.11.3-1
ii  libc6  2.33-3
ii  libcap21:2.44-1
ii  libcap2-bin1:2.44-1
ii  libdb5.3   5.3.28+dfsg1-0.8
ii  libelf10.186-1
ii  libmnl01.0.4-3
ii  libselinux13.3-1+b1
ii  libxtables12   1.8.7-1

Versions of packages iproute2 recommends:
pn  libatm1  

Versions of packages iproute2 suggests:
pn  iproute2-doc  
ii  python3   3.9.7-1

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#987787: libdebuginfod-common: wrong permissions on /etc/profile.d/debuginfod.{c,}sh (and odd content)

[Paul Wise]

On Mon, 2022-01-17 at 18:38 +0100, наб wrote:

> I don't disagree, but /e/p.d/* can't be symlinks to /u/s.

I don't think that is correct (since systemd symlinks from /etc to
/usr), but if it were then just copying the files would work instead.

> However, please consider new, simplified, patch below,
> applying to current Salsa HEAD
> (4ff688068d05a82039f7cbf88ae99e4d6a4bc327, 0.186-1).

This patch contains unnecessary whitespace changes, please
revert them so that we can see the substantive changes instead.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#708533: libreoffice: connects to the print server (CUPS) when opening some document

[Vincent Lefevre]

Control: found -1 1:7.2.4-2
Control: found -1 1:7.3.0~rc2-2

On 2015-10-23 03:32:34 +0200, Vincent Lefevre wrote:
> The bug still occurs. I can reproduce it in a more visible way by
> setting
> 
> ServerName 192.168.0.2:443
> 
> in my /etc/cups/client.conf file (note: a "telnet 192.168.0.2 443"
> hangs, which is the goal of the test). A strace shows lots of timeout
> during 20 seconds. During this time, Libreoffice doesn't show the
> document and hangs.

Ditto with the recent versions.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1004058: RM: libnewlib-nano -- ROM; Obsoleted by picolibc. Has numerous open security and RC issues.

[Keith Packard]

Package: ftp.debian.org
Severity: normal

Bug#1003949: override: systemd-timesyncd:admin/standard

[Sean Whitton]

control: tag -1 + moreinfo

Hello Michael,

On Tue 18 Jan 2022 at 02:55PM +01, Michael Biebl wrote:

> I'd like to see the priority of systemd-timesyncd bumped from optional
> to standard in stable/bullseye (it's already the case in
> testing/unstable).
>
> Please see the corresponding release.debian.org bug [1] for more
> information.

I think this requires RT approval.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1004057: evolution-ews: reproducible-builds: build path embedded in libecalbackendews.so and RPATH

[Vagrant Cascadian]

Source: evolution-ews
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Builds in a different source directory trigger reproducibility issues
with libecalbackendews.so and the RPATH of various other binaries also
have different BuildId:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/evolution-ews.html

  /usr/lib/evolution-data-server/calendar-backends/libecalbackendews.so

  /build/1st/evolution-ews-3.42.3/src/EWS/calendar
  vs.
  /build/2/evolution-ews-3.42.3/2nd/src/EWS/calendar

The first patch fixes this by removing the source directory from the
CMakeLists.txt that is used to build libecalbackendews.so.

I have not tested that this is a correct fix, per se, but it seems
unlikely that a transient build directory for an installed .deb package
would be present on any end-user system in any useful way.

The second patch fixes this by passing arguments to configure to use a
relative RPATH instead of embedding the full path.


With these patches applied, evolution-ews should build reproducibly on
tests.reproducible-builds.org!


Thanks for maintaining evolution-ews!


live well,
  vagrant
From 7c50659c1eaa7eab31b887d47f82030ad7dbdba4 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Thu, 20 Jan 2022 00:50:56 +
Subject: [PATCH 1/2] src/EWS/calendar/CMakeLists.txt: Blank out
 EXCHANGE_EWS_SRCDIR.

The full path to the source gets embedded in libecalbackendews.so,
which could not usefully be used on the end-user's installed system
when installed from a .deb package.
---
 src/EWS/calendar/CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/EWS/calendar/CMakeLists.txt b/src/EWS/calendar/CMakeLists.txt
index 3a6ce02..3530504 100644
--- a/src/EWS/calendar/CMakeLists.txt
+++ b/src/EWS/calendar/CMakeLists.txt
@@ -26,7 +26,7 @@ target_compile_definitions(ecalbackendews PRIVATE
 	-DG_LOG_DOMAIN=\"ecalbackendews\"
 	-DEXCHANGE_EWS_DATADIR=\"${ewsdatadir}\"
 	-DEXCHANGE_EWS_LOCALEDIR=\"${LOCALE_INSTALL_DIR}\"
-	-DEXCHANGE_EWS_SRCDIR=\"${CMAKE_CURRENT_SOURCE_DIR}\"
+	-DEXCHANGE_EWS_SRCDIR=\"\"
 )
 
 target_compile_options(ecalbackendews PUBLIC
-- 
2.34.1

From 94874050b068f6c156f989622e4ec065a384cded Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Thu, 20 Jan 2022 00:50:11 +
Subject: [PATCH 2/2] debian/rules: Pass -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON via
 dh_auto_configure override.

This avoids embedding the full path in RPATH, which triggers BuildId
differences.

https://tests.reproducible-builds.org/debian/issues/unstable/cmake_rpath_contains_build_path_issue.html
---
 debian/rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/rules b/debian/rules
index db3a81a..741f2dc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -16,6 +16,7 @@ EVO_NEXTVERSION = $(shell pkg-config --modversion evolution-shell-3.0  | awk -F'
 
 override_dh_auto_configure:
 	dh_auto_configure -- \
+		-DCMAKE_BUILD_RPATH_USE_ORIGIN=ON \
 		-DSYSCONF_INSTALL_DIR=/etc
 
 override_dh_makeshlibs:
-- 
2.34.1



signature.asc
Description: PGP signature

Bug#1003069: openid exception "AttributeError: module 'base64' has no attribute 'decodestring'"

[Pierre-Elliott Bécue]

Le lundi 03 janvier 2022 à 16:55:37+0100, Harald Welte a écrit :
> Package: python3-django-allauth
> Version: 0.44.0+ds-1
> Severity: normal
> 
> I'm running a bullseye installation with mailman3-web and wanted to enable 
> openid
> authentication via the python3-django-allouth package.  However, when using 
> it,
> I get the following exception / backtrace:
> 
> ERROR:django.request:Internal Server Error: /accounts/openid/login/
> Traceback (most recent call last):
>   File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", 
> line 34, in inner
> response = get_response(request)
>   File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 
> 115, in _get_response
> response = self.process_exception_by_middleware(e, request)
>   File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 
> 113, in _get_response
> response = wrapped_callback(request, *callback_args, **callback_kwargs)
>   File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 
> 71, in view
> return self.dispatch(request, *args, **kwargs)
>   File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 
> 97, in dispatch
> return handler(request, *args, **kwargs)
>   File 
> "/usr/lib/python3/dist-packages/allauth/socialaccount/providers/openid/views.py",
>  line 45, in get
> return self.perform_openid_auth(form)
>   File 
> "/usr/lib/python3/dist-packages/allauth/socialaccount/providers/openid/views.py",
>  line 94, in perform_openid_auth
> auth_request = client.begin(endpoint)
>   File "/usr/lib/python3/dist-packages/openid/consumer/consumer.py", line 
> 359, in begin
> return self.beginWithoutDiscovery(service, anonymous)
>   File "/usr/lib/python3/dist-packages/openid/consumer/consumer.py", line 
> 382, in beginWithoutDiscovery
> auth_req = self.consumer.begin(service)
>   File "/usr/lib/python3/dist-packages/openid/consumer/consumer.py", line 
> 610, in begin
> assoc = self._getAssociation(service_endpoint)
>   File "/usr/lib/python3/dist-packages/openid/consumer/consumer.py", line 
> 1178, in _getAssociation
> assoc = self.store.getAssociation(endpoint.server_url)
>   File 
> "/usr/lib/python3/dist-packages/allauth/socialaccount/providers/openid/utils.py",
>  line 105, in getAssociation
> base64.decodestring(stored_assoc.secret.encode("utf-8")),
> AttributeError: module 'base64' has no attribute 'decodestring'
> 
> 
> It seems like base64.decodestring() has been deprecated since python 3.8 but 
> somehow this module
> has not been updated.
> 
> Upstream has a fix in 
> https://github.com/pennersr/django-allauth/commit/425dc774fb5d032204b92f0870c3802202259ad3

Thanks for your bug report!

I've applied that commit in 0.47.0. As soon as it enters testing, I'll
do a stable-pu to have it in the next bullseye minor release.

With best regards,

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for principles than to live up to them.


signature.asc
Description: PGP signature

Bug#1004056: buster-pu: package libsdl1.2/1.2.15+dfsg2-4+deb10u1

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for libsdl1.2 fixes lots of CVEs in Buster. These 
CVEs are marked as no-dsa by the security team.


The same patches are uploaded to Stretch already and nobody complained 
yet.


  Thorstendiff -Nru libsdl1.2-1.2.15+dfsg2/debian/changelog 
libsdl1.2-1.2.15+dfsg2/debian/changelog
--- libsdl1.2-1.2.15+dfsg2/debian/changelog 2018-10-25 01:47:02.0 
+0200
+++ libsdl1.2-1.2.15+dfsg2/debian/changelog 2022-01-19 23:03:02.0 
+0100
@@ -1,3 +1,34 @@
+libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble
+in audio/SDL_wave.c.
+  * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM
+in audio/SDL_wave.c.
+  * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode
+in audio/SDL_wave.c.
+  * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode
+in audio/SDL_wave.c.
+  * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM
+in audio/SDL_wave.c.
+  * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW
+in audio/SDL_wave.c.
+  * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM
+in audio/SDL_wave.c.
+  * CVE-2019-7635: Heap-based buffer over-read in Blit1to4
+in video/SDL_blit_1.c.
+  * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB
+in video/SDL_pixels.c.
+  * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect
+in video/SDL_surface.c.
+  * CVE-2019-7638: Heap-based buffer over-read in Map1toN
+in video/SDL_pixels.c.
+  * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN
+in video/SDL_blit_N.c.
+(patches prepared for LTS by Adrian Bunk)
+
+ -- Thorsten Alteholz   Wed, 19 Jan 2022 23:03:02 +0100
+
 libsdl1.2 (1.2.15+dfsg2-4) unstable; urgency=medium
 
   * d/rules: Add @ in 'tar --mtime="@$(SOURCE_DATE_EPOCH)"', otherwise the
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-13616.patch 
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-13616.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-13616.patch  1970-01-01 
01:00:00.0 +0100
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-13616.patch  2021-11-21 
11:28:17.0 +0100
@@ -0,0 +1,22 @@
+# HG changeset patch
+# User Ozkan Sezer 
+# Date 1564511424 -10800
+# Node ID ad1bbfbca760cbf5bf8131580b24637e5e7d9411
+# Parent  87d60cae0273307b2721685daf3265de5dfda634
+Fixed bug 4538 - validate image size when loading BMP files
+
+diff -r 87d60cae0273 -r ad1bbfbca760 src/video/SDL_bmp.c
+--- a/src/video/SDL_bmp.c  Tue Jun 18 23:31:40 2019 +0100
 b/src/video/SDL_bmp.c  Tue Jul 30 21:30:24 2019 +0300
+@@ -143,6 +143,11 @@
+   (void) biYPelsPerMeter;
+   (void) biClrImportant;
+ 
++  if (biWidth <= 0 || biHeight == 0) {
++  SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, 
biHeight);
++  was_error = SDL_TRUE;
++  goto done;
++  }
+   if (biHeight < 0) {
+   topDown = SDL_TRUE;
+   biHeight = -biHeight;
diff -Nru 
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7572_CVE-2019-7574.patch 
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7572_CVE-2019-7574.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7572_CVE-2019-7574.patch 
1970-01-01 01:00:00.0 +0100
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7572_CVE-2019-7574.patch 
2021-11-21 11:28:17.0 +0100
@@ -0,0 +1,105 @@
+Description: CVE-2019-7572, CVE-2019-7574
+ CVE-2019-7572: a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
+ CVE-2019-7574: a heap-based buffer over-read in IMA_ADPCM_decode in 
audio/SDL_wave.c.
+
+---
+Author: Abhijith PA 
+Origin: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3610
+https://bugzilla.libsdl.org/attachment.cgi?id=3612
+https://bugzilla.libsdl.org/attachment.cgi?id=3618
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4496
+ https://bugzilla.libsdl.org/show_bug.cgi?id=4495
+Last-Update: <2018-03-05>
+
+Index: libsdl1.2-1.2.15/src/audio/SDL_wave.c
+===
+--- libsdl1.2-1.2.15.orig/src/audio/SDL_wave.c
 libsdl1.2-1.2.15/src/audio/SDL_wave.c
+@@ -264,6 +264,14 @@ static Sint32 IMA_ADPCM_nibble(struct IM
+   };
+   Sint32 delta, step;
+ 
++  /* Clamp index value. The inital value can be invalid. */
++  if ( state->index > 88 ) {
++  state->index = 88;
++  } else
++  if ( state->index < 0 ) {
++  state->index = 0;
++  }
++
+   /* Compute difference and new sample value */
+   step = step_table[state->index];
+   delta = step >> 3;
+@@ -275,12 +283,6 @@ static Sint32 IMA_ADPCM_nibble(struct IM
+ 
+   /* Update index value */
+   state->index += index_table[nybble];
+-  if ( state->index 

Bug#1004055: buster-pu: package raptor2/2.0.14-1.1~deb10u2

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for raptor2 fixes CVE-2020-25713 in Buster. This CVE 
is marked as no-dsa by the security team.


The same patch is uploaded to Stretch already and nobody complained yet.

  Thorstendiff -Nru raptor2-2.0.14/debian/changelog raptor2-2.0.14/debian/changelog
--- raptor2-2.0.14/debian/changelog 2020-11-06 22:46:38.0 +0100
+++ raptor2-2.0.14/debian/changelog 2021-12-27 22:03:02.0 +0100
@@ -1,3 +1,11 @@
+raptor2 (2.0.14-1.1~deb10u2) buster; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2020-25713
+Malformed input file can lead to a segfault.
+
+ -- Thorsten Alteholz   Mon, 27 Dec 2021 22:03:02 +0100
+
 raptor2 (2.0.14-1.1~deb10u1) buster-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru 
raptor2-2.0.14/debian/patches/CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
 
raptor2-2.0.14/debian/patches/CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
--- 
raptor2-2.0.14/debian/patches/CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
1970-01-01 01:00:00.0 +0100
+++ 
raptor2-2.0.14/debian/patches/CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
2021-12-27 22:03:02.0 +0100
@@ -0,0 +1,30 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= 
+Date: Tue, 24 Nov 2020 10:30:20 +
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: raptor2-2.0.14/src/raptor_xml_writer.c
+===
+--- raptor2-2.0.14.orig/src/raptor_xml_writer.c2021-12-29 
23:35:29.272438731 +0100
 raptor2-2.0.14/src/raptor_xml_writer.c 2021-12-29 23:35:29.272438731 
+0100
+@@ -221,7 +221,7 @@
+   
+   /* check it wasn't an earlier declaration too */
+   for(j = 0; j < nspace_declarations_count; j++)
+-if(nspace_declarations[j].nspace == 
element->attributes[j]->nspace) {
++if(nspace_declarations[j].nspace == 
element->attributes[i]->nspace) {
+   declare_me = 0;
+   break;
+ }
diff -Nru raptor2-2.0.14/debian/patches/series 
raptor2-2.0.14/debian/patches/series
--- raptor2-2.0.14/debian/patches/series2020-11-06 22:46:38.0 
+0100
+++ raptor2-2.0.14/debian/patches/series2021-12-27 22:03:02.0 
+0100
@@ -1 +1,2 @@
 Calcualte-max-nspace-declarations-correctly-for-XML-.patch
+CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch

Bug#1004053: kallisto: reproducible-builds: timestamps and build path embedded in test suite metadata

[Vagrant Cascadian]

Source: kallisto
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Various files produced related to test suites embed timestamp and build
paths into the files, breaking reproducible builds:
  
  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/kallisto.html

It looks like version 0.48.0+dfsg-1 introduced these new files, with the
introduction of the snakemake tests.

The attached patch fixes this by removing the test suite log files and
other test suite metadata in a dh_install override from debian/rules.

With this patch applied, kallisto should build reproducibly on
tests.reproducible-builds.org!

Thanks for maintaining kallisto!

live well,
  vagrant
From 5c5e9ba026cb5acb27cca8ede0ddc41015b879c4 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Wed, 19 Jan 2022 22:58:14 +
Subject: [PATCH] debian/rules: Remove various test suite log files and
 metadata.

Various differences including timestamps, timing information, and
build paths are embedded in these files, which make it nearly
impossible to build the package reproducibly.

https://tests.reproducible-builds.org/debian/issues/unstable/test_suite_logs_issue.html
---
 debian/rules | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/debian/rules b/debian/rules
index 23ee80e..3d9a422 100755
--- a/debian/rules
+++ b/debian/rules
@@ -17,3 +17,10 @@ override_dh_auto_configure:
 override_dh_auto_test:
 	dh_auto_test
 	cd test && PATH=$$(find ../obj-* -name src):$(PATH) HOME=$$(mktemp --directory) snakemake --cores 1
+
+override_dh_install:
+	dh_install
+	# Remove test suite logs and other metadata about the test suite
+	rm -rvf debian/kallisto-examples/usr/share/doc/kallisto/test/.snakemake
+	rm -vf debian/kallisto-examples/usr/share/doc/kallisto/test/bus_out/run_info.json
+	rm -vf debian/kallisto-examples/usr/share/doc/kallisto/test/quant_out/run_info.json
-- 
2.34.1



signature.asc
Description: PGP signature

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Santiago Vila]

Hi. I've just added $DPKG_ROOT to every (old) change_owner and 
change_mode call.

Bug#1004052: ledit FTBFS with OCaml 4.13.1

[Adrian Bunk]

Source: ledit
Version: 2.04-5
Severity: serious
Tags: ftbfs bookworm sid

https://buildd.debian.org/status/logs.php?pkg=ledit=2.04-5%2Bb2

...
   debian/rules override_dh_auto_build
make[1]: Entering directory '/<>'
/usr/bin/make CUSTOM=
make[2]: Entering directory '/<>'
camlp5r -I ext -loc loc ext/pa_def.ml -o ext/pa_def.ppo
ocamlc -I `camlp5 -where` -c -impl ext/pa_def.ppo
File "ext/pa_def.ml", line 36, characters 55-58:
36 | let pel = List.map (fun (p, e) -> (p, loop e)) pel in
^^^
Error: This expression has type
 (MLast.patt * MLast.expr * MLast.attributes) list
   but an expression was expected of type ('a * MLast.expr) list
   Type MLast.patt * MLast.expr * MLast.attributes
   is not compatible with type 'a * MLast.expr 
make[2]: *** [Makefile:69: ext/pa_def.cmo] Error 2

Bug#1004051: darktable: luarc scripts no longer load on startup

[Ritchie Wilson]

Package: darktable
Version: 3.8.0-2
Severity: normal

Dear Maintainer,

Since upgrading to 3.8, darktable no longer runs lua scripts. It should run
whatever is in .config/darktable/luarc on start, but it no longer does so.

It looks like this package was compiled without lua support, as seen from
running `darktable --version':

$ darktable --version
this is darktable 3.8.0
copyright (c) 2009-2021 johannes hanika
darktable-...@lists.darktable.org

compile options:
  bit depth is 64 bit
  normal build
  SSE2 optimized codepath enabled
  OpenMP support enabled
  OpenCL support enabled
  Lua support disabled
  Colord support enabled
  gPhoto2 support enabled
  GraphicsMagick support enabled
  ImageMagick support disabled
  OpenEXR support enabled


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (600, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages darktable depends on:
ii  libc62.33-2
ii  libcairo21.16.0-5
ii  libcolord-gtk1   0.1.26-2+b1
ii  libcolord2   1.4.5-3
ii  libcups2 2.3.3op2-7
ii  libcurl3-gnutls  7.81.0-1
ii  libexiv2-27  0.27.3-3.1
ii  libgcc-s111.2.0-13
ii  libgdk-pixbuf-2.0-0  2.42.6+dfsg-2
ii  libglib2.0-0 2.70.2-1
ii  libgomp1 11.2.0-13
ii  libgphoto2-6 2.5.27-1
ii  libgphoto2-port122.5.27-1
ii  libgraphicsmagick-q16-3  1.4+really1.3.37-1
ii  libgtk-3-0   3.24.31-1
ii  libicu67 67.1-7
ii  libilmbase25 2.5.7-2
ii  libjpeg62-turbo  1:2.1.2-1
ii  libjson-glib-1.0-0   1.6.6-1
ii  liblcms2-2   2.12~rc1-2
ii  liblensfun1  0.3.2-6
ii  libopenexr25 2.5.7-1
ii  libopenjp2-7 2.4.0-3
ii  libosmgpsmap-1.0-1   1.2.0-1
ii  libpango-1.0-0   1.48.10+ds1-1
ii  libpangocairo-1.0-0  1.48.10+ds1-1
ii  libpng16-16  1.6.37-3
ii  libpugixml1v51.11.4-1
ii  librsvg2-2   2.50.7+dfsg-2
ii  libsecret-1-00.20.4-2
ii  libsoup2.4-1 2.74.2-3
ii  libsqlite3-0 3.36.0-2
ii  libstdc++6   11.2.0-13
ii  libtiff5 4.3.0-2
ii  libwebp6 0.6.1-2.1
ii  libx11-6 2:1.7.2-2+b1
ii  libxml2  2.9.12+dfsg-5+b1
ii  libxrandr2   2:1.5.2-1
ii  zlib1g   1:1.2.11.dfsg-2

darktable recommends no packages.

darktable suggests no packages.

-- no debconf information

Bug#1004049: buster-pu: package zziplib/0.13.62-3.2+deb10u1

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for zziplib fixes CVE-2020-18442 in Buster. This CVE 
is marked as no-dsa by the security team.


The same patch is uploaded to Stretch already and nobody complained yet.

  Thorsten
diff -Nru zziplib-0.13.62/debian/changelog zziplib-0.13.62/debian/changelog
--- zziplib-0.13.62/debian/changelog2019-03-04 22:43:14.0 +0100
+++ zziplib-0.13.62/debian/changelog2021-12-26 00:03:02.0 +0100
@@ -1,3 +1,12 @@
+zziplib (0.13.62-3.2+deb10u1) buster; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2020-18442
+Because of mishandling a return value, an attacker might cause a
+denial of service due to an infinite loop.
+
+ -- Thorsten Alteholz   Sun, 26 Dec 2021 00:03:02 +0100
+
 zziplib (0.13.62-3.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru zziplib-0.13.62/debian/patches/CVE-2020-18442-2.patch 
zziplib-0.13.62/debian/patches/CVE-2020-18442-2.patch
--- zziplib-0.13.62/debian/patches/CVE-2020-18442-2.patch   1970-01-01 
01:00:00.0 +0100
+++ zziplib-0.13.62/debian/patches/CVE-2020-18442-2.patch   2021-12-26 
00:03:02.0 +0100
@@ -0,0 +1,28 @@
+commit 7e786544084548da7fcfcd9090d3c4e7f5777f7e
+Author: Guido Draheim 
+Date:   Mon Jan 4 21:50:26 2021 +0100
+
+#68 return value of zzip_mem_disk_fread is signed
+
+Index: zziplib-0.13.62/bins/unzip-mem.c
+===
+--- zziplib-0.13.62.orig/bins/unzip-mem.c  2021-12-26 00:59:28.017867652 
+0100
 zziplib-0.13.62/bins/unzip-mem.c   2021-12-26 00:59:28.013867656 +0100
+@@ -90,7 +90,7 @@
+ if (file) 
+ {
+   char buffer[1024]; int len;
+-  while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
++  while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+   fwrite (buffer, len, 1, out);
+   
+   zzip_mem_disk_fclose (file);
+@@ -124,7 +124,7 @@
+ {
+   unsigned long crc = crc32 (0L, NULL, 0);
+   unsigned char buffer[1024]; int len; 
+-  while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
++  while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
+   crc = crc32 (crc, buffer, len);
+   }
+   
diff -Nru zziplib-0.13.62/debian/patches/CVE-2020-18442-4.patch 
zziplib-0.13.62/debian/patches/CVE-2020-18442-4.patch
--- zziplib-0.13.62/debian/patches/CVE-2020-18442-4.patch   1970-01-01 
01:00:00.0 +0100
+++ zziplib-0.13.62/debian/patches/CVE-2020-18442-4.patch   2021-12-26 
00:03:02.0 +0100
@@ -0,0 +1,28 @@
+commit 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e
+Author: Guido Draheim 
+Date:   Mon Jan 4 21:51:56 2021 +0100
+
+#68 return value of zzip_mem_disk_fread is signed
+
+Index: zziplib-0.13.62/bins/unzzipcat-mem.c
+===
+--- zziplib-0.13.62.orig/bins/unzzipcat-mem.c  2021-12-26 00:59:59.133843763 
+0100
 zziplib-0.13.62/bins/unzzipcat-mem.c   2021-12-26 00:59:59.129843767 
+0100
+@@ -40,7 +40,7 @@
+ if (file) 
+ {
+   char buffer[1024]; int len;
+-  while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
++  while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+   fwrite (buffer, len, 1, out);
+   
+   zzip_mem_disk_fclose (file);
+@@ -53,7 +53,7 @@
+ if (file) 
+ {
+   char buffer[1024]; int len;
+-  while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file))) 
++  while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file))) 
+   {
+   fwrite (buffer, 1, len, out);
+   }
diff -Nru zziplib-0.13.62/debian/patches/series 
zziplib-0.13.62/debian/patches/series
--- zziplib-0.13.62/debian/patches/series   2019-03-04 22:43:14.0 
+0100
+++ zziplib-0.13.62/debian/patches/series   2021-12-26 00:03:02.0 
+0100
@@ -17,3 +17,8 @@
 Avoid-memory-leak-from-__zzip_parse_root_directory-1.patch
 Avoid-memory-leak-from-__zzip_parse_root_directory-2.patch
 One-more-free-to-avoid-memory-leak.patch
+
+# not all of the seven patches mentioned in the security tracker
+# for this CVE are needed in every release
+CVE-2020-18442-2.patch
+CVE-2020-18442-4.patch

Bug#1004050: bullseye-pu: package zziplib/0.13.62-3.3+deb11u1.debdiff

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for zziplib fixes CVE-2020-18442 in Bullseye. This 
CVE is marked as no-dsa by the security team.


The same patch is uploaded to Stretch already and nobody complained yet.

  Thorsten
diff -Nru zziplib-0.13.62/debian/changelog zziplib-0.13.62/debian/changelog
--- zziplib-0.13.62/debian/changelog2021-03-04 09:54:37.0 +0100
+++ zziplib-0.13.62/debian/changelog2021-12-26 00:03:02.0 +0100
@@ -1,3 +1,12 @@
+zziplib (0.13.62-3.3+deb11u1) bullseye; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2020-18442
+Because of mishandling a return value, an attacker might cause a
+denial of service due to an infinite loop.
+
+ -- Thorsten Alteholz   Sun, 26 Dec 2021 00:03:02 +0100
+
 zziplib (0.13.62-3.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru zziplib-0.13.62/debian/patches/CVE-2020-18442-2.patch 
zziplib-0.13.62/debian/patches/CVE-2020-18442-2.patch
--- zziplib-0.13.62/debian/patches/CVE-2020-18442-2.patch   1970-01-01 
01:00:00.0 +0100
+++ zziplib-0.13.62/debian/patches/CVE-2020-18442-2.patch   2021-12-26 
00:03:02.0 +0100
@@ -0,0 +1,28 @@
+commit 7e786544084548da7fcfcd9090d3c4e7f5777f7e
+Author: Guido Draheim 
+Date:   Mon Jan 4 21:50:26 2021 +0100
+
+#68 return value of zzip_mem_disk_fread is signed
+
+Index: zziplib-0.13.62/bins/unzip-mem.c
+===
+--- zziplib-0.13.62.orig/bins/unzip-mem.c  2021-12-26 00:59:28.017867652 
+0100
 zziplib-0.13.62/bins/unzip-mem.c   2021-12-26 00:59:28.013867656 +0100
+@@ -90,7 +90,7 @@
+ if (file) 
+ {
+   char buffer[1024]; int len;
+-  while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
++  while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+   fwrite (buffer, len, 1, out);
+   
+   zzip_mem_disk_fclose (file);
+@@ -124,7 +124,7 @@
+ {
+   unsigned long crc = crc32 (0L, NULL, 0);
+   unsigned char buffer[1024]; int len; 
+-  while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
++  while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
+   crc = crc32 (crc, buffer, len);
+   }
+   
diff -Nru zziplib-0.13.62/debian/patches/CVE-2020-18442-4.patch 
zziplib-0.13.62/debian/patches/CVE-2020-18442-4.patch
--- zziplib-0.13.62/debian/patches/CVE-2020-18442-4.patch   1970-01-01 
01:00:00.0 +0100
+++ zziplib-0.13.62/debian/patches/CVE-2020-18442-4.patch   2021-12-26 
00:03:02.0 +0100
@@ -0,0 +1,28 @@
+commit 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e
+Author: Guido Draheim 
+Date:   Mon Jan 4 21:51:56 2021 +0100
+
+#68 return value of zzip_mem_disk_fread is signed
+
+Index: zziplib-0.13.62/bins/unzzipcat-mem.c
+===
+--- zziplib-0.13.62.orig/bins/unzzipcat-mem.c  2021-12-26 00:59:59.133843763 
+0100
 zziplib-0.13.62/bins/unzzipcat-mem.c   2021-12-26 00:59:59.129843767 
+0100
+@@ -40,7 +40,7 @@
+ if (file) 
+ {
+   char buffer[1024]; int len;
+-  while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
++  while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+   fwrite (buffer, len, 1, out);
+   
+   zzip_mem_disk_fclose (file);
+@@ -53,7 +53,7 @@
+ if (file) 
+ {
+   char buffer[1024]; int len;
+-  while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file))) 
++  while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file))) 
+   {
+   fwrite (buffer, 1, len, out);
+   }
diff -Nru zziplib-0.13.62/debian/patches/series 
zziplib-0.13.62/debian/patches/series
--- zziplib-0.13.62/debian/patches/series   2021-03-04 09:54:37.0 
+0100
+++ zziplib-0.13.62/debian/patches/series   2021-12-26 00:03:02.0 
+0100
@@ -18,3 +18,8 @@
 Avoid-memory-leak-from-__zzip_parse_root_directory-2.patch
 One-more-free-to-avoid-memory-leak.patch
 python2.diff
+
+# not all of the seven patches mentioned in the security tracker
+# for this CVE are needed in every release
+CVE-2020-18442-2.patch
+CVE-2020-18442-4.patch

Bug#1003847: binutils breaks glibc autopkgtest on ppc64el: unrecognized opcode: `vspltisb' (and others)

[Aurelien Jarno]

Hi,

On 2022-01-19 22:08, John Paul Adrian Glaubitz wrote:
> Hi Aurelien!
> 
> Unfortunately, glibc no longer builds with this change on powerpc and ppc64
> and kernel builds still fails on both targets:
> 
> > https://buildd.debian.org/status/fetch.php?pkg=glibc=powerpc=2.33-3=1642542048=0
> > https://buildd.debian.org/status/fetch.php?pkg=glibc=ppc64=2.33-3=1642542055=0

The ppc64el fix is not the cause for those failures. Previous glibc
versions also do not build on powerpc and ppc64 following the binutils
snapshot upload to sid. It's just that more code got broken on powerpc
and ppc64 than on ppc64el. I have queued the backported fixes from
upstream for the next upload.

> > https://buildd.debian.org/status/fetch.php?pkg=linux=powerpc=5.15.15-1=1642579068=0
> > https://buildd.debian.org/status/fetch.php?pkg=linux=ppc64=5.15.15-1=1642578946=0

Those failures are completely unrelated to do with glibc. A porter need
to fix the kernel code to make it compatible with the new binutils.

Cheers
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Santiago Vila]

The change_owner function did more than query /etc/passwd. It also prepended
$DPKG_ROOT to the path it acted upon. So if you didn't do more than what you
described above, then the result is incomplete.


Big oops! I guess every (old) call to change_owner is wrong now.


I'll send you a new tested patch once your upload reaches my mirror.


Ok, in case it helps, this is what I uploaded:

https://people.debian.org/~sanvila/base-files/

Feel free to reopen the bug.

Thanks.

Bug#1003929: ncurses: please make the build reproducible

[Sven Joachim]

On 2022-01-19 16:54 -0500, Thomas Dickey wrote:

> The last change does a "chmod -x" (which is odd, since the tarball uses
> 644 for README).

The dh_fixperms command makes all files under /usr/libexec executable,
and the chmod call just undoes that.

Cheers,
   Sven

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Johannes Schauer Marin Rodrigues]

Quoting Santiago Vila (2022-01-19 22:56:42)
> El 19/1/22 a las 22:53, Johannes Schauer Marin Rodrigues escribió:
> > Understood. Then let me scale back the patch a bit more. Now the attached 
> > patch
> > uses /etc/passwd from the outside system and thus uses plain chown calls.
> 
> Please take a look a the version I've just uploaded.
> 
> What I did was to simply replace the function calls back to chown and 
> chmod, using this script to avoid making mistakes:
> 
> #!/bin/sh
> sed -i 's@change_owner@chown@' $1
> sed -i 's@change_mode@chmod@' $1
> 
> Then I removed the (resulting) chown and chmod functions not required 
> anymore.

The change_owner function did more than query /etc/passwd. It also prepended
$DPKG_ROOT to the path it acted upon. So if you didn't do more than what you
described above, then the result is incomplete.

I'll send you a new tested patch once your upload reaches my mirror.

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#976811: [pkg-php-pear] Bug#976811: transition: php8.1

[Bryce Harrington]

On Wed, Jan 19, 2022 at 09:58:52PM +0100, Paul Gevers wrote:
> Hi Bryce,
> 
> On 19-01-2022 10:28, Bryce Harrington wrote:
> 
> > With [4] applied, I'm seeing the following dumped on armhf:
> > 
> > ## https://autopkgtest.ubuntu.com/packages/m/mediawiki/jammy/armhf
> > cat: /var/log/mediawiki/error.log: No such file or directory
> > 2022-01-19 09:16:57 autopkgtest-lxd-eeoxik autopkgtestwiki: 
> > [e33d1ec89af515673078437e] /mediawiki/index.php/Main_Page   PHP Fatal Error 
> > from line 110 of /usr/share/mediawiki/includes/json/FormatJson.php: Maximum 
> > execution time of 30 seconds exceeded
> > #0 [internal function]: MWExceptionHandler::handleFatalError()
> > #1 {main}
> > 2022-01-19 09:17:27 autopkgtest-lxd-eeoxik autopkgtestwiki: 
> > [1284cbae5a84eb5387f33003] /mediawiki/index.php/Main_Page   PHP Fatal Error 
> > from line 152 of 
> > /usr/share/mediawiki/includes/HookContainer/HookContainer.php: Maximum 
> > execution time of 30 seconds exceeded
> > #0 [internal function]: MWExceptionHandler::handleFatalError()
> > #1 {main}
> > 2022-01-19 09:17:57 autopkgtest-lxd-eeoxik autopkgtestwiki: 
> > [31731278ed6070e946af4fbe] /mediawiki/index.php/Main_Page   PHP Fatal Error 
> > from line 110 of /usr/share/mediawiki/includes/json/FormatJson.php: Maximum 
> > execution time of 30 seconds exceeded
> > #0 [internal function]: MWExceptionHandler::handleFatalError()
> > #1 {main}
> > cat: /var/log/mediawiki/fatal.log: No such file or directory
> 
> As this issue seems intermittent (as mediawiki passed at one point) I guess
> you're trying to say that you think mediawiki got slower with php8.1? Or is
> this timeout new with php8.1?

The failing cases are mostly ones with triggers for
php-defaults/84~0ubuntu1 or newer, which marks where php8.1 is set as
default.  The ones that pass and don't specify that are thus running
php8.0.  So it looks like the pass-vs-fail correlates to php8.0-vs-8.1
and is something specific to armhf.

Unfortunately I don't have i386 builds to compare with (due to
dependency issues), so it's just a hunch that this is the same problem
Debian sees on i386.  It'd be illuminating to doublecheck on your i386
builds that it's also hitting this same timeout situation.

> Obviously the code that fails to finish is mediawiki's code, so it
> doesn't seem to be a generic issue with php8.1 except if the timeout
> happens because of something inside php8.1.

Line 110 that the error points to appears to be a json_encode() call.  

> Can anybody shed a light on if it's reasonable to time out on what
> mediawiki is trying to do here. And why doesn't it happen on other
> architectures (in Debian, as far as I checked)?

I can't tell what it may be trying to encode, but presumably it's either
Main_Page or something used by Main_Page, which I'm guessing should only
take a fraction of a second to encode.  I suppose we could test
increasing max_execution_time.  But my suspicion is that the encoder is
getting stuck in a loop or a recursion.

I've not been able to find any reports on the web similar enough to be
worth mentioning.

Bryce

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Santiago Vila]

El 19/1/22 a las 22:53, Johannes Schauer Marin Rodrigues escribió:

Understood. Then let me scale back the patch a bit more. Now the attached patch
uses /etc/passwd from the outside system and thus uses plain chown calls.


Please take a look a the version I've just uploaded.

What I did was to simply replace the function calls back to chown and 
chmod, using this script to avoid making mistakes:


#!/bin/sh
sed -i 's@change_owner@chown@' $1
sed -i 's@change_mode@chmod@' $1

Then I removed the (resulting) chown and chmod functions not required 
anymore.

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Johannes Schauer Marin Rodrigues]

Hi Santiago,

Quoting Santiago Vila (2022-01-19 22:51:51)
> Sorry for the late reply.

no worries. :)

> I've made a maintainer upload which is basically your debdiff but without the
> changes I do not feel comfortable with (i.e. without the functions
> change_owner and change_mode).
> 
> I really hope that this version works as well as the one you intended for
> non-broken Debian systems.

Thank you for your upload! I will try out your upload as soon as it hits the
mirrors and let you know.

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Johannes Schauer Marin Rodrigues]

Hi,

Quoting Santiago Vila (2022-01-19 22:15:44)
> El 19/1/22 a las 22:09, Johannes Schauer Marin Rodrigues escribió:
> > Quoting Johannes Schauer Marin Rodrigues (2021-10-23 11:08:56)
> >> I just wanted to send a friendly ping about DPKG_ROOT support of 
> >> base-files.
> >> I hope that I was able to address all your questions in my last mail to 
> >> this
> >> bug.  If there is anything else I can do to help you?
> > since your last activity on this bug was more than 100 days ago, I uploaded
> > a NMU of base-files with the attached debdiff to DELAYED/10. As usual feel
> > free to cancel the NMU (or tell me to cancel it) if you disagree with my
> > upload.
> Well, this NMU is hostile and unwelcome because this is not an important or
> serious bug (which is what NMUs are for).
> 
> Please cancel the NMU.

Done.

Files removed from 10-day: base-files_12+nmu1_source.changes 
base-files_12+nmu1.dsc base-files_12+nmu1.tar.xz
base-files_12+nmu1_amd64.buildinfo

If my NMU offended you, then I'm sorry. It was not my intention to offend you.

> There is one thing which I really dislike about the proposed change, which is
> the fact that you are trying to support *broken* Debian systems (namely,
> those having /etc/passwd with different UID than the target system). No, I
> don't think we should support broken systems. Broken systems should be fixed
> first before doing any development with them.

Understood. Then let me scale back the patch a bit more. Now the attached patch
uses /etc/passwd from the outside system and thus uses plain chown calls.

Is that something you'd be willing to apply?

Thanks!

cheers, joschdiff -Nru base-files-12/debian/changelog base-files-12+nmu1/debian/changelog
--- base-files-12/debian/changelog	2021-08-22 19:00:00.0 +0200
+++ base-files-12+nmu1/debian/changelog	2022-01-19 21:49:23.0 +0100
@@ -1,3 +1,10 @@
+base-files (12+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add support for DPKG_ROOT to postinst. Closes: #824594
+
+ -- Johannes Schauer Marin Rodrigues   Wed, 19 Jan 2022 21:49:23 +0100
+
 base-files (12) unstable; urgency=medium
 
   * Do not create /var/run/utmp in postinst, as /var/run is
diff -Nru base-files-12/debian/postinst.in base-files-12+nmu1/debian/postinst.in
--- base-files-12/debian/postinst.in	2021-08-22 19:00:00.0 +0200
+++ base-files-12+nmu1/debian/postinst.in	2022-01-19 21:49:23.0 +0100
@@ -2,51 +2,51 @@
 set -e
 
 install_local_dir() {
-  if [ ! -d $1 ]; then
-mkdir -p $1
+  if [ ! -d "$DPKG_ROOT$1" ]; then
+mkdir -p "$DPKG_ROOT$1"
   fi
-  if [ -f /etc/staff-group-for-usr-local ]; then
-chown root:staff $1 2> /dev/null || true
-chmod 2775 $1 2> /dev/null || true
+  if [ -f "$DPKG_ROOT/etc/staff-group-for-usr-local" ]; then
+chown root:staff "$DPKG_ROOT$1" 2>/dev/null || true
+chmod 2775 "$DPKG_ROOT$1" 2> /dev/null || true
   fi
 }
 
 install_from_default() {
-  if [ ! -f $2 ]; then
-cp -p /usr/share/base-files/$1 $2
+  if [ ! -f "$DPKG_ROOT$2" ]; then
+cp -p "$DPKG_ROOT/usr/share/base-files/$1" "$DPKG_ROOT$2"
   fi
 }
 
 install_directory() {
-  if [ ! -d /$1 ]; then
-mkdir /$1
-chown root:$3 /$1
-chmod $2 /$1
+  if [ ! -d "$DPKG_ROOT/$1" ]; then
+mkdir "$DPKG_ROOT/$1"
+chown "root:$3" "$DPKG_ROOT/$1"
+chmod "$2" "$DPKG_ROOT/$1"
   fi
 }
 
 migrate_directory() {
-  if [ ! -L $1 ]; then
-rmdir $1
-ln -s $2 $1
+  if [ ! -L "$DPKG_ROOT$1" ]; then
+rmdir "$DPKG_ROOT$1"
+ln -s "$2" "$DPKG_ROOT$1"
   fi
 }
 
 update_to_current_default() {
-  if [ -f $2 ]; then
-md5=`md5sum $2 | cut -f 1 -d " "`
-if grep -q "$md5" /usr/share/base-files/$1.md5sums; then
-  if ! cmp -s /usr/share/base-files/$1 $2; then
-cp -p /usr/share/base-files/$1 $2
+  if [ -f "$2" ]; then
+md5=`md5sum "$2" | cut -f 1 -d " "`
+if grep -q "$md5" "/usr/share/base-files/$1.md5sums"; then
+  if ! cmp -s "/usr/share/base-files/$1" "$2"; then
+cp -p "/usr/share/base-files/$1" "$2"
 echo Updating $2 to current default.
   fi
 fi
   fi
 }
 
-if [ ! -e /etc/dpkg/origins/default ]; then
-  if [ -e /etc/dpkg/origins/#VENDORFILE# ]; then
-ln -sf #VENDORFILE# /etc/dpkg/origins/default
+if [ ! -e "$DPKG_ROOT/etc/dpkg/origins/default" ]; then
+  if [ -e "$DPKG_ROOT/etc/dpkg/origins/#VENDORFILE#" ]; then
+ln -sf #VENDORFILE# "$DPKG_ROOT/etc/dpkg/origins/default"
   fi
 fi
 
@@ -62,8 +62,8 @@
   install_directory var/opt   755 root
   install_directory media 755 root
   install_directory var/mail 2775 mail
-  if [ ! -L /var/spool/mail ]; then
-ln -s ../mail /var/spool/mail
+  if [ ! -L "$DPKG_ROOT/var/spool/mail" ]; then
+ln -s ../mail "$DPKG_ROOT/var/spool/mail"
   fi
   install_directory run/lock 1777 root
   migrate_directory /var/run /run
@@ -79,25 +79,25 @@
   install_local_dir /usr/local/sbin
   install_local_dir /usr/local/src
   install_local_dir /usr/local/etc
-  ln -sf share/man /usr/local/man
+  ln -sf 

Bug#1003929: ncurses: please make the build reproducible

[Thomas Dickey]

On Wed, Jan 19, 2022 at 06:19:52PM +0100, Sven Joachim wrote:
> On 2022-01-18 09:26 +, Chris Lamb wrote:
> 
> > Source: ncurses
> > Version: 6.3-2
> > Severity: wishlist
> > Tags: patch
> > User: reproducible-bui...@lists.alioth.debian.org
> > Usertags: umask
> > X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
> >
> > Hi,
> >
> > Whilst working on the Reproducible Builds effort [0] we noticed that
> > ncurses could not be built reproducibly.
> 
> Thanks.  I should have noticed that from the failing reprotest in the
> Salsa CI, but did not look closely and thought that it would be due to a
> different problem that has shown up on i386 since ncurses 6.3-1.
> 
> > This is because the README.gz file will retain its group-writeable bit
> > due to the use of dh_fixperms -Xfoo, and will thus vary when the package
> > is built with a different umask:
> >
> > --rw-r--r--   0 root (0) root (0) 7937 2021-03-07 
> > 00:08:58.00 ./usr/libexec/ncurses-examples/README.gz
> > +-rw-rw-r--   0 root (0) root (0) 7937 2021-03-07 
> > 00:08:58.00 ./usr/libexec/ncurses-examples/README.gz
> >
> > Patch attached that removes this bit manually, but feel free to go with a
> > different solution, of course.
> 
> > --- a/debian/rules  2022-01-18 08:47:42.277389249 +
> > --- b/debian/rules  2022-01-18 09:03:30.547729907 +
> > @@ -508,6 +508,7 @@
> > dh_compress -p$(package-examples) usr/libexec/ncurses-examples/README
> > dh_compress -a -N$(package-examples)
> > dh_fixperms -a -Xusr/libexec/ncurses-examples/README
> > +   chmod g-w debian/ncurses-examples/usr/libexec/ncurses-examples/README.gz
> 
> That works with umask 002, but in fact the file could have any
> permissions from 000 to 666, depending on the umask used when the source
> was unpacked.
> 
> I have installed a different fix, and now the reprotest succeeds
> again[1].

The last change does a "chmod -x" (which is odd, since the tarball uses
644 for README).
 
> Cheers,
>Sven
> 
> 
> 1. https://salsa.debian.org/debian/ncurses/-/pipelines/339074
> 

-- 
Thomas E. Dickey 
https://invisible-island.net
ftp://ftp.invisible-island.net


signature.asc
Description: PGP signature

Bug#1004024: RFS: fig2sxd/0.23-2 -- convert XFig files to OpenOffice.org format

[Hilmar Preuße]

Am 19.01.2022 um 21:40 teilte Alexander Bürger mit:

Hi,

Unfortunately, the first attempt to use debhelper in debian/rules failed 
to build and I only noticed that after publication on gitlab with 
debian/changelog specifying version 0.23-1. The packaging fix did, of 
course, not change anything outside the debian directory, so the 
upstream version is unchanged. Therefore, the debian revision is now "2".
It is quite irrelevant, what has been "published" on gitlab. The only 
question is: "Is there a 0.23-1 version, which has been uploaded to 
Debian?" and there is not.


Hilmar
--
sigfault



OpenPGP_signature
Description: OpenPGP digital signature

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Santiago Vila]

Sorry for the late reply.

I've made a maintainer upload which is basically your debdiff but 
without the changes I do not feel comfortable with (i.e. without the 
functions change_owner and change_mode).


I really hope that this version works as well as the one you intended 
for non-broken Debian systems.


Thanks.

Bug#1003847: binutils breaks glibc autopkgtest on ppc64el: unrecognized opcode: `vspltisb' (and others)

[John Paul Adrian Glaubitz]

Hello!

On 1/19/22 22:38, Jeffrey Walton wrote:
> On Wed, Jan 19, 2022 at 4:08 PM John Paul Adrian Glaubitz
>  wrote:
>>
>> Unfortunately, glibc no longer builds with this change on powerpc and ppc64
>> and kernel builds still fails on both targets:
>>
>>> https://buildd.debian.org/status/fetch.php?pkg=glibc=powerpc=2.33-3=1642542048=0
>>> https://buildd.debian.org/status/fetch.php?pkg=glibc=ppc64=2.33-3=1642542055=0
>>
>>> https://buildd.debian.org/status/fetch.php?pkg=linux=powerpc=5.15.15-1=1642579068=0
>>> https://buildd.debian.org/status/fetch.php?pkg=linux=ppc64=5.15.15-1=1642578946=0
> 
> This seems to be related to the ones stamped 1642542048 and 1642542055
> (the first two):
> https://patchwork.sourceware.org/project/glibc/patch/20210925202746.819385-1...@us.ibm.com/

It will be fixed in glibc_2.33-4 [1] which has not been released yet.

Adrian

> [1] 
> https://salsa.debian.org/glibc-team/glibc/-/commit/20e02061f900515ebac6ee3872c5cd22ea5801d2

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#745661: Weblate packaging → Salsa?

[Antoine Beaupré]

On 2018-08-18 10:57:00, Ulrike Uhlig wrote:
> Hi Martin!
>
> I just realize right now that we've been in touch before concerning this
> package… I guess none of us was interested enough in migrating the
> existing packaging to Salsa.
>
> At Tails we are still interested in seeing this packaged, but we have
> not tried it ourselves (yet?).
>
> However, we've made some progress on listing dependencies, see
> https://labs.riseup.net/code/issues/10038
>
> I still have a local copy of the packaging files dating back to 2015
> which I could upload to Salsa.
>
> Is anybody interested in this?

We (torproject.org) are.

Please do put your stuff on salsa, or alternatively someone could
restore from the alioth backups, but I couldn't find it here:

https://alioth-archive.debian.org/git/repolist

Help! :)

(Arguably, the packaging would now be almost a decade old, but there's
some stuff like the description and copyright that we could possibly
reuse. Alternatively, maybe we could just do a py2dsp and be done with
it.)

(I do understand we're still missing some deps though, but it would be
nice to keep working on this...)

-- 
La publicité est la dictature invisible de notre société.
- Jacques Ellul

Bug#1003847: binutils breaks glibc autopkgtest on ppc64el: unrecognized opcode: `vspltisb' (and others)

[Jeffrey Walton]

On Wed, Jan 19, 2022 at 4:08 PM John Paul Adrian Glaubitz
 wrote:
>
> Unfortunately, glibc no longer builds with this change on powerpc and ppc64
> and kernel builds still fails on both targets:
>
> > https://buildd.debian.org/status/fetch.php?pkg=glibc=powerpc=2.33-3=1642542048=0
> > https://buildd.debian.org/status/fetch.php?pkg=glibc=ppc64=2.33-3=1642542055=0
>
> > https://buildd.debian.org/status/fetch.php?pkg=linux=powerpc=5.15.15-1=1642579068=0
> > https://buildd.debian.org/status/fetch.php?pkg=linux=ppc64=5.15.15-1=1642578946=0

This seems to be related to the ones stamped 1642542048 and 1642542055
(the first two):
https://patchwork.sourceware.org/project/glibc/patch/20210925202746.819385-1...@us.ibm.com/

Bug#1004045: drbd-utils 9.15.0-1 uses drbd kernel module 8.4

[Valentin Vidic]

On Wed, Jan 19, 2022 at 02:11:24PM -0700, Ben Fiedler wrote:
> I would guess that either linux-image or drbd-utils packages need to
> be updated to include and reference a newer module (drbd9.ko)?

I don't think drbd9 kernel module is currently included in Debian, so
you would need to build it yourself or use packages provided by LINBIT.

-- 
Valentin

Bug#1004048: golang-github-komkom-toml: autopkgtest regression on armhf/i386: -{"hex3":3735928559}, +{"hex3":-559038737}

[Paul Gevers]

Source: golang-github-komkom-toml
Version: 0.0~git20211215.3c8ee9d-1
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent upload of golang-github-komkom-toml the autopkgtest of 
golang-github-komkom-toml fails in testing when that autopkgtest is run 
with the binary packages of golang-github-komkom-toml from unstable on 
armhf and i386. It passes when run with only packages from testing. In 
tabular form:


  passfail
golang-github-komkom-toml from testing0.0~git20211215.3c8ee9d-1
all othersfrom testingfrom testing

I copied some of the output at the bottom of this report. Seems like a 
32 bit issue where some value overflows.


Currently this regression is blocking the migration to testing [1]. Can 
you please investigate the situation and fix it?


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=golang-github-komkom-toml

https://ci.debian.net/data/autopkgtest/testing/armhf/g/golang-github-komkom-toml/18432554/log.gz

[info] Testing github.com/komkom/toml...
[info] Source code installed by binary package, overriding 
dh_auto_configure...

dh build --builddirectory=_build --buildsystem=golang --with=golang
   dh_update_autotools_config -O--builddirectory=_build 
-O--buildsystem=golang

   dh_autoreconf -O--builddirectory=_build -O--buildsystem=golang
   debian/rules override_dh_auto_configure
make[1]: Entering directory 
'/tmp/autopkgtest-lxc.qwkbqa0f/downtmp/autopkgtest_tmp'

mkdir -p "_build"
cp -a /usr/share/gocode/src "_build"
make[1]: Leaving directory 
'/tmp/autopkgtest-lxc.qwkbqa0f/downtmp/autopkgtest_tmp'

   dh_auto_build -O--builddirectory=_build -O--buildsystem=golang
	cd _build && go install -trimpath -v -p 160 github.com/komkom/toml 
github.com/komkom/toml/internal

unicode/utf8
internal/unsafeheader
internal/goexperiment
math/bits
runtime/internal/sys
internal/itoa
internal/race
internal/abi
internal/cpu
sync/atomic
unicode
runtime/internal/math
math
runtime/internal/atomic
internal/bytealg
runtime
internal/reflectlite
sync
internal/testlog
errors
sort
internal/oserror
path
io
strconv
syscall
bytes
strings
reflect
internal/syscall/execenv
internal/syscall/unix
time
io/fs
internal/poll
internal/fmtsort
os
fmt
github.com/pkg/errors
github.com/komkom/toml/internal
github.com/komkom/toml
   dh_auto_test -O--builddirectory=_build -O--buildsystem=golang
	cd _build && go test -vet=off -v -p 160 github.com/komkom/toml 
github.com/komkom/toml/internal

=== RUN   TestReader
reader_test.go:169: doc a."b".d=2
reader_test.go:169: doc a.'b.c.d'.d=2

a.b.c.d=2
reader_test.go:169: doc a."\u".c=1
reader_test.go:169: doc a."\UD7FF16".c=1
reader_test.go:169: doc key = """\u"""
reader_test.go:169: doc key = """\UD7FF16"""
reader_test.go:169: doc key = [0,1,2,3,4]
reader_test.go:169: doc key = [1,2,3,4,0]
reader_test.go:169: doc key={a=0}
reader_test.go:169: doc key-test=1
reader_test.go:169: doc k.e .y=1
reader_test.go:169: dock  .  e .y=1
reader_test.go:169: doc"k"  .  'e'  .y=1
reader_test.go:169: doc animal = { type.name = "pug"}
reader_test.go:169: doc key = {v.y=1}
reader_test.go:169: doc a = "\r"
reader_test.go:169: doc another = "# test"
reader_test.go:169: doc 'quoted "value"' = "value"
reader_test.go:169: doc hex3 = 0x123_123
reader_test.go:169: doc hex3 = 0xdead_beef
reader_test.go:184: Error Trace:reader_test.go:184
	Error:  	Not equal: 		expected: 
"{\"hex3\":3735928559}"

actual  : "{\"hex3\":-559038737}"

Diff:
--- Expected
+++ Actual
@@ -1 +1 @@
-{"hex3":3735928559}
+{"hex3":-559038737}
Test:   TestReader
reader_test.go:169: doc flt9 = -0e0
reader_test.go:169: doc sf6 = -nan
reader_test.go:169: doc sf6 = +nan
reader_test.go:169: doc k = 0e0
reader_test.go:169: doc sf6 = +inf
reader_test.go:169: doc sf6 = -inf
reader_test.go:169: doc sf6 = inf
reader_test.go:169: doc key = """a b c \

ooo"""
reader_test.go:169: doc key = """value  \
"""
reader_test.go:169: doc [x.y.z.w] # for this to work

Bug#1004047: python-django-dbconn-retry: autopkgtest failure: Authentication failure

[Paul Gevers]

Source: python-django-dbconn-retry
Version: 0.1.6-1
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: fails-always

Dear maintainer(s),

You recently added an autopkgtest to your package 
python-django-dbconn-retry, great. However, it fails. Currently this 
failure is blocking the migration to testing [1]. Can you please 
investigate the situation and fix it?


I copied some of the output at the bottom of this report.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=python-django-dbconn-retry

https://ci.debian.net/data/autopkgtest/testing/amd64/p/python-django-dbconn-retry/18488294/log.gz

Password: su: Authentication failure
autopkgtest [16:49:14]: test upstream



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1004046: python-aioamqp: autopkgtest regression: No module named 'pamqp.commands'

[Paul Gevers]

Source: python-aioamqp
Version: 0.14.0-4
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent upload of python-aioamqp the autopkgtest of python-aioamqp 
fails in testing when that autopkgtest is run with the binary packages 
of python-aioamqp from unstable. It passes when run with only packages 
from testing. In tabular form:


   passfail
python-aioamqp from testing0.14.0-4
all others from testingfrom testing

I copied some of the output at the bottom of this report. Seems like you 
are missing a *versioned* (test) dependency somewhere. It seems the test 
passes in pure unstable.


Currently this regression is blocking the migration to testing [1]. Can 
you please investigate the situation and fix it?


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=python-aioamqp

https://ci.debian.net/data/autopkgtest/testing/amd64/p/python-aioamqp/18446120/log.gz

Testing with python3.9:
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python3/dist-packages/aioamqp/__init__.py", line 6, in 


from .protocol import AmqpProtocol
  File "/usr/lib/python3/dist-packages/aioamqp/protocol.py", line 8, in 


import pamqp.commands
ModuleNotFoundError: No module named 'pamqp.commands'
autopkgtest [20:11:40]: test autodep8-python3



OpenPGP_signature
Description: OpenPGP digital signature

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Santiago Vila]

El 19/1/22 a las 22:09, Johannes Schauer Marin Rodrigues escribió:

Hi Santiago,

Quoting Johannes Schauer Marin Rodrigues (2021-10-23 11:08:56)

I just wanted to send a friendly ping about DPKG_ROOT support of base-files.
I hope that I was able to address all your questions in my last mail to this
bug.  If there is anything else I can do to help you?


since your last activity on this bug was more than 100 days ago, I uploaded a
NMU of base-files with the attached debdiff to DELAYED/10. As usual feel free
to cancel the NMU (or tell me to cancel it) if you disagree with my upload.


Well, this NMU is hostile and unwelcome because this is not an important 
or serious bug (which is what NMUs are for).


Please cancel the NMU.

There is one thing which I really dislike about the proposed change, 
which is the fact that you are trying to support *broken* Debian systems 
(namely, those having /etc/passwd with different UID than the target 
system). No, I don't think we should support broken systems. Broken 
systems should be fixed first before doing any development with them.

Bug#1004045: drbd-utils 9.15.0-1 uses drbd kernel module 8.4

[Ben Fiedler]

Package: drbd-utils
Version: 9.15.0-1
Release: bullseye (stable)
Kernel:  5.10.0-10-amd64

Hi,

When I install the latest drbd-utils and attempt to configure a drbd
device using a version 9 feature (e.g. more than 2 nodes), it fails to
work:

# drbdadm adjust all
/etc/drbd.d/your_resource.res:1: in resource your_resource:
There are multiple host sections for the peer node.
Use the --peer option to select which peer section to use.
No valid meta data found


I then noticed that the loaded drbd module is not 9 but 8.4.11 from
linux-images:

# modinfo drbd
filename:   /lib/modules/5.10.0-10-amd64/kernel/drivers/block/drbd/drbd.ko
alias:  block-major-147-*
license:GPL
version:*8.4.11*
description:drbd - Distributed Replicated Block Device *v8.4.11*
vermagic:   5.10.0-10-amd64 SMP mod_unload modversions

# dpkg-query -S /lib/modules/5.10.0-10-amd64/kernel/drivers/block/drbd/drbd.ko
linux-image-5.10.0-10-amd64:
/lib/modules/5.10.0-10-amd64/kernel/drivers/block/drbd/drbd.ko

I would guess that either linux-image or drbd-utils packages need to
be updated to include and reference a newer module (drbd9.ko)?

-Ben

Bug#976811: [pkg-php-pear] Bug#976811: transition: php8.1

[Paul Gevers]

Hi Ondřej,

On 18-01-2022 20:31, Paul Gevers wrote:

On 18-01-2022 19:37, Ondřej Surý wrote:
the fix is simple, it was actually cruft from before when 
uploadprogress didn’t support PHP 8.1:


https://sources.debian.org/src/php-uopz/7.1.1+6.1.2-5/debian/rules/#L3
https://sources.debian.org/src/php-gnupg/1.5.1-1/debian/rules/#L3


My NMU of php-igbinary fails to migrate to testing because you added a 
Breaks on << 3.2.6+2.0.8-6~ (where my NMU has version 3.2.6+2.0.8-5.1). 
Can you please fix this somehow?


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#824594: please support DPKG_ROOT in base-files' postinst

[Johannes Schauer Marin Rodrigues]

Hi Santiago,

Quoting Johannes Schauer Marin Rodrigues (2021-10-23 11:08:56)
> I just wanted to send a friendly ping about DPKG_ROOT support of base-files.
> I hope that I was able to address all your questions in my last mail to this
> bug.  If there is anything else I can do to help you?

since your last activity on this bug was more than 100 days ago, I uploaded a
NMU of base-files with the attached debdiff to DELAYED/10. As usual feel free
to cancel the NMU (or tell me to cancel it) if you disagree with my upload.

Thanks!

cheers, joschdiff -Nru base-files-12/debian/changelog base-files-12+nmu1/debian/changelog
--- base-files-12/debian/changelog	2021-08-22 19:00:00.0 +0200
+++ base-files-12+nmu1/debian/changelog	2022-01-19 21:49:23.0 +0100
@@ -1,3 +1,10 @@
+base-files (12+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add support for DPKG_ROOT to postinst. Closes: #824594
+
+ -- Johannes Schauer Marin Rodrigues   Wed, 19 Jan 2022 21:49:23 +0100
+
 base-files (12) unstable; urgency=medium
 
   * Do not create /var/run/utmp in postinst, as /var/run is
diff -Nru base-files-12/debian/postinst.in base-files-12+nmu1/debian/postinst.in
--- base-files-12/debian/postinst.in	2021-08-22 19:00:00.0 +0200
+++ base-files-12+nmu1/debian/postinst.in	2022-01-19 21:49:23.0 +0100
@@ -1,52 +1,73 @@
 #!/bin/sh
 set -e
 
+change_owner() {
+  local owner group
+  owner=${1%:*}
+  group=${1#*:}
+  owner=$(sed -n "s/^$owner:[^:]*:\\([0-9]*\\):.*/\\1/p" "$DPKG_ROOT/etc/passwd")
+  group=$(sed -n "s/^$group:[^:]*:\\([0-9]*\\):.*/\\1/p" "$DPKG_ROOT/etc/group")
+  chown "$owner:$group" "$DPKG_ROOT$2"
+}
+
+change_mode() {
+  chmod "$1" "$DPKG_ROOT$2"
+}
+
+ensure_file_owner_mode() {
+  if [ ! -f "$DPKG_ROOT$1" ]; then
+: > "$DPKG_ROOT$1"
+  fi
+  change_owner "$2" "$1"
+  change_mode "$3" "$1"
+}
+
 install_local_dir() {
-  if [ ! -d $1 ]; then
-mkdir -p $1
+  if [ ! -d "$DPKG_ROOT$1" ]; then
+mkdir -p "$DPKG_ROOT$1"
   fi
-  if [ -f /etc/staff-group-for-usr-local ]; then
-chown root:staff $1 2> /dev/null || true
-chmod 2775 $1 2> /dev/null || true
+  if [ -f "$DPKG_ROOT/etc/staff-group-for-usr-local" ]; then
+change_owner root:staff "$1" 2>/dev/null || true
+change_mode 2775 "$1" 2> /dev/null || true
   fi
 }
 
 install_from_default() {
-  if [ ! -f $2 ]; then
-cp -p /usr/share/base-files/$1 $2
+  if [ ! -f "$DPKG_ROOT$2" ]; then
+cp -p "$DPKG_ROOT/usr/share/base-files/$1" "$DPKG_ROOT$2"
   fi
 }
 
 install_directory() {
-  if [ ! -d /$1 ]; then
-mkdir /$1
-chown root:$3 /$1
-chmod $2 /$1
+  if [ ! -d "$DPKG_ROOT/$1" ]; then
+mkdir "$DPKG_ROOT/$1"
+change_owner "root:$3" "/$1"
+change_mode "$2" "/$1"
   fi
 }
 
 migrate_directory() {
-  if [ ! -L $1 ]; then
-rmdir $1
-ln -s $2 $1
+  if [ ! -L "$DPKG_ROOT$1" ]; then
+rmdir "$DPKG_ROOT$1"
+ln -s "$2" "$DPKG_ROOT$1"
   fi
 }
 
 update_to_current_default() {
-  if [ -f $2 ]; then
-md5=`md5sum $2 | cut -f 1 -d " "`
-if grep -q "$md5" /usr/share/base-files/$1.md5sums; then
-  if ! cmp -s /usr/share/base-files/$1 $2; then
-cp -p /usr/share/base-files/$1 $2
+  if [ -f "$2" ]; then
+md5=`md5sum "$2" | cut -f 1 -d " "`
+if grep -q "$md5" "/usr/share/base-files/$1.md5sums"; then
+  if ! cmp -s "/usr/share/base-files/$1" "$2"; then
+cp -p "/usr/share/base-files/$1" "$2"
 echo Updating $2 to current default.
   fi
 fi
   fi
 }
 
-if [ ! -e /etc/dpkg/origins/default ]; then
-  if [ -e /etc/dpkg/origins/#VENDORFILE# ]; then
-ln -sf #VENDORFILE# /etc/dpkg/origins/default
+if [ ! -e "$DPKG_ROOT/etc/dpkg/origins/default" ]; then
+  if [ -e "$DPKG_ROOT/etc/dpkg/origins/#VENDORFILE#" ]; then
+ln -sf #VENDORFILE# "$DPKG_ROOT/etc/dpkg/origins/default"
   fi
 fi
 
@@ -62,8 +83,8 @@
   install_directory var/opt   755 root
   install_directory media 755 root
   install_directory var/mail 2775 mail
-  if [ ! -L /var/spool/mail ]; then
-ln -s ../mail /var/spool/mail
+  if [ ! -L "$DPKG_ROOT/var/spool/mail" ]; then
+ln -s ../mail "$DPKG_ROOT/var/spool/mail"
   fi
   install_directory run/lock 1777 root
   migrate_directory /var/run /run
@@ -79,25 +100,16 @@
   install_local_dir /usr/local/sbin
   install_local_dir /usr/local/src
   install_local_dir /usr/local/etc
-  ln -sf share/man /usr/local/man
+  ln -sf share/man "$DPKG_ROOT/usr/local/man"
 
-  if [ ! -f /var/log/wtmp ]; then
-echo -n>/var/log/wtmp
-  fi
-  if [ ! -f /var/log/btmp ]; then
-echo -n>/var/log/btmp
-  fi
-  if [ ! -f /var/log/lastlog ]; then
-echo -n>/var/log/lastlog
-  fi
-  chown root:utmp /var/log/wtmp /var/log/btmp /var/log/lastlog
-  chmod 664 /var/log/wtmp /var/log/lastlog
-  chmod 660 /var/log/btmp
+  ensure_file_owner_mode /var/log/wtmp root:utmp 664
+  ensure_file_owner_mode /var/log/btmp root:utmp 660
+  ensure_file_owner_mode /var/log/lastlog root:utmp 664
 fi
 
-if [ -d /usr/share/info ] && [ ! -f /usr/info/dir ] 

Bug#1003847: binutils breaks glibc autopkgtest on ppc64el: unrecognized opcode: `vspltisb' (and others)

[John Paul Adrian Glaubitz]

Hi Aurelien!

Unfortunately, glibc no longer builds with this change on powerpc and ppc64
and kernel builds still fails on both targets:

> https://buildd.debian.org/status/fetch.php?pkg=glibc=powerpc=2.33-3=1642542048=0
> https://buildd.debian.org/status/fetch.php?pkg=glibc=ppc64=2.33-3=1642542055=0

> https://buildd.debian.org/status/fetch.php?pkg=linux=powerpc=5.15.15-1=1642579068=0
> https://buildd.debian.org/status/fetch.php?pkg=linux=ppc64=5.15.15-1=1642578946=0

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1004044: kubecolor: New upstream release available (v0.0.20, 2021 May 07)

[Florian Ernst]

Package: kubecolor
Severity: wishlist

Dear Maintainer,

there is a new upstream release available, cf.
. It contains, among
other things, keeping the exit code from kubectl, colorizing apply
result by the action, and dry run consideration, making this quite
desirable to have.

Please update the package when you think it is due time.

Cheers,
Flo


signature.asc
Description: PGP signature

Bug#1004043: git-annex: test --pattern can segfault

[Benjamin Barenblat]

Package: git-annex
Version: 8.20210223-2
Severity: normal

Passing certain patterns to `git annex test -p` causes a segfault:

$ git annex test -p 'Tests.Unit Tests v8 locked.move'
error: git-annex died of signal 11

Other patterns work fine:

$ git annex test -p Tests.QuickCheck.prop_VectorClock_sane
Tests
  QuickCheck
prop_VectorClock_sane: OK
  +++ OK, passed 1 test.

All 1 tests passed (0.00s)

Running all the tests (i.e., `git annex test` without `-p`) also works
fine, and all the tests pass.

Bug#1004042: kubetail: New upstream release available (1.6.13, 2021 May 07)

[Florian Ernst]

Package: kubetail
Severity: wishlist

Dear Maintainer,

there is a new upstream release available, cf.
. It contains (among
many other things) updated autocompletion, new options
--show-color-index and --previous, and many cleanups.

Please update the package when you think it is due time.

Cheers,
Flo


signature.asc
Description: PGP signature

Bug#976811: [pkg-php-pear] Bug#976811: transition: php8.1

[Paul Gevers]

Hi Bryce,

On 19-01-2022 10:28, Bryce Harrington wrote:


With [4] applied, I'm seeing the following dumped on armhf:

## https://autopkgtest.ubuntu.com/packages/m/mediawiki/jammy/armhf
cat: /var/log/mediawiki/error.log: No such file or directory
2022-01-19 09:16:57 autopkgtest-lxd-eeoxik autopkgtestwiki: 
[e33d1ec89af515673078437e] /mediawiki/index.php/Main_Page   PHP Fatal Error 
from line 110 of /usr/share/mediawiki/includes/json/FormatJson.php: Maximum 
execution time of 30 seconds exceeded
#0 [internal function]: MWExceptionHandler::handleFatalError()
#1 {main}
2022-01-19 09:17:27 autopkgtest-lxd-eeoxik autopkgtestwiki: 
[1284cbae5a84eb5387f33003] /mediawiki/index.php/Main_Page   PHP Fatal Error 
from line 152 of /usr/share/mediawiki/includes/HookContainer/HookContainer.php: 
Maximum execution time of 30 seconds exceeded
#0 [internal function]: MWExceptionHandler::handleFatalError()
#1 {main}
2022-01-19 09:17:57 autopkgtest-lxd-eeoxik autopkgtestwiki: 
[31731278ed6070e946af4fbe] /mediawiki/index.php/Main_Page   PHP Fatal Error 
from line 110 of /usr/share/mediawiki/includes/json/FormatJson.php: Maximum 
execution time of 30 seconds exceeded
#0 [internal function]: MWExceptionHandler::handleFatalError()
#1 {main}
cat: /var/log/mediawiki/fatal.log: No such file or directory


As this issue seems intermittent (as mediawiki passed at one point) I 
guess you're trying to say that you think mediawiki got slower with 
php8.1? Or is this timeout new with php8.1? Obviously the code that 
fails to finish is mediawiki's code, so it doesn't seem to be a generic 
issue with php8.1 except if the timeout happens because of something 
inside php8.1. Can anybody shed a light on if it's reasonable to time 
out on what mediawiki is trying to do here. And why doesn't it happen on 
other architectures (in Debian, as far as I checked)?


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1003865: GPG error: http://deb.debian.org/debian sid InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster)

[Andreas Beckmann]

On Wed, 19 Jan 2022 02:47:56 +0530 Pirate Praveen 
 wrote:
I have seen at least one forum posting on the same error when searching for it so its likely more common 
 https://www.nixcraft.com/t/signatures-were-invalid-badsig-648acfd622f3d138-debian-archive-automatic-signing-key-10-buster/4025


May be related to apt-cacher-ng (though I tried with apt-cacher-ng disabled 
without fixing this issue).


When I encounter similar errors from time to time (once a year or so) I 
consider them as "caching artefacts" and fix them by having apt 
"reinitialize" the corresponding package source: first comment the line 
in sources.list (or rename the snippet in sources.list.d to *.list.off), 
run apt-get update (or whatever you like instead) to "forget" the 
source, enable it again, apt-get update again and the error is gone.


Actually I cannot remember having ever seen that as a piuparts failure 
(and that does a lot of apt-get update), only once in a while on my main 
machine which has everything from oldoldstable to experimental with 4 
foreign architectures available ...


Andreas

Bug#1004024: RFS: fig2sxd/0.23-2 -- convert XFig files to OpenOffice.org format

[Bastian Germann]

On Wed, 19 Jan 2022 14:55:34 +0100 acfbuer...@googlemail.com wrote:

Changes since the last upload:

fig2sxd (0.23-2) unstable; urgency=low

* New upstream version.
* Improved debian packaging, updated compat to 13 (see #965518).


A new upstream version never has revision -2.

Bug#946152: iptables-dev vs libiptc-dev dependency in collectd

[Bernd Zeimetz]

Hi,

sorry for the late reply!

On Fri, 2020-03-06 at 18:11 -0700, Antonio Russo wrote:
> 
> Because that is not the case, the pkg-config calls to get the path to
> libip4tc{.h,.so} libip6tc{.h,.so} and libiptc.h fail. You can get around
> that with the trivial patch I've attached.


Unfortunately the attached patch is for xvfb - and not collectd.
If possible just send an MR on salsa.

Bernd

-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#947334: lxc-checkpoint needs the criu package

[Pierre-Elliott Bécue]

Le 19 janvier 2022 20:55:40 GMT+01:00, Salvatore Bonaccorso  
a écrit :
>Hi Pierre,
>
>On Sat, Sep 05, 2020 at 12:35:13AM +0200, Pierre-Elliott Bécue wrote:
>> Cc-ing Salvatore,
>> 
>> Le mercredi 25 décembre 2019 à 08:11:11+0900, Ryutaroh Matsumoto a écrit :
>> > Package: lxc
>> > Version: 1:3.1.0+really3.0.4-2
>> > Severity: normal
>> > 
>> > Dear Maintainer,
>> > 
>> > lxc-checkpoint command needs "criu", which is only available
>> > in Debian experimental now.
>> > But "criu" is neither suggested nor recommended.
>> > Some kind of dependency by lxc seems necessary.
>> 
>> I can't depend on criu or I won't be able to have lxc installed in any
>> version of Debian apart from unstable. Indeed, criu is currently
>> voluntarily blocked from entering testing because the package is not
>> stable enough yet.
>
>FWIW, I lifted the blocking bug and criu is in testing. I'm not sure
>we can give a guarantee that it will be in bookworm, but I wanted to
>inform you about the fact that the blocking bug for now is gone.
>
>Regards,
>Salvatore
>

Thanks !! 
--
Pierre-Elliott Bécue
From my phone

Bug#1004041: gwcs FTBFS

[Ole Streicher]

Control: block -1 by 1003331

This is because the new gwcs needs asdf-wcs-schemas, which is in the NEW 
queue, but not accepted yet.

Bug#1004041: gwcs FTBFS

[Adrian Bunk]

Source: gwcs
Version: 0.18.0-1
Severity: serious
Tags: ftbfs
Control: block 1001238 by -1

https://buildd.debian.org/status/fetch.php?pkg=gwcs=all=0.18.0-1=1642613373=0

...
 ERRORS 
_ ERROR collecting .pybuild/cpython3_3.9_gwcs/build/gwcs/extension.py __
gwcs/extension.py:8: in 
from .converters.selector import (
gwcs/converters/selector.py:11: in 
from asdf_astropy.converters.transform.core import TransformConverterBase
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting .pybuild/cpython3_3.9_gwcs/build/gwcs/converters/geometry.py 
_
gwcs/converters/geometry.py:5: in 
from asdf_astropy.converters.transform.core import TransformConverterBase
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting .pybuild/cpython3_3.9_gwcs/build/gwcs/converters/selector.py 
_
gwcs/converters/selector.py:11: in 
from asdf_astropy.converters.transform.core import TransformConverterBase
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting 
.pybuild/cpython3_3.9_gwcs/build/gwcs/converters/spectroscopy.py _
gwcs/converters/spectroscopy.py:6: in 
from asdf_astropy.converters.transform.core import (
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting 
.pybuild/cpython3_3.9_gwcs/build/gwcs/converters/tests/test_transforms.py _
gwcs/converters/tests/test_transforms.py:7: in 
from asdf_astropy.converters.transform.tests.test_transform import (
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting 
.pybuild/cpython3_3.9_gwcs/build/gwcs/converters/tests/test_transforms.py _
ImportError while importing test module 
'/<>/.pybuild/cpython3_3.9_gwcs/build/gwcs/converters/tests/test_transforms.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.9/importlib/__init__.py:127: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
gwcs/converters/tests/test_transforms.py:7: in 
from asdf_astropy.converters.transform.tests.test_transform import (
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting 
.pybuild/cpython3_3.9_gwcs/build/gwcs/converters/tests/test_wcs.py _
gwcs/converters/tests/test_wcs.py:15: in 
from asdf_astropy.converters.transform.tests.test_transform import (  # 
noqa: E402
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting 
.pybuild/cpython3_3.9_gwcs/build/gwcs/converters/tests/test_wcs.py _
ImportError while importing test module 
'/<>/.pybuild/cpython3_3.9_gwcs/build/gwcs/converters/tests/test_wcs.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.9/importlib/__init__.py:127: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
gwcs/converters/tests/test_wcs.py:15: in 
from asdf_astropy.converters.transform.tests.test_transform import (  # 
noqa: E402
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting .pybuild/cpython3_3.9_gwcs/build/gwcs/tests/test_geometry.py 
_
gwcs/tests/test_geometry.py:10: in 
from asdf_astropy.converters.transform.tests.test_transform import (
E   ModuleNotFoundError: No module named 'asdf_astropy'
_ ERROR collecting .pybuild/cpython3_3.9_gwcs/build/gwcs/tests/test_geometry.py 
_
ImportError while importing test module 
'/<>/.pybuild/cpython3_3.9_gwcs/build/gwcs/tests/test_geometry.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/usr/lib/python3.9/importlib/__init__.py:127: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
gwcs/tests/test_geometry.py:10: in 
from asdf_astropy.converters.transform.tests.test_transform import (
E   ModuleNotFoundError: No module named 'asdf_astropy'
=== warnings summary ===
../../../../../../usr/lib/python3/dist-packages/astropy/wcs/wcsapi/sliced_low_level_wcs.py:6
  /usr/lib/python3/dist-packages/astropy/wcs/wcsapi/sliced_low_level_wcs.py:6: 
AstropyDeprecationWarning: SlicedLowLevelWCS has been moved to 
astropy.wcs.wcsapi.wrappers.sliced_wcs.SlicedLowLevelWCS, or can be imported 
from astropy.wcs.wcsapi.
warnings.warn(

-- Docs: https://docs.pytest.org/en/stable/warnings.html
=== short test summary info 
ERROR gwcs/extension.py - ModuleNotFoundError: No module named 'asdf_astropy'
ERROR gwcs/converters/geometry.py - ModuleNotFoundError: No module named 'asd...
ERROR gwcs/converters/selector.py - ModuleNotFoundError: No module named 'asd...
ERROR gwcs/converters/spectroscopy.py - ModuleNotFoundError: No module named ...
ERROR gwcs/converters/tests/test_transforms.py - ModuleNotFoundError: No modu...
ERROR gwcs/converters/tests/test_transforms.py
ERROR gwcs/converters/tests/test_wcs.py - ModuleNotFoundError: No module name...
ERROR 

Bug#947334: lxc-checkpoint needs the criu package

[Salvatore Bonaccorso]

Hi Pierre,

On Sat, Sep 05, 2020 at 12:35:13AM +0200, Pierre-Elliott Bécue wrote:
> Cc-ing Salvatore,
> 
> Le mercredi 25 décembre 2019 à 08:11:11+0900, Ryutaroh Matsumoto a écrit :
> > Package: lxc
> > Version: 1:3.1.0+really3.0.4-2
> > Severity: normal
> > 
> > Dear Maintainer,
> > 
> > lxc-checkpoint command needs "criu", which is only available
> > in Debian experimental now.
> > But "criu" is neither suggested nor recommended.
> > Some kind of dependency by lxc seems necessary.
> 
> I can't depend on criu or I won't be able to have lxc installed in any
> version of Debian apart from unstable. Indeed, criu is currently
> voluntarily blocked from entering testing because the package is not
> stable enough yet.

FWIW, I lifted the blocking bug and criu is in testing. I'm not sure
we can give a guarantee that it will be in bookworm, but I wanted to
inform you about the fact that the blocking bug for now is gone.

Regards,
Salvatore

Bug#909436: libdrm: FTBFS on hurd-i386 (#909436, updated and new patches)

[Svante Signell]

On Tue, 2022-01-18 at 17:46 +0100, Svante Signell wrote:
> 
> The added file can be incorporated in libdrm-tests.install file with 
> using dh_exec and making libdrm-tests.install executable.
> +#! /usr/bin/dh-exec
> +[hurd-any] usr/bin/amdgpu_test

Add to this a build-dependency of dh-exec needed in debian/control.

> Alternately (and simpler) a separate file for Hurd can be created solving the
> same problem. Attached is a patch creating that file: libdrm-
> tests.install.hurd.diff  

Another simple solution is to use a wildcard:
--- a/debian/libdrm-tests.install   2021-12-15 16:55:18.0 +0100
+++ b/debian/libdrm-tests.install   2022-01-12 18:28:35.0 +0100
@@ -1,3 +1,3 @@
-usr/bin/amdgpu_stress
+usr/bin/amdgpu_*
 usr/bin/drmdevice
 usr/bin/modetest

Thanks again!

Bug#1004040: webcam Live! Cam Sync HD VF0770 unusable with linux 5.15.5 (working with at least 5.10)

[Mathieu Roy]

Package: src:linux
Version: 5.15.5-2
Severity: normal


Hello,

With any computer running 5.15.5, I cannot access the webcam Live! Cam 
Sync HD VF0770


The logs stops at
[  490.602056] usb 1-11: USB disconnect, device number 8
[  491.872365] usb 1-11: new high-speed USB device number 9 using xhci_hcd
[  492.114279] usb 1-11: New USB device found, idVendor=041e, 
idProduct=4095, bcdDevice=20.20
[  492.114285] usb 1-11: New USB device strings: Mfr=3, Product=1, 
SerialNumber=2

[  492.114289] usb 1-11: Product: Live! Cam Sync HD VF0770
[  492.114292] usb 1-11: Manufacturer:
and /dev/video* arent created, making the webcam unusable.



While,  with 5.10.9 kernel (and exact same hardware and installed software)

[  519.376025] usb 1-11: new high-speed USB device number 10 using xhci_hcd
[  519.617723] usb 1-11: New USB device found, idVendor=041e, 
idProduct=4095, bcdDevice=20.20
[  519.617730] usb 1-11: New USB device strings: Mfr=3, Product=1, 
SerialNumber=2

[  519.617734] usb 1-11: Product: Live! Cam Sync HD VF0770
[  519.617736] usb 1-11: Manufacturer: Creative Technology Ltd.
[  519.617739] usb 1-11: SerialNumber:
[  519.624350] uvcvideo: Found UVC 1.00 device Live! Cam Sync HD VF0770 
(041e:4095)
[  519.641876] input: Live! Cam Sync HD VF0770: Live! as 
/devices/pci:00/:00:14.0/usb1/1-11/1-11:1.0/input/input35


# ls /dev/video*
/dev/video0  /dev/video1

# v4l2-ctl --list-devices
Live! Cam Sync HD VF0770: Live! (usb-:00:14.0-11):
    /dev/video0
    /dev/video1
    /dev/media0

and webcam works as expected

This webcam supported since 2.6.26
https://linux-hardware.org/?id=usb:041e-4095

I found at least one post that is likely related (1 month old, 5.15 
kernel, working with Ubuntu 20.04 running earlier kernels)

https://www.reddit.com/r/archlinux/comments/r9l32r/live_cam_sync_hd_usb_webcam_not_working/


-- Package-specific info:
** Version:
Linux version 5.15.0-2-amd64 (debian-ker...@lists.debian.org) (gcc-11 
(Debian 11.2.0-13) 11.2.0, GNU ld (GNU Binutils for Debian) 2.37) #1 SMP 
Debian 5.15.5-2 (2021-12-18)


** Command line:

BOOT_IMAGE=/boot/vmlinuz-5.15.0-2-amd64 
root=UUID=b444fc5f-bc92-46b0-a1d5-fcec14615eb4 ro 
rd.luks.key=/:UUID=299ec5b3-9e0d-4391-ac0b-c7505e9809c3 
acpi_enforce_resources=lax quiet


** Tainted: POE (12289)
 * proprietary module was loaded
 * externally-built ("out-of-tree") module was loaded
 * unsigned module was loaded

** Kernel log:
Unable to read kernel log; any relevant messages should be attached

** Model information
sys_vendor: Gigabyte Technology Co., Ltd.
product_name: Z390 GAMING SLI
product_version: Default string
chassis_vendor: Default string
chassis_version: Default string
bios_vendor: American Megatrends Inc.
bios_version: F10k
board_vendor: Gigabyte Technology Co., Ltd.
board_name: Z390 GAMING SLI-CF
board_version: Default string

** Loaded modules:
mptcp_diag
tcp_diag
udp_diag
raw_diag
inet_diag
unix_diag
af_packet_diag
netlink_diag
nvidia_uvm(POE)
ufs
qnx4
hfsplus
hfs
cdrom
minix
vfat
msdos
fat
jfs
xfs
cfg80211
rfkill
nfnetlink
cpufreq_powersave
cpufreq_ondemand
cpufreq_conservative
cpufreq_userspace
binfmt_misc
uinput
drivetemp
it87
hwmon_vid
loop
cpuid
msr
ecryptfs
nvidia_drm(POE)
drm_kms_helper
cec
rc_core
nvidia_modeset(POE)
parport_pc
ppdev
lp
parport
fuse
nfsd
auth_rpcgss
nfs_acl
nfs
lockd
grace
sunrpc
sha512_ssse3
sha512_generic
cmac
nls_utf8
cifs
cifs_arc4
cifs_md4
dns_resolver
fscache
netfs
intel_rapl_msr
mei_hdcp
intel_rapl_common
x86_pkg_temp_thermal
intel_powerclamp
coretemp
snd_sof_pci_intel_cnl
kvm_intel
snd_sof_intel_hda_common
soundwire_intel
soundwire_generic_allocation
soundwire_cadence
snd_sof_intel_hda
snd_sof_pci
snd_sof_xtensa_dsp
kvm
snd_sof
soundwire_bus
irqbypass
snd_soc_skl
rapl
intel_cstate
snd_soc_hdac_hda
intel_uncore
snd_hda_ext_core
pcspkr
snd_soc_sst_ipc
snd_soc_sst_dsp
intel_wmi_thunderbolt
snd_soc_acpi_intel_match
wmi_bmof
snd_soc_acpi
mxm_wmi
snd_soc_core
iTCO_wdt
intel_pmc_bxt
iTCO_vendor_support
watchdog
ee1004
snd_compress
mei_me
mei
snd_hda_codec_realtek
snd_hda_codec_generic
ledtrig_audio
snd_hda_codec_hdmi
joydev
snd_usb_audio
xpad
ff_memless
evdev
nvidia(POE)
snd_hda_intel
snd_usbmidi_lib
snd_intel_dspcfg
snd_rawmidi
snd_intel_sdw_acpi
snd_seq_device
snd_hda_codec
mc
snd_hda_core
snd_hwdep
snd_pcm
snd_timer
snd
drm
soundcore
intel_pch_thermal
intel_pmc_core
acpi_pad
button
ext4
crc16
mbcache
jbd2
crc32c_generic
btrfs
zstd_compress
dm_crypt
dm_mod
hid_plantronics
raid10
raid456
async_raid6_recov
async_memcpy
async_pq
async_xor
async_tx
xor
raid6_pq
libcrc32c
raid1
raid0
multipath
linear
md_mod
hid_generic
usbhid
hid
sg
sd_mod
crc32_pclmul
crc32c_intel
ghash_clmulni_intel
ahci
libahci
nvme
xhci_pci
libata
aesni_intel
e1000e
xhci_hcd
crypto_simd
cryptd
ptp
nvme_core
r8169
pps_core
scsi_mod
usbcore
realtek
mdio_devres
t10_pi
i2c_i801
crc_t10dif
i2c_smbus
libphy
crct10dif_generic
crct10dif_pclmul
crct10dif_common
scsi_common
usb_common
fan
wmi
video

** PCI devices:
00:00.0 Host bridge [0600]: 

Bug#1004038: AppArmor: cannot save files in enforced mode (again)

[Vincas Dargis]

Package: libreoffice-common
Version: 1:7.3.0~rc2-2
Severity: normal
Tags: upstream

Dear Maintainer,

Looks like bug #905442 is back. We need rule with eight (and more) question
marks:

type=AVC msg=audit(1642615553.674:2636): apparmor="DENIED"
operation="mknod" profile="libreoffice-soffice"
name="/home/vincas/Darbastalis/lu7600dk8g.tmp" pid=7600
comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1000
ouid=1000FSUID="vincas" OUID="vincas"

This one rule should the trick:

owner @{libo_user_dirs}/{,**/}lu{,?,??,???,}.tmp rwk,

It would be nice to find code that generates these temporaries and see
what range is currently used...

-- Package-specific info:

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreoffice-common depends on:
ii  libnumbertext-data 1.0.8-1
ii  libreoffice-style-colibre  1:7.3.0~rc2-2
ii  ucf3.0043
ii  ure1:7.3.0~rc2-2

Versions of packages libreoffice-common recommends:
ii  apparmor3.0.3-6
ii  fonts-liberation2   2.1.5-1
ii  libexttextcat-data  3.4.5-1
ii  poppler-data0.4.11-1
ii  python3-uno 1:7.3.0~rc2-2
ii  xdg-utils   1.1.3-4.1

Versions of packages libreoffice-common suggests:
ii  libreoffice-style-breeze [libreoffice-style]   1:7.3.0~rc2-2
ii  libreoffice-style-colibre [libreoffice-style]  1:7.3.0~rc2-2

Versions of packages python3-uno depends on:
ii  libc62.33-3
ii  libgcc-s111.2.0-14
ii  libpython3.9 3.9.10-1
ii  libreoffice-core 1:7.3.0~rc2-2
ii  libstdc++6   11.2.0-14
ii  libuno-cppu3 1:7.3.0~rc2-2
ii  libuno-cppuhelpergcc3-3  1:7.3.0~rc2-2
ii  libuno-sal3  1:7.3.0~rc2-2
ii  libuno-salhelpergcc3-3   1:7.3.0~rc2-2
ii  python3  3.9.8-1
ii  python3.93.9.10-1
ii  ucf  3.0043
ii  uno-libs-private 1:7.3.0~rc2-2

-- Configuration Files:
/etc/apparmor.d/usr.lib.libreoffice.program.oosplash changed:
profile libreoffice-oosplash /usr/lib/libreoffice/program/oosplash {
  #include 
  #include 
  /etc/libreoffice/ r,
  /etc/libreoffice/**   r,
  /etc/passwd   r,
  /etc/nsswitch.confr,
  /run/nscd/passwd  r,
  /sys/devices/{virtual,pci[0-9]*}/**/queue/rotational  r, # for isRotational() 
in desktop/unx/source/pagein.c
  /usr/lib{,32,64}/ure/bin/javaldx  rmpux,
  /usr/share/libreoffice/program/*  r,
  /usr/lib/libreoffice/program/**   r,
  /usr/lib/libreoffice/program/soffice.bin rmpx,
  /usr/lib/libreoffice/program/javaldx rmpux,
  owner @{HOME}/.Xauthority r,
  owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
  unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined),
  unix peer=(addr=@/tmp/.X11-unix/* label=unconfined),
}

/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin changed:
@{libreoffice_ext} = [tT][xX][tT]
@{libreoffice_ext} += {,f,F}[oO][dDtT][tTsSpPbBgGfF]
@{libreoffice_ext} += [xX][mMsS][lL]
@{libreoffice_ext} += [pP][dD][fF]
@{libreoffice_ext} += [uU][oO][fFtTsSpP]
@{libreoffice_ext} += {,x,X}[hH][tT][mM]{,l,L}
@{libreoffice_ext} += [eE][pP][uU][bB]
@{libreoffice_ext} += [pP][sS]
@{libreoffice_ext} += [jJ][pP][gG]
@{libreoffice_ext} += [jJ][pP][eE][gG]
@{libreoffice_ext} += [pP][nN][gG]
@{libreoffice_ext} += [sS][vV][gG]
@{libreoffice_ext} += [sS][vV][gG][zZ]99251
@{libreoffice_ext} += [tT][iI][fF]
@{libreoffice_ext} += [tT][iI][fF][fF]
@{libreoffice_ext} += [dD][oO][cCtT]{,x,X}
@{libreoffice_ext} += [rR][tT][fF]
@{libreoffice_ext} += [xX][lL][sStT]{,x,X,m,M}
@{libreoffice_ext} += [xX][lL][wW]
@{libreoffice_ext} += [dD][iIbB][fF]
@{libreoffice_ext} += [cCtT][sS][vV]
@{libreoffice_ext} += [sS][lL][kK]
@{libreoffice_ext} += [pP][pP][tTsS]{,x,X}
@{libreoffice_ext} += [pP][oO][tT]{,m,M}
@{libreoffice_ext} += [pP][sS][dD]
@{libreoffice_ext} += [mM][mM][lL]
@{libo_user_dirs} = @{HOME} /mnt /media
profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin {
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #List directories for file browser
  / r,
  /**/  r,
  owner 

Bug#1004037: src:plink2: fails to migrate to testing for too long: autopkgtest regression

[Paul Gevers]

Source: plink2
Version: 2.00~a3-210816+dfsg-1
Severity: serious
Control: close -1 2.00~a3-211011+dfsg-1
Tags: sid bookworm
User: release.debian@packages.debian.org
Usertags: out-of-sync
Control: block -1 by 1000782

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 60 days as having a Release Critical bug in 
testing [1]. Your package src:plink2 has been trying to migrate for 61 
days [2]. Hence, I am filing this bug.


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and bookworm, so 
it doesn't affect (old-)stable.


If you believe your package is unable to migrate to testing due to 
issues beyond your control, don't hesitate to contact the Release Team.


Paul

[1] https://lists.debian.org/debian-devel-announce/2020/02/msg5.html
[2] https://qa.debian.org/excuses.php?package=plink2



OpenPGP_signature
Description: OpenPGP digital signature

Bug#990428: Add fixed package to stable?

[Jörn Heissler]

Hello,

could the fixed version 2.13 please be added to stable/bullseye?
So far it appears to work for me; 2.12 doesn't.

Cheers


signature.asc
Description: PGP signature

Bug#1003152: postfix: should provide (document if not cleanly doable) a way to restart postfix if /etc/resolv.conf changes

[Vincent Lefevre]

On 2022-01-18 18:43:55 -0500, Scott Kitterman wrote:
> I have committed a systemd path unit based solution to git (I assume non-
> systemd users can continue to use resolvconf).  I don't have a good way to 
> test it, since I don't currently have an unstable system and systemd doesn't 
> mix well with chroots.  I manually installed, enabled, and started the new 
> service files on a stable systems and they worked.
> 
> I would appreciate any testing before I upload this (or after, I guess).

I could check that after connecting to a different network,
the /etc/resolv.conf file in the chroot is updated and postfix
is reloaded.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#979375: backuppc: Version 4 doesn't manage accents correctly.

[J. Fernando LAGRANGE]

Hello,

Do you use rsync as Xfer method ?


I tried to reproduce with a fresh backuppc 4.4.0-3 installation on a 
Debian Bullseye installation and rsync backup went smoothly with 
"Vid\x{e9}os" in the config file !



(I am sorry, I do not know how to get all "System Information" from my 
BackupPC server to tell bts.)


Regards,
Fernando


On 05/01/2021 22:25, Ghent wrote:

Package: backuppc
Version: 4.4.0-2
Severity: important
Tags: upstream

Dear Maintainer,

The web interface doesn't correctly manage accents in BackupFilesOnly or 
BackupFilesExclude.
If I put the word "Vidéos", it saves "Vid\x{e9}os" in the config file and 
doesn't detect the folder during backup.
If I write "Vidéos" directly in the config file, the web interface displays 
"Vidéos" but it detects correctly the folder during backup.

-- System Information:
Debian Release: bullseye/sid
   APT prefers stable-updates
   APT policy: (950, 'stable-updates'), (950, 'testing'), (950, 'stable'), 
(180, 'unstable'), (60, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages backuppc depends on:
ii  adduser3.118
ii  apache2 [httpd]2.4.46-2
ii  apache2-utils  2.4.46-2
ii  backuppc-rsync 3.1.3.0-1
ii  bzip2  1.0.8-4
ii  debconf [debconf-2.0]  1.5.74
ii  exim4  4.94-9
ii  exim4-daemon-light [mail-transport-agent]  4.94-9+b1
ii  init-system-helpers1.60
ii  iputils-ping   3:20200821-2
ii  libarchive-zip-perl1.68-1
ii  libbackuppc-xs-perl0.62-1+b1
ii  libc6  2.31-6
ii  libcgi-pm-perl 4.51-1
pn  libdigest-md5-perl 
ii  libfile-listing-perl   6.14-1
ii  libtime-parsedate-perl 2015.103-3
ii  lsb-base   11.1.0
ii  perl [libio-compress-perl] 5.32.0-6
ii  ucf3.0043

Versions of packages backuppc recommends:
ii  libio-dirent-perl0.05-1+b9
ii  openssh-client [ssh-client]  1:8.4p1-3
ii  rrdtool  1.7.2-3+b7
ii  samba-common-bin 2:4.13.2+dfsg-3
ii  smbclient2:4.13.2+dfsg-3

Versions of packages backuppc suggests:
pn  certbot | acme-tiny | acmetool | dehydrated | lacme | lecm |   
ii  elinks [www-browser]   0.13.2-1+b1
ii  epiphany-browser [www-browser] 3.38.2-1
ii  firefox [www-browser]  84.0-3
pn  libscgi-perl   
ii  links [www-browser]2.21-1
ii  links2 [www-browser]   2.21-1
ii  lynx [www-browser] 2.9.0dev.6-1
ii  midori [www-browser]   7.0-2.1
ii  par2   0.8.1-1
ii  rsync  3.2.3-3
ii  w3m [www-browser]  0.5.3-38+b1

-- Configuration Files:
/etc/backuppc/apache.conf changed [not included]
/etc/backuppc/config.pl [Errno 13] Permission non accordée: 
'/etc/backuppc/config.pl'
/etc/backuppc/hosts [Errno 13] Permission non accordée: '/etc/backuppc/hosts'
/etc/default/backuppc changed [not included]

-- debconf information excluded


--
J. Fernando Lagrange
PROBESYS - Spécialistes OpenSource
9 rue de chamrousse
38100 Grenoble
Tel : 09 74 76 47 86
site web : https://www.probesys.com

Bug#997478: pyls-black: diff for NMU version 0.4.6-3.1

[Adrian Bunk]

Control: tags 997478 + patch
Control: tags 997478 + pending

Dear maintainer,

I've prepared an NMU for pyls-black (versioned as 0.4.6-3.1) and 
uploaded it to DELAYED/15. Please feel free to tell me if I should 
cancel it.

cu
Adrian
diff -Nru pyls-black-0.4.6/debian/changelog pyls-black-0.4.6/debian/changelog
--- pyls-black-0.4.6/debian/changelog	2021-02-05 11:19:34.0 +0200
+++ pyls-black-0.4.6/debian/changelog	2022-01-19 19:12:45.0 +0200
@@ -1,3 +1,11 @@
+pyls-black (0.4.6-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add upstream fix for test failure with new Black.
+(Closes: #997478)
+
+ -- Adrian Bunk   Wed, 19 Jan 2022 19:12:45 +0200
+
 pyls-black (0.4.6-3) unstable; urgency=medium
 
   * Fix Build-Depends
diff -Nru pyls-black-0.4.6/debian/patches/0001-Fix-test-failure-with-black-21.4b0-39.patch pyls-black-0.4.6/debian/patches/0001-Fix-test-failure-with-black-21.4b0-39.patch
--- pyls-black-0.4.6/debian/patches/0001-Fix-test-failure-with-black-21.4b0-39.patch	1970-01-01 02:00:00.0 +0200
+++ pyls-black-0.4.6/debian/patches/0001-Fix-test-failure-with-black-21.4b0-39.patch	2022-01-19 19:11:25.0 +0200
@@ -0,0 +1,65 @@
+From 4a2780358c2827b2b1598e9e60365f0d5c9a27a4 Mon Sep 17 00:00:00 2001
+From: Mathis 
+Date: Sat, 5 Jun 2021 06:40:55 +0800
+Subject: Fix test failure with black 21.4b0+ (#39)
+
+Inline PY36_VERSIONS because black no longer exposes it.
+
+Closes #36.
+---
+ pyls_black/plugin.py | 4 +++-
+ tests/test_plugin.py | 9 +++--
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/pyls_black/plugin.py b/pyls_black/plugin.py
+index 407802f..dc5d482 100644
+--- a/pyls_black/plugin.py
 b/pyls_black/plugin.py
+@@ -4,6 +4,8 @@ import black
+ import toml
+ from pyls import hookimpl
+ 
++_PY36_VERSIONS = {black.TargetVersion[v] for v in ["PY36", "PY37", "PY38", "PY39"]}
++
+ 
+ @hookimpl(tryfirst=True)
+ def pyls_format_document(document):
+@@ -97,7 +99,7 @@ def load_config(filename: str) -> Dict:
+ black.TargetVersion[x.upper()] for x in file_config["target_version"]
+ )
+ elif file_config.get("py36"):
+-target_version = black.PY36_VERSIONS
++target_version = _PY36_VERSIONS
+ else:
+ target_version = set()
+ 
+diff --git a/tests/test_plugin.py b/tests/test_plugin.py
+index f943b16..e722dba 100644
+--- a/tests/test_plugin.py
 b/tests/test_plugin.py
+@@ -8,7 +8,12 @@ import pytest
+ from pyls import uris
+ from pyls.workspace import Document, Workspace
+ 
+-from pyls_black.plugin import load_config, pyls_format_document, pyls_format_range
++from pyls_black.plugin import (
++_PY36_VERSIONS,
++load_config,
++pyls_format_document,
++pyls_format_range,
++)
+ 
+ here = Path(__file__).parent
+ fixtures_dir = here / "fixtures"
+@@ -191,7 +196,7 @@ def test_load_config_target_version():
+ def test_load_config_py36():
+ config = load_config(str(fixtures_dir / "py36" / "example.py"))
+ 
+-assert config["target_version"] == black.PY36_VERSIONS
++assert config["target_version"] == _PY36_VERSIONS
+ 
+ 
+ def test_load_config_defaults():
+-- 
+2.20.1
+
diff -Nru pyls-black-0.4.6/debian/patches/series pyls-black-0.4.6/debian/patches/series
--- pyls-black-0.4.6/debian/patches/series	2021-02-05 11:19:34.0 +0200
+++ pyls-black-0.4.6/debian/patches/series	2022-01-19 19:12:45.0 +0200
@@ -1 +1,2 @@
 suppress-post-install-tests.patch
+0001-Fix-test-failure-with-black-21.4b0-39.patch

Bug#1004036: libvmime: FTBFS with ICU 70.1

[GCS]

Source: libvmime
Version: 0.9.2-7
Severity: normal
Tags: ftbfs patch
Usertags: ICU70.1

Hi,

Soon I would like to start the ICU 70.1 transition. Your package FTBFS
with this release. Main reason is that since ICU 68.1 it doesn't
define TRUE and FALSE constants.
You need to use the C99 / C++ ones which are lowercase ones. Patch is
attached to make it easy for you.

Regards,
Laszlo/GCS
Description: since ICU 68.1 TRUE and FALSE are no longer defined
 Use their C99 / C++ analogues, ie use them in lowercase.
Author: Laszlo Boszormenyi (GCS) 
Forwarded: no
Last-Update: 2022-01-19

---

--- libvmime-0.9.2.orig/src/vmime/charsetConverter_icu.cpp
+++ libvmime-0.9.2/src/vmime/charsetConverter_icu.cpp
@@ -359,7 +359,7 @@ void charsetFilteredOutputStream_icu::wr
 		toErr = U_ZERO_ERROR;
 
 		ucnv_toUnicode(m_from, , uniTargetLimit,
-		   , uniSourceLimit, NULL, /* flush */ FALSE, );
+		   , uniSourceLimit, NULL, /* flush */ false, );
 
 		if (U_FAILURE(toErr) && toErr != U_BUFFER_OVERFLOW_ERROR)
 		{
@@ -396,7 +396,7 @@ void charsetFilteredOutputStream_icu::wr
 			fromErr = U_ZERO_ERROR;
 
 			ucnv_fromUnicode(m_to, , cpTargetLimit,
-			 , cpSourceLimit, NULL, /* flush */ FALSE, );
+			 , cpSourceLimit, NULL, /* flush */ false, );
 
 			if (fromErr != U_BUFFER_OVERFLOW_ERROR && U_FAILURE(fromErr))
 			{
@@ -448,7 +448,7 @@ void charsetFilteredOutputStream_icu::fl
 		toErr = U_ZERO_ERROR;
 
 		ucnv_toUnicode(m_from, , uniTargetLimit,
-		   , uniSourceLimit, NULL, /* flush */ TRUE, );
+		   , uniSourceLimit, NULL, /* flush */ true, );
 
 		if (U_FAILURE(toErr) && toErr != U_BUFFER_OVERFLOW_ERROR)
 		{
@@ -476,7 +476,7 @@ void charsetFilteredOutputStream_icu::fl
 			fromErr = U_ZERO_ERROR;
 
 			ucnv_fromUnicode(m_to, , cpTargetLimit,
-			 , cpSourceLimit, NULL, /* flush */ TRUE, );
+			 , cpSourceLimit, NULL, /* flush */ true, );
 
 			if (fromErr != U_BUFFER_OVERFLOW_ERROR && U_FAILURE(fromErr))
 			{

Bug#985314: Fwd: Re: Bug#985314: asterisk spams console output to syslog due to systemd misconfiguration

[Sergio Durigan Junior]

The bug was archived, so the message I sent (below) bounced.  Forwarding
it.

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/

 Start of forwarded message 
From: Sergio Durigan Junior 
To: Utkarsh Gupta 
Cc: be...@debian.org,  985...@bugs.debian.org
Subject: Re: Bug#985314: asterisk spams console output to syslog due to
 systemd misconfiguration
Date: Wed, 19 Jan 2022 11:49:02 -0500

On Monday, March 15 2021, Utkarsh Gupta wrote:

> Hi Bernhard,
>
> Thanks for taking care of asterisk. This bug report is just a mere
> forward of what was originally reported in Ubuntu; cf:
> https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1909816.
[...]

"Editing patches by hand considered evil" :-).

This upload introduced a problem: the asterisk.service file doesn't
contain the [Install] section anymore, which makes it be treated as a
static unit by systemd.  This means that the service cannot be
enabled/disabled, so when a reboot happens the service doesn't
automatically start.

This has been reported in
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1958259, btw.

The problem happened because the file d/p/systemd.patch was likely
edited by hand, but the diff header was not updated to reflect the new
lines that have been added.  Because of this, 'patch' silently drops the
last 6 lines of the diff when applying it.

The following patch should fix the problem.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/

diff --git a/debian/patches/systemd.patch b/debian/patches/systemd.patch
index de803e43..34da8fed 100644
--- a/debian/patches/systemd.patch
+++ b/debian/patches/systemd.patch
@@ -81,7 +81,7 @@ Last-Update: 2016-04-02
 +fi
 --- /dev/null
 +++ b/contrib/asterisk.service
-@@ -0,0 +1,49 @@
+@@ -0,0 +1,55 @@
 +[Unit]
 +Description=Asterisk PBX
 +Documentation=man:asterisk(8)


signature.asc
Description: PGP signature
 End of forwarded message 

Bug#1003929: ncurses: please make the build reproducible

[Sven Joachim]

On 2022-01-18 09:26 +, Chris Lamb wrote:

> Source: ncurses
> Version: 6.3-2
> Severity: wishlist
> Tags: patch
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: umask
> X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
>
> Hi,
>
> Whilst working on the Reproducible Builds effort [0] we noticed that
> ncurses could not be built reproducibly.

Thanks.  I should have noticed that from the failing reprotest in the
Salsa CI, but did not look closely and thought that it would be due to a
different problem that has shown up on i386 since ncurses 6.3-1.

> This is because the README.gz file will retain its group-writeable bit
> due to the use of dh_fixperms -Xfoo, and will thus vary when the package
> is built with a different umask:
>
> --rw-r--r--   0 root (0) root (0) 7937 2021-03-07 
> 00:08:58.00 ./usr/libexec/ncurses-examples/README.gz
> +-rw-rw-r--   0 root (0) root (0) 7937 2021-03-07 
> 00:08:58.00 ./usr/libexec/ncurses-examples/README.gz
>
> Patch attached that removes this bit manually, but feel free to go with a
> different solution, of course.

> --- a/debian/rules2022-01-18 08:47:42.277389249 +
> --- b/debian/rules2022-01-18 09:03:30.547729907 +
> @@ -508,6 +508,7 @@
>   dh_compress -p$(package-examples) usr/libexec/ncurses-examples/README
>   dh_compress -a -N$(package-examples)
>   dh_fixperms -a -Xusr/libexec/ncurses-examples/README
> + chmod g-w debian/ncurses-examples/usr/libexec/ncurses-examples/README.gz

That works with umask 002, but in fact the file could have any
permissions from 000 to 666, depending on the umask used when the source
was unpacked.

I have installed a different fix, and now the reprotest succeeds
again[1].

Cheers,
   Sven


1. https://salsa.debian.org/debian/ncurses/-/pipelines/339074

Bug#1003864: libreoffice-help-it: Libreoffice help depends from Firefox-esr package

[Rene Engelhard]

Am 19.01.22 um 13:13 schrieb Antonio:
I would like to install LibreOffice Help to use it offline but if I do 
it then forced me to install Firefox-ESR, which for me would be a 
duplicate I don't need.


No, that is wrong as I said. It forces you to use a JS-supporting 
browser from the Debian archive, not just firefox-esr:


I said:

"firefox-esr OR epiphany-browser OR konqueror OR chromium OR firefox"


Maybe equivs helps here?


And yes, I can read english and understand what you want.

That's why my compromise suggestion was to do it as Recommends: (which 
would still be installed per default and can be ignored)


I said "One might argue it can be a Recommends: (then only people who 
don't install recommends per default don't get it, but)".



It would be interesting if the package manager could install 
Firefox-ESR only if it don't finds other browsers available in the 
system (in my case: /etc/alternatives/x-www-browser -> 
/opt/firefox/firefox).



Nah, that would be titally undeterministic.


(BTW, you maybe should stop fullquoting, top-posting and read mails, i 
already said in my last mail that I consider making it Recommends: 
instead of Depends:)


Regards,


Rene

Bug#1000991: Updates to the content required

[Gabriel CORRE]

Source: debian-reference
Followup-For: Bug #1000991

Hello,

in https://www.debian.org/doc/manuals/debian-reference/ch02.en.html
(in english but also other languages)

The samples of /etc/apt/source.list use possible wrong url

There are both mention of :

```
deb http://security.debian.org/debian-security ...
deb http://security.debian.org/ ...
```

The website it-self ( https://www.debian.org/security/ ) told to use `deb 
http://security.debian.org/debian-security`

Replace `http://security.debian.org/` by 
`http://security.debian.org/debian-security`

in chapiters:
- [x] 2.1.4 ok : 
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_debian_archive_basics
- [ ] 2.7.4 need to be fixed : 
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
- [ ] 2.7.6 need to be fixed : 
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_tracking_literal_testing_literal_with_some_packages_from_literal_unstable_literal
- [ ] 2.7.7 need to be fixed : 
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_tracking_literal_unstable_literal_with_some_packages_from_literal_experimental_literal

Regards,

Bug#1004035: rumur FTBFS on 32bit: Bad system call

[Adrian Bunk]

Source: rumur
Version: 2021.12.27-1
Severity: serious
Tags: ftbfs
Control: block 1002186 by -1

https://buildd.debian.org/status/package.php?p=rumur

...
--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x5c20ec, 
si_syscall=__NR_statx, si_arch=AUDIT_ARCH_PPC} ---
+++ killed by SIGSYS +++
/<>/tests/strace-sandbox.sh: line 69: 3494941 Bad system call  
   strace ./model.exe
+ RET=159
+ '[' 159 -eq 0 ']'
+ popd
+ rm -rf /tmp/tmp.MFJZxsf2dZ
+ exit 159


==
FAIL: test_basic_sandbox_m (__main__.rumurDebugMultithreaded)
--
Traceback (most recent call last):
  File "/<>/tests/run-tests.py", line 576, in 
setattr(c, name, lambda self, p=p: self._run(p))
  File "/<>/tests/run-tests.py", line 490, in _run
self._run_param(testcase, True, False, True, False)
  File "/<>/tests/run-tests.py", line 441, in _run_param
self.fail('Unexpected checker exit status {}:\n{}{}'
AssertionError: Unexpected checker exit status -31:
...
Ran 5344 tests in 1239.289s

FAILED (failures=13, skipped=2211)
make[4]: *** [CMakeFiles/check.dir/build.make:73: CMakeFiles/check] Error 1

Bug#1002180: clamfs: diff for NMU version 1.2.0-2.1

[Adrian Bunk]

Control: tags 1002180 + patch
Control: tags 1002180 + pending

Dear maintainer,

I've prepared an NMU for clamfs (versioned as 1.2.0-2.1) and uploaded
it to DELAYED/14. Please feel free to tell me if I should cancel it.

cu
Adrian
diff -Nru clamfs-1.2.0/debian/changelog clamfs-1.2.0/debian/changelog
--- clamfs-1.2.0/debian/changelog	2020-01-10 02:46:18.0 +0200
+++ clamfs-1.2.0/debian/changelog	2022-01-19 18:35:36.0 +0200
@@ -1,3 +1,10 @@
+clamfs (1.2.0-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Don't build with -Werror. (Closes: #1002180)
+
+ -- Adrian Bunk   Wed, 19 Jan 2022 18:35:36 +0200
+
 clamfs (1.2.0-2) unstable; urgency=medium
 
   * Add patches/Remove-_start-symbol-check-for-CXX-libraries.patch to fix
diff -Nru clamfs-1.2.0/debian/patches/no-Werror.patch clamfs-1.2.0/debian/patches/no-Werror.patch
--- clamfs-1.2.0/debian/patches/no-Werror.patch	1970-01-01 02:00:00.0 +0200
+++ clamfs-1.2.0/debian/patches/no-Werror.patch	2022-01-19 18:35:36.0 +0200
@@ -0,0 +1,15 @@
+Description: Don't build with -Werror.
+Author: Adrian Bunk 
+Bug-Debian: https://bugs.debian.org/1002180
+
+--- clamfs-1.2.0.orig/configure.ac
 clamfs-1.2.0/configure.ac
+@@ -37,7 +37,7 @@ AC_CHECK_FUNCS([fchdir fdatasync fork ft
+ AC_C_FDPASSING
+ 
+ # Set initial CPPFLAGS
+-CPPFLAGS="$CPPFLAGS -Wall -Werror -Wextra"
++CPPFLAGS="$CPPFLAGS -Wall -Wextra"
+ 
+ # Checks for boost
+ AX_BOOST_BASE(1.33)
diff -Nru clamfs-1.2.0/debian/patches/series clamfs-1.2.0/debian/patches/series
--- clamfs-1.2.0/debian/patches/series	2020-01-10 01:59:11.0 +0200
+++ clamfs-1.2.0/debian/patches/series	2022-01-19 18:35:36.0 +0200
@@ -1 +1,2 @@
 Remove-_start-symbol-check-for-CXX-libraries.patch
+no-Werror.patch

Bug#1002167: hmat-oss: diff for NMU version 1.2.0-2.2

[Adrian Bunk]

Control: tags 1002167 + patch
Control: tags 1002167 + pending

Dear maintainer,

I've prepared an NMU for hmat-oss (versioned as 1.2.0-2.2) and uploaded 
it to DELAYED/14. Please feel free to tell me if I should cancel it.

cu
Adrian
diff -Nru hmat-oss-1.2.0/debian/changelog hmat-oss-1.2.0/debian/changelog
--- hmat-oss-1.2.0/debian/changelog	2020-05-02 02:18:14.0 +0300
+++ hmat-oss-1.2.0/debian/changelog	2022-01-19 18:14:34.0 +0200
@@ -1,3 +1,10 @@
+hmat-oss (1.2.0-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Backport upstream fix for FTBFS with glibc 2.33. (Closes: #1002167)
+
+ -- Adrian Bunk   Wed, 19 Jan 2022 18:14:34 +0200
+
 hmat-oss (1.2.0-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru hmat-oss-1.2.0/debian/patches/0001-instrumentation-Use-mallinfo2-from-glibc-2.33.patch hmat-oss-1.2.0/debian/patches/0001-instrumentation-Use-mallinfo2-from-glibc-2.33.patch
--- hmat-oss-1.2.0/debian/patches/0001-instrumentation-Use-mallinfo2-from-glibc-2.33.patch	1970-01-01 02:00:00.0 +0200
+++ hmat-oss-1.2.0/debian/patches/0001-instrumentation-Use-mallinfo2-from-glibc-2.33.patch	2022-01-19 18:14:34.0 +0200
@@ -0,0 +1,41 @@
+From 40b12c8c90ab5d67847fec6bda6111c396fa3b0d Mon Sep 17 00:00:00 2001
+From: Julien Schueller 
+Date: Fri, 19 Feb 2021 10:22:35 +0100
+Subject: instrumentation: Use mallinfo2 from glibc 2.33
+
+mallinfo being deprecated
+---
+ src/common/memory_instrumentation.cpp | 8 
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/common/memory_instrumentation.cpp b/src/common/memory_instrumentation.cpp
+index 22acd3d..a98870e 100644
+--- a/src/common/memory_instrumentation.cpp
 b/src/common/memory_instrumentation.cpp
+@@ -31,7 +31,11 @@
+ #ifdef __GLIBC__
+ #include 
+ // Do not care about thread safety. This is an acceptable approximation.
++#if __GLIBC_PREREQ(2,33)
++static struct mallinfo2 global_mallinfo;
++#else
+ static struct mallinfo global_mallinfo;
++#endif
+ static int mallinfo_counter;
+ #endif
+ static int write_counter;
+@@ -142,7 +146,11 @@ void MemoryInstrumenter::allocImpl(mem_t size, char type) {
+ #ifdef __GLIBC__
+ mallinfo_counter ++;
+ if(mallinfo_counter >= mallinfo_sampling) {
++#if __GLIBC_PREREQ(2,33)
++global_mallinfo = mallinfo2();
++#else
+ global_mallinfo = mallinfo();
++#endif
+ mallinfo_counter = 0;
+ }
+ int k = 3;
+-- 
+2.20.1
+
diff -Nru hmat-oss-1.2.0/debian/patches/series hmat-oss-1.2.0/debian/patches/series
--- hmat-oss-1.2.0/debian/patches/series	2020-05-02 01:27:04.0 +0300
+++ hmat-oss-1.2.0/debian/patches/series	2022-01-19 18:14:05.0 +0200
@@ -1,3 +1,4 @@
 0001-make-build-reproducible.patch
 0002-Fix-compilation-on-Linux-32-bits-systems.patch
 fix_gcc.patch
+0001-instrumentation-Use-mallinfo2-from-glibc-2.33.patch

Bug#1004007: freecad: Segfaults on armhf when clicking "Ceate New..." or File -> New

[Tobias Frost]

On Wed, Jan 19, 2022 at 08:17:11AM +, Serge Schneider wrote:
> Package: freecad
> Version: 0.19.1+dfsg1-2
> Severity: important
> X-Debbugs-Cc: se...@raspberrypi.com
> 
> Dear Maintainer,
> 
> When running FreeCAD, creating a new file crashes with a segfault:
(...)

> This is the same issue as #931458, which was closed because it was reported
> against Raspbian's packages.  However, the issue is reproducible in Debian
> too (using 20210823_raspi_2_bullseye.img.xz).
> 
> The crash seems to have something to do with how Ccoin3D creates the context
> in Qt.
> 
> Rebuilding FreeCAD against Qt4 rather than Qt5 makes it work. It also works
> on arm64.
> 
> The main difference I can see is that Qt is built with OpenGL support on
> arm64, but only OpenGL ES support on armhf.
> 
> Thegq issue has also been reported upstream at
> https://tracker.freecadweb.org/view.php?id=4083, but there hasn't been any
> progess in a few years.

The discussion on the FreCAD forum (pointer to the thread is in the above
FreeCAD ticket), namely the backtrace at 
https://forum.freecadweb.org/viewtopic.php?p=456568#p456568 hints that this
crash is happening somewhere in libcoin: (IF the backtrace is related to what 
you see as well)
It is calling out to libx11's XDefaultScreenOfDisplay() and it looks like that 
this
might be a NULL-Pointer passed to that function...
https://codesearch.debian.net/search?q=XScreenOfDisplay+package%3Alibx11=0

That reminds me of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969230...

Unfortunatly I do not have any Pi4 I could use for this to debug at my hands.

However, you might want to see if cherry-picking the mentioned patch in
#969230 (https://github.com/coin3d/coin/pull/404/files) and recompile the
coin3 Debian package locally with that patch.. Maybe this does something for you
and helps pin-pointing the problem.


-- 
tobi

> -- System Information:
> Debian Release: 11.0
>   APT prefers stable-security
>   APT policy: (500, 'stable-security'), (500, 'stable')
> Architecture: armhf (armv7l)
> 
> Kernel: Linux 5.10.0-8-armmp (SMP w/4 CPU threads)
> Kernel taint flags: TAINT_CRAP, TAINT_UNSIGNED_MODULE
> Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages freecad depends on:
> ii  freecad-python3  0.19.1+dfsg1-2
> 
> Versions of packages freecad recommends:
> ii  calculix-ccx  2.17-3
> ii  graphviz  2.42.2-5
> 
> Versions of packages freecad suggests:
> pn  povray  
> 
> -- no debconf information

Bug#1004034: bagel: reproducible-builds: build path embedded in /usr/bin/BAGEL and debug symbols

[Vagrant Cascadian]

Source: bagel
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Different build paths trigger reproducibility issues with binaries such
as /usr/bin/BAGEL and relevent debugging symbols.

The attached patch fixes this by passing -ffile-prefix-map to CXXFLAGS
to avoid embedding the build path into the binaries.

Another possibility would be to use dpkg-buildflags, which includes this
flag by default.


With this patch applied, bagel should build reproducibly on
tests.reproducible-builds.org!


Thanks for maintaining bagel!


live well,
  vagrant
From e7c8200cb457d886a634f383623d693a961b1a06 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Wed, 19 Jan 2022 16:04:53 +
Subject: [PATCH] debian/rules: Pass -ffile-prefix-map in CXXFLAGS.

The -ffile-prefix-map argument is used to avoid embedding the build
path in binaries, which allows for reproducible builds regardless of
the build path in the build environment.
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 62d1d08..b6e0afa 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,7 +3,7 @@
 
 export LIBS=-lblas -llapack -lpthread
 
-export CXXFLAGS=-g1 -O2 -DNDEBUG -DZDOT_RETURN
+export CXXFLAGS=-g1 -O2 -DNDEBUG -DZDOT_RETURN -ffile-prefix-map=$(CURDIR)=.
 
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 B_LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH)
-- 
2.34.1



signature.asc
Description: PGP signature

Bug#1004022: clasp: Clasp FTBFS with glibc 2.34

[Lukas Märdian]

Am 19.01.22 um 14:41 schrieb Lukas Märdian:

Package: clasp
Version: 3.3.5-4
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu jammy ubuntu-patch
X-Debbugs-Cc: sl...@ubuntu.com

Dear Maintainer,

Once glibc will be upgraded to 2.34+ clasp will FTBFS.

In Ubuntu, the attached patch was applied to fix this issue:

   * d/p/use-system-catch-for-glibc-2.34-compat.patch: Fix FTBFS with glibc-2.34
 - Add catch v1 build-dependency
 - Make use of system provided catch v1 (CTest) library


Please remember that 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993515 needs to be 
fixed first in order for this patch to take effect.


-- Lukas

Bug#1004005: [Debichem-devel] Bug#1004005: openmm: reproducible-builds: BuildId differences triggered by RPATH

[Vagrant Cascadian]

On 2022-01-19, Vagrant Cascadian wrote:
> On 2022-01-19, Andrius Merkys wrote:
>> On 2022-01-19 10:02, Vagrant Cascadian wrote:
>>> The attached patch to debian/rules passes
>>> -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON via a dh_auto_configure override,
>>> which should use a relative path for RPATH.
>>
>> Thanks a lot for the patch!
>>
>>> Alternately, updating the packaging to debhelper compat level 14 should
>>> fix this, although it is currently an experimental compat level.
>>> 
>>> With this patch applied, openmm *should* build reproducibly on
>>> tests.reproducible-builds.org for the version currently in unstable,
>>> although the version in experimental seems to embed the build path in
>>> additional and/or non-deterministic ways.
>>
>> Maybe a possible long-term solution would be to use chrpath to set the
>> RPATH to point to the absolute location of private libraries, like
>> /usr/lib/${DEB_HOST_MULTIARCH}/openmm ?
>
> I haven't yet identified the cause of the other issues.
>
> I think the RPATH issues are solved by the submitted patch; at the very
> least it massively reduces the differences!

It looks like the addition of python3-simtk-dbgsym in the version in
experimental is what is causing the additional changes.

diffoscope output attached.


live well,
  vagrant


experiment-1.diffoscope.out.gz
Description: application/gzip


signature.asc
Description: PGP signature

Bug#1003969: sudo: FQDN option not overridable early on.

[Sven Mueller]

I can confirm that the linked upstream patch fixes the issue (sudo
works with non-resolvable hostname).

With the patch and `Defaults !fqdn`, no error or warning is shown/logged

With the patch and `Defaults fqdn` (or without a Defaults line
referring to fqdn, i.e. with a default sudoers file), a warning is
shown when sudo is used, but it remain usable.

Cheers,
Sven


Am Mi., 19. Jan. 2022 um 13:29 Uhr schrieb Sven Mueller
:
>
> Tags 1003969 + fixed-upstream patch confirmed
> Thanks
>
> https://www.sudo.ws/repos/sudo/rev/8c6eaa503793 has the upstream patch.

Bug#1004033: bullseye-pu: package node-fetch/2.6.1-5+deb11u1

[Yadd]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
node-fetch is vulnerable to privacy breach (CVE-2022-0235)

[ Impact ]
Medium vulnerability

[ Tests ]
Test passed

[ Risks ]
Low risk, patch just cleans headers

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Clean headers before request

Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 7f3da38..31eb312 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-fetch (2.6.1-5+deb11u1) bullseye; urgency=medium
+
+  * Team upload
+  * Don't forward secure headers to 3th party (Closes: CVE-2022-0235)
+
+ -- Yadd   Wed, 19 Jan 2022 16:46:28 +0100
+
 node-fetch (2.6.1-5) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/CVE-2022-0235.patch 
b/debian/patches/CVE-2022-0235.patch
new file mode 100644
index 000..d97cd7a
--- /dev/null
+++ b/debian/patches/CVE-2022-0235.patch
@@ -0,0 +1,22 @@
+Description: don't forward secure headers to 3th party
+Author: Jimmy Wärting 
+Origin: upstream, https://github.com/node-fetch/node-fetch/commit/f5d3cf5e
+Bug: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
+Forwarded: not-needed
+Reviewed-By: Yadd 
+Last-Update: 2022-01-19
+
+--- a/src/index.js
 b/src/index.js
+@@ -170,6 +170,11 @@
+   requestOpts.body = 
undefined;
+   
requestOpts.headers.delete('content-length');
+   }
++if (!isDomainOrSubdomain(request.url, locationURL)) {
++  for (const name of 
['authorization', 'www-authenticate', 'cookie', 'cookie2']) {
++  
requestOptions.headers.delete(name);
++  }
++  }
+ 
+   // HTTP-redirect fetch step 15
+   resolve(fetch(new 
Request(locationURL, requestOpts)));
diff --git a/debian/patches/series b/debian/patches/series
index 882f8ed..20c4319 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 babelrc.patch
 fix-default-export.diff
 drop-legacy-rollup-babel-plugin.patch
+CVE-2022-0235.patch

Bug#1004005: [Debichem-devel] Bug#1004005: openmm: reproducible-builds: BuildId differences triggered by RPATH

[Vagrant Cascadian]

On 2022-01-19, Andrius Merkys wrote:
> On 2022-01-19 10:02, Vagrant Cascadian wrote:
>> The attached patch to debian/rules passes
>> -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON via a dh_auto_configure override,
>> which should use a relative path for RPATH.
>
> Thanks a lot for the patch!
>
>> Alternately, updating the packaging to debhelper compat level 14 should
>> fix this, although it is currently an experimental compat level.
>> 
>> With this patch applied, openmm *should* build reproducibly on
>> tests.reproducible-builds.org for the version currently in unstable,
>> although the version in experimental seems to embed the build path in
>> additional and/or non-deterministic ways.
>
> Maybe a possible long-term solution would be to use chrpath to set the
> RPATH to point to the absolute location of private libraries, like
> /usr/lib/${DEB_HOST_MULTIARCH}/openmm ?

I haven't yet identified the cause of the other issues.

I think the RPATH issues are solved by the submitted patch; at the very
least it massively reduces the differences!


live well,
  vagrant


signature.asc
Description: PGP signature

Bug#1004032: unbound: /etc/resolvconf/update.d/unbound is buggy

[Vincent Lefevre]

Package: unbound
Version: 1.13.1-1
Severity: important

Note: The changes I've done on /etc/resolvconf/update.d/unbound
is just logging messages (to known what's going on).

When /run/resolvconf/interface/NetworkManager is obsolete (which
can occur as NetworkManager is not the only was to connect: I use
it only for wifi), DNS resolution no longer works.

I fear that even when this file is not obsolete, unbound does not
work as expected.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unbound depends on:
ii  adduser 3.118
ii  dns-root-data   2021011101
ii  libc6   2.33-2
ii  libevent-2.1-7  2.1.12-stable-1
ii  libprotobuf-c1  1.3.3-1+b2
ii  libpython3.93.9.10-1
ii  libssl1.1   1.1.1m-1
ii  libsystemd0 250.2-3
ii  lsb-base11.1.0
ii  openssl 1.1.1m-1
ii  unbound-anchor  1.13.1-1

unbound recommends no packages.

Versions of packages unbound suggests:
ii  apparmor  3.0.3-6

-- Configuration Files:
/etc/resolvconf/update.d/unbound changed:
PATH=/usr/sbin:/usr/bin:/sbin:/bin
if [ ! -x /usr/sbin/unbound ]; then
exit 0
fi
if [ ! -f /etc/unbound/unbound_control.key ]; then
exit 0
fi
if [ ! -x /lib/resolvconf/list-records ]; then
exit 1
fi
RESOLVCONF_FILES="$(/lib/resolvconf/list-records)"
if [ -n "$RESOLVCONF_FILES" ]; then
NS_IPS="$(sed -rne 's/^[[:space:]]*nameserver[[:space:]]+//p' 
$RESOLVCONF_FILES \
| egrep -v '^(127\.|::1)' | sort -u)"
else
NS_IPS=""
fi
if [ -n "$NS_IPS" ]; then
FWD="$(echo $NS_IPS | tr '\n' ' ')"
else
FWD=off
fi
logger "/etc/resolvconf/update.d/unbound: forward $FWD"
unbound-control forward $FWD 1>/dev/null 2>&1 || true


-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1004031: resolvconf: /etc/dhcp/dhclient-enter-hooks.d/resolvconf should not disable the generation of /etc/resolv.conf when not a symlink

[Vincent Lefevre]

Package: resolvconf
Version: 1.91
Severity: normal

/etc/dhcp/dhclient-enter-hooks.d/resolvconf systematically disables
the generation of /etc/resolv.conf when resolvconf is installed.

This is OK when resolvconf is used, i.e. when /etc/resolv.conf is a
symbolic link to ../run/resolvconf/resolv.conf, but this is incorrect
when /etc/resolv.conf is a plain file, i.e. when /etc/resolv.conf is
not handled by resolvconf.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages resolvconf depends on:
ii  debconf [debconf-2.0]  1.5.79
ii  lsb-base   11.1.0

resolvconf recommends no packages.

resolvconf suggests no packages.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1004030: O: lqa -- LAVA QA tool

[Andrej Shadura]

Package: wnpp
Severity: normal
X-Debbugs-Cc: de...@lists.apertis.org
Control: affects -1 src:lqa

I intend to orphan the lqa package.

This package offers an alternative command-line client to LAVA, the
automated testing platform. I was developed by a former colleague of
mine, but we no longer use this tool, so it is effectively also
abandoned upstream.

Should somebody find this tool interesing or useful, please get in touch
and take it over upstream as well.

-- 
Cheers,
  Andrej

Bug#1004029: music: Please update package homepage information

[Boyuan Yang]

Source: music
Version: 1.1.16-1.1
Tags: sid bookworm

Dear Debian music package maintainer,

It seems that the homepage now redirects to https://github.com/INCF/MUSIC .
Please update package metadata accordingly. Thanks!

Best,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#1004028: ITP: golang-github-kardianos-minwinsvc -- Stub for portability to Windows

[John Goerzen]

Package: wnpp
Severity: wishlist
Owner: John Goerzen 

* Package name: golang-github-kardianos-minwinsvc
  Version : 1.0.0-1
  Upstream Author : Daniel Theophanes
* URL : https://github.com/kardianos/minwinsvc
* License : BSD-3
  Programming Lang: Go
  Description : Stub for portability to Windows

 Minimal windows service stub
 .
 Programs designed to run from most *nix style operating systems can
 import this package to enable running programs as services without
 modifying them.  On Debian platforms, it is simply a no-op, but is
 a dependency of certain cross-platform Go code.

Bug#1004027: aunpack should support unrar command

[VA]

Package: atool
Version: 0.39.0-11

When running aunpack on .rar files, I would expect it to run unrar 
command, but it doesn't…
So whether I installed `unrar-free` or `unrar` package, it's not used. 
It only supports rar files if the `rar` package is installed.


See log:

Can't exec "rar": No such file or directory at /usr/bin/aunpack line 1868.
rar: cannot execute - No such file or directory
aunpack: rar ...: non-zero return-code

Bug#1004026: covered: gplcver support should be dropped or gplcver adopted by the Electronics Team

[Adrian Bunk]

Package: covered
Version: 0.7.10-3.1
Severity: serious
Control: block 965565 by -1

If gplcver provides any functionality not available in iverilog,
it would be useful if this orphaned package could be adopted by
the Electronics Team.

Otherwise, please drop gplcver support from covered.

Bug#581630: dictconv: diff for NMU version 0.2-7.1

[Adrian Bunk]

Control: tags 581630 + patch
Control: tags 581630 + pending
Control: tags 965491 + patch
Control: tags 965491 + pending

Dear maintainer,

I've prepared an NMU for dictconv (versioned as 0.2-7.1) and uploaded
it to DELAYED/7. Please feel free to tell me if I should cancel it.

cu
Adrian
diff -u dictconv-0.2/debian/control dictconv-0.2/debian/control
--- dictconv-0.2/debian/control
+++ dictconv-0.2/debian/control
@@ -11,7 +11,7 @@
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Recommends: dictzip
 Description: convert a dictionary file type in another dictionary file type
- Dictconv is a small program to convert a dictionay file type in another
+ Dictconv is a small program to convert a dictionary file type in another
  dictionary file type. Currently, it supports converting from Babylon
  glossaries, Freedict dictionaries, Sdictionary dictionaries and Stardict
  dictionaries to DICT dictionaries, plain text dictionaries and StarDict
diff -u dictconv-0.2/debian/changelog dictconv-0.2/debian/changelog
--- dictconv-0.2/debian/changelog
+++ dictconv-0.2/debian/changelog
@@ -1,3 +1,11 @@
+dictconv (0.2-7.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/compat: 5 -> 7. (Closes: #965491)
+  * Spelling fix in the package description. (Closes: #581630)
+
+ -- Adrian Bunk   Wed, 19 Jan 2022 16:23:08 +0200
+
 dictconv (0.2-7) unstable; urgency=low
 
   * debian/rules: added simple-patchsys include.
diff -u dictconv-0.2/debian/compat dictconv-0.2/debian/compat
--- dictconv-0.2/debian/compat
+++ dictconv-0.2/debian/compat
@@ -1 +1 @@
-5
+7

Bug#1003983: opendkim cannot initialize resolver in dkim_dns_init() (libunbound, libnettle, ...?)

[David Bürgin]

Robert Siemer:
> Without libunbound it works. – Problem solved? :-o

You decide. Well, I don’t think there’s much we can do in opendkim.

You could ask the unbound maintainers. It might be expected behaviour on
some unusual OS’es …? But I don’t know.

Bug#965458: chntpw: Removal of obsolete debhelper compat 5 and 6 in bookworm

[Fabio Fantoni]

Hi, in recent days I had prepared a git for chntpw, contacted the 
maintainer, then prepared the patches to convert to dh and compat 13 and 
also solve other few issues.


the maintainer is still active and he told me he would revise my 
changes, anyway thanks to Adrian Bunk for your pending patch/build that 
delayed remove from testing (in case the maintainer does not have time 
to review and do the new build)




OpenPGP_signature
Description: OpenPGP digital signature

Bug#965759: opus-tools: diff for NMU version 0.1.10-1.1

[Adrian Bunk]

Control: tags 965759 + patch
Control: tags 965759 + pending

Dear maintainer,

I've prepared an NMU for opus-tools (versioned as 0.1.10-1.1) and 
uploaded it to DELAYED/7. Please feel free to tell me if I should
cancel it.

cu
Adrian
diff -u opus-tools-0.1.10/debian/changelog opus-tools-0.1.10/debian/changelog
--- opus-tools-0.1.10/debian/changelog
+++ opus-tools-0.1.10/debian/changelog
@@ -1,3 +1,10 @@
+opus-tools (0.1.10-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/compat: 5 -> 7. (Closes: #965759)
+
+ -- Adrian Bunk   Wed, 19 Jan 2022 16:18:25 +0200
+
 opus-tools (0.1.10-1) unstable; urgency=medium
 
   * Improved handling of malformed input files to avoid crashes and other
diff -u opus-tools-0.1.10/debian/compat opus-tools-0.1.10/debian/compat
--- opus-tools-0.1.10/debian/compat
+++ opus-tools-0.1.10/debian/compat
@@ -1 +1 @@
-5
+7

Bug#965538: gcc-h8300-hms: diff for NMU version 1:3.4.6+dfsg2-4.2

[Adrian Bunk]

Control: tags 965538 + patch
Control: tags 965538 + pending

Dear maintainer,

I've prepared an NMU for gcc-h8300-hms (versioned as 1:3.4.6+dfsg2-4.2) 
and uploaded it to DELAYED/7. Please feel free to tell me if I should 
cancel it.

cu
Adrian
diff -Nru gcc-h8300-hms-3.4.6+dfsg2/debian/changelog gcc-h8300-hms-3.4.6+dfsg2/debian/changelog
--- gcc-h8300-hms-3.4.6+dfsg2/debian/changelog	2019-12-17 01:36:24.0 +0200
+++ gcc-h8300-hms-3.4.6+dfsg2/debian/changelog	2022-01-19 16:12:47.0 +0200
@@ -1,3 +1,10 @@
+gcc-h8300-hms (1:3.4.6+dfsg2-4.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/compat: 5 -> 7. (Closes: #965538)
+
+ -- Adrian Bunk   Wed, 19 Jan 2022 16:12:47 +0200
+
 gcc-h8300-hms (1:3.4.6+dfsg2-4.1) unstable; urgency=medium
 
   [ Balint Reczey ]
diff -Nru gcc-h8300-hms-3.4.6+dfsg2/debian/compat gcc-h8300-hms-3.4.6+dfsg2/debian/compat
--- gcc-h8300-hms-3.4.6+dfsg2/debian/compat	2014-12-20 10:29:34.0 +0200
+++ gcc-h8300-hms-3.4.6+dfsg2/debian/compat	2022-01-19 16:12:37.0 +0200
@@ -1 +1 @@
-5
+7

Bug#1003983: opendkim cannot initialize resolver in dkim_dns_init() (libunbound, libnettle, ...?)

[Robert Siemer]

Without libunbound it works. – Problem solved? :-o

On Wed, Jan 19, 2022 at 12:41 PM David Bürgin  wrote:

> Robert Siemer:
> > Opendkim does not run.
> >
> > # opendkim -f
> > [1642532480] libunbound[837:0] error: nettle random(yarrow) cannot
> initialize, getentropy failed: Function not implemented
> > opendkim: can't configure DKIM library: failed to initialize resolver
> >
> > I even recompiled from source deb, both opendkim and libunbound.
> > An ltrace showed that dkim_dns_init() fails with -1, and that
> > one calls ub_ctx_create() which returns 0 but provokes the
> > first line to be printed. The second line is the reason printed
> > when dkim_dns_init() fails.
>
> opendkim uses libunbound by default. The error is from libunbound,
> perhaps try building opendkim without libunbound and see what happens?
>
>
> https://salsa.debian.org/debian/opendkim/-/blob/debian/2.11.0_beta2-6/debian/rules#L10-14
>

Bug#1004025: ITP: golang-github-arceliar-ironwood -- Routing library with public keys as addresses

[John Goerzen]

Package: wnpp
Severity: wishlist
Owner: John Goerzen 

* Package name: golang-github-arceliar-ironwood
  Version : 0.0~git20210619.6ad55ca-1
  Upstream Author : Arceliar
* URL : https://github.com/Arceliar/ironwood
* License : MPL-2.0
  Programming Lang: Go
  Description : 
 Ironwood is a routing library with a net.PacketConn-compatible interface
 using ed25519.PublicKeys as addresses. Basically, you use it when you
 want to communicate with some other nodes in a network, but you can't
 guarantee that you can directly connect to every node in that network.
 It was written to test improvements to / replace the routing logic in
 Yggdrasil (https://github.com/yggdrasil-network/yggdrasil-go), but it may
 be useful for other network applications.

Required by Yggdrasil, which is required by NNCP