Bug#1008573: GnuPG ssh-agent emulation smartcard issues when connecting to server running newer OpenSSH

[John Scott]

Hi José and Vagrant,

It seems bugs #998728, 1008573, and #1032907 are all the same. Perhaps
the maintainers would like to merge them.

Thanks for your workaround, Vagrant; I found that adding
KexAlgorithms -sntrup761x25519-sha...@openssh.com
to my ~/.ssh/config allows me to connect to a Bookworm machine, from
Bookworm, and also to hosts running a newer OpenSSH daemon.

A similar issue upstream is here:
https://dev.gnupg.org/T6250

Werner K. hints that it might be fixed in the GnuPG 2.3 series. As soon
as the maintainers upload it to experimental, I will be happy to test
it.

Thanks everyone for your attention.


signature.asc
Description: This is a digitally signed message part

Bug#1033997: scilab-6.1.1+dfsg2-5: scilab and xcos unable to launch. Error dialog say onfiguration file is corrupted.

[Ali]

Package: scilab-6.1.1+dfsg2-5
Version: scilab
Severity: important
X-Debbugs-Cc: sayed0...@yahoo.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

Installed Scilab and Octave on brand new system with XFFCE4 and NVIDIA 
driver.  Not able to launch Scilab or Xcos from either the GUI or prompt.  Used 
Synaptic for install so all depends were installed.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?

The error message reads "The configuration file has been corrupted. 
Scilab needs to restart". I removed ~/.Scilab and tried restarting. Same error. 
 Installed version 6.1.0 from Bullseye but it does not launch because the JAVA 
depends do not match.  I did ldd scilab.bin and noticed that I am missing some 
files.  This should have been part of the depends install.
   * What was the outcome of this action?

I will investigate how to install the missing components:
libjava.so => not found
libverify.so => not found
libjvm.so => not found

   * What outcome did you expect instead?

I would expect the pacakge and depends to get installed just like they 
do when I tested on "Bullseye" and everything worked.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1033996: unblock: brltty/6.5-7

[Samuel Thibault]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: brl...@packages.debian.org
Control: affects -1 + src:brltty

Hello,

I have uploaded brltty/6.5-7 to unstable, to make it hopefully included
in bookworm.

[ Reason ]
It was reported on
http://brltty.app/pipermail/brltty/2023-March/019836.html
that cursor routing is not working at all any more in X, because of a
crash in the routing process that 6.5-7 fixes.

[ Impact ]
Cursor routing is the way for blind users to be very efficient. Just
like we can click with the mouse wherever we want in some text to bring
the cursor there, when a blind user is reading some text they can press
a little button above the letter to bring the cursor there. Currently
the cursor doesn't move at all, and thus blind users have lost their way
to be very efficient at editing text.

The problem only affects X, not the Linux console, but more and more
blind users have to migrate to X environments since java-script-enabled
websites can nowaday only be browsed with e.g. firefox.

[ Tests ]
This was tested manually.

[ Risks ]
The code is very trivial: just check for the pointer before freeing the
underlying resource.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
I also included a small pending d-i translation.

unblock brltty/6.5-7
diff -Nru brltty-6.5/debian/changelog brltty-6.5/debian/changelog
--- brltty-6.5/debian/changelog 2022-12-06 22:25:48.0 +0100
+++ brltty-6.5/debian/changelog 2023-04-06 01:27:28.0 +0200
@@ -1,3 +1,13 @@
+brltty (6.5-7) unstable; urgency=medium
+
+  [ Remus-Gabriel Chelu ]
+  * po/ro.po: Add Romanian debconf translation (Closes: Bug#1031150).
+
+  [ Samuel Thibault ]
+  * patches/atspi2-routing-crash.patch: Fix crash on cursor routing call.
+
+ -- Samuel Thibault   Thu, 06 Apr 2023 01:27:28 +0200
+
 brltty (6.5-6) unstable; urgency=medium
 
   * initramfs/hooks/brltty.in: Copy over brltty preferences into initramfs.
diff -Nru brltty-6.5/debian/patches/atspi2-routing-crash.patch 
brltty-6.5/debian/patches/atspi2-routing-crash.patch
--- brltty-6.5/debian/patches/atspi2-routing-crash.patch1970-01-01 
01:00:00.0 +0100
+++ brltty-6.5/debian/patches/atspi2-routing-crash.patch2023-04-06 
01:26:36.0 +0200
@@ -0,0 +1,40 @@
+commit 1d7515229f4283b2b6c1a74135be3eae2d9892cd
+Author: Samuel Thibault 
+Date:   Thu Apr 6 01:23:37 2023 +0200
+
+AtSpi2: Fix crash on routing request
+
+We would otherwise get, here with ubsan:
+
+brltty: report listener already registered: 5: a2CoreSelUpdated
+UndefinedBehaviorSanitizer:DEADLYSIGNAL
+==2087615==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 
0x (pc 0x56356b124850 bp 0x sp 0x7fcc4d9fdbd8 T2087615)
+==2087615==The signal is caused by a READ memory access.
+==2087615==Hint: address points to the zero page.
+#0 0x56356b124850 in unregisterReportListener 
/home/samy/brl/mielke-svn/brltty/Programs/./report.c:208:22
+#1 0x7fcc5233f0ab in destruct_AtSpi2Screen 
/home/samy/brl/mielke-svn/brltty/Drivers/Screen/AtSpi2/./a2_screen.c:1574:5
+#2 0x56356b15304d in destructRoutingScreen 
/home/samy/brl/mielke-svn/brltty/Programs/./scr.c:255:3
+#3 0x56356b1542e9 in startRoutingProcess 
/home/samy/brl/mielke-svn/brltty/Programs/./routing.c:498:9
+#4 0x56356b1542e9 in runRoutingThread 
/home/samy/brl/mielke-svn/brltty/Programs/./routing.c:543:17
+#5 0x56356b11f574 in runThreadFunction 
/home/samy/brl/mielke-svn/brltty/Programs/./thread.c:151:33
+#6 0x56356b11f857 in runThread 
/home/samy/brl/mielke-svn/brltty/Programs/./thread.c:46:18
+#7 0x7fcc4f9c8fd3 in start_thread nptl/./nptl/pthread_create.c:442:8
+#8 0x7fcc4fa4966b in clone3 
misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
+
+diff --git a/Drivers/Screen/AtSpi2/a2_screen.c 
b/Drivers/Screen/AtSpi2/a2_screen.c
+index d60a91c68..9d5ca1d23 100644
+--- a/Drivers/Screen/AtSpi2/a2_screen.c
 b/Drivers/Screen/AtSpi2/a2_screen.c
+@@ -1571,8 +1571,10 @@ destruct_AtSpi2Screen (void) {
+   brlttyDisableInterrupt();
+ #ifdef HAVE_PKG_X11
+   if (dpy) {
+-unregisterReportListener(coreSelUpdatedListener);
+-coreSelUpdatedListener = NULL;
++if (coreSelUpdatedListener) {
++  unregisterReportListener(coreSelUpdatedListener);
++  coreSelUpdatedListener = NULL;
++}
+ if (a2XWatch) {
+   asyncCancelRequest(a2XWatch);
+   a2XWatch = NULL;
diff -Nru brltty-6.5/debian/patches/series brltty-6.5/debian/patches/series
--- brltty-6.5/debian/patches/series2022-06-18 09:16:48.0 +0200
+++ brltty-6.5/debian/patches/series2023-04-06 01:26:36.0 +0200
@@ -2,3 +2,4 @@
 40-no-update-pot.patch
 41-java-bytecode-compat.patch
 disable-synth-callback.patch

Bug#1033995: qtbase-opensource-src: Fix accessibility of qt5 applications run as root

[Samuel Thibault]

Source: qtbase-opensource-src
Version: 5.15.8+dfsg-3
Severity: important
Tags: patch upstream
Forwarded: https://bugreports.qt.io/browse/QTBUG-43674

Hello,

Currently, qt5 applications, when run in sudo, are not accessible to
screen readers. This is because the accessibility layer does not manage
to connect to the accessibility bus to export the application content:

https://bugreports.qt.io/browse/QTBUG-43674

Most of the support was merged into qt5, but there is a little fix
missing, that was missed by upstream. I have attached the fix, it is
very simple: the ordering in QSpiAccessibleBridge::QSpiAccessibleBridge
used to be

- new DBusConnection() creates the dbusConnection object
  - the DBusConnection::DBusConnection constructor connects to the atspi
bus
- connect the enabledChanged signal

and this patch changes it to:

- new DBusConnection() creates the dbusConnection object
- connect the enabledChanged signal
- the DBusConnection::init method connects to the atspi bus

This is needed in the root case because since in that case it
cannot access the user session dbus, it uses a synchronous method,
in which case the enabledChanged signal is emitted from the
DBusConnection::DBusConnection constructor, and thus lost forever since
it was not connected yet at that time. So we need to connect the signal
before connecting to the atspi bus (and get the enabledChanged event).


This is particularly important because the calamares installer is based
on qt5 and runs as root, and it currently is completely inaccessible to
blind users, and this fix makes it possible for blind users to use it.


I have confirmed that this fixes the issue for bookworm, would it be
possible to upload to unstable? I'll then handle requesting the unblock
from the release team.

Samuel

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 
'proposed-updates-debug'), (500, 'proposed-updates'), (500, 
'oldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), 
(500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.2.0 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
From: Frederik Gladhorn 
Date: Tue, 12 Sep 2017 09:22:30 + (+0200)
Subject: Fix accessibility on XCB when running as root
X-Git-Url: 
https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commitdiff_plain;h=4ee3703ffaf063047285247016ee9e5c07ef3b53;hp=689606de91faecf91f1f92e8d355789d9be62d2f
Forwarded: https://bugreports.qt.io/browse/QTBUG-43674

Fix accessibility on XCB when running as root

Accessibility actually works when running applications as root, but we
would never properly connect, since the enabledChanged signal would be
emitted from the constructor in this case.
Only applications running as root would be affected, because all other
applications would go through the asynchronous pattern of getting the
bus address from dbus instead.
Since running apps as root won't let them access the session bus, the
xatom is the way to go.

[ChangeLog][QtGui][Accessibility] On XCB applications running as root are
now accessible.

Task-number: QTBUG-43674
Change-Id: I82cdc35f00693a8366dfcdab2f2c3c6dc5f5b783
---

---
 src/platformsupport/linuxaccessibility/bridge.cpp |1 +
 src/platformsupport/linuxaccessibility/dbusconnection.cpp |8 
 src/platformsupport/linuxaccessibility/dbusconnection_p.h |1 +
 3 files changed, 10 insertions(+)

--- a/src/platformsupport/linuxaccessibility/bridge.cpp
+++ b/src/platformsupport/linuxaccessibility/bridge.cpp
@@ -65,6 +65,7 @@ QSpiAccessibleBridge::QSpiAccessibleBrid
 {
 dbusConnection = new DBusConnection();
 connect(dbusConnection, SIGNAL(enabledChanged(bool)), this, 
SLOT(enabledChanged(bool)));
+dbusConnection->init();
 }
 
 void QSpiAccessibleBridge::enabledChanged(bool enabled)
--- a/src/platformsupport/linuxaccessibility/dbusconnection.cpp
+++ b/src/platformsupport/linuxaccessibility/dbusconnection.cpp
@@ -69,6 +69,14 @@ QT_BEGIN_NAMESPACE
 DBusConnection::DBusConnection(QObject *parent)
 : QObject(parent), m_a11yConnection(QString()), m_enabled(false)
 {
+}
+
+/**
+\internal
+Connect to the accessibility dbus service.
+*/
+void DBusConnection::init()
+{
 // Start monitoring if "org.a11y.Bus" is registered as DBus service.
 QDBusConnection c = QDBusConnection::sessionBus();
 if (!c.isConnected()) {
--- a/src/platformsupport/linuxaccessibility/dbusconnection_p.h
+++ b/src/platformsupport/linuxaccessibility/dbusconnection_p.h
@@ -67,6 +67,7 @@ class DBusConnection : public QObject
 

Bug#1027257: bullseye-pu: package golang-github-containers-storage/1.24.8+dfsg1-2~deb11u1

[Reinhard Tartler]

Control: tag -1 -moreinfo

On 4/1/23 7:04 PM, Reinhard Tartler wrote:



On 4/1/23 3:51 PM, Adam D. Barratt wrote:

Control: tags -1 + moreinfo

Apologies for the delay in getting back to you on this.

On Wed, 2022-12-28 at 22:26 -0500, Reinhard Tartler wrote:

In order to fix CVE-2022-1227, an update to golang-github-containers-
psgo
is needed, more specifically,
https://github.com/containers/psgo/pull/92

That patch introduces a dependency on golang-github-containers-
storage, and uses
the helper functions RawTo{Container,Host} which are introduced with
this patch.


[...]

The code changes adds a helper function that isn't used otherwise
yet.


Looking at the diff, it appears that what it actually does is rename
two existing helper functions, with no functional change to either. Am
I missing something?


You are correct. The patch renames the helper functions to an Uppercase 
spelling.
This exposes the function to other packages, which is being used in the patch
to fix CVE-2022-1227.

I would recommend approving this code change.


+golang-github-containers-storage (1.24.8+dfsg1-2~deb11u1) bullseye;
urgency=medium


Given what I can see of the package's upload history, the version
should rather be 1.24.8+dfsg1-1+deb11u1.


Will do!


Updated debdiff attached to this email.


Okay to upload now?


-rtdiff -Nru golang-github-containers-storage-1.24.8+dfsg1/debian/changelog 
golang-github-containers-storage-1.24.8+dfsg1/debian/changelog
--- golang-github-containers-storage-1.24.8+dfsg1/debian/changelog  
2021-02-21 14:40:55.0 -0500
+++ golang-github-containers-storage-1.24.8+dfsg1/debian/changelog  
2022-12-28 21:39:17.0 -0500
@@ -1,3 +1,12 @@
+golang-github-containers-storage (1.24.8+dfsg1-1+deb11u1) bullseye; 
urgency=medium
+
+  [ Vignesh Raman ]
+  * prereq to fix CVE-2022-1227: pkg: idtools: export RawTo{Container,Host}:
+makes previously internal functions publicly accessible, which is being
+used by later versions of golang-github-containers-psgo.
+
+ -- Reinhard Tartler   Wed, 28 Dec 2022 21:39:17 -0500
+
 golang-github-containers-storage (1.24.8+dfsg1-1) unstable; urgency=medium
 
   * New upstream release, focused on targetted bugfixes for podman 3.0
diff -Nru 
golang-github-containers-storage-1.24.8+dfsg1/debian/patches/0001-pkg-idtools-export-RawTo-Container-Host.patch
 
golang-github-containers-storage-1.24.8+dfsg1/debian/patches/0001-pkg-idtools-export-RawTo-Container-Host.patch
--- 
golang-github-containers-storage-1.24.8+dfsg1/debian/patches/0001-pkg-idtools-export-RawTo-Container-Host.patch
 1969-12-31 19:00:00.0 -0500
+++ 
golang-github-containers-storage-1.24.8+dfsg1/debian/patches/0001-pkg-idtools-export-RawTo-Container-Host.patch
 2022-12-28 21:39:17.0 -0500
@@ -0,0 +1,111 @@
+From 3da85a122411a57b5a65dc243ae56f89d7fd2564 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai 
+Date: Wed, 12 Jan 2022 12:56:56 +1100
+Subject: [PATCH 1/4] pkg: idtools: export RawTo{Container,Host}
+
+While the IDMapping methods are preferable for most users, sometimes it
+is necessary to map a single ID using a given mapping. In particular
+this is needed for psgo to be able to map the user and group entries in
+/proc/$pid/status using the user namespace of the target process.
+
+Required to resolve CVE-2022-1227.
+
+Signed-off-by: Aleksa Sarai 
+Backported-by: Valentin Rothberg 
+---
+ pkg/idtools/idtools.go | 36 ++--
+ 1 file changed, 22 insertions(+), 14 deletions(-)
+
+diff --git a/pkg/idtools/idtools.go b/pkg/idtools/idtools.go
+index 83bc8c34f..d3d56066e 100644
+--- a/pkg/idtools/idtools.go
 b/pkg/idtools/idtools.go
+@@ -82,7 +82,7 @@ func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) 
{
+   if len(uidMap) == 1 && uidMap[0].Size == 1 {
+   uid = uidMap[0].HostID
+   } else {
+-  uid, err = toHost(0, uidMap)
++  uid, err = RawToHost(0, uidMap)
+   if err != nil {
+   return -1, -1, err
+   }
+@@ -90,7 +90,7 @@ func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) 
{
+   if len(gidMap) == 1 && gidMap[0].Size == 1 {
+   gid = gidMap[0].HostID
+   } else {
+-  gid, err = toHost(0, gidMap)
++  gid, err = RawToHost(0, gidMap)
+   if err != nil {
+   return -1, -1, err
+   }
+@@ -98,10 +98,14 @@ func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, 
error) {
+   return uid, gid, nil
+ }
+ 
+-// toContainer takes an id mapping, and uses it to translate a
+-// host ID to the remapped ID. If no map is provided, then the translation
+-// assumes a 1-to-1 mapping and returns the passed in id
+-func toContainer(hostID int, idMap []IDMap) (int, error) {
++// RawToContainer takes an id mapping, and uses it to translate a host ID to
++// the remapped ID. If no map is provided, then the translation assumes a
++// 1-to-1 mapping and returns 

Bug#1032807: [INTL:ro] Romanian debconf templates translation of mumble

[Remus-Gabriel Chelu]

3 aprilie 2023 la 07:44, "Chris Knadle"  a scris:



> 
> Hello Remus-Gabriel.
>  
>  Please let me know if this Romanian translation file will work with mumble 
> 1.5.517 which exists in the Debian Salsa mumble repository.
>  
>  https://salsa.debian.org/pkg-voip-team/mumble
>  
>  If it does I can add it to the work-in-progress mumble 1.5.517. I can't add 
> this to the current mumble package in Debian main because there's a freeze 
> going on in preparation for the release of Debian 12 (Bookworm).
>  
>  -- Chris
>  
>  -- Chris Knadle
>  chris.kna...@coredump.us
>  
>  Remus-Gabriel Chelu:
>  
>  
>  Package: mumble
>  Severity: wishlist
>  Tags: l10n, patch
>  Dear Maintainer,
>  Please find attached the Romanian translation of the «mumble» file.
>  Thanks,
>  Remus-Gabriel
> 

Hello, Chris!

I just finished checking the status of the debconf-mumble translation file (in
Romanian) with the following commands:

$: git clone https://salsa.debian.org/pkg-voip-team/mumble
$: cp -v ../Documente/mumble_debconf_ro.po mumble/debian/po/ro.po
$: LANG=en msgfmt -c -v -o /dev/null mumble/debian/po/ro.po
8 translated messages.

and:

#: cd mumble/
#: podebconf-display-po -fdialog debian/po/ro.po

with good results; exactly as expected.

So, from my side, considering the results of the test performed, the "ro.po" 
file
can be added to mumble 1.5.517 without any problems.

Thank you for your kindness in contacting me about this topic, and of course for
your role as mumble maintainer in Debian.

A good day,
Remus-Gabriel

Bug#1033630: debian-installer: should fstab swap entries use "sw" as option?

[Christoph Anton Mitterer]

Hey.

Just for the records and those who stumble over this and are interested
in the outcome.

upstream clarified fstab syntax in:
https://github.com/util-linux/util-linux/commit/43a6b183d8945cc91307f21adc8070254eb925b5

- whether the 4th field is mandatory is now in kind of a limbo... the
  manpage says it's not for mount(8)/swapon(8) but implies that it
  might be needed for other parsers
- it's further clarified what "defaults" actually means and that the
  previously given "rw, suid, dev, exec, auto, nouser, and async" is 
  just the typical meaning for many filesystems.

So my conclusion from that would be that the cosmetically proper swap
entry would be any of:

   none swap defaults 0 0
   none swap defaults
   none swap

(from which I'd think the first one is the one that most people will
likely find familiar)

unlike Debian's:

   none swap sw 0 0

which works of course but uses the undocumented/legacy? "sw" option.
Since the bug was already rejected I think it's pointless to provide a
PR that switches from "sw" to "defaults".


Cheers,
Chris.

Bug#1005369: xserver-xorg-core: Breaks middle button trackpoint scrolling

[Salvo Tomaselli]

Yes it has some options. Not as many as the alternatives. Some of
those options happen to be ones that I change.

Il giorno mer 5 apr 2023 alle ore 02:22 Alban Browaeys
 ha scritto:
>
> I am on a thinkapd (the Yoga S1) and xorg libinput driver works fine (I
> configure it through gnome-control-center).
>
> I really do not know what you mean by "avoid libinput's opinions on how
> my input should work". Could you give example?
>
> https://www.mankier.com/4/libinput
> these do not count as configuration options?
>
> Cheers,
>
> Alban
>
>
> Le mardi 04 avril 2023 à 21:21 +0200, Salvo Tomaselli a écrit :
> > No the libinput one is bad.
> >
> > libinput's author doesn't want options, so there is no way to have
> > usable input that feels good on thinkpads.
> >
> > I'm using the xserver-xorg-input-evdev one. I guess when Xorg will be
> > kicked out of debian, I will need to move to devuan or something like
> > that, just to avoid libinput's opinions on how my input should work.
> >
> > Il giorno mar 4 apr 2023 alle ore 18:45 Alban Browaeys
> >  ha scritto:
> > >
> > > Try removing
> > > xserver-xorg-input-synaptics
> > > then restart xorg.
> > >
> > > xserver-xorg-input-synaptics i sno longer supported by GNOME as far
> > > as
> > > know.
> > > xserver-xorg-input-libinput is the replacment.
> > >
> > > Cheers,
> > > Alban
> > >
> > > On Sat, 12 Feb 2022 09:53:16 +0100 "Salvo \"LtWorf\" Tomaselli"
> > >  wrote:
> > > > Package: xserver-xorg-core
> > > > Version: 2:21.1.3-2
> > > > Severity: critical
> > > > Tags: upstream
> > > > Justification: breaks unrelated software
> > > > X-Debbugs-Cc: tipos...@tiscali.it
> > > >
> > > > Dear Maintainer,
> > > >
> > > > on thinkpads it is common to scroll by holding down the middle
> > > > button
> > > and
> > > > pushing the trackpoint up or down.
> > > >
> > > > After upgrading, this feature is broken.
> > > >
> > > > Reverting to the version found in testing makes it work again.
> > > >
> > > > In a wayland session it works (but my keyboard layout doesn't
> > > > exist
> > > in wayland
> > > > so using it permanently is not a viable solution).
> > > >
> > > > It is strange because the input drivers have not received an
> > > > update,
> > > so I'm not
> > > > really sure of what the interaction is here.
> > > >
> > > > Anyway, I'm creating this issue with a high priority in order to
> > > > stop
> > > the package
> > > > from migrating and make scrolling suddenly unavailable to other
> > > people as well.
> > > >
> > > > -- Package-specific info:
> > > > /etc/X11/X does not exist.
> > > > /etc/X11/X is not a symlink.
> > > > /etc/X11/X is not executable.
> > > >
> > > > VGA-compatible devices on PCI bus:
> > > > --
> > > > 00:02.0 VGA compatible controller [0300]: Intel Corporation
> > > TigerLake-LP GT2 [Iris Xe Graphics] [8086:9a49] (rev 01)
> > > >
> > > > /etc/X11/xorg.conf does not exist.
> > > >
> > > > Contents of /etc/X11/xorg.conf.d:
> > > > -
> > > > total 0
> > > >
> > > > /etc/modprobe.d contains no KMS configuration files.
> > > >
> > > > Kernel version (/proc/version):
> > > > ---
> > > > Linux version 5.16.0-1-amd64 (debian-ker...@lists.debian.org)
> > > > (gcc-11
> > > (Debian 11.2.0-16) 11.2.0, GNU ld (GNU Binutils for Debian)
> > > 2.37.90.20220130) #1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09)
> > > >
> > > > Xorg X server log files on system:
> > > > --
> > > > -rw-r--r-- 1 root root 50312 Feb 12 09:43 /var/log/Xorg.0.log
> > > >
> > > > Contents of most recent Xorg X server log file
> > > > (/var/log/Xorg.0.log):
> > > > -
> > > > 
> > > > [ 2.949] (--) Log file renamed from "/var/log/Xorg.pid-
> > > > 579.log"
> > > to "/var/log/Xorg.0.log"
> > > > [ 2.951]
> > > > X.Org X Server 1.21.1.3
> > > > X Protocol Version 11, Revision 0
> > > > [ 2.951] Current Operating System: Linux galatea 5.16.0-1-
> > > > amd64
> > > #1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09) x86_64
> > > > [ 2.951] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-
> > > > 5.16.0-1-
> > > amd64 root=UUID=2e600d3e-5bd5-43cd-b826-9213b7bafb99 ro quiet
> > > > [ 2.951] xorg-server 2:21.1.3-2
> > > > (https://www.debian.org/support)
> > > > [ 2.951] Current version of pixman: 0.40.0
> > >
> >
> >
>


-- 
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di
senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei

http://ltworf.github.io/ltworf/

Bug#1033993: bullseye-pu: package unbound/1.13.1-1

[Markus Koschany]

diff -Nru unbound-1.13.1/debian/changelog unbound-1.13.1/debian/changelog
--- unbound-1.13.1/debian/changelog	2021-02-09 23:53:57.0 +0100
+++ unbound-1.13.1/debian/changelog	2023-04-05 23:06:47.0 +0200
@@ -1,3 +1,41 @@
+unbound (1.13.1-1+deb11u1) bullseye; urgency=high
+
+  * Non-maintainer upload by the LTS team.
+  * Fix the following security vulnerabilities.
+CVE-2022-3204:
+A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation
+Attack) has been discovered in various DNS resolving software. The
+NRDelegation Attack works by having a malicious delegation with a
+considerable number of non responsive nameservers. The attack starts by
+querying a resolver for a record that relies on those unresponsive
+nameservers. The attack can cause a resolver to spend a lot of
+time/resources resolving records under a malicious delegation point where a
+considerable number of unresponsive NS records reside. It can trigger high
+CPU usage in some resolver implementations that continually look in the
+cache for resolved NS records in that delegation. This can lead to degraded
+performance and eventually denial of service in orchestrated attacks.
+Unbound does not suffer from high CPU usage, but resources are still needed
+for resolving the malicious delegation. Unbound will keep trying to resolve
+the record until hard limits are reached. Based on the nature of the attack
+and the replies, different limits could be reached. From now on Unbound
+introduces fixes for better performance when under load, by cutting
+opportunistic queries for nameserver discovery and DNSKEY prefetching and
+limiting the number of times a delegation point can issue a cache lookup
+for missing records.
+  * CVE-2022-30698 and CVE-2022-30699: (Closes: #1016493)
+Unbound is vulnerable to a novel type of the "ghost domain names" attack.
+The vulnerability works by targeting an Unbound instance.  Unbound is
+queried for a rogue domain name when the cached delegation information is
+about to expire. The rogue nameserver delays the response so that the
+cached delegation information is expired. Upon receiving the delayed answer
+containing the delegation information, Unbound overwrites the now expired
+entries. This action can be repeated when the delegation information is
+about to expire making the rogue delegation information ever-updating. From
+now on Unbound stores the start time for a query and uses that to decide if
+the cached delegation information can be overwritten.
+
+ -- Markus Koschany   Wed, 05 Apr 2023 23:06:47 +0200
+
 unbound (1.13.1-1) unstable; urgency=medium
 
   * New upstream version 1.13.1
diff -Nru unbound-1.13.1/debian/patches/CVE-2022-30698-and-CVE-2022-30699.patch unbound-1.13.1/debian/patches/CVE-2022-30698-and-CVE-2022-30699.patch
--- unbound-1.13.1/debian/patches/CVE-2022-30698-and-CVE-2022-30699.patch	1970-01-01 01:00:00.0 +0100
+++ unbound-1.13.1/debian/patches/CVE-2022-30698-and-CVE-2022-30699.patch	2023-04-05 23:06:47.0 +0200
@@ -0,0 +1,612 @@
+From: Markus Koschany 
+Date: Wed, 5 Apr 2023 13:03:57 +0200
+Subject: CVE-2022-30698 and CVE-2022-30699
+
+Origin: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68
+---
+ cachedb/cachedb.c |   2 +-
+ daemon/cachedump.c|   5 +-
+ daemon/worker.c   |   2 +-
+ dns64/dns64.c |   4 +-
+ ipsecmod/ipsecmod.c   |   2 +-
+ iterator/iter_utils.c |   4 +-
+ iterator/iter_utils.h |   2 +-
+ iterator/iterator.c   |  19 ---
+ pythonmod/interface.i |   5 +-
+ pythonmod/pythonmod_utils.c   |   3 +-
+ services/cache/dns.c  | 111 --
+ services/cache/dns.h  |  18 +--
+ services/mesh.c   |   1 +
+ testdata/iter_prefetch_change.rpl |  16 +++---
+ util/module.h |   6 +++
+ validator/validator.c |   4 +-
+ 16 files changed, 156 insertions(+), 48 deletions(-)
+
+diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c
+index e948a6b..b6b2b92 100644
+--- a/cachedb/cachedb.c
 b/cachedb/cachedb.c
+@@ -656,7 +656,7 @@ cachedb_intcache_store(struct module_qstate* qstate)
+ 		return;
+ 	(void)dns_cache_store(qstate->env, >qinfo,
+ 		qstate->return_msg->rep, 0, qstate->prefetch_leeway, 0,
+-		qstate->region, store_flags);
++		qstate->region, store_flags, qstate->qstarttime);
+ }
+ 
+ /**
+diff --git a/daemon/cachedump.c b/daemon/cachedump.c
+index b1ce53b..908d2f9 100644
+--- a/daemon/cachedump.c
 b/daemon/cachedump.c
+@@ -677,7 +677,8 @@ load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker)
+ 	if(!go_on) 
+ 		return 1; /* skip this one, not all references satisfied */
+ 
+-	if(!dns_cache_store(>env, , , 0, 0, 0, NULL, flags)) {
++	

Bug#1033993: bullseye-pu: package unbound/1.13.1-1

[Markus Koschany]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org

Hello,

I would like to update unbound in Bullseye and fix three no-dsa CVE,
namely CVE-2022-3204, CVE-2022-30698 and CVE-2022-30699. The same
patches have been successfully applied to older distributions and I
want to make sure these CVE are fixed in Bullseye too.

[ Impact ]

Bullseye would still be vulnerable.

[ Tests ]

I have tested unbound myself on all current Debian releases and found
no issues.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]

Applied two patches to address the CVE.

Bug#1033802: dropbear-initramfs: sleep and cat not found

[Guilhem Moulin]

On Wed, 05 Apr 2023 at 23:11:36 +0200, William Desportes wrote:
> My Debug did some small progress the other day, and can confirm I walked into 
> https://bugs.debian.org/1015810
>
>> /scripts/init-premount/dropbear: line 300: can't open '/run/net-*.conf': No 
>> such file or directory
>
> That said, It also says
>> g: eth0: SI0CGIFINDEX: No such device
>> g: no devices to configure
>
> So there is maybe more to my bug.

Doesn't look like a dropbear-initramfs bug, possibly a missing module if
the device isn't exposed at initramfs stage.

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#1033802: dropbear-initramfs: sleep and cat not found

[William Desportes]

My Debug did some small progress the other day, and can confirm I walked into 
https://bugs.debian.org/1015810

> /scripts/init-premount/dropbear: line 300: can't open '/run/net-*.conf': No 
such file or directory

That said, It also says
> g: eth0: SI0CGIFINDEX: No such device
> g: no devices to configure

So there is maybe more to my bug.

> I'll be happy to try to improve 
/usr/share/doc/dropbear-initramfs/README.initramfs if needed, or even
create an HTML page under .pages.debian.net if online material is
desired

I would be glad to help ! :)

> but I think the wiki shouldn't be used as a brain dump that way
without coordination with the maintainer (duplication of existing
documentation shipped in the source package tend to rot and diverge over
time).

I agree, I was quite deprecated and past out.

Can you please revert your change to the wiki, it's not user friendly and will 
help nobody since it does not link to a proper page.
Many internet sources do still link to the wiki page.
The page could be emptied and have a link to a .pages.debian.net

But the wiki page should redirect to somewhere. Maybe the README.initramfs on 
Debian sources or Salsa ?

> See the NEWS entry for 2015.68-1, /etc/ssh and the initramfs image have
different access control so blindly suggesting to convert key materiel
from one to the other is a bad idea.  The page also had misleading/
confusing information between dropbear and dropbear-initramfs.

I did not apply the key part as I saw it generated keys by itself
and dropbear-initramfs worked perfectly without key instructions on my 
RaspberryPi 4B

--
William Desportes

Bug#1033985: debian-installer: Installer sets grub up without existing Windows boot choice

[Holger Wansing]

Hi,

Diederik de Haas  wrote (Wed, 05 Apr 2023 22:14:48 
+0200):
> On Wednesday, 5 April 2023 22:04:57 CEST Cyril Brulebois wrote:
> > you should be able to activate os-prober via some configuration
> > file under /etc (probably /etc/default/grub).
> 
> Correct, the setting is GRUB_DISABLE_OS_PROBER=false

Or see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032374#10
for a more verbose description.


Holger


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#1033989: protobuf: does not run any build-time tests anymore

[GCS]

On Wed, Apr 5, 2023 at 9:27 PM Helmut Grohne  wrote:
> Please let me know if you want to handle this. I'll treat the absence of
> a response as being ok with me NMUing the attached patch and filing the
> unblock request.
 Updated package is uploaded.

> I also intend to NMU protobuf in stable (fixing more issues).
 Feel free to ping me before that. I'm always open to learning from my
mistakes - and I'm alive and well.

Regards,
Laszlo/GCS

Bug#1033985: debian-installer: Installer sets grub up without existing Windows boot choice

[Diederik de Haas]

On Wednesday, 5 April 2023 22:04:57 CEST Cyril Brulebois wrote:
> you should be able to activate os-prober via some configuration
> file under /etc (probably /etc/default/grub).

Correct, the setting is GRUB_DISABLE_OS_PROBER=false

/me wonders why that default changed ...

signature.asc
Description: This is a digitally signed message part.

Bug#1033985: debian-installer: Installer sets grub up without existing Windows boot choice

[Cyril Brulebois]

Hi,

Bud Heal  (2023-04-05):
> The last time I installed Buster and bullseye, on other computers, the
> Windows options were still shown at boot. This appear to be a
> regression of some kind.

This was a deliberate change, that might be reverted eventually (I think
that was the plan, I don't think it has happened yet). Once Debian is
booted, you should be able to activate os-prober via some configuration
file under /etc (probably /etc/default/grub).

(I don't know anything about dual-booting, and I can't test it locally,
so I'm letting other people make the relevant decisions, hence the vague
answer…)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1033856: unblock: mpv/0.35.1-2

[Sebastian Ramacher]

On 2023-04-05 19:11:25 +0200, Paul Gevers wrote:
> Control: tags -1 moreinfo
> 
> Hi Sebastian,
> 
> On 02-04-2023 22:06, Sebastian Ramacher wrote:
> >[x] attach debdiff against the package in testing
> 
> The debdiff that I get with $(d) contains two new patches that are not part
> of d/p/series and were not part of your debdiff (they look like copies of
> existing patches with a different number. Was that intentional?

That was a mistake - I failed to call gbp pq export with the right
flags. I'll upload a new version cleaning that up.

Cheers
-- 
Sebastian Ramacher

Bug#1033992: tiatracker FTCBFS: hard codes the build architecture qmake

[Helmut Grohne]

Source: tiatracker
Version: 1.3-3
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

tiatracker fails to cross build from source, because debian/rules hard
codes the build architecture qmake. Just deferring it all to
dh_auto_configure fixes the cross build. I'm attaching a patch for your
convenience.

Helmut
diff --minimal -Nru tiatracker-1.3/debian/changelog 
tiatracker-1.3/debian/changelog
--- tiatracker-1.3/debian/changelog 2020-03-21 17:54:26.0 +0100
+++ tiatracker-1.3/debian/changelog 2023-04-05 11:38:50.0 +0200
@@ -1,3 +1,10 @@
+tiatracker (1.3-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Drop unnecessary override_dh_auto_configure. (Closes: #-1)
+
+ -- Helmut Grohne   Wed, 05 Apr 2023 11:38:50 +0200
+
 tiatracker (1.3-3) unstable; urgency=medium
 
   * Add desktop file.
diff --minimal -Nru tiatracker-1.3/debian/rules tiatracker-1.3/debian/rules
--- tiatracker-1.3/debian/rules 2019-12-04 13:45:46.0 +0100
+++ tiatracker-1.3/debian/rules 2023-04-05 11:38:49.0 +0200
@@ -15,8 +15,5 @@
 %:
dh $@
 
-override_dh_auto_configure:
-   qmake TIATracker.pro
-
 override_dh_auto_install:
@echo skip install
\ No newline at end of file

Bug#1033991: chuck FTCBFS: does not pass cross tools to make

[Helmut Grohne]

Source: chuck
Version: 1.4.2.0-1
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

chuck fails to cross build from source, because it does not pass cross
tools to make. The easiest way of doing so - using dh_auto_build - also
makes debian/rules quite a bit simpler. It also makes cross builds work
except for the final link invocation. It uses $(LD), which defaults to
bare g++ and isn't substituted by debhelper, because it doesn't have
uniform meaning in different projects. Defaulting it to $(CXX) makes
this just work and is more reasonable anyway. I'm attaching a patch for
your convenience.

Helmut
diff --minimal -Nru chuck-1.4.2.0/debian/changelog 
chuck-1.4.2.0/debian/changelog
--- chuck-1.4.2.0/debian/changelog  2023-01-23 23:06:26.0 +0100
+++ chuck-1.4.2.0/debian/changelog  2023-04-03 07:23:01.0 +0200
@@ -1,3 +1,12 @@
+chuck (1.4.2.0-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: (Closes: #-1)
++ Let dh_auto_build pass cross tools to make.
++ cross.patch: Default LD to CXX as dh_auto_build doesn't pass LD.
+
+ -- Helmut Grohne   Mon, 03 Apr 2023 07:23:01 +0200
+
 chuck (1.4.2.0-1) unstable; urgency=medium
 
   * Patch to #include  instead of 
diff --minimal -Nru chuck-1.4.2.0/debian/patches/cross.patch 
chuck-1.4.2.0/debian/patches/cross.patch
--- chuck-1.4.2.0/debian/patches/cross.patch1970-01-01 01:00:00.0 
+0100
+++ chuck-1.4.2.0/debian/patches/cross.patch2023-04-03 07:23:01.0 
+0200
@@ -0,0 +1,11 @@
+--- chuck-1.4.2.0.orig/src/makefile
 chuck-1.4.2.0/src/makefile
+@@ -80,7 +80,7 @@
+ YACC=bison
+ CC=gcc
+ CXX=g++
+-LD=g++
++LD=$(CXX)
+ 
+ 
+ # COMPILER FLAGS 
###
diff --minimal -Nru chuck-1.4.2.0/debian/patches/series 
chuck-1.4.2.0/debian/patches/series
--- chuck-1.4.2.0/debian/patches/series 2023-01-23 23:06:26.0 +0100
+++ chuck-1.4.2.0/debian/patches/series 2023-04-03 07:23:01.0 +0200
@@ -3,3 +3,4 @@
 0004-termios.patch
 0005-linux-limits.patch
 0005-parallel-make-fix.patch
+cross.patch
diff --minimal -Nru chuck-1.4.2.0/debian/rules chuck-1.4.2.0/debian/rules
--- chuck-1.4.2.0/debian/rules  2023-01-23 23:06:26.0 +0100
+++ chuck-1.4.2.0/debian/rules  2023-04-03 07:22:56.0 +0200
@@ -8,26 +8,22 @@
 export CHUCK_STRICT=1
 
 %:
-   dh $@
+   dh $@ --sourcedirectory=src
 
 override_dh_auto_build:
mkdir build
-   $(MAKE) -C src linux-alsa
+   dh_auto_build -- linux-alsa
mv src/chuck build/chuck.alsa
-   $(MAKE) -C src clean
-   $(MAKE) -C src linux-pulse
+   dh_auto_clean
+   dh_auto_build -- linux-pulse
mv src/chuck build/chuck.pulse
-   $(MAKE) -C src clean
-   $(MAKE) -C src linux-jack CHUCK_DEBUG=y
+   dh_auto_clean
+   dh_auto_build -- linux-jack CHUCK_DEBUG=y
docbook-to-man debian/chuck.sgml > build/chuck.1
 
 execute_after_dh_auto_clean:
-   $(MAKE) -C src clean
rm -rf build/
 
-override_dh_auto_install:
-   $(MAKE) -C src install DESTDIR=$(CURDIR)/debian/tmp
-
 override_dh_installchangelogs:
dh_installchangelogs VERSIONS
 

Bug#1033989: protobuf: does not run any build-time tests anymore

[Helmut Grohne]

Source: protobuf
Version: 3.11.3-1
Severity: important
Tags: patch

I think protobuf accidentally lost its build-time testing when the elpa
addon was enabled. This is sad as we want the test suite for making
security updates more robust. As such, I think this deserves important
severity and I hope we can still update it bookworm.

Please let me know if you want to handle this. I'll treat the absence of
a response as being ok with me NMUing the attached patch and filing the
unblock request.

I also intend to NMU protobuf in stable (fixing more issues).

Helmut
diff --minimal -Nru protobuf-3.21.12/debian/changelog 
protobuf-3.21.12/debian/changelog
--- protobuf-3.21.12/debian/changelog   2022-12-17 09:18:06.0 +0100
+++ protobuf-3.21.12/debian/changelog   2023-04-05 18:14:29.0 +0200
@@ -1,3 +1,10 @@
+protobuf (3.21.12-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Reenable build-time testing. (Closes: #-1)
+
+ -- Helmut Grohne   Wed, 05 Apr 2023 18:14:29 +0200
+
 protobuf (3.21.12-1) unstable; urgency=medium
 
   * New upstream release.
diff --minimal -Nru protobuf-3.21.12/debian/elpa-test 
protobuf-3.21.12/debian/elpa-test
--- protobuf-3.21.12/debian/elpa-test   1970-01-01 01:00:00.0 +0100
+++ protobuf-3.21.12/debian/elpa-test   2023-04-05 18:14:27.0 +0200
@@ -0,0 +1 @@
+disable=please_do_run_dh_auto_test

Bug#1033990: minisat+ FTCBFS: fails clean target

[Helmut Grohne]

Source: minisat+
Version: 1.0-4
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

minisat+ fails to cross build from source, because the clean target
fails when the compiler cannot find gmp. And since it uses the build
architecture compiler with the host architecture gmp, that's what
happens. I'm attaching a patch that passes a host compiler for your
convenience.

Helmut
diff --minimal -Nru minisat+-1.0/debian/changelog minisat+-1.0/debian/changelog
--- minisat+-1.0/debian/changelog   2017-02-19 17:03:19.0 +0100
+++ minisat+-1.0/debian/changelog   2023-04-04 15:46:00.0 +0200
@@ -1,3 +1,10 @@
+minisat+ (1.0-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Pass a cross CXX to clean. (Closes: #-1)
+
+ -- Helmut Grohne   Tue, 04 Apr 2023 15:46:00 +0200
+
 minisat+ (1.0-4) unstable; urgency=medium
 
   * debian/tests/control: add Depends: @ for test "upstream".
diff --minimal -Nru minisat+-1.0/debian/rules minisat+-1.0/debian/rules
--- minisat+-1.0/debian/rules   2017-02-19 17:03:19.0 +0100
+++ minisat+-1.0/debian/rules   2023-04-04 15:45:59.0 +0200
@@ -1,5 +1,7 @@
 #!/usr/bin/make -f
 
+include /usr/share/dpkg/buildtools.mk
+
 %:
dh $@
 
@@ -7,4 +9,4 @@
make rs
 
 override_dh_auto_clean:
-   make clean
+   make clean CXX=$(CXX)

Bug#1033988: httpfs2 FTCBFS: hard codes the build architecture pkg-config

[Helmut Grohne]

Source: httpfs2
Version: 0.1.4-1.1
Tags: patch upstream
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

httpfs2 fails to cross build from source, because it hard codes the
build architecture pkg-config in the upstream Makefile. It also stuffs
the compiler flag -g into the compiler variable, which will get lost
when overridden by debhelper. I'm attaching a patch for your
convenience.

Helmut
--- httpfs2-0.1.4.orig/Makefile
+++ httpfs2-0.1.4/Makefile
@@ -1,11 +1,12 @@
-CC=gcc -g 
-CFLAGS :=  -Os -Wall $(shell pkg-config fuse --cflags)
+CC=gcc
+PKG_CONFIG ?= pkg-config
+CFLAGS := -g -Os -Wall $(shell $(PKG_CONFIG) fuse --cflags)
 CPPFLAGS := -Wall -DUSE_AUTH -D_XOPEN_SOURCE=500 -D_ISOC99_SOURCE -D_POSIX_C_SOURCE=200112L
 THR_CPPFLAGS := -DUSE_THREAD
 THR_LDFLAGS := -lpthread
-SSL_CPPFLAGS := -DUSE_SSL $(shell pkg-config openssl --cflags)
-SSL_LDFLAGS := $(shell pkg-config openssl --libs)
-LDFLAGS := $(shell pkg-config fuse --libs | sed -e s/-lrt// -e s/-ldl//)
+SSL_CPPFLAGS := -DUSE_SSL $(shell $(PKG_CONFIG) openssl --cflags)
+SSL_LDFLAGS := $(shell $(PKG_CONFIG) openssl --libs)
+LDFLAGS := $(shell $(PKG_CONFIG) fuse --libs | sed -e s/-lrt// -e s/-ldl//)
 
 intermediates =
 

Bug#1033987: ITP: ruby-google-apis-cloudbilling-v1 -- simple REST client for Cloud Billing API V1

[Ravi Dwivedi]

package: wnpp
Severity: wishlist
Owner: 'Ravi Dwivedi' 

*Package Name : ruby-google-apis-cloudbilling-v1
 Version : 0.21.0
 Upstream Author : Google LLC
*URL :  https://github.com/googleapis/google-api-ruby-client
*License : Apache-2.0
*Description : simple REST client for Cloud Billing API V1

I am packaging ruby-google-apis-cloudbilling-v1 as it is required for 
gitlab 15.9.2


---
Ravi Dwivedi


OpenPGP_0xE0E5BAFD3BBF70B3.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1032948:

[Salvatore Bonaccorso]

Hi Costas,

On Wed, Apr 05, 2023 at 05:53:58PM +0200, Costas Drogos wrote:
> Hi,
> 
> I'm also affected by this - recent lenovo laptop with a dock that
> connects/removes multiple usb devices at the same time. Been getting
> the oops after every resumption or every time multiple usb devices got
> reset, with 6.1.0-6 and 6.1.0-7.
> 
> Built and booted a patched debian 6.1.20 and been using it for ~1hr
> now without experiencing any issues. Connected and disconnected the
> dock (and its devices) multiple times, suspended/resumed twice as
> well.
> 
> I'd prefer to keep using it for some more time before calling it a
> success, but it certainly feels better. With the normal kernel
> disconnecting the dock was triggering a crash almost every time.

Thanks already for your additional testing!

Regards,
Salvatore

Bug#1033987: ITP: google-apis-cloudbilling-v1 -- simple REST client for Cloud Billing API V1

[Ravi Dwivedi]

package: wnpp
Severity: wishlist
Owner: 'Ravi Dwivedi' 

*Package Name : google-apis-cloudbilling-v1
 Version : 0.21.0
 Upstream Author : Google LLC
*URL :  https://github.com/googleapis/google-api-ruby-client
*License : Apache-2.0
*Description : simple REST client for Cloud Billing API V1

I am packaging google-apis-cloudbilling-v1 as it is required for gitlab 
15.9.2


---
Ravi Dwivedi


OpenPGP_0xE0E5BAFD3BBF70B3.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1033986: ITP: ruby-google-apis-iam-v1 -- simple REST client for Identity and Access Management (IAM) API V1

[Ravi Dwivedi]

package: wnpp
Severity: wishlist
Owner: 'Ravi Dwivedi' 

*Package Name : ruby-google-apis-iam-v1
 Version : 0.36.0
 Upstream Author : Google LLC
*URL :  https://github.com/googleapis/google-api-ruby-client
*License : Apache-2.0
*Description :  simple REST client for Identity and Access Management 
(IAM) API V1


I am packaging ruby-google-apis-iam-v1 as it is a dependency of gitlab 
15.9.2.


---
Ravi Dwivedi


OpenPGP_0xE0E5BAFD3BBF70B3.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1029588: bts: Changes in libio-socket-ssl-perl 2.078 make bts fail to send mail to mail-server via SSL/TLS - hostname verification failed

[Daniel Leidert]

Hi,

Am Mittwoch, dem 29.03.2023 um 18:42 +0200 schrieb Dominique Dumont:
> 
> Turns out that Perl module Net::SMTP supports SSL since 2014 [1], but
> bts still use Net::SMTPS which is an old wrapper around Net::SMTP.
> 
> I've patched bts to use Net::SMTP instead of Net::STMPS and I can
> connect to Daniel's server:

I'm really sorry for not getting back earlier. I was just too busy.


I'll test the updated package asap.

Thank you so much for working on this.

Regards, Daniel

Bug#1032567: ddnet: autopkgtests not testing the installed package

[Tobias Frost]

Control: severity -1 important

Hi Gianfranco,

On Thu, 9 Mar 2023 07:59:47 +0100 Gianfranco Costamagna 
 wrote:
> Source: ddnet
> Version: 16.4-1.1
> Severity: serious
> 
> Hello, the ddnet autopkgtests are not currently testing the installed 
> package, but rather doing some sort of testsuite on source directory. This 
> makes the test fail on s390x, rather than test not
being run due to it being not built from source.
> 
> G.

I agree that it is not the intention of autopkgtest to (re)run unit tests.
Said that, I disagree on the severity: It is still better than having no tests, 
as they
will be able to detect some issue, e.g if some reverse depenency breaks stuff.
The tests could be marked supeeficious, maybe…

s390x is in state "uncompiled", so s390x issues does not make this bug RC 
either.

Cheers,
tobi

Bug#1033985: debian-installer: Installer sets grub up without existing Windows boot choice

[Bud Heal]

Package: debian-installer
Version: 20230401
Severity: important
X-Debbugs-Cc: budheal...@gmail.com

Dear Maintainer,

   * What led up to the situation?
I installed the latest weekly build to test a different bug. This machine has 
Windows 7 in the first partition. At some point I copied the 320GB onto a 2TB, 
then installed Linux onto the residue. This time I overwrote Devuan Ascii. The 
install would not complete unless I reinitialized it as ext4.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
In the boot sequence, grub's list no longer included the Windows 7 partition. 
After completing tests, I used Microsoft's tools to reenable Windows and now 
have no longer have an option to boot into the Linux partition.
   * What was the outcome of this action?
The last time I installed Buster and bullseye, on other computers, the Windows 
options were still shown at boot. This appear to be a regression of some kind. 
I have also complained (as a grub bug) that when I install different Debian 
versions, the (unused) Windows M.2 shows, the latest (M.2 or SATA SSD) shows, 
but the third doesn't show up - and I would really like to use that one when 
the testing install fails out. Okay, hunt and peck a little bit and it can 
happen anyway.
   * What outcome did you expect instead?
I guess I am wishing for the Installer to enumerate all of the attached volumes 
and any of the bootable partitions and pack them into a tidy list for grub.
Now, for this install I used a 64GB USB stick with the DLBR image. The 
Installer duly asked if I wanted to boot from the hard disk or the USB drive 
next time. Listing the install volume seems a little silly, but not listing all 
of the options on the hard drive -- senseless.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security')
Architecture: amd64 (x86_64)

*** ignore the environment, it was an 4-core i7 in an old laptop *** 

Kernel: Linux 6.1.0-6-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1033856: unblock: mpv/0.35.1-2

[Paul Gevers]

Control: tags -1 moreinfo

Hi Sebastian,

On 02-04-2023 22:06, Sebastian Ramacher wrote:

   [x] attach debdiff against the package in testing


The debdiff that I get with $(d) contains two new patches that are not 
part of d/p/series and were not part of your debdiff (they look like 
copies of existing patches with a different number. Was that intentional?


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1033911: please enable the experimental Xtensa backend in LLVM and Clang 16+

[John Scott]

I believe the backend name is Xtensa. I wasn't able to try doing an LLVM
build myself and do not have a patch because I ran out of disk space. I
think setting -DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD=Xtensa will do the
right thing, but again I was not able to test this.


signature.asc
Description: This is a digitally signed message part

Bug#1033626: sbuild: Dependencies should not be required outside the chroot (--no-clean should be the default)

[Dima Kogan]

> How would a resolution to this bug look like from your point of view?

An extra line in the error message that reiterates that "dh clean" runs
outside the chroot, and needs manual Build-Depends would be sufficient I
think. Then the user knows it's not a bug, and can go read the manpage
for more detail.

Even better (but more work) would be to identify the missing package.
It's almost always dh-SOMETHING. Is it easy to grep the Build-Depends
for all packages that match ^dh-.*, and say "try installing THIS and
THAT"?

Bug#1031553: gnutls28: please depend on faketime instead of datefudge

[Andreas Metzler]

On 2023-02-18 Nicolas Boulenguez  wrote:
> Source: gnutls28
> Version: 3.7.9-1

> Hello.

> Datefudge is broken on 32-bit architectures (release-critical bug
> #1028587).  The author recommends to use alternative tools in message
> 24 of the bug log.  Only two consumers are remaining, gnutls28 and
> oath-toolkit.

> The attached diff replaces datefudge with faketime in gnutls28.
> The change only affects tests.
> A test fails after a local build, but the timestamps seem correct.

> The severity is 'wishlist' for gnutls28, but the attached patch (and a
> similar one for oath-toolkit) would allow to remove the datefudge
> package and 1 RC bug from bookworm.
[...]

Hello,

after a couple of iterations and reworks gnutls upstream /master/ branch
now supports both faketime and datefudge. However I am a bit reluctant
to patch gnutls 3.7 for bookworm:

* Net win (and only if oath-toolkit also switches in time for bookworm) is
  that datefudge could be removed. The real brokenness remains, since
  faketime also suffers from the bug (#1032177) and I /think/ it is
  unlikely to be fixed in time for bookworm.

* Downsides:
  + Rather huge patch that is unlikely to end up in gnutls 3.7.x series
  + GnuTLS master branch (3.8.x) will probaby move away from
datefudge/faketime and use a (newly added) -attime option. So we
will patch in dead code.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#1033984: valgrind: Valgrind default suppressions for glibc don't apply in Debian

[Simon Chopin]

Source: valgrind
Version: 1:3.18.1-1ubuntu2
Severity: minor
X-Debbugs-Cc: scho...@ubuntu.com

Hi,

While investigating https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028504 
(or rather its Ubuntu equivalent),
I came upon this thread:

https://sourceforge.net/p/valgrind/mailman/valgrind-developers/thread/20190909131626.9633-1-mac%40mcrowe.com/#msg36759152

In their case, the error was suppressed by the default file, which
presumably was written for this kind of reason, however the file
patterns in glibc-2.x.supp.in don't match anything in Debian, rendering
the suppressions useless.

Cheers,
Simon

Bug#1032948:

[Costas Drogos]

Hi,

I'm also affected by this - recent lenovo laptop with a dock that
connects/removes multiple usb devices at the same time. Been getting
the oops after every resumption or every time multiple usb devices got
reset, with 6.1.0-6 and 6.1.0-7.

Built and booted a patched debian 6.1.20 and been using it for ~1hr
now without experiencing any issues. Connected and disconnected the
dock (and its devices) multiple times, suspended/resumed twice as
well.

I'd prefer to keep using it for some more time before calling it a
success, but it certainly feels better. With the normal kernel
disconnecting the dock was triggering a crash almost every time.

Costas

Bug#1033983: RM: golang-github-tonistiigi-fifo -- RoQA; superseded by golang-github-containerd-fifo

[Shengjing Zhu]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: golang-github-tonistiigi-f...@packages.debian.org, z...@debian.org
Control: affects -1 + src:golang-github-tonistiigi-fifo


Hi,

The upstream https://github.com/tonistiigi/fifo is redirected to
https://github.com/containerd/fifo
And the latter is packaged as golang-github-containerd-fifo.

Bug#1033981: command-not-found: Incompatible with deb822 apt sources

[Julian Andres Klode]

Control: reassign -1 python-apt
Control: retitle -1 python-apt: deb822 sources parsing inconsistency

On Wed, Apr 05, 2023 at 04:41:58PM +0200, H.-Dirk Schmitt wrote:
> Package: command-not-found
> Version: 23.04.0-1
> Severity: normal
> X-Debbugs-Cc: none, H.-Dirk Schmitt 
> 
> After changing the /etc/apt/sources.d/… files from the traditional to the 
> deb822 format following noisy warning message
> are displayed:
> WARNING:root:could not open file 
> '/etc/apt/sources.list.d/bookworm.security.sources': Unable to parse section 
> data
> Same for all other sources files in deb822 format.

23.04.0 is the version I introduced deb822 support, so yes, it
absolutely does support it, older versions ignore the files.

The warning says the file is wrong (or the parser).

> 
> Content of the mentioned file.
> 
> # -- old-stable --
> Types: deb
> URIs: http://security.debian.org/debian-security
> Suites: bullseye-security
> Components: main contrib non-free
> 
> # -- stable --
> 
> Types: deb
> URIs: http://security.debian.org/debian-security
> Suites: bookworm-security
> Components: main contrib non-free  non-free-firmware

I think you may be missing an empty line at the end or your comments
trip up the parser. It is generally expected that comments are part
of sections and there are no fraudulent sections that consist of just
comments.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en

Bug#1033981: command-not-found: Incompatible with deb822 apt sources

[H . -Dirk Schmitt]

Package: command-not-found
Version: 23.04.0-1
Severity: normal
X-Debbugs-Cc: none, H.-Dirk Schmitt 

After changing the /etc/apt/sources.d/… files from the traditional to the 
deb822 format following noisy warning message
are displayed:
WARNING:root:could not open file 
'/etc/apt/sources.list.d/bookworm.security.sources': Unable to parse section 
data
Same for all other sources files in deb822 format.

Content of the mentioned file.

# -- old-stable --
Types: deb
URIs: http://security.debian.org/debian-security
Suites: bullseye-security
Components: main contrib non-free

# -- stable --

Types: deb
URIs: http://security.debian.org/debian-security
Suites: bookworm-security
Components: main contrib non-free  non-free-firmware



-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (600, 'testing-security'), (600, 'testing'), (500, 
'stable-security'), (99, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE:de:en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages command-not-found depends on:
ii  apt-file 3.3
ii  lsb-release  12.0-1
ii  python3  3.11.2-1
ii  python3-apt  2.5.3

command-not-found recommends no packages.

Versions of packages command-not-found suggests:
pn  snapd  

-- Configuration Files:
/etc/apt/apt.conf.d/50command-not-found changed:
Acquire::IndexTargets {
# The deb822 metadata files
deb::CNF  {
MetaKey "$(COMPONENT)/cnf/Commands-$(NATIVE_ARCHITECTURE)";
ShortDescription "Commands-$(NATIVE_ARCHITECTURE)";
Description "$(RELEASE)/$(COMPONENT) $(NATIVE_ARCHITECTURE) c-n-f 
Metadata";
DefaultEnabled "false";
};
};
APT::Update::Post-Invoke-Success {
"if /usr/bin/test -w /var/lib/command-not-found/ -a -e 
/usr/lib/cnf-update-db; then /usr/lib/cnf-update-db > /dev/null & fi";
};


-- no debconf information


--

---

H.-Dirk_Schmitt
Dipl.Math.
eMail:dirk.schm...@computer42.org
pgp: http://www.computer42.org/~dirk/OpenPGP-fingerprint.html

Bug#1033982: RFP: ubbd -- Userspace backend block device

[Daniel Ding]

Package: wnpp
Severity: wishlist

* Package name: ubbd
  Version : 0.1.1
  Upstream Author : Dongsheng Yang 
* URL : https://github.com/DataTravelGuide/ubbd.git
* License : LGPL
  Programming Lang: C
  Description : Userspace backend block device


UBBD supports the following features:

a) Block device driver upgrade online.

As we decoupled the storage related logic with the block device, then
we can upgrade the storage driver out of the kernel module. That means we
can upgrade our driver with io inflight on the air.

b)  The driver bug doesn't crash the kernel.

c) Don't reinvent the wheel.

Some block storage, especially cloud storage has a userspace
library but there is no linux kernel driver to use it. ubbd can
make it very easy to enable linux block device driver for it via
library.

d) Decoupling the storage specified logic from a linux kernel
block device logic.

Thanks
Daniel

Bug#1033980: ITP: libdemeter-perl -- comprehensive XAS data analysis system using Feff and Ifeffit or Larch

[Roland Mas]

Package: wnpp
Severity: wishlist
Owner: Roland Mas 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libdemeter-perl
  Version : 0.9.27
  Upstream Author : Bruce Ravel (http://bruceravel.github.io/home)
* URL : https://github.com/bruceravel/demeter
* License : Artistic
  Programming Lang: Perl
  Description : comprehensive XAS data analysis system using Feff and 
Ifeffit or Larch

Demeter provides an object oriented interface to the EXAFS data
analysis capabilities of the popular and powerful Ifeffit package and
its successor Larch. Given that the Ifeffit and Larch APIs involve
streams of text commands, this package is, at heart, a code
generator. Many methods of this package return text. All actual
interaction with Ifeffit or Larch is handled through a single method,
dispose, which is described below. The internal structure of this
package involves accumulating text in a scalar variable through
successive calls to the various code generating methods. This text is
then disposed to Ifeffit, to Larch, to a file, or elsewhere. The
outward looking methods organize all of the complicated interactions
of your data with Ifeffit or Larch.

This package is aimed at many targets. It can be the back-end of a
graphical data analysis program, providing the glue between the
on-screen representation of the fit and the actual command executed by
Ifeffit or Larch. It can be used for one-off data analysis chores --
indeed most of the examples that come with the package can be reworked
into useful one-off scripts. It can also be the back-end to
sophisticated data analysis chores such as high-throughout data
processing and analysis or complex physical modeling.

This package will be maintained within the Perl team on salsa.

Bug#894098: gdm3: Success with HDMI and DisplayPort

[Bud Heal]

Package: gdm3
Followup-For: Bug #894098
X-Debbugs-Cc: budheal...@gmail.com

Dear Maintainer,

   * What led up to the situation?
I installed the last weekly build into a Dell Precision 4600. This has 
DisplayPort, HDMI, VGA and the internal screen. 
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
HDMI worked in conjunction with VGA and the internal screen for Gnome and MATE. 
Moving the screens worked without apparent artifacts.
DisplayPort worked with the internal display. I did not wait for the screen 
saver to come on.
   * What was the outcome of this action? Shifting the external monitor's 
location showed occasional artifacts but only the kind one can accept - 
horizontal bars as the software adapts to the external location of the external 
monitor - very understandable - or briefly blanking (black) the bottom half of 
the internal display - perhaps indicating the hardware or its frame buffer has 
two banks to fill.
There are no concerns to report.

   * What outcome did you expect instead?
The operation is as expected now.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gdm3 depends on:
ii  accountsservice  22.08.8-6
ii  adduser  3.131
ii  dbus [default-dbus-system-bus]   1.14.6-1
ii  dbus-bin 1.14.6-1
ii  dbus-daemon  1.14.6-1
ii  dconf-cli0.40.0-4
ii  dconf-gsettings-backend  0.40.0-4
ii  debconf [debconf-2.0]1.5.82
ii  gir1.2-gdm-1.0   43.0-3
ii  gnome-session [x-session-manager]43.0-1
ii  gnome-session-bin43.0-1
ii  gnome-session-common 43.0-1
ii  gnome-session-flashback [x-session-manager]  3.46.0-1
ii  gnome-settings-daemon43.0-4
ii  gnome-shell  43.3-3
ii  gnome-terminal [x-terminal-emulator] 3.46.8-1
ii  gsettings-desktop-schemas43.0-1
ii  libaccountsservice0  22.08.8-6
ii  libaudit11:3.0.9-1
ii  libc62.36-8
ii  libcanberra-gtk3-0   0.30-10
ii  libcanberra0 0.30-10
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libgdm1  43.0-3
ii  libglib2.0-0 2.74.6-1
ii  libglib2.0-bin   2.74.6-1
ii  libgtk-3-0   3.24.37-2
ii  libgudev-1.0-0   237-2
ii  libkeyutils1 1.6.3-2
ii  libpam-modules   1.5.2-6
ii  libpam-runtime   1.5.2-6
ii  libpam-systemd [logind]  252.6-1
ii  libpam0g 1.5.2-6
ii  librsvg2-common  2.54.5+dfsg-1
ii  libselinux1  3.4-1+b5
ii  libsystemd0  252.6-1
ii  libx11-6 2:1.8.4-2
ii  libxau6  1:1.0.9-1
ii  libxcb1  1.15-1
ii  libxdmcp61:1.1.2-3
ii  marco [x-window-manager] 1.26.1-1
ii  mate-session-manager [x-session-manager] 1.26.0-1
ii  mate-terminal [x-terminal-emulator]  1.26.0-1
ii  metacity [x-window-manager]  1:3.46.1-1
ii  polkitd  122-3
ii  procps   2:4.0.2-3
ii  systemd-sysv 252.6-1
ii  ucf  3.0043+nmu1
ii  x11-common   1:7.7+23
ii  x11-xserver-utils7.7+9+b1

Versions of packages gdm3 recommends:
ii  at-spi2-core 2.46.0-5
ii  desktop-base 12.0.5
ii  gnome-session [x-session-manager]43.0-1
ii  gnome-session-flashback [x-session-manager]  3.46.0-1
ii  mate-session-manager [x-session-manager] 1.26.0-1
ii  x11-xkb-utils7.7+7
ii  xserver-xephyr   2:21.1.7-1
ii  xserver-xorg 1:7.7+23
ii  zenity   3.44.0-1

Versions of packages gdm3 suggests:

Bug#1033979: sane-backends: GFDL NIV variant

[Bastian Germann]

Source: sane-backends
Version: 1.2.1-1
Severity: minor

d/copyright lists GFDL-1.1 but its name should really be GFDL-NIV-1.1 because the referencing file explicitly claims 
that it comes "with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover."

Bug#1033978: ITP: ruby-google-apis-cloudresourcemanager-v1 -- Simple REST client for Cloud Resource Manager API V1

[Vinay]

package: wnpp
Severity: wishlist
Owner: Vinay Keshava

*Package Name  : ruby-google-apis-cloudresourcemanager-v1
 Version   : 0.31.0
 Upstream Author   : 2021 Google LLC
*URL   :https://github.com/googleapis/google-api-ruby-client
*License   : Apache-2.0
 Programming Lang  : Ruby
*Description: Simple REST client for Cloud Resource Manager API V1
 This is the simple REST client for Cloud Resource Manager API V1. Simple REST
 clients are Ruby client libraries that provide access to Google services via
 their HTTP REST API endpoints. These libraries are generated and updated
 automatically based on the discovery documents published by the service, and
 they handle most concerns such as authentication, pagination, retry, timeouts,
 and logging. You can use this client to access the Cloud Resource Manager API,
 but note that some services may provide a separate modern client that is
 easier to use.

This gem is required for Gitlab and will maintained under ruby team umbrella.

- Vinay Keshava

Bug#1033897: Firefox and thunderbird fail to launch under, sysvinit

[matthias . geiger1024]

Hi Jesse, 


> Hi Matthias,
>
> What is the output in your terminal if you try to launch Firefox or
> Thunderbird from a virtual terminal? Does it say anything about the
> display or a missing library?
>
Not really. Just the command idly running and nothing happens. 

> You said this works under Plasma and under GNOME's X11 session, so I'm
> guessing this is mostly related to GNOME's Wayland implementation (and
> related variables) rather than init itself.
>
Probably. Starting the GNOME wayland session from sddm instead of gdm3 also 
doesn't make a difference. Running gdm I did a comparison of the processes and 
the same ones get executed on systemd:

root 645  0.0  0.0 240512  8576 ?    Ssl  13:42   0:00 
/usr/sbin/gdm3
root    1961  0.0  0.0 165496  9384 ?    Sl   13:49   0:00 
gdm-session-worker [pam/gdm-password]
werdahi+    2090  0.0  0.0 159456  5632 tty2 Ssl+ 13:49   0:00 
/usr/libexec/gdm-wayland-session /usr/bin/gnome-session

I'm happy to provide more logs / get into debugging.

Regards

Matthias
-BEGIN PGP PUBLIC KEY BLOCK-

mQINBGJGNsQBEADCVylaCtYtBQW4NmDrZOIizSrVlv5ZJ5WJ128MAblWk3fRFPya
Cs/klkTT58ehBSr61sXVP+NpkF7MWOBu2CNg66U40a/Eb+v4poxNaIjXKvQtf51S
y5yGwmTc7IJg8HuohT7K3/pcsEt0jvYSwvvDFUIz5WdOR5RmB7WkDRGh8Zaior3z
tzx6AKhx/aXmAc/i4BDavDxZeFC0d79H3S1+TvFsvhyIZXIFTB0sTzWreZZxSOjk
Mz6xxgWGdc27lsbZbKU7N+c+GnWrRlTjimU1AfPLJQgehIejR9pSyZ2Y5BAqB7Qr
f8Tvc8jc1kDx473sUUla6ELEuJMIISK1qam/B7buxZ1r/ngWRiQsqAHznm7OYk69
ttXBeHxS1b+HrcJMWfROkzsTuG6G//axMCb6x0MuyOgLXk87aDnDx1fPn62R+tq7
T4JvW51TSnlNNh75zA+8w3UzDHy2By0H6NSfiLerNnF7LGCXk7AiwQsaplrEjo/1
/4NraAqy1eO69SyozSiRuuA5KemlyPwJokpp2HMJX3cry2J7lV0+wnaaorQzz5Fi
7gRRlqXrOGwEcEG6i62VbIv2VW3Zy+qjaD3HRWXfKXXjpXske41Trv2qPI2/kGtJ
TRWSWdTQ42oYOaEg/KUh0GnEoZerj50JC1qGmwElKYgd+2XQ8qR7uIB5qQARAQAB
tDFNYXR0aGlhcyBHZWlnZXIgPG1hdHRoaWFzLmdlaWdlcjEwMjRAdHV0YW5vdGEu
ZGU+iQJUBBMBCgA+FiEEwuGmy/3s5RGopBdtGL0QaztsVHUFAmJGNsQCGwMFCQPC
ZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQGL0QaztsVHVMxQ/+M5JEQ5wk
DDblHGUlK8IBnPM5peuDrMdQAsOQ5nSv90gl4z4HkRgomS70xMpvoS+g/8hPym4G
PXpSFJsZWjFevACWMzZO84pqJhPaFnmjh3utkkiblNf8Wi350K+luAlRvT1FVD6i
HM6kOxU0P9t9+PU38FH299oRw2qEqDw5Wx+Hrnp4gaGv1mssvAMiXeaaPGx4KSz8
sNXADHJDo78U6RGJM/rSng/8M7zd3c6E8MIH958mlWjUb8T10AZ/otH3nFSRIfds
5MdnnrsKAK3DMW4RanRWHPvTsICDDkuRvigd32waQRdZeA3dNbPxM6tKDL9GEH8Q
AnkShJ7VmTXP9CV20vj15mleoeDMgqhX5KEOsc3DMnKcVqdb9CzHj6jNSFUverk1
bBNaJpIiWwtwjueR4Hgdof80AAgRin4YnWaOaPTSusrKyN8dCRVcRIbauVooWLil
q2OrWftDVmmNciwoHr5/WDPNgkv9DAgY+DX8Y8LMWAkXgpB0KniiQaLzrW34zjnP
ALTLTIvNid6YX8KOY6KhAVWfVdMC5j6GEGfbfyMLz63YPxA9Q1Af6oXS8MbdHyBw
JV8ns2xm5fD2vZVw6JI1e8AMMDjH2fAqmH23MG0fN0zd2NUToHmvhX9APSzJIbET
doFPn/mI/az4Oh24WHf3Ozr+XEDyWcyy1y+5Ag0EYkY2xAEQANL26Ixtq1QMUM+5
MHl2FK4foRODoKHe4ZzdOAumUBPJE/pxGVlVxCqzC+LUeFvA8LTYCt1B60yRveYR
4mmPTA7nAerG2m4aQPeIfzz6HXWkiu9mzgxqjhPxitiMR5f1du1rAWGPZxSkhdW6
fDWT4PkHoY78jbQXWYEnV85rwtZIZIduHGKWzyxln3qjrefmB04QkPJ2BDOsRTtD
YeNddHAvcgZtyepqZka9lpowQTY6TXwM8uYArEa7Hll/4r9rcvkVQUxf8jqYpZ3v
PLSzvvaDouH7WAg5nUaTeWAQdSq108rNRSTgScLZWjwmhFBA46RneRpij2OJ0lW4
QqFTlldjWXzgGj6u4nbXrSERGaPwyLGIkHoKbnTAm7791d/Y5UQImuPb1tIg5Pf7
OhtyWw3bstVDa5MvIUuGpi5yKPirhrtAfdZ3H2/HR814JuL2BYdjyCuR/Sj/lZTx
+gJ0bm+Llr0KZDhjKMeWaqVqsD4bybgEe4d3zE4sj9GZ0tNUvXfPaRGY6tgh9sgT
Iy28vnyYpFX+oSIZXRreDpfzyjDhvNbB+AFsPN5OXqaBpmu/378T5nRpUj/qbqEZ
EsloCbAmgHfvIysQWYdJ+63S3ZqpbEQRa4Y7DeybaLi8xTMfdWa19T7vQY3mVWn5
ZooycK4fkbedu19+5l8zfhR7oWyBABEBAAGJAjwEGAEKACYWIQTC4abL/ezlEaik
F20YvRBrO2xUdQUCYkY2xAIbDAUJA8JnAAAKCRAYvRBrO2xUdRuPD/4tdAf8nxsA
upo5O99E4AS59OTXPQuVgt1U2Z7ssDvZ3O6qbZvIBWQ0NqnCsprCt71M6cWC2dkq
WUs3oRRu4IzuB4LErcTr597k+iltJ60rhDL/hxSumToH6FSX1w8EWJVg3xgP4U39
HSx6QOlZ3bTgd9dS5S46jOptIYzX5wYkNzyMj1hbmTg0lVyMtWjqfCLNmF3EzGGC
BLR3tMOxZURrxx8tL48iJlFyxJG3XahoyxDSNepo5HZ+AUnNq2TJPoPJQfb1/GB/
/LycKSXWgblyWuGRlgoCE1JcdwuRM5hI2xugZQrhgZaPUBch1MSoiIqwgR1A8NPL
iypUPnwG4vEaVbMtem7OUghsx+fYwuGq0T7/ezjyVRv86U2gU1bmbxojct1AXSCT
FCCR3Y8QAHV9o8U/eZ1XzcEZsXFd6siO5nEBl9HaTHh5gWDrk/molP85S7Y9JIBP
wZygBjWOPCCkFlIuiPQlXsJezVu93ydz7uCNIJfHv30oVedcYHN1Wr7B/1j8wXMy
wqW4Nw54yZ8zaJIo01Khym6cFFVXoAUZa+5QRvSmjnm1Go+ZwZA9i7zo/6LLSpeR
04+4a1Daysk0fTf+DscrxQbUBZX17e1n/EtLS8/pp+Xb/k1JK1iiNcdpfLJ7RNik
GX00szhWs5riRMzIibFDsE/FyYVNX2VHQg==
=onWA
-END PGP PUBLIC KEY BLOCK-

Bug#1032392: python3-scikit-rf: import fails: AttributeError: module 'collections' has no attribute 'Sequence'

[Josef Schneider]

Hello,

I have attached a debdiff where I import the collections.abc python 
package which has the Sequence and MutableMapping attributes instead of 
collections. This patch is applied to the 0.15.4 upstream which is the 
current in debian. With this fix, the package builds and importing the 
skrf package in a python console works as expected. I can upload this RC 
bug fix as a NMU if you want. Thanks!


--
Josef Schneider

GPG Fingerprint 3267 0331 DB61 A817 7D25 4D05 5A44 BC12 F2A8 E58F
diff -Nru scikit-rf-0.15.4/debian/changelog scikit-rf-0.15.4/debian/changelog
--- scikit-rf-0.15.4/debian/changelog   2020-12-02 09:46:23.0 +0100
+++ scikit-rf-0.15.4/debian/changelog   2023-04-04 19:53:06.0 +0200
@@ -1,3 +1,11 @@
+scikit-rf (0.15.4-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add patch to import python package collections.abc instead of collections.
++ Fixes AttributeError when importing the package (Closes: #1032392).
+
+ -- Josef Schneider   Tue, 04 Apr 2023 19:53:06 +0200
+
 scikit-rf (0.15.4-2) unstable; urgency=medium
 
   * First source-only upload
diff -Nru scikit-rf-0.15.4/debian/patches/0002-import-collections-abc.patch 
scikit-rf-0.15.4/debian/patches/0002-import-collections-abc.patch
--- scikit-rf-0.15.4/debian/patches/0002-import-collections-abc.patch   
1970-01-01 01:00:00.0 +0100
+++ scikit-rf-0.15.4/debian/patches/0002-import-collections-abc.patch   
2023-04-04 19:53:06.0 +0200
@@ -0,0 +1,43 @@
+From eb86566f22b80cf782585dc04d872fc11b437946 Mon Sep 17 00:00:00 2001
+From: Josef Schneider 
+Date: Tue, 4 Apr 2023 20:04:21 +0200
+Subject: [PATCH] import collections abc
+
+---
+ skrf/util.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/skrf/util.py b/skrf/util.py
+index b9566f3..355ec0e 100644
+--- a/skrf/util.py
 b/skrf/util.py
+@@ -32,7 +32,7 @@ import six.moves.cPickle as pickle
+ 
+ import numpy as npy
+ from datetime import datetime
+-import collections
++import collections.abc
+ import pprint
+ import re
+ from subprocess import Popen, PIPE
+@@ -286,7 +286,7 @@ def findReplace(directory, find, replace, filePattern):
+ 
+ # general purpose objects
+ 
+-class HomoList(collections.Sequence):
++class HomoList(collections.abc.Sequence):
+ '''
+ 
+ A Homogeneous Sequence
+@@ -384,7 +384,7 @@ class HomoList(collections.Sequence):
+ return pprint.pformat(self.store)
+ 
+ 
+-class HomoDict(collections.MutableMapping):
++class HomoDict(collections.abc.MutableMapping):
+ '''
+ A Homogeneous Mutable Mapping
+ 
+-- 
+2.38.1
+
diff -Nru scikit-rf-0.15.4/debian/patches/series 
scikit-rf-0.15.4/debian/patches/series
--- scikit-rf-0.15.4/debian/patches/series  2020-12-02 09:45:36.0 
+0100
+++ scikit-rf-0.15.4/debian/patches/series  2023-04-04 19:53:06.0 
+0200
@@ -1 +1,2 @@
 0001-Included-script-should-run-with-Python-3.patch
+0002-import-collections-abc.patch


OpenPGP_0x5A44BC12F2A8E58F.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#994274: syslinux: FTBFS with gnu-efi 3.0.13

[James Addison]

Followup-For: Bug #994274
X-Debbugs-Cc: lu...@schwaighofer.name, pk...@debian.org, timo.lindf...@iki.fi

Hi Lukas, Philipp, Timo,

Does reverting the removal[1] of 'efisetjmp.h' from 'efi.h' in src:gnu-efi
produce successful results?

That occurred between gnu-efi versions 3.0.9 and 3.0.13 if I read the upstream
history correctly.

(revert patch attached for convenience, although I'm not yet going to add the
corresponding tag to this bug until we confirm whether it's useful)

And if that headerfile does seem relevant: this issue may affect src:shim too.

Thanks,
James

[1] - 
https://sourceforge.net/u/lslrt/gnu-efi/ci/486ba3c3bdd147b7d98159b9e650be60bce0f027/
--- a/apps/setjmp.c
+++ b/apps/setjmp.c
@@ -1,7 +1,6 @@
 
 #include 
 #include 
-#include 
 
 EFI_STATUS
 efi_main(
--- a/inc/efi.h
+++ b/inc/efi.h
@@ -75,6 +75,7 @@
 #include "efiudp.h"
 #include "efitcp.h"
 #include "efipoint.h"
+#include "efisetjmp.h"
 #include "efishell.h"
 
 #endif

Bug#1033974: unblock: python-uhashring/2.1-2

[Thomas Goirand]

The version to unblock really is 2.1-3.
My bug report is then probably wrong...

Cheers,

Thomas Goirand (zigo)

Bug#1028504: libc6: valgrind reports "Invalid read of size 8" deep in decompose_rpath in dl-load.c

[Simon Chopin]

We've just had this in Ubuntu, see
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2015216

Bug#1033977: unblock: monado/21.0.0~dfsg1-2.1+b1

[David Heidelberg]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: mon...@packages.debian.org
Control: affects -1 + src:monado

Please unblock package Monado.

[ Reason ]
First, the current version of Monado in Debian is two years old,
entirely deprecated, and useless in terms of XR development.

As the Monado package is utterly useless in the version shipped with Bookworm,
this will lead only to a state where no one will choose to install it from 
Debian sources,
which is a dreadful.

So, my proposal is to:
 1. bump it so that Bookworm will provide at least a possibly usable version
 2. drop the package entirely from the release, so point people directly to the 
nightly Monado builds

[ Impact ]
People may get a reasonably up-to-date package when Bookworm gets released.

[ Tests ]
No.

[ Risks ]
There could be bugs not present in the old version. 

[ Checklist ]
  [ ] all changes are documented in the d/changelog
  [ ] I reviewed all changes and I approve them
  [ ] attach debdiff against the package in testing

[ Other info ]

unblock monado/21.0.0~dfsg1-2.1+b1

Bug#1033976: [pre-approve] unblock: golang-1.19/1.19.8-2

[Shengjing Zhu]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: golang-1...@packages.debian.org, z...@debian.org
Control: affects -1 + src:golang-1.19

Please unblock package golang-1.19

[ Reason ]
Two upstream minor versions, fixing 5 CVEs

+ CVE-2023-24532: crypto/elliptic: incorrect P-256 ScalarMult and
  ScalarBaseMult results
+ CVE-2023-24537: go/parser: infinite loop in parsing
+ CVE-2023-24538: html/template: backticks not treated as string delimiters
+ CVE-2023-24534: net/http, net/textproto: denial of service from excessive
  memory allocation
+ CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
  service from excessive resource consumption

[ Impact ]

Several security issues in the Go standard libraries.

[ Tests ]
Besise the unittests upstream added in the new release, I have use the new
version to build some Go packages. And the result is good.

[ Risks ]
Toolchain package and no autopkgtest.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

  I attached the debdiff with
  filterdiff --exclude '*_test.go' --exclude '*_windows*' --exclude 
'*/testdata/*' \
--exclude '*/go.mod' --exclude '*/go.sum' --exclude '*/modules.txt'

[ Other info ]
It may be the last golang-1.19 version to be uploaded during freeze.
The next release is expected (if no urgent CVE happens) to be May, which
is probably hard-freeze time.

unblock golang-1.19/1.19.8-2
diff -Nru golang-1.19-1.19.6/debian/changelog 
golang-1.19-1.19.8/debian/changelog
--- golang-1.19-1.19.6/debian/changelog 2023-02-17 17:56:44.0 +0800
+++ golang-1.19-1.19.8/debian/changelog 2023-04-05 02:15:56.0 +0800
@@ -1,3 +1,25 @@
+golang-1.19 (1.19.8-1) experimental; urgency=medium
+
+  * Team upload
+  * New upstream version 1.19.8
++ CVE-2023-24537: go/parser: infinite loop in parsing
++ CVE-2023-24538: html/template: backticks not treated as string delimiters
++ CVE-2023-24534: net/http, net/textproto: denial of service from excessive
+  memory allocation
++ CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
+  service from excessive resource consumption
+
+ -- Shengjing Zhu   Wed, 05 Apr 2023 02:15:56 +0800
+
+golang-1.19 (1.19.7-1) experimental; urgency=medium
+
+  * Team upload
+  * New upstream version 1.19.7
++ CVE-2023-24532: crypto/elliptic: incorrect P-256 ScalarMult and
+  ScalarBaseMult results
+
+ -- Shengjing Zhu   Wed, 08 Mar 2023 13:54:08 +0800
+
 golang-1.19 (1.19.6-2) unstable; urgency=medium
 
   * Team upload
diff -Nru golang-1.19-1.19.6/src/cmd/go/internal/work/exec.go 
golang-1.19-1.19.8/src/cmd/go/internal/work/exec.go
--- golang-1.19-1.19.6/src/cmd/go/internal/work/exec.go 2023-02-14 
01:38:43.0 +0800
+++ golang-1.19-1.19.8/src/cmd/go/internal/work/exec.go 2023-03-30 
05:15:17.0 +0800
@@ -2764,6 +2764,36 @@
}
}
 
+   // Scrutinize CFLAGS and related for flags that might cause
+   // problems if we are using internal linking (for example, use of
+   // plugins, LTO, etc) by calling a helper routine that builds on
+   // the existing CGO flags allow-lists. If we see anything
+   // suspicious, emit a special token file "preferlinkext" (known to
+   // the linker) in the object file to signal the that it should not
+   // try to link internally and should revert to external linking.
+   // The token we pass is a suggestion, not a mandate; if a user is
+   // explicitly asking for a specific linkmode via the "-linkmode"
+   // flag, the token will be ignored. NB: in theory we could ditch
+   // the token approach and just pass a flag to the linker when we
+   // eventually invoke it, and the linker flag could then be
+   // documented (although coming up with a simple explanation of the
+   // flag might be challenging). For more context see issues #58619,
+   // #58620, and #58848.
+   flagSources := []string{"CGO_CFLAGS", "CGO_CXXFLAGS", "CGO_FFLAGS"}
+   flagLists := [][]string{cgoCFLAGS, cgoCXXFLAGS, cgoFFLAGS}
+   if flagsNotCompatibleWithInternalLinking(flagSources, flagLists) {
+   tokenFile := objdir + "preferlinkext"
+   if cfg.BuildN || cfg.BuildX {
+   b.Showcmd("", "echo > %s", tokenFile)
+   }
+   if !cfg.BuildN {
+   if err := os.WriteFile(tokenFile, nil, 0666); err != 
nil {
+   return nil, nil, err
+   }
+   }
+   outObj = append(outObj, tokenFile)
+   }
+
if cfg.BuildMSan {
cgoCFLAGS = append([]string{"-fsanitize=memory"}, cgoCFLAGS...)
cgoLDFLAGS = append([]string{"-fsanitize=memory"}, 
cgoLDFLAGS...)
@@ -3012,6 +3042,24 @@
return 

Bug#1033885: unblock: pydevd/2.9.5+ds-4

[Julian Gilbey]

On Wed, Apr 05, 2023 at 01:12:20PM +0200, Sebastian Ramacher wrote:
> On 2023-04-05 11:08:31 +0100, Julian Gilbey wrote:
> > On Tue, Apr 04, 2023 at 11:34:22PM +0200, Sebastian Ramacher wrote:
> > > > +# failing tests on 64-bit big-endian targets
> > > > +if [ $arch = s390x -o $arch = s390x -o $arch = sparc64 ]
> > > 
> > > That's s390x twice.
> > > 
> > > Cheers
> > 
> > Oh foo, good catch - that should have been s390x, ppc64 and sparc64.
> > Would you be OK with me uploading a -5 with that fixed?
> 
> ppc64 is not a release architecture. If there is another fix that would
> be imporant in general or for any of the release architectures, then
> yes. Otherwise please postpone the change the trixie.
> 
> Cheers
> -- 
> Sebastian Ramacher

OK, then, shall do.

Best wishes,

   Julian

Bug#1033885: unblock: pydevd/2.9.5+ds-4

[Sebastian Ramacher]

On 2023-04-05 11:08:31 +0100, Julian Gilbey wrote:
> On Tue, Apr 04, 2023 at 11:34:22PM +0200, Sebastian Ramacher wrote:
> > > +# failing tests on 64-bit big-endian targets
> > > +if [ $arch = s390x -o $arch = s390x -o $arch = sparc64 ]
> > 
> > That's s390x twice.
> > 
> > Cheers
> 
> Oh foo, good catch - that should have been s390x, ppc64 and sparc64.
> Would you be OK with me uploading a -5 with that fixed?

ppc64 is not a release architecture. If there is another fix that would
be imporant in general or for any of the release architectures, then
yes. Otherwise please postpone the change the trixie.

Cheers
-- 
Sebastian Ramacher

Bug#1033975: unblock: webp-pixbuf-loader/0.2.1-1

[David Heidelberg]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: webp-pixbuf-loa...@packages.debian.org
Control: affects -1 + src:webp-pixbuf-loader

Please unblock package webp-pixbuf-loader

[ Reason ]
Version 0.0.5 contains multiple bugs and 0.2.0 [1] I pushed was solution
to these problems. Sadly meanwhile 0.2.1 [2] was release with another fix,
which we pushed, but it didn't got into timeframe for 10 days acceptance.

[1] https://github.com/aruiz/webp-pixbuf-loader/releases/tag/0.2.0
[2] https://github.com/aruiz/webp-pixbuf-loader/releases/tag/0.2.1

[ Impact ]

Buggy user experience on old codebase, multiple critical and not resolved bugs.

[ Tests ]
The package has autopkgtests, which has been extended in 0.2.0 and
0.2.1.

[ Risks ]
Package itself is very small and after codebase rework, the fixes are
incremental and self-explaining covered with tests.

[ Checklist ]
  [ ] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [p] attach debdiff against the package in testing

[ Other info ]
I attach diff against the previously sent 0.2.0, since that was targeted
to get into bookworm. If requested, I can send debdiff against 0.0.5.

```
--- webp-pixbuf-loader-0.2.0/debian/changelog   2023-02-26 11:55:51.0 
+0100
+++ webp-pixbuf-loader-0.2.1/debian/changelog   2023-03-04 01:30:48.0 
+0100
@@ -1,3 +1,11 @@
+webp-pixbuf-loader (0.2.1-1) UNRELEASED; urgency=medium
+
+  [ David Heidelberg ]
+  * New upstream version 0.2.1 (Closes: #1032334)
+  * d/tests: extend tests by two new upstream tests
+
+ -- David Heidelberg   Sat, 04 Mar 2023 01:30:48 +0100
+
 webp-pixbuf-loader (0.2.0-1) unstable; urgency=medium
 
   * New upstream version 0.2.0
diff -Nru webp-pixbuf-loader-0.2.0/debian/tests/determinism-test 
webp-pixbuf-loader-0.2.1/debian/tests/determinism-test
--- webp-pixbuf-loader-0.2.0/debian/tests/determinism-test  2023-02-26 
11:55:51.0 +0100
+++ webp-pixbuf-loader-0.2.1/debian/tests/determinism-test  2023-03-04 
01:30:48.0 +0100
@@ -4,7 +4,7 @@
 
 set -eu
 
-gdk-pixbuf-thumbnailer -s 128 tests/t1.webp test1.png
+gdk-pixbuf-thumbnailer -s 128 tests/data/t1.webp test1.png
 file -i test1.png | grep -qFw image/png
-gdk-pixbuf-thumbnailer -s 128 tests/t1.webp test2.png
+gdk-pixbuf-thumbnailer -s 128 tests/data/t1.webp test2.png
 cmp -s test1.png test2.png
diff -Nru webp-pixbuf-loader-0.2.0/debian/tests/upstream-tests 
webp-pixbuf-loader-0.2.1/debian/tests/upstream-tests
--- webp-pixbuf-loader-0.2.0/debian/tests/upstream-tests2023-02-26 
11:55:51.0 +0100
+++ webp-pixbuf-loader-0.2.1/debian/tests/upstream-tests2023-03-04 
01:30:48.0 +0100
@@ -4,8 +4,10 @@
 
 set -ex
 
-TEST_FILE="./tests/t1.webp" ./obj*/tests/t1
-TEST_FILE="./tests/t2.webp" ./obj*/tests/t2
-TEST_FILE="./tests/t3.webp" ./obj*/tests/t3
-TEST_FILE="./tests/t1.webp" ./obj*/tests/t4
-TEST_FILE="./tests/t2.webp" ./obj*/tests/t_save
+TEST_FILE="./tests/data/t1.webp" ./obj*/tests/t1
+TEST_FILE="./tests/data/t2.webp" ./obj*/tests/t2
+TEST_FILE="./tests/data/t3.webp" ./obj*/tests/t3
+TEST_FILE="./tests/data/t1.webp" ./obj*/tests/t4
+TEST_FILE="./tests/data/t2.webp" ./obj*/tests/t_save
+TEST_FILE="./tests/data/t2.webp" ./obj*/tests/t_icc
+TEST_FILE="./tests/data/t2.webp" ./obj*/tests/t_null_error
diff -Nru webp-pixbuf-loader-0.2.0/io-webp.c webp-pixbuf-loader-0.2.1/io-webp.c
--- webp-pixbuf-loader-0.2.0/io-webp.c  2023-02-23 23:30:45.0 +0100
+++ webp-pixbuf-loader-0.2.1/io-webp.c  2023-03-04 00:36:54.0 +0100
@@ -12,6 +12,7 @@
 
 #include "io-webp.h"
 #include "io-webp-anim.h"
+#include 
 
 static gpointer
 begin_load (GdkPixbufModuleSizeFunc size_func,
@@ -192,7 +193,7 @@
 write_file (const uint8_t *data, size_t data_size, const WebPPicture *const 
pic)
 {
   FILE *const out = (FILE *) pic->custom_ptr;
-  return data_size ? (fwrite (data, data_size, 1, out) == 1) : 1;
+  return data_size == fwrite (data, sizeof (guchar), data_size, out) ? TRUE : 
FALSE;
 }
 
 /* Encoder write callback to accumulate output data in a GByteArray */
@@ -207,7 +208,7 @@
 static gboolean
 is_save_option_supported (const gchar *option_key)
 {
-  char *options[3] = { "quality", "preset", NULL };
+  char *options[4] = { "quality", "preset", "icc-profile", NULL };
   for (char **o = options; *o; o++)
 {
   if (g_strcmp0 (*o, option_key) == 0)
@@ -216,6 +217,40 @@
   return FALSE;
 }
 
+/* Creates a new image data buffer with the ICC profile data in it */
+WebPData
+add_icc_data (WebPData *image_data, WebPData *icc_data, GError **error)
+{
+  WebPMux *mux = WebPMuxCreate (image_data, FALSE);
+
+  if (mux == NULL)
+{
+  g_set_error (error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_FAILED,
+   "Could not create WebPMux instance");
+  return (WebPData){ 0 };
+}
+
+  if (WebPMuxSetChunk (mux, "ICCP", icc_data, FALSE) != WEBP_MUX_OK)
+{
+  g_set_error 

Bug#1033974: unblock: python-uhashring/2.1-2

[Thomas Goirand]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package python-uhashring

[ Reason ]
Fixes non-deterministic FTBFS.

[ Impact ]
No much impact for users, but fixes Debian CI.

[ Tests ]
The patch fixes non-deterministic FTBFS during tests.

[ Risks ]
Not much risks for end users, as the only modified thingy
is a single test.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock python-uhashring/2.1-2
diff -Nru python-uhashring-2.1/debian/changelog 
python-uhashring-2.1/debian/changelog
--- python-uhashring-2.1/debian/changelog   2021-09-30 15:36:45.0 
+0200
+++ python-uhashring-2.1/debian/changelog   2023-04-03 08:17:43.0 
+0200
@@ -1,3 +1,9 @@
+python-uhashring (2.1-3) unstable; urgency=medium
+
+  * Add Fix-test_distribution-to-be-deterministic.patch (Closes: #1033426).
+
+ -- Thomas Goirand   Mon, 03 Apr 2023 08:17:43 +0200
+
 python-uhashring (2.1-2) unstable; urgency=medium
 
   * Uploading to unstable.
diff -Nru 
python-uhashring-2.1/debian/patches/Fix-test_distribution-to-be-deterministic.patch
 
python-uhashring-2.1/debian/patches/Fix-test_distribution-to-be-deterministic.patch
--- 
python-uhashring-2.1/debian/patches/Fix-test_distribution-to-be-deterministic.patch
 1970-01-01 01:00:00.0 +0100
+++ 
python-uhashring-2.1/debian/patches/Fix-test_distribution-to-be-deterministic.patch
 2023-04-03 08:17:43.0 +0200
@@ -0,0 +1,32 @@
+Description: Fix test_distribution to be deterministic
+ using randint causes a failure roughly once every 1 runs
+Author: Ben Hockley 
+Date: Mon, 12 Sep 2022 17:04:24 +0100
+Origin: upstream, 
https://github.com/ultrabug/uhashring/commit/9218c291e617ee8d2dfa3ad55c84794ea752c642.patch
+Bug-Debian: https://bugs.debian.org/1033426
+Last-Update: 2023-04-05
+
+diff --git a/tests/test_distribution.py b/tests/test_distribution.py
+index 00669e4..76567a0 100644
+--- a/tests/test_distribution.py
 b/tests/test_distribution.py
+@@ -6,6 +6,7 @@
+ from collections import Counter
+ from math import sqrt
+ from random import randint
++from itertools import cycle
+ 
+ from uhashring import HashRing
+ 
+@@ -25,9 +26,10 @@ def test_distribution():
+ for i in range(1, numnodes + 1):
+ ring["node{}".format(i)] = {"instance": "node_value{}".format(i)}
+ 
++deterministic_input = cycle(range(1, numvalues))
+ distribution = Counter()
+ for i in range(numhits):
+-key = str(randint(1, numvalues))
++key = str(next(deterministic_input))
+ node = ring[key]
+ distribution[node] += 1
+ 
diff -Nru python-uhashring-2.1/debian/patches/series 
python-uhashring-2.1/debian/patches/series
--- python-uhashring-2.1/debian/patches/series  1970-01-01 01:00:00.0 
+0100
+++ python-uhashring-2.1/debian/patches/series  2023-04-03 08:17:43.0 
+0200
@@ -0,0 +1 @@
+Fix-test_distribution-to-be-deterministic.patch

Bug#951166: shortwave

[David Heidelberg]

Hello Matthias!

Happy to hear that, happily handing over the ITP to you!

Thank you for your amazing work.

David

On 30/03/2023 15:42, matthias.geiger1...@tutanota.de wrote:

Hi David,

I got all dependencies down for shortwave. mpris-player is still 
broken upstream but there is a MR for it here: 
https://gitlab.gnome.org/World/Rust/mpris-player/-/merge_requests/9


Would you mind if I took over this ITP ? I updated the gtk stack and 
packaged all other dependencies.

I'd maintain it within the GNOME team since it's a circle app.

regards,

---
Matthias Geiger (werdahias)


--
David Heidelberg
Consultant Software Engineer

Bug#1033626: sbuild: Dependencies should not be required outside the chroot (--no-clean should be the default)

[Johannes Schauer Marin Rodrigues]

Quoting Dima Kogan (2023-04-04 07:03:09)
> > Note though, that in the sbuild.conf man page it already says:
> >
> >> When running sbuild from within an unpacked source tree, run the
> >> 'clean' target before generating the source package. This might
> >> require some of the build dependencies necessary for running the
> >> 'clean' target to be installed on the host machine. Only disable if
> >> you start from a clean check‐ out and you know what you are doing.
> >
> > Does that paragraph say everything you would've liked to know or is
> > there anything you'd add there?
> 
> That paragraph says what I would have liked to know, yes. But I never
> went looking for it in the docs. If one thinks of sbuild as handling all
> of the Build-Depends for you, then those failures just look like weird
> bugs, and I wouldn't expect the manpage to say anything about it. Maybe
> it's all fine. I don't know.

Okay, then what would be your preferred solution that would close this bug?

That the clean target needs to be executed is nothing special for sbuild. The
pdebuild utility from pbuilder also runs debian/rules clean first so that it
can generate a source package.

How would a resolution to this bug look like from your point of view?

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#1033973: devscripts: syntax error in salsa bash completion

[Jakub Wilk]

Package: devscripts
Version: 2.23.3
Tags: patch

--
Jakub Wilk
From: Jakub Wilk 
Date: Wed, 5 Apr 2023 12:08:23 +0200
Subject: [PATCH] Fix syntax error in salsa bash completion

Reported-by: Unit 193 
---
 scripts/salsa.bash_completion | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/salsa.bash_completion b/scripts/salsa.bash_completion
index a2d0a7bc..2dbebcbb 100644
--- a/scripts/salsa.bash_completion
+++ b/scripts/salsa.bash_completion
@@ -15,7 +15,7 @@ _salsa_completion () {
 opts+=" --disable-kgb --disable-tagpending --group --group-id"
 opts+=" --enable-remove-source-branch --disable-remove-source-branch"
 opts+=" --issues --mr --repo --forks --lfs --packages --jobs  --pages"
-opts+=" --container --analytics --requirements --wiki --snippets
+opts+=" --container --analytics --requirements --wiki --snippets"
 opts+=" --releases --auto-devops --request-acc --ci-config-path"
 opts+=" --mr-allow-squash --no-mr-allow-squash --mr-desc --mr-title"
 opts+=" --mr-dst-branch --mr-dst-project --mr-remove-source-branch"
-- 
2.40.0

Bug#1033885: unblock: pydevd/2.9.5+ds-4

[Julian Gilbey]

On Tue, Apr 04, 2023 at 11:34:22PM +0200, Sebastian Ramacher wrote:
> > +# failing tests on 64-bit big-endian targets
> > +if [ $arch = s390x -o $arch = s390x -o $arch = sparc64 ]
> 
> That's s390x twice.
> 
> Cheers

Oh foo, good catch - that should have been s390x, ppc64 and sparc64.
Would you be OK with me uploading a -5 with that fixed?

Best wishes,

   Julian

Bug#1032181: checkbashisms: replace with shellchek -s dash?

[Benjamin Drung]

Hi Gioele,

replacing checkbashisms with `shellchek -s dash` is a great idea. I plan
to do that after the Debian bookworm release. Patches or merge request
for this change are welcome.

-- 
Benjamin Drung
Debian & Ubuntu Developer

Bug#1033911: please enable the experimental Xtensa backend in LLVM and Clang 16+

[Sylvestre Ledru]

Hello

Sure, what is the name of the backend you would like to enable?

Cheers

Sylvestre

Le 03/04/2023 à 21:38, John Scott a écrit :

Source: llvm-toolchain-16
Version: 1:16.0.0-1~exp5
Severity: normal
X-Debbugs-Cc: debian-ker...@lists.debian.org
Control: affects -1 src:open-ath9k-htc-firmware

Please enable the experimental Xtensa backend in LLVM 16 and newer and
make a new upload to experimental.

A lot of prominent firmware, including free firmware such as my open-
ath9k-htc-firmware package, requires an Xtensa cross toolchain. Using
GCC is a pain because the compiler has to be custom-tailored to the
target, and in ath9k_htc we do this with patches that inevitably get
out-of-date.

We are taking a bold step by enabling a backend deemed experimental, but
it's necessary to advance free software.

This will also be helpful should anyone wish to build Intel's open sound
firmware too (although on most machines that enforces a digital
signature check to my understanding).

-- System Information:
Debian Release: bookworm/sid
   APT prefers testing-debug
   APT policy: (500, 'testing-debug'), (500, 'testing'), (2, 'unstable-debug'), 
(2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.0.0-5-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


___
Pkg-llvm-team mailing list
pkg-llvm-t...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-llvm-team

Bug#1033971: ITP: pyreadstat - read/write data sets from SAS, Stata, and SPSS from/to Python pandas.DataFrame

[Joost van Baal-Ilić]

Package: wnpp
Severity: wishlist

* Package name: pyreadstat
  Upstream Author : Evan Miller, Otto Fajardo e.a.
* URL : https://pypi.org/project/pyreadstat 
https://github.com/Roche/pyreadstat
* License : Apache-2.0, MIT
  Programming Lang: Python, C
  Description : read/write data sets from SAS, Stata, and SPSS from/to 
Python pandas.DataFrame

Binary package names: python3-pyreadstat

 A Python package to read and write popular stats packages files (like SAS
 (sas7bdat, sas7bcat, xport/xpt), SPSS (sav, zsav, por) and Stata (dta)) from
 and to Python pandas.DataFrame data structures.  This module is a wrapper
 around the Readstat C library by Evan Miller.

I'm planning to work on the pyreadstat packaging using
python-team's git at Salsa, at
https://salsa.debian.org/python-team/packages/pyreadstat .

Bye,

Joost

-- 
Joost van Baal-Ilić  https://abramowitz.uvt.nl/
 Tilburg University
mailto:joostvb.uvt.nl   The Netherlands


signature.asc
Description: PGP signature

Bug#1033731: sbcl: support bootstrap on riscv64

[John Paul Adrian Glaubitz]

Hi!

On Wed, 2023-04-05 at 16:29 +0800, Bo YU wrote:
> Oops.
> Could you try the package?
> https://drive.google.com/file/d/1BqVpACiiXHM2pc5h1HzqqxWQugv4PGwN/view?usp=share_link
> Or attachment file.
> 
> It should work on my Unmatched board:
> 
> ```
> rv@unmatched:~$ sbcl
> This is SBCL 2.2.2.debian, an implementation of ANSI Common Lisp.
> More information about SBCL is available at .
> 
> SBCL is free software, provided as is, with absolutely no warranty.
> It is mostly in the public domain; some portions are provided under
> BSD-style licenses.  See the CREDITS and COPYING files in the
> distribution for more information.
> * (defun hello ()
>(format t "Hello, World!~%"))
> HELLO
> * (exit)
> rv@unmatched:~$ uname -a
> Linux unmatched 6.1.0-6-riscv64 #1 SMP Debian 6.1.15-1 (2023-03-05)
> riscv64 GNU/Linux
> ```
> It still was 2.2.2. No luckly for 2.2.9.:(

Same result with this package, unfortunately:

root@neutron:/# sbcl
This is SBCL 2.2.2.debian, an implementation of ANSI Common Lisp.
More information about SBCL is available at .

SBCL is free software, provided as is, with absolutely no warranty.
It is mostly in the public domain; some portions are provided under
BSD-style licenses.  See the CREDITS and COPYING files in the
distribution for more information.
Segmentation fault (core dumped)
root@neutron:/#

This also explains why sbcl still doesn't build on the buildds.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1033970: unblock: src:python-nbxmpp/4.2.2-2

[Martin]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,

I like to get clearance for uploading python-nbxmpp 4.2.2-2 to unstable, to get
it into bookworm. 4.2.2-1 is already uploaded to experimental. The
package has extensive autopkgtests. debdiff attached.

Upstream release text:

>  * HTTP: Reset attributes on redirect (#141)
>  * HTTP: Make sure streams are closed only once (#139)

Thanks in advance & Cheers
diff -Nru python-nbxmpp-4.2.0/ChangeLog python-nbxmpp-4.2.2/ChangeLog
--- python-nbxmpp-4.2.0/ChangeLog	2023-02-05 16:23:56.0 +
+++ python-nbxmpp-4.2.2/ChangeLog	2023-03-25 16:33:26.0 +
@@ -1,3 +1,15 @@
+nbxmpp 4.2.2 (25 Mar 2023)
+
+  Bug Fixes
+
+  * HTTP: Reset attributes on redirect (#141)
+
+nbxmpp 4.2.1 (18 Mar 2023)
+
+  Bug Fixes
+
+  * HTTP: Make sure streams are closed only once (#139)
+
 nbxmpp 4.2.0 (05 Feb 2023)
 
   New
diff -Nru python-nbxmpp-4.2.0/debian/changelog python-nbxmpp-4.2.2/debian/changelog
--- python-nbxmpp-4.2.0/debian/changelog	2023-02-06 19:54:25.0 +
+++ python-nbxmpp-4.2.2/debian/changelog	2023-04-05 07:26:16.0 +
@@ -1,3 +1,9 @@
+python-nbxmpp (4.2.2-1) experimental; urgency=medium
+
+  * New upstream bug fix release (solves HTTP issues)
+
+ -- Martin   Wed, 05 Apr 2023 07:26:16 +
+
 python-nbxmpp (4.2.0-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru python-nbxmpp-4.2.0/nbxmpp/__init__.py python-nbxmpp-4.2.2/nbxmpp/__init__.py
--- python-nbxmpp-4.2.0/nbxmpp/__init__.py	2023-02-05 16:23:56.0 +
+++ python-nbxmpp-4.2.2/nbxmpp/__init__.py	2023-03-25 16:33:26.0 +
@@ -3,4 +3,4 @@
 
 from .protocol import *  # pylint: disable=wrong-import-position
 
-__version__: str = '4.2.0'
+__version__: str = '4.2.2'
diff -Nru python-nbxmpp-4.2.0/nbxmpp/http.py python-nbxmpp-4.2.2/nbxmpp/http.py
--- python-nbxmpp-4.2.0/nbxmpp/http.py	2023-02-05 16:23:56.0 +
+++ python-nbxmpp-4.2.2/nbxmpp/http.py	2023-03-25 16:33:26.0 +
@@ -276,6 +276,7 @@
 
 self._message.connect('content-sniffed', self._on_content_sniffed)
 self._message.connect('got-body', self._on_got_body)
+self._message.connect('restarted', self._on_restarted)
 self._message.connect('finished', self._on_finished)
 
 soup_session = self._session.get_soup_session()
@@ -431,6 +432,12 @@
 self._log.info('Body received')
 self._body_received = True
 
+def _on_restarted(self, _message: Soup.Message) -> None:
+self._log.info('Restarted')
+self._body_received = False
+self._response_content_type = ''
+self._response_content_length = 0
+
 def _on_finished(self, _message: Soup.Message) -> None:
 self._log.info('Message finished')
 if not self._body_received:
@@ -483,13 +490,24 @@
 self._cleanup()
 
 def _close_all_streams(self) -> None:
-if self._input_stream is not None:
-if not self._input_stream.is_closed():
-self._input_stream.close(None)
-
-if self._output_stream is not None:
-if not self._output_stream.is_closed():
-self._output_stream.close(None)
+# stream.close() will invoke signals on the Message object
+# which in turn can lead to this method called again in the
+# same Mainloop iteration. This means is_closed() will not
+# return True and we get an GLib.IOError.PENDING error.
+
+input_stream = self._input_stream
+output_stream = self._output_stream
+
+self._input_stream = None
+self._output_stream = None
+
+if input_stream is not None:
+if not input_stream.is_closed():
+input_stream.close(None)
+
+if output_stream is not None:
+if not output_stream.is_closed():
+output_stream.close(None)
 
 def _cleanup(self) -> None:
 self._log.info('Run cleanup')
@@ -501,9 +519,6 @@
 del self._session
 del self._user_data
 
-self._input_stream = None
-self._output_stream = None
-
 if self._timeout_id is not None:
 GLib.source_remove(self._timeout_id)
 self._timeout_id = None

Bug#1033731: sbcl: support bootstrap on riscv64

[John Paul Adrian Glaubitz]

Hi!

On Fri, 2023-03-31 at 20:57 +0800, Bo YU wrote:
> Oh. It seems the 2.2.9 can be built with the sbcl(2.2.2-1) riscv64 package.
> But, very odd:

I just gave it a try. Your 2.2.2 binary doesn't work on my StarFive Beagle-V:

root@neutron:~/sbcl/sbcl-2.2.9# sbcl
This is SBCL 2.2.2.debian, an implementation of ANSI Common Lisp.
More information about SBCL is available at .

SBCL is free software, provided as is, with absolutely no warranty.
It is mostly in the public domain; some portions are provided under
BSD-style licenses.  See the CREDITS and COPYING files in the
distribution for more information.
Segmentation fault (core dumped)
root@neutron:~/sbcl/sbcl-2.2.9#

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1033969: sssd: misinterprets MIT Kerberos password expiry

[David Härdeman]

Package: sssd
Version: 2.4.1-2
Severity: normal

I'm using a setup with OpenLDAP + MIT Kerberos on Debian Stable ("Bullseye").

In a nutshell:

$ kadmin getprinc bob
Principal: b...@example.com
Expiration date: [never]
Last password change: Wed Mar 08 13:01:47 CET 2023
Password expiration date: [never]
...
$ ldapsearch -Z -x -LLL "(uid=bob)" | grep krbPasswordExpiration
krbPasswordExpiration: 1970010100Z

IOW, pw expiration never is stored as 1970010100Z in LDAP (with MIT 
Kerberos).

If I set ldap_pwd_policy = mit_kerberos in /etc/sssd/sssd.conf on test VM qtest:

$ ssh bob@qtest
...
WARNING: Your password has expired.
You must change your password now and login again!
Current Password:

This has been fixed in the upstream git repo, see:
https://github.com/SSSD/sssd/issues/6612
https://github.com/SSSD/sssd/pull/6623

I suggest that this patch be cherry-picked and added to sssd so that it can be 
included
in the upcoming stable release since the consequences are that users are locked 
out.

Cheers,
David

Bug#1033682: unblock tomboy-ng: 0.36a

[Sebastian Ramacher]

On 2023-04-05 08:52:56 +1000, David Bannon wrote:
> 
> On 5/4/23 07:50, Sebastian Ramacher wrote:
> > On 2023-04-03 12:23:44 +1000, David Bannon wrote:
> > > On 3/4/23 05:57, Sebastian Ramacher wrote:
> > > > On 2023-04-01 10:54:33 +1100, David Bannon wrote:
> > > > > On 1/4/23 04:34, Sebastian Ramacher wrote:
> > > > > > Control: tags -1 moreinfo
> > > > > > 
> > > > > > On 2023-03-30 13:31:28 +1100, David Bannon wrote:
> > > > > > > Package: release.debian.org
> > > > > > > Severity: normal
> > > > > > > User:release.debian@packages.debian.org
> > > > > > > Usertags: unblock
> > > > > > > 
> > > > > > > 
> > > > > > > Please unblock package tomboy-ng v0.36a
> > > > > > > 
> > > > > > > 
> > Unblocked
> > 
> > Cheers
> > 
> Great news, thanks Sebastian !
> 
> (Hmm, do I close this bug or do you ?)

I closed it with my previous mail.

Cheers
-- 
Sebastian Ramacher

Bug#1032553: magic-wormhole: FTBFS in testing: dh_auto_test: error: pybuild --test -i python{version} -p 3.11 returned exit code 13

[Sascha Steinbiss]

Hi all,

[...]
This is mentioned in 
https://github.com/magic-wormhole/magic-wormhole/issues/458 as likely

a "timing issue". Not sure if it's fixed upstream. >


Could it make sense to also patch the tests to include the delay that is 
mentioned in the GitHub issue comments?


Cheers
Sascha




OpenPGP_signature
Description: OpenPGP digital signature

Bug#1005359: xserver-xorg-core: Intel HD Graphics 610: blank screen

[Timo Aaltonen]

Alban Browaeys kirjoitti 4.4.2023 klo 23.04:

You also have:
[70.087] (EE) Failed to load module "fbdev" (module does not exist, 0)
and
[70.087] (EE) Failed to load module "vesa" (module does not exist, 0)

you could try installing:
xserver-xorg-video-vesa
and
xserver-xorg-video-fbdev

please no



--
t

Bug#1033967: mingw-w64: Cannot download mingw-w64-x86-64-dev_8.0.0-1_all.deb

[Karsten Koop]

Package: mingw-w64
Version: 8.0.0-1
Severity: normal

Dear Maintainer,

I cannot successfully download just this one package when building a Docker
image: mingw-w64-x86-64-dev_8.0.0-1_all.deb, full URL:
http://deb.debian.org/debian/pool/main/m/mingw-w64/mingw-w64-x86-64-dev_8.0.0-1_all.deb
The corresponding IP is different in different attempts, e.g. 199.232.190.132
or 146.75.118.132, but the problem persists, since several weeks now.

Error message is:
Err:43 http://deb.debian.org/debian bullseye/main amd64 mingw-w64-x86-64-dev 
all 8.0.0-1
  Connection timed out [IP: 146.75.118.132 80]
...
Fetched 126 MB in 2min 44s (769 kB/s)
E: Failed to fetch 
http://deb.debian.org/debian/pool/main/m/mingw-w64/mingw-w64-x86-64-dev_8.0.0-1_all.deb
  Connection timed out [IP: 146.75.118.132 80]

Download is possible in Firefox, but stays at 0 Bytes for about a minute before
it finally starts. I cannot make sense of this, as the .deb files are on 
different
servers, and other files in the same server directory can be downloaded without
problems.

Also building the Docker image based on sid, with mingw 10 instead of 8, works
fine.

-- System Information:
Debian Release: 11.6
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-0.deb11.6-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mingw-w64 depends on:
ii  g++-mingw-w64  10.2.1-6+24.2
ii  gcc-mingw-w64  10.2.1-6+24.2

mingw-w64 recommends no packages.

mingw-w64 suggests no packages.

-- no debconf information

Bug#1033968: unblock: certmonger/0.79.17-2

[Timo Aaltonen]

Package: release.debian.org
Control: affects -1 + src:certmonger
X-Debbugs-Cc: certmon...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package certmonger.

[ Reason ]
This reverts a change in -1 that was done in order to work around the 
fact that Debian doesn't use a shared /etc/pki/nssdb, and that turned 
out to be unnecessary after upstream fixed the original issue and 
doesn't need an nssdb anymore.


The other changes are minor, fixes a crossbuild issue and disables 
support for insecure DSA keys.


There is one undocumented change which was due to a MR from salsa:
https://salsa.debian.org/freeipa-team/certmonger/-/merge_requests/3

but it just bumps a build-dep. Running 'gbp dch' was easy to miss, as I 
usually include the dch entry in my commits.


[ Impact ]
Allows (free)ipa-server-install to succeed without racing to a failure, 
this can be seen in the CI results using the package from experimental 
(testing/unstable only has the client):


https://ci.debian.net/packages/f/freeipa/unstable/amd64/

Having a fixed package in bookworm would allow backporting 
freeipa-server if need be.


[ Risks ]
Minimal, certmonger itself doesn't need the nssdb that was created in -1 
so reverting it here shouldn't break any systems that have -1.


[ Checklist ]
[ ] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing

unblock certmonger/0.79.17-2diff -Nru certmonger-0.79.17/debian/certmonger.install certmonger-0.79.17/debian/certmonger.install
--- certmonger-0.79.17/debian/certmonger.install	2023-02-25 12:18:09.0 +0200
+++ certmonger-0.79.17/debian/certmonger.install	2023-03-18 10:37:33.0 +0200
@@ -1,5 +1,4 @@
 etc/certmonger/certmonger.conf
-etc/certmonger/nssdb
 etc/dbus-1/system.d/*
 lib/systemd/system/
 usr/bin/*
diff -Nru certmonger-0.79.17/debian/certmonger.maintscript certmonger-0.79.17/debian/certmonger.maintscript
--- certmonger-0.79.17/debian/certmonger.maintscript	1970-01-01 02:00:00.0 +0200
+++ certmonger-0.79.17/debian/certmonger.maintscript	2023-03-18 14:26:01.0 +0200
@@ -0,0 +1,5 @@
+rm_conffile /etc/certmonger/nssdb/cert9.db 0.79.17-2~
+rm_conffile /etc/certmonger/nssdb/key4.db 0.79.17-2~
+rm_conffile /etc/certmonger/nssdb/pkcs11.txt 0.79.17-2~
+rm_conffile /etc/certmonger/nssdb/ 0.79.17-2~
+
diff -Nru certmonger-0.79.17/debian/certmonger.postrm certmonger-0.79.17/debian/certmonger.postrm
--- certmonger-0.79.17/debian/certmonger.postrm	2023-02-25 12:18:09.0 +0200
+++ certmonger-0.79.17/debian/certmonger.postrm	2023-03-18 10:45:39.0 +0200
@@ -7,7 +7,6 @@
 rm -f /var/lib/certmonger/local/*
 rm -f /var/lib/certmonger/lock
 rm -f /var/lib/certmonger/requests/*
-rm -rf /etc/certmonger/nssdb
 ;;
 esac
 
diff -Nru certmonger-0.79.17/debian/changelog certmonger-0.79.17/debian/changelog
--- certmonger-0.79.17/debian/changelog	2023-02-25 12:25:47.0 +0200
+++ certmonger-0.79.17/debian/changelog	2023-03-18 14:33:47.0 +0200
@@ -1,3 +1,12 @@
+certmonger (0.79.17-2) unstable; urgency=medium
+
+  * control: Respect nocheck, thanks Chris Lamb! (Closes: #1032058)
+  * rules: Disable DSA.
+  * Revert adding an internal nssdb, instead add an upstream patch
+that drops the requirement for one.
+
+ -- Timo Aaltonen   Sat, 18 Mar 2023 14:33:47 +0200
+
 certmonger (0.79.17-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru certmonger-0.79.17/debian/control certmonger-0.79.17/debian/control
--- certmonger-0.79.17/debian/control	2023-02-25 12:18:09.0 +0200
+++ certmonger-0.79.17/debian/control	2023-03-07 10:17:19.0 +0200
@@ -16,7 +16,7 @@
  libldap2-dev,
  libnspr4-dev,
  libnss3-tools,
- libnss3-dev,
+ libnss3-dev (>= 2:3.69),
  libpopt-dev,
  libssl-dev,
  systemd [linux-any],
diff -Nru certmonger-0.79.17/debian/patches/dont-require-an-nss-database.diff certmonger-0.79.17/debian/patches/dont-require-an-nss-database.diff
--- certmonger-0.79.17/debian/patches/dont-require-an-nss-database.diff	1970-01-01 02:00:00.0 +0200
+++ certmonger-0.79.17/debian/patches/dont-require-an-nss-database.diff	2023-03-18 10:46:18.0 +0200
@@ -0,0 +1,147 @@
+From 83cd2e9d63e4851b3ada42aba868ecbb58365831 Mon Sep 17 00:00:00 2001
+From: Rob Crittenden 
+Date: Mar 17 2023 17:39:41 +
+Subject: Don't require an NSS database in cm_certread_n_parse
+
+
+If CM_DEFAULT_CERT_STORAGE_LOCATION points to a non-existant
+NSS database then parsing certificates will fail. This is
+noticable during IPA install when the CA certificates
+are tracked and the database doesn't exist.
+
+If the NSS Init fails then certmonger thinks there is no
+cert at all and tries to obtain a new one, only to fail again
+and again because of the failed parsing.
+
+This function only loads the certificate to parse out
+attributes from the certificate. It 

Bug#1033867: cloud.debian.org: Please add Amazon hibernation agent to EC2 AMIs

[Bastian Blank]

On Mon, Apr 03, 2023 at 08:42:18AM +0200, Dirk Heinrichs wrote:
> So the request is to also ship the agent preinstalled in the Debian AMIs. See
> https://packages.ubuntu.com/search?keywords=ec2-hibinit-agent=names
> for Ubuntu (source) packages or 
> https://github.com/aws/amazon-ec2-hibinit-agent
> for latest sources.

This is not really an agent.  This is a little script to setup swap.
This needs to be into cloud-init and not a separate tool.

Bastian

-- 
Totally illogical, there was no chance.
-- Spock, "The Galileo Seven", stardate 2822.3

Bug#1033956: Support for zcfan

[Mark Hindley]

Control: affects -1 zcfan

Klaus,

On Tue, Apr 04, 2023 at 11:27:58PM +0100, Klaus Ethgen wrote:
> Package: orphan-sysvinit-scripts
> Version: 0.14
> Severity: normal
> 
> I was thinking to set this as wishlist but as the main functionality is
> to support broken packages I set the severity to normal.
> 
> The zcfan daemon comes with only a systemd startup file which makes it
> unusable with sysv init.

Thanks for this.

It appears that zcfan has never had an initscript. I think it would be best
first to provide your initscript to the zcfan maintainer and ask for it to be
included in the package.

Mark

Bug#1033966: unblock: greetd/0.9.0-3

[duck]

Package: release.debian.org
Control: affects -1 + src:greetd
X-Debbugs-Cc: gre...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package greetd.

[ Reason ]
This is related to #1032914. I coordinated with the phog package 
maintainer to fix the situation.


[ Impact ]
PAM configuration conflicts with phog's embedded version (in previous 
version).


[ Tests ]
There are no upstream tests that cover this code.
I have no idea how to make autopkgtests for interactive graphical 
programs yet, so none either.
I have manually tested it on my system, the phog maintainer too, and the 
package has been in unstable for some time without complaint.


[ Risks ]
None I can see.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
Thanks for all the hard work.

unblock greetd/0.9.0-3

\_o<

--
Marc Dequènesdiff -Nru greetd-0.9.0/debian/changelog greetd-0.9.0/debian/changelog
--- greetd-0.9.0/debian/changelog	2023-02-09 00:38:57.0 +0900
+++ greetd-0.9.0/debian/changelog	2023-03-31 12:12:29.0 +0900
@@ -1,3 +1,29 @@
+greetd (0.9.0-3) unstable; urgency=medium
+
+  [ Arnaud Ferraris ]
+  * Update PAM configuration(s)
+Except for the gnome-keyring bits, all items currently set in the
+`greetd` PAM config are already part of the `login` config. Including
+the latter makes the `greetd` config simpler.
+This commit also calls the PAM modules needed for unlocking the KDE
+wallet as well, and adds the `greetd-greeter` config (simply including
+`login` as the greeter itself doesn't need to deal with keyrings).
+Finally, switch to using debhelper for installing the configs instead of
+handling those manually.
+  * Add Breaks/Replaces relationships on older `phog`
+`phog` used to ship the `greetd` and `greetd-greeter` PAM configs,
+leading to conflicts with the latest version of the `greetd` package.
+This commit ensures we avoid this conflict and maintain a clean
+upgrade path for both those packages.
+
+ -- Marc Dequènes (Duck)   Fri, 31 Mar 2023 12:12:29 +0900
+
+greetd (0.9.0-2) unstable; urgency=medium
+
+  * Provide PAM configuration (Closes: #1032786).
+
+ -- Marc Dequènes (Duck)   Mon, 13 Mar 2023 02:41:02 +0900
+
 greetd (0.9.0-1) unstable; urgency=medium
 
   * NUR:
diff -Nru greetd-0.9.0/debian/control greetd-0.9.0/debian/control
--- greetd-0.9.0/debian/control	2023-02-09 00:38:57.0 +0900
+++ greetd-0.9.0/debian/control	2023-03-31 12:12:29.0 +0900
@@ -35,7 +35,8 @@
  adduser
 Provides: x-display-manager
 Suggests: wlgreet
+Breaks: phog (<< 0.1.3-2)
+Replaces: phog (<< 0.1.3-2)
 Description: minimal Wayland login manager
  greetd is a minimal and flexible login manager daemon that makes no
  assumptions about what you want to launch.
-
diff -Nru greetd-0.9.0/debian/greetd.greetd-greeter.pam greetd-0.9.0/debian/greetd.greetd-greeter.pam
--- greetd-0.9.0/debian/greetd.greetd-greeter.pam	1970-01-01 09:00:00.0 +0900
+++ greetd-0.9.0/debian/greetd.greetd-greeter.pam	2023-03-31 12:12:29.0 +0900
@@ -0,0 +1,2 @@
+#%PAM-1.0
+@include login
diff -Nru greetd-0.9.0/debian/greetd.greetd.pam greetd-0.9.0/debian/greetd.greetd.pam
--- greetd-0.9.0/debian/greetd.greetd.pam	1970-01-01 09:00:00.0 +0900
+++ greetd-0.9.0/debian/greetd.greetd.pam	2023-03-31 12:12:29.0 +0900
@@ -0,0 +1,8 @@
+#%PAM-1.0
+@include login
+
+-authoptionalpam_gnome_keyring.so
+-authoptionalpam_kwallet5.so
+
+-session optionalpam_gnome_keyring.so auto_start
+-session optionalpam_kwallet5.so auto_start
diff -Nru greetd-0.9.0/debian/rules greetd-0.9.0/debian/rules
--- greetd-0.9.0/debian/rules	2023-02-09 00:38:57.0 +0900
+++ greetd-0.9.0/debian/rules	2023-03-31 12:12:29.0 +0900
@@ -30,10 +30,13 @@
 	# bad perms
 	chmod a-x debian/greetd/lib/systemd/system/greetd.service
 
+override_dh_installpam:
+	dh_installpam --name=greetd
+	dh_installpam --name=greetd-greeter
+
 override_dh_installsystemd:
 	dh_installsystemd --no-stop-on-upgrade --no-start
 
 execute_after_dh_auto_clean:
 	make -C man clean
 	rm -f debian/cargo-checksum.json
-