Bug#1034003: certbot: Implement --no-random-sleep-on-renew on systemd timer

[Harlan Lieberman-Berg]

On Thu, Apr 6, 2023 at 9:57 AM Dan Poltawski  wrote:
> Upstream implemented a flag `--no-random-sleep-on-renew` for the use of
> packagers - see https://github.com/certbot/certbot/issues/6596

Well, this is embarrassing.  If you look at the upstream ticket, the
person who actually requested that feature was... me.  And then I just
never followed-up and put the flag in.

Whoops!

Pending upload now. :)

Sincerely,

-- 
Harlan Lieberman-Berg
~hlieberman

Bug#1034325: reportbug: certbot.timer runs only monthly, rather than twice daily

[Harlan Lieberman-Berg]

tag 1034325 +moreinfo
thanks

On Thu, Apr 13, 2023 at 12:54 AM Blieque  wrote:
> The (legacy?) Cron job (`/etc/cron.d/certbot`) for Certbot runs the
> certificate renewal program every 12 hours, and starts with a random
> 0–12-hour delay. This helps to distribute load on Let's Encrypt servers
> over time.

Hi there,

Are you sure that it's not triggering twice daily? The systemd timer
with OnCalendar running twice a day has been in Debian since certbot
0.23, which went into stretch.

What version of systemd are you running on this host? Can you show me
the relevant line from `systemctl list-timers`?

Sincerely,

Bug#1034286: RFP: ffmpeg-python -- Python bindings for FFmpeg with complex filtering support

[Petter Reinholdtsen]

I have without luck tried to reach upstreamvia direct email, and my
probe to see if anyone is responding to the huge amount of open issues
on github, https://github.com/kkroening/ffmpeg-python/issues/760 >
has not received any replies in a week.  The Openhub project indicators
on https://www.openhub.net/p/ffmpeg-python > also have some
worrying observations.

Because of this, and after reading the code to see what purpose it serve
in Whisper, simply to start ffmpeg and pass its stdout content as a byte
stream to the rest of Whisper, I suspect the best approach is to patch
Whisper to no longer depend on ffmpeg-python and instead call ffmpeg
directly.

Introducing ffmpeg-python into Debian without an operational upstream
project seem a bit too risky for me.

-- 
Happy hacking
Petter Reinholdtsen

Bug#1033737: flash-kernel: Unable to run flash-kernel on EFI-based systems

[Johannes Schauer Marin Rodrigues]

Control: tag -1 + patch

Hi,

On Fri, 31 Mar 2023 13:52:45 + Isaac True  wrote:
> As part of our CI/CD system, we are building images for target devices.  The
> images are set up in virtual machines which boot using EFI, but flash-kernel
> installation always fails as it detects that the system is running in EFI by
> checking for the existence of /sys/firmware/efi.

we have the same problem when building bootable images for the MNT Reform
laptop:

https://source.mnt.re/reform/reform-system-image/

The CI system is a machine that boots with EFI but the final system uses uboot
to boot and not EFI.

> Being able to setup the image on these VMs is an important part of our
> testing and validation workflow, so it would be very helpful to have an
> option to skip this check and proceed regardless of whether the system is
> currently running in EFI mode or not.

This used to work in the past but was broken by this commit:

https://salsa.debian.org/installer-team/flash-kernel/-/commit/8a81a537995a2b98386aea883729ce9960a825bf

> I've added a debdiff for a proposal for a new parameter --force-efi which can
> be set to skip this check.

The problem with implementing this using a command line flag or an environment
variable is, that then you will have to run flash-kernel again manually after
initially installing it.

What do you think about instead using an option in /etc/default/flash-kernel
which allows ignoring /sys/firmware/efi if inside a chroot as I implemented
here:

https://salsa.debian.org/installer-team/flash-kernel/-/merge_requests/33

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#1034465: reportbug: dhcpcd -U results in "Bad system call"

[Jeff Kletsky]

Package: dhcpcd
Version: 9.4.1-21
Severity: important
Tags: newcomer upstream
X-Debbugs-Cc: debian-b...@allycomm.com

Dear Maintainer,

TL;DR -- Apparently fixed upstream in dhcpcd-9.5.0 or later (-10.0.0 available)

   * What led up to the situation?

Installed later version of nftables from "testing" which brought in a newer 
version of libc

While dhcpcd5/dhcpcd runs and obtains leases, the -U / --dumplease function 
fails with either
"Bad system call" or, if running under sudo, with "dhcpcd_readdumptimeout"

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Trying the versions of dhcpcd from testing and unstable did not resolve the 
issue.

Building locally from deb source (either stable or testing/unstable) 
against the newer version of libc did not resolve the issue.

The issue appears to be impacting other systems that have later versions of libc
than does Debian Bullseye. Searching the upstream dhcpcd archive revealed



was reported by a user on Arch Linux, dhcpcd version 9.4.1 and  glibc version 
2.36

rsmarples indicates "Fixed in dhcpcd-9.5.0"

His comment appears to be roughly coincident with the release of dhcpcd-10.0.0

   * What was the outcome of this action?
   * What outcome did you expect instead?

At the present time, there is not a straightforward way for me to dump the 
DHCPv6
lease information.  The dhcpcd -U command's output is used for scripts to adjust
firewall settings on an as-needed basis.  Regrettably, Comcast's reliability
is not very good and IPv6 allocations change with every outage during the winter
storms and occasionally for no apparent reason.  I can work around this locally.

I did try to rebase https://salsa.debian.org/debian/dhcpcd5 onto the upstream 
dhcpcd-10.0.0 tag but found that I did not have enough knowldge of the code
to resolve the merge conflicts.

Building form upstream source at dhcpcd-10.0.0, without the Debian patches

  ./configure --prefix=/opt
  make
  sudo make install

and replacing the running version with the local build restores the -U 
functionality.

Just using the 10.0.0 build with the running 9.4.1 version was not sucessful, 
returning
"dhcpcd is not running" (though it was). This was not further pursued.

I have not tried building 9.5


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable'), (90, 'testing'), (80, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dhcpcd depends on:
ii  dhcpcd-base 9.4.1-21
ii  lsb-base11.1.0
ii  sysvinit-utils  2.96-7+deb11u1

dhcpcd recommends no packages.

Versions of packages dhcpcd suggests:
pn  dhcpcd-gtk  

-- no debconf information

Bug#1034464: apper: Administrator password input dialog does not display and installation fails

[Jun Nogata]

Package: apper
Version: 1.0.0-4
Severity: important
X-Debbugs-Cc: noga...@gmail.com

Dear Maintainer,

I do not create root during Debian installation and grant the user 
administrator privileges with sudo.

* What led up to the situation?

I tried to install a package from the apper.


* What was the outcome of this action?

The dialog for entering the administrator password does not display and an 
error dialog is displayed and the package fails to install. The message in the 
error dialog is as follows

> You have failed to provide correct authentication. Please check any passwords 
> or accounts settings.
>
> Detail
>
> Failed to obtain authentication.

The terminal displayed the following message

---
$ apper
QSocketNotifier: Can only be used with threads started with QThread
libEGL warning: egl: failed to create dri2 screen
QCommandLineParser: already having an option named "h"
QCommandLineParser: already having an option named "help-all"
QCommandLineParser: already having an option named "v"
QCommandLineParser: option not defined: "install-provide-file"
apper:
apper:
void PackageModel::clear()
void PackageModel::finished() PackageKit::Transaction(0x562c2bea73d0) 
PackageKit::Transaction(0x562c2bea73d0)
apper.lib: PackageKit::Transaction::StatusUnknown 
PackageKit::Transaction::RoleInstallPackages
kf.kwidgetsaddons: Invalid pixmap specified.
kf.kwidgetsaddons: Invalid pixmap specified.
kf.kwidgetsaddons: Invalid pixmap specified.
kf.kwidgetsaddons: Invalid pixmap specified.
apper.lib: PackageKit::Transaction::ExitSuccess 
PackageKit::Transaction::RoleInstallPackages
void PackageModel::finished() QObject(0x0) QObject(0x0)
kf.kwidgetsaddons: Invalid pixmap specified.
apper.lib: errorCode:  PackageKit::Transaction::ErrorNotAuthorized "Failed to 
obtain authentication."
apper.lib: PackageKit::Transaction::ExitFailed 
PackageKit::Transaction::RoleInstallPackages
kf.kwidgetsaddons: Invalid pixmap specified.
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
apper.lib: 1
void PackageModel::clear()
void PackageModel::finished() PackageKit::Transaction(0x562c2d453030) 
PackageKit::Transaction(0x562c2d453030)
---


* What outcome did you expect instead?

A dialog box for entering the administrator password appears and the password 
is entered. The package is then installed.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE=ja
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apper depends on:
ii  apper-data  1.0.0-4
ii  kio 5.103.0-1
ii  libappstreamqt2 0.16.1-1
ii  libc6   2.36-8
ii  libkf5completion5   5.103.0-1
ii  libkf5configcore5   5.103.0-1
ii  libkf5coreaddons5   5.103.0-1
ii  libkf5dbusaddons5   5.103.0-1
ii  libkf5i18n5 5.103.0-1
ii  libkf5iconthemes5   5.103.0-1
ii  libkf5itemviews55.103.0-1
ii  libkf5jobwidgets5   5.103.0-1
ii  libkf5kiocore5  5.103.0-1
ii  libkf5kiowidgets5   5.103.0-1
ii  libkf5notifications55.103.0-1
ii  libkf5service-bin   5.103.0-1
ii  libkf5service5  5.103.0-1
ii  libkf5solid55.103.0-1
ii  libkf5widgetsaddons55.103.0-1
ii  libkf5xmlgui5   5.103.0-1
ii  libkworkspace5-54:5.27.2-1
ii  libpackagekitqt5-1  1.1.1-1
ii  libqt5core5a5.15.8+dfsg-3
ii  libqt5dbus5 5.15.8+dfsg-3
ii  libqt5gui5  5.15.8+dfsg-3
ii  libqt5widgets5  5.15.8+dfsg-3
ii  libqt5xmlpatterns5  5.15.8-2
ii  libstdc++6  12.2.0-14
ii  packagekit  1.2.6-3
ii  polkit-kde-agent-1  4:5.27.2-1
ii  software-properties-qt  0.99.30-4

Versions of packages apper recommends:
ii  appstream   0.16.1-1
ii  apt-config-icons0.16.1-1
ii  debconf-kde-helper  1.1.0-1

apper suggests no packages.

-- no debconf information

Bug#1034442: RFS: trurl/0.4-1 [ITP] -- command line tool for URL parsing and manipulation

[Paul Wise]

Control: close -1

On Sat, 2023-04-15 at 15:59 +0200, Michael Ablassmeier wrote:

> I am looking for a sponsor for my package "trurl":

What is the status of getting your new OpenPGP key accepted? Some links
related to that below, if you are having trouble with keysigning then
key endorsements might be another option.

https://keyring.debian.org/
https://keyring.debian.org/replacing_keys.html
https://wiki.debian.org/Keysigning/Offers
https://lists.debian.org/msgid-search/20200913071104.qcx76k25q5dpt...@enricozini.org
https://lists.debian.org/msgid-search/20201108205109.6nzboemjkr5ik...@enricozini.org

Package looks good, uploaded it to NEW.

You might want to add some autopkgtests, I think this would require
patching test.pl to use PATH instead of ./ and then patching Makefile
to set PATH to include the build directory (be sure to send those to
upstream). Then you will be able to run the tests against the installed
binary /usr/bin/trurl instead of the build dir.

https://salsa.debian.org/ci-team/autopkgtest/raw/master/doc/README.package-tests.rst
https://wiki.debian.org/ContinuousIntegration
https://ci.debian.net/doc/

Tools' complaints that might be worth fixing upstream or in Debian:

$ lintian --info --show-overrides --color auto --display-info 
--display-experimental --pedantic
I: trurl source: debian-watch-file-is-missing
I: trurl: hardening-no-bindnow [usr/bin/trurl]
I: trurl: typo-in-manual-page occurances occurrences 
[usr/share/man/man1/trurl.1.gz:39]
X: trurl source: upstream-metadata-file-is-missing

$ find . -type f -exec anorack {} +
./checksrc.pl:851: a extended -> an extended /Ekst'EndI2d/

$ codespell --quiet-level=3 .
./trurl.1:39: occurances ==> occurrences
./trurl.c:859: inbetween ==> between, in between
./RELEASE-NOTES:20: messsage ==> message

$ find . -type f -exec spellintian {} +
./trurl.1: occurances -> occurrences

# wrap-and-sort makes VCS diffs of package info easier to read
$ wrap-and-sort --short-indent --wrap-always --sort-binary-packages 
--trailing-comma --dry-run
--- Dry run, these files would be modified ---
debian/control

$ find . -type f -iname '*.[1-9]' -exec mandoc -T lint -W warning {} +
mandoc: ./trurl.1:5:13: WARNING: cannot parse date, using it verbatim: TH 3 Apr 
2023

$ find .. -maxdepth 1 -type f -iwholename '../*.build' -exec blhc --all {} +
CFLAGS missing (-fPIE): cc -g -O2 
-ffile-prefix-map=/home/pabs/devel/debian/mentors/trurl-0.4=. 
-fstack-protector-strong -Wformat -Werror=format-security -W -Wall -pedantic -g 
-Wdate-time -D_FORTIFY_SOURCE=2  -c -o trurl.o trurl.c
LDFLAGS missing (-fPIE -pie -Wl,-z,now): cc -Wl,-z,relro  trurl.o  -lcurl -o 
trurl

$ find . -type f -iwholename './debian/*/bin/*' -exec hardening-check --quiet 
{} +
./debian/trurl/usr/bin/trurl:
 Immediate binding: no, not found!
 Control flow integrity: no, not found!

$ find . -type f -iname '*.yml' -exec yamllint --config-data relaxed {} +
./.github/workflows/makefile.yml
  21:81 warning  line too long (122 > 80 characters)  (line-length)
  30:81 warning  line too long (86 > 80 characters)  (line-length)
  48:7  warning  wrong indentation: expected 4 but found 6  (indentation)

$ perlcritic --noprofile --verbose '%f:%l:%c: %m. %e. Near `%r` (Severity: 
%s)\n' --gentle .
checksrc.pl:100:5: Bareword file handle opened. See pages 202,204 of PBP. Near 
`open(W, "<$dir/checksrc.skip") or return;` (Severity: 5)
checksrc.pl:100:5: Two-argument "open" used. See page 207 of PBP. Near `open(W, 
"<$dir/checksrc.skip") or return;` (Severity: 5)
checksrc.pl:382:5: Bareword file handle opened. See pages 202,204 of PBP. Near 
`open(R, "<$file") || die "failed to open $file";` (Severity: 5)
checksrc.pl:382:5: Two-argument "open" used. See page 207 of PBP. Near `open(R, 
"<$file") || die "failed to open $file";` (Severity: 5)

$ cppcheck -j1 --quiet --enable=all .
trurl.c:517:9: style: The scope of the variable 'i' can be reduced. 
[variableScope]
int i;
^
trurl.c:788:7: style: The scope of the variable 'rc' can be reduced. 
[variableScope]
  int rc;
  ^
trurl.c:790:9: style: The scope of the variable 'oldnq' can be reduced. 
[variableScope]
  char *oldnq;
^
trurl.c:516:11: style: Local variable 'set' shadows outer function 
[shadowFunction]
char *set = node->data;
  ^
trurl.c:509:13: note: Shadowed declaration
static void set(CURLU *uh,
^
trurl.c:516:11: note: Shadow variable
char *set = node->data;
  ^
trurl.c:622:9: style: Local variable 'i' shadows outer variable [shadowVariable]
int i;
^
trurl.c:606:7: note: Shadowed declaration
  int i;
  ^
trurl.c:622:9: note: Shadow variable
int i;
^
trurl.c:187:17: style: struct member 'option::output' is never used. 
[unusedStructMember]
  unsigned char output;
^

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1020621: ITA netkit-rusers

[Sydney Cripe]

On Sat, Apr 15, 2023 at 11:33 AM Bastian Germann  wrote:

> On Mon, 03 Oct 2022 00:55:20 -0700 Sydney Cripe wrote:
> > Thank you for your maintence on the package!
> > I'd like to adopt it.
> Please submit a source package to review.
> You can upload to mentors.debian.net.
>
I will have it finished and uploaded by 08:00 UTC on 4/18/2023.

Bug#1034458: msmtp: Add XDG_CONFIG_PATH/msmtp/* to apparmor profile

[Simon Deziel]

Hi,

On 2023-04-15 18:05, أحمد المحمودي (Ahmed El-Mahmoudy) wrote:

A user might manually set XDG_CONFIG_DIR to another path than
$HOME/.config, hence I suggest to add XDG_CONFIG_PATH/msmtp/* to
apparmor profile


AFAIK, Apparmor profiles cannot reference such user defined variables.

HTH,
Simon

Bug#1034463: linux: consider CONFIG_AGP=m

[Elliott Mitchell]

Package: src:linux
Version: 5.10.158+2
Severity: wishlist

Could AGP support be turned into a module for Debian kernels?

I'm tempted to suggest it shouldn't even be built for amd64, but does
seem reasonable for i686 kernels.  Given this, module seems to make
sense.


-- 
(\___(\___(\__  --=> 8-) EHM <=--  __/)___/)___/)
 \BS (| ehem+sig...@m5p.com  PGP 87145445 |)   /
  \_CS\   |  _  -O #include  O-   _  |   /  _/
8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445

Bug#1034462: Pipewire: Inappropriate ioctl for device

[Al Ma]

Package: pipewire
Version: 0.3.56-1
I have very broken mic input in audacity. While looking into log, I saw the 
following lines:
Apr 15 22:36:59 AnonymizedComputerName pipewire[1235]: spa.v4l2: '/dev/video0' 
VIDIOC_ENUM_FRAMESIZES: Unpassender IOCTL (I/O-Control) für das Gerät
Apr 15 22:36:59 AnonymizedComputerName pipewire-media-session[1236]: ms.core: 
error id:35 seq:256 res:-25 (Inappropriate ioctl for device): enum params id:3 
(Spa:Enum:ParamId:EnumFormat) failed
As the error concerns a multimedia-related piece of software (and as I have no 
mic-input at the moment for an unknown reason), I wonder what this error tells 
us?  Who has done what wrong and how?  By the way, as /dev/video0 is mentioned, 
the only way a video could be captured on my machine would be via a TV card. 
The TV card is connected to the antenna, and the TV tuner was not started on 
boot.
More info:
$ uname -a
Linux AnonymizedComputerName 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 
(2023-01-21) x86_64 GNU/Linux
$ sudo aptitude show pipewire| grep Version
Version: 0.3.56-1
$ sudo aptitude show pipewire-media-session | grep Version
Version: 0.4.1-3
$ sudo lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye

Bug#1033302: chromium: #ozone-platform-hint should be set to auto

[Andres Salomon]

On Mon, 20 Mar 2023 10:44:12 + =?utf-8?q?Bastien_Roucari=C3=A8s?= 
 wrote:

> Package: chromium
> Version: 111.0.5563.64-1
> Severity: serious
> Tags: patch
> Justification: unusable under wayland kde
>
> Dear Maintainer,
>
> Under wayland chromium tab are unresponsible to mouse.
>
> #ozone-platform-hint set to auto instead of default help here to 
detect

> wayland.
> >


Now that I've cleared up some hard drive space, I set up a virtualbox 
environment with KDE on bookworm. I wasn't able to reproduce this with 
chromium 112.0.5615.49-2, with the X11 backend. Is it still happening 
for you on chromium 112?

Bug#1034461: unblock: gnome-user-docs/43.0-2

[Gunnar Hjalmarsson]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: gunna...@debian.org
Control: affects -1 + src:gnome-user-docs

Please unblock package gnome-user-docs.

[ Reason ]

Upstream missed to ship two figures in the tarball. They were added via 
a patch in gnome-user-docs 43.0-2.


[ Impact ]

Without the patch it doesn't look so good if you browse this page:

yelp /usr/share/help/C/gnome-help/bluetooth-device-specific-pairing.page

[ Tests ]

Installed the binary built by version 43.0-2 of the gnome-user-docs 
source, and confirmed that the figures showed up as expected.


[ Risks ]

Just two docs figures, not affecting anything else.

[ Checklist ]
 [x] all changes are documented in the d/changelog
 [x] I reviewed all changes and I approve them
 [x] attach debdiff against the package in testing

--
Cheers,
Gunnar Hjalmarssondiff --git a/debian/changelog b/debian/changelog
index f8b94f77a..deff6d0ed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+gnome-user-docs (43.0-2) unstable; urgency=medium
+
+  * Add-missing-figures.patch
+
+ -- Gunnar Hjalmarsson   Sat, 15 Apr 2023 23:54:03 +0200
+
 gnome-user-docs (43.0-1) unstable; urgency=medium
 
   * New upstream release
diff --git a/debian/patches/Add-missing-figures.patch 
b/debian/patches/Add-missing-figures.patch
new file mode 100644
index 0..ab58c19b0
--- /dev/null
+++ b/debian/patches/Add-missing-figures.patch
@@ -0,0 +1,153 @@
+Description: Add missing figures
+ A consequence of the mistake in gnome-help/Makefile.am is that the
+ figures are not included in the upstream tarball. So this patch also
+ adds the missing figures as such.
+Author: Gunnar Hjalmarsson 
+Forwarded: https://gitlab.gnome.org/GNOME/gnome-user-docs/-/merge_requests/164
+---
+ /dev/null => gnome-help/C/figures/ps-button.svg |  62 +++
+ /dev/null => gnome-help/C/figures/ps-create.svg |  54 ++
+ gnome-help/Makefile.am  |   2 +
+ 3 files changed, 118 insertions(+)
+
+diff --git a/gnome-help/C/figures/ps-button.svg 
b/gnome-help/C/figures/ps-button.svg
+new file mode 100644
+index 000..f65a8f3
+--- /dev/null
 b/gnome-help/C/figures/ps-button.svg
+@@ -0,0 +1,62 @@
++
++
++
++http://www.inkscape.org/namespaces/inkscape;
++   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd;
++   xmlns="http://www.w3.org/2000/svg;
++   xmlns:svg="http://www.w3.org/2000/svg;>
++  
++  
++  
++
++  
++  
++  
++
++  
++
+diff --git a/gnome-help/C/figures/ps-create.svg 
b/gnome-help/C/figures/ps-create.svg
+new file mode 100644
+index 000..f62dec8
+--- /dev/null
 b/gnome-help/C/figures/ps-create.svg
+@@ -0,0 +1,54 @@
++
++
++
++http://www.inkscape.org/namespaces/inkscape;
++   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd;
++   xmlns="http://www.w3.org/2000/svg;
++   xmlns:svg="http://www.w3.org/2000/svg;>
++  
++  
++  
++⚟
++  
++
+diff --git a/gnome-help/Makefile.am b/gnome-help/Makefile.am
+index 95000e0..a94470b 100644
+--- a/gnome-help/Makefile.am
 b/gnome-help/Makefile.am
+@@ -83,6 +83,8 @@ HELP_MEDIA = \
+   figures/network-wireless-disabled-symbolic.svg \
+   figures/preferences-desktop-accessibility-symbolic.svg \
+   figures/printing-select.png \
++  figures/ps-button.svg \
++  figures/ps-create.svg \
+   figures/rotation-allowed-symbolic.svg \
+   figures/rotation-locked-symbolic.svg \
+   figures/screenshot-tool.png \
diff --git a/debian/patches/series b/debian/patches/series
index ead8eb86f..b87203895 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 drop-experimental-style-for-prefs.page.patch
+Add-missing-figures.patch

Bug#799603: NetworkManager: Error: failed to open /run/network/ifstate

[Al Ma]

found 799603 1.30.6-1+deb11u1
quit
Affects me. In the journal log I see “NetworkManager[885]:  
[1681591017.6980] Error: failed to open /run/network/ifstate”.  As this is not 
only a warning but also an error, who has done what wrong?  (I have 184 
occurrences of “error” in the output of `journalctl -b`; I'd really wish to 
know which one is no more than a printf resulting from sloppy, careless 
programming and which one also leads to the end-user problems at hand, 
whichever they may be.)

Bug#1033811: unblock: mariadb/1:10.11.2-2

[Otto Kekäläinen]

> I hope you realize that you're stretching it:
>   68 files changed, 11039 insertions(+), 404 deletions(-)

Yes, there are a lot of fixes. There was an extensive push to test and
polish everything from Feb to mid-March, resulting in 39 git commits.
However everything is purely about bug fixes, improved logging to help
future bugfixes, NEWS, translations etc. Everything is documented in
debian/changelog for users and even more detailed in git commit log
for package developers at
https://salsa.debian.org/mariadb-team/mariadb-server/-/commits/debian/latest

> Several of these changes are not really appropriate and should have been
> done before the hard freeze. The idea of the freeze schedule is to
> stabilize the archive, particularly key packages. mariadb is a key package.

Let's review each change now. I am happy to provide additional explanations.

> One of the changes I'm not please with is that you are renaming
> variables. Really, now?

This is about commit
https://salsa.debian.org/mariadb-team/mariadb-server/-/commit/09be495b1ca7811e1c6200215e20de38f26834ec,
right?

The variables were renamed upstream in commit
https://salsa.debian.org/mariadb-team/mariadb-server/-/commit/952af4a1794ea640213c9c3b3931c84349493a9b
that affects branches 10.5+ and was done in December 2022. Not ideal
to do in a stable release, agree, but from Debian packager point of
view this change had been in a mariadb.org release already, proven
stable, and minimizing delta to upstream Debian packaging is best for
the long-term maintenance of the package in Debian.

> Why now change from /usr/bin/mysql to /usr/bin/mariadb when the former
> is a symlink to the latter. Seems like unnecessary risks. (You even seem
> to have missed usr/bin/mysqladmin in mariadb-server.postrm, or is it in
> postrm better to have the link?)

I synced contents by carefully reviewing the full directories of
upstream and downstream in Meld Merge, and I did not miss anything,
the full upstream change is included.

Upstream 10.11 branch has the same MYADMIN="/usr/bin/mysqladmin in
https://salsa.debian.org/mariadb-team/mariadb-server/-/blob/d84a2826290d9676faebba0849d1b9fb7f5efcd8/debian/mariadb-server.postrm#L9
as we have now in Debian.

> Renaming patches (why and why now?) also doesn't help with a review;
> it's difficult to see if they are the same.

To facilitate contributions I prefer to accept occasionally even
sub-par contributions, and then fix them up myself. The case you refer
to is debian/patches/{2477.patch =>
2477-rocksdb-atomic-riscv64.patch}. I did not want to carry a patch
that is just a number from
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/34,
so I renamed it to have a sensible title, and added proper metadata in
the patch.

Git renders this rename nicely both on command-line and in e.g.
https://salsa.debian.org/mariadb-team/mariadb-server/-/commit/fe0701c4455a6e9f32f9495f286a093ab22c6a26
but I guess you are reviewing just overall patch attached in this bug
report.

> You drop the Hurd patch, but I couldn't find it documented. (Hurd has
> been failing since the first unversioned mariadb, so I can guess, but
> the point of unblock requests is that I shouldn't need to).

https://salsa.debian.org/mariadb-team/mariadb-server/-/commit/fe0701c4455a6e9f32f9495f286a093ab22c6a26
> Drop 2006-kfreebsd-amd64.patch which had already been applied upstream and
> was wrongly being re-applied in Debian.

You are right, I should have included this in the debian/changelog. In
my current workflow I do full documentation in commits (that are
stored permanently on Debian Salsa) and then summarize them in the
debian/changelog to avoid the changelog being too verbose. This one I
should have been more verbose on.

> During my review several days ago I got to the
> 2464-log-missing-upgrade.patch. I might continue the review later but
> for now I'm out of spoons.

This patch adds logging - essentially it makes the server start
nagging if mariadb-upgrade has not been run. Missing the upgrade due
to bugs in maintainer scripts etc occasionally happens, and it is
really hard to get bug submitters to research this themselves or to
provide reproducible steps on what they did. Having the ability for
submitters to copy-paste this message from logs helps tremendously.

I am amazed that you review in detail the full diff attached to the
unblock request. I did not know release managers are that dedicated to
quality, that is great for Debian users!

It awes and humbles me that you are so diligent. At the same time I am
a bit worried will it scale? I sent several emails to co-maintainers,
pkg-mysql-maint list, debian-devel list and tried to rally people to
review MRs at 
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests
before these commits when in, but few responded. It is too much work
even for people to do in their spare time. The expectation that one
release manager reads all changes in all unblock requests seems
unrealistic.

Bug#1034460: RFS: git-credential-oauth/0.5.2-1~bpo11 1 -- Git credential helper for GitHub and other forges using OAuth

[M Hickford]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "git-credential-oauth":

 * Package name : git-credential-oauth
   Version  : 0.5.2-1~bpo11+1
   Upstream contact : M Hickford 
 * URL  : https://github.com/hickford/git-credential-oauth
 * License  : Apache-2.0
 * Vcs  :
https://salsa.debian.org/go-team/packages/git-credential-oauth
   Section  : golang

The source builds the following binary packages:

  git-credential-oauth - Git credential helper for GitHub and other
forges using OAuth

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/git-credential-oauth/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/g/git-credential-oauth/git-credential-oauth_0.5.2-1~bpo11+1.dsc

Changes since the last upload:

 git-credential-oauth (0.5.2-1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.

Regards,

Bug#1034310: [digikam] [Bug 466170] Digikam 7.9.0 (and 7.8.0) crashes on startup

[Steven Robbins]

On Fri, 14 Apr 2023 14:24:31 +0200 Rainer Dorsch  wrote:
> Thanks Marco, that is a good link.
> 
> I provided a backtrace and upstream acknowledged the bug to be fixed in 
8.1.0:

Hello Rainer,

I've looked at the upstream bug, and all the information you provided.  That's 
awesome -- I wish that every bug submitter would be as thorough as you!

It seems that, even with disabling the splash screen, you still experience the 
bug -- is that correct?

I can say that I'm not experiencing any such crash.  I created a new user to 
test from scratch.  I see the splash screen come and go, then the pop-up that 
offers to download the faces data files.  I can download them or not and it all 
works fine either way.

So it's puzzling.  I'm also using an x64 system, but I run on the "sid/
unstable" distribution so I have slightly different versions of the dependency 
packages.   Maybe it's worth attempting an upgrade of some or all of these to 
see if the problem goes away?

Perhaps start with libkf5configcore5, since the failing assert seems to be in 
that library:

qt_assert_x(char const*, char const*, char const*, int) () at /lib/
x86_64-linux-gnu/libQt5Core.so.5


Here is the list from my system today.

Versions of packages digikam depends on:
ii  digikam-data  4:7.9.0-1
ii  digikam-private-libs  4:7.9.0-1+b2
ii  libc6 2.36-9
ii  libgcc-s1 12.2.0-14
ii  libkf5configcore5 5.103.0-2
ii  libkf5coreaddons5 5.103.0-1
ii  libkf5i18n5   5.103.0-1
ii  libmagick++-6.q16-8   8:6.9.11.60+dfsg-1.6
ii  libqt5core5a  5.15.8+dfsg-7
ii  libqt5gui55.15.8+dfsg-7
ii  libqt5sql55.15.8+dfsg-7
ii  libqt5sql5-mysql  5.15.8+dfsg-7
ii  libqt5sql5-sqlite 5.15.8+dfsg-7
ii  libqt5widgets55.15.8+dfsg-7
ii  libstdc++612.2.0-14
ii  perl  5.36.0-7

Versions of packages digikam recommends:
ii  brave-browser [www-browser] 1.50.119
ii  ffmpegthumbs4:22.12.3-1
ii  firefox-esr [www-browser]   102.10.0esr-1
ii  google-chrome-stable [www-browser]  112.0.5615.121-1
ii  konqueror [www-browser] 4:22.12.3-1
ii  lynx [www-browser]  2.9.0dev.12-1
ii  w3m [www-browser]   0.5.3+git20230121-2

Versions of packages digikam suggests:
ii  breeze-icon-theme  4:5.103.0-1
pn  digikam-doc
ii  systemsettings 4:5.27.2-1

Best,
-Steve


signature.asc
Description: This is a digitally signed message part.

Bug#1034418: util-linux: fstrim.timer not enabled for upgraded systems

[Chris Hofstaedtler]

* Matt Taggart  [230414 19:54]:
> I recently noticed on my existing bullseye systems that fstrim.timer is not
> enabled by default:
[..]

> It looks this way on all my bullseye systems that were older and
> dist-upgraded to bullseye. I only have one system that was installed
> directly with bullseye and it appeared to be running there (but maybe I
> enabled it by hand at some point and forgot?).
[..]

> Looking in the Debian changelog I see in the 2.35.1-2 entry:
> 
> "* Enable fstrim.timer by default"
> 
> and that seems to correspond to this commit:
> 
> https://salsa.debian.org/debian/util-linux/-/commit/b0f405a45b6ea0608ecb51e8b8d68ec1715a83e7

Indeed.

[..]
> Here is the generated section from postinst:
[..]
> # was-enabled defaults to true, so new installations run enable.

> So I guess if fstrim.timer was installed at some point but not enabled,
> upgrades would "update-state" but not enable the service?
> 
> Was fstrim.timer delivered in buster but not enabled?

Yes.

> This behavior might follow the principle of least surprise, but I think for
> SSD based systems it is losing out on the benefits of TRIM/discard (improved
> i/o latency, flash wear).

Yes. Also it is - to the best of my knowledge - the only way of not
destroying possible admin configuration on upgrades.

[..]

> Can you think of a way this could be enabled for upgraded systems as well?

No :-(

It seems to follow from our policies that you only get defaults on
new installs. Upgrades must be left in some possibly not-that-great
state.


Chris

Bug#1034459: unblock: curl/7.88.1-9

[Sergio Durigan Junior]

Package: release.debian.org
Control: affects -1 + src:curl
X-Debbugs-Cc: c...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: samuel...@debian.org
Severity: normal

Please unblock curl/7.88.1-9.

[ Reason ]

Changes that affect the resulting binaries:

  [ Sergio Durigan Junior ]
  * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch:
Don't prepend "nss" when opening libnssckbi.so. (Closes: #1034359)

  [ Samuel Henrique ]
  * d/p/fix-unix-domain-socket.patch: Import upstream patch to fix --unix
(closes: #1033963)

The first change is an important fix to address a regression introduced
by the previous
"Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch".
Unfortunately, it is currently not possible for users of NSS-enabled
libcurl to fetch data from HTTPS URIs.  With this one-liner fix, the
previous behaviour is restored while at the same time keeping the
benefits of being able to dynamically load libnss-pem.

The second change is a backport of an upstream patch to fix the use of
UNIX domain sockets (via --unix) in HTTPS scenarios.  An important fix
for those who rely on these features.

Changes that don't affect the resulting binaries:

  [ Samuel Henrique ]
  * Update list of tests that fail on IPv6-only envs and don't skip them on
autopkgtest

This change updates (and reduces) the list of tests to be skipped on
IPv6-only environments.  This should increase our test coverage in
debci.

[ Impact ]

With this update, users who rely on the NSS-enabled libcurl will be able
to fetch data from HTTPS URIs again.

[ Tests ]

All build tests passed.

[ Risks ]

After some extensive tests, I believe I covered all scenarios where an
NSS-enabled libcurl could be used.  Unfortunately, the patch to make
libcurl able to find and load libnss-pem is still a bit hack-ish, so
there's always the possibility of a problem creeping in.  I'm confident
that the chance of such regression happening is unlikely, though.

[ Checklist ]

  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

I understand that the release team is probably very busy these days, and
appreciate all the work you have done.  If it is not too much
inconvenience for you, it would be great to have this version of curl
unblocked in the near future, in order to address the NSS regression.
Thank you in advance.

unblock curl/7.88.1-9

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/

diff -Nru curl-7.88.1/debian/changelog curl-7.88.1/debian/changelog
--- curl-7.88.1/debian/changelog	2023-03-26 06:36:24.0 -0400
+++ curl-7.88.1/debian/changelog	2023-04-15 15:03:44.0 -0400
@@ -1,3 +1,17 @@
+curl (7.88.1-9) unstable; urgency=medium
+
+  [ Sergio Durigan Junior ]
+  * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch:
+Don't prepend "nss" when opening libnssckbi.so. (Closes: #1034359)
+
+  [ Samuel Henrique ]
+  * Update list of tests that fail on IPv6-only envs and don't skip them on
+autopkgtest
+  * d/p/fix-unix-domain-socket.patch: Import upstream patch to fix --unix
+(closes: #1033963)
+
+ -- Samuel Henrique   Sat, 15 Apr 2023 20:03:44 +0100
+
 curl (7.88.1-8) unstable; urgency=medium
 
   [ Samuel Henrique ]
diff -Nru curl-7.88.1/debian/patches/fix-unix-domain-socket.patch curl-7.88.1/debian/patches/fix-unix-domain-socket.patch
--- curl-7.88.1/debian/patches/fix-unix-domain-socket.patch	1969-12-31 19:00:00.0 -0500
+++ curl-7.88.1/debian/patches/fix-unix-domain-socket.patch	2023-04-15 15:03:44.0 -0400
@@ -0,0 +1,211 @@
+From 873f9fccca3645ffa41ad1f26355860fd925eb18 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing 
+Date: Tue, 28 Feb 2023 10:07:21 +0100
+Subject: [PATCH] Fixing unix domain socket use in https connects.
+
+- refs #10633, when h2/h3 eyeballing was involved, unix domain socket
+  configurations were not honoured
+- configuring --unix-socket will disable HTTP/3 as candidate for eyeballing
+- combinatino of --unix-socket and --http3-only will fail during initialisation
+- adding pytest test_11 to reproduce
+---
+ lib/cf-http.c |   6 +-
+ lib/http.c|   6 +-
+ lib/vquic/vquic.c |   4 +
+ tests/tests-httpd/test_11_unix.py | 129 ++
+ 4 files changed, 138 insertions(+), 7 deletions(-)
+ create mode 100644 tests/tests-httpd/test_11_unix.py
+
+Index: curl/lib/cf-http.c
+===
+--- curl.orig/lib/cf-http.c
 curl/lib/cf-http.c
+@@ -266,7 +266,8 @@ static CURLcode cf_hc_connect(struct Cur
+ Curl_expire(data, ctx->soft_eyeballs_timeout_ms, EXPIRE_ALPN_EYEBALLS);
+ }
+ else if(ctx->h21_baller.enabled)
+-  cf_hc_baller_init(>h21_baller, cf, data, "h21", TRNSPRT_TCP);
++   

Bug#1034458: msmtp: Add XDG_CONFIG_PATH/msmtp/* to apparmor profile

[Ahmed El-Mahmoudy]

Package: msmtp
Version: 1.8.23-1
Severity: normal

Dear Maintainer,

A user might manually set XDG_CONFIG_DIR to another path than 
$HOME/.config, hence I suggest to add XDG_CONFIG_PATH/msmtp/* to 
apparmor profile

-- System Information:
Debian Release: bullseye/sid
  APT prefers focal-updates
  APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal'), 
(100, 'focal-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-144-generic (SMP w/12 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages msmtp depends on:
ii  adduser3.118ubuntu2
ii  debconf [debconf-2.0]  1.5.73
ii  libc6  2.31-0ubuntu9.9
ii  libgnutls303.6.13-2ubuntu1.8
ii  libgsasl7  1.8.1-1
ii  ucf3.0038+nmu1

Versions of packages msmtp recommends:
ii  ca-certificates  20211016ubuntu0.20.04.1

Versions of packages msmtp suggests:
pn  msmtp-mta  

-- debconf information excluded

-- 
‎أحمد المحمودي (Ahmed El-Mahmoudy)
 Digital design engineer
GPG KeyIDs: 4096R/A7EF5671 2048R/EDDDA1B7
GPG Fingerprints:
 6E2E E4BB 72E2 F417 D066  6ABF 7B30 B496 A7EF 5761
 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: PGP signature

Bug#1034457: libqt5quick5: Qt segfault on amd64

[Julian Groß]

Package: libqt5quick5
Version: 5.15.8+dfsg-3
Severity: normal

Dear Maintainer,

we ran into what appears to be a segmentation fault in Qt.
One of the last places it runs into is QQuickOpenGLShaderEffectCommon which is 
why I am reporting it towards this package.

I dumped a core file from GDB, which should contain everything needed to debug 
this further, since debugging symbols for pretty much anything Qt are installed.
You can find it here: https://data.moto9000.moe/qt/1/core.191885.tar.xz (12,3 
GiB when uncompressed)

I will just put the backtrace in here:
```
#0 0x in ()
#1 0x7f8f43eba269 in QMetaObject::cast(QObject const*) const 
(this=0x7f8f44143140 , obj=0x55b8ddf56be0) at 
kernel/qmetaobject.cpp:389
#2 0x7f8f43eba2a5 in QMetaObject::cast(QObject*) const (this=, obj=) at kernel/qmetaobject.cpp:378
#3 0x7f8f42b6422a in qobject_cast(QObject*) (object=) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject.h:519
#4 QtPrivate::QVariantValueHelper::object(QVariant const&) (v=[Thread 
0x7f8e4a7fc6c0 (LWP 192005) exited]
[Thread 0x7f8d7d9c36c0 (LWP 192105) exited]
[New Thread 0x7f8e86ffd6c0 (LWP 195762)]
[New Thread 0x7f8e87fff6c0 (LWP 195761)]
[New Thread 0x7f8e4a7fc6c0 (LWP 195758)]
[Thread 0x7f8e609e56c0 (LWP 192001) exited]
[New Thread 0x7f8f0d3fc6c0 (LWP 195757)]
[Thread 0x7f8e84ff96c0 (LWP 191983) exited]
[Thread 0x7f8e857fa6c0 (LWP 191982) exited]
[Thread 0x7f8e85ffb6c0 (LWP 191981) exited]
[Thread 0x7f8e867fc6c0 (LWP 191980) exited]
[Thread 0x7f8e86ffd6c0 (LWP 191979) exited]
[Thread 0x7f8e877fe6c0 (LWP 191978) exited]
[Thread 0x7f8e87fff6c0 (LWP 191977) exited]
[Thread 0x7f8ea577f6c0 (LWP 191976) exited]
[Thread 0x7f8ea6a8b6c0 (LWP 191975) exited]
[New Thread 0x7f8e877fe6c0 (LWP 195763)]
[Thread 0x7f8f0d3fc6c0 (LWP 191939) exited]
[Thread 0x7f8d5ebff6c0 (LWP 192247) exited]
QVariant(QQuickItem*, 0x55b8ddf56be0)) at 
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:753
#5 QtPrivate::ObjectInvoker, QVariant 
const&, QObject*>::invoke(QVariant const&) (a=QVariant(QQuickItem*, 
0x55b8ddf56be0)) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:107
#6 qvariant_cast(QVariant const&) (v=[New Thread 0x7f8d5ebff6c0 (LWP 
195764)]
QVariant(QQuickItem*, 0x55b8ddf56be0)) at 
/usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:879
#7 QQuickOpenGLShaderEffectCommon::disconnectPropertySignals(QQuickItem*, 
QQuickOpenGLShaderEffectMaterialKey::ShaderType) 
(this=this@entry=0x55b8e7f311d8, item=0x55b8e7eb0930, 
shaderType=shaderType@entry=QQuickOpenGLShaderEffectMaterialKey::FragmentShader)
 at items/qquickopenglshadereffect.cpp:238
#8 0x7f8f42b65d7a in QQuickOpenGLShaderEffect::~QQuickOpenGLShaderEffect() 
(this=0x55b8e7f31170, __in_chrg=) at 
items/qquickopenglshadereffect.cpp:660
#9 0x7f8f42b65e29 in QQuickOpenGLShaderEffect::~QQuickOpenGLShaderEffect() 
(this=0x55b8e7f31170, __in_chrg=) at 
items/qquickopenglshadereffect.cpp:661
#10 0x7f8f42b5e563 in QQuickShaderEffect::~QQuickShaderEffect() 
(this=this@entry=0x55b8e7eb0930, __in_chrg=) at 
items/qquickshadereffect.cpp:535
#11 0x7f8f42bd0a35 in 
QQmlPrivate::QQmlElement::~QQmlElement() 
(this=0x55b8e7eb0930, __in_chrg=) at 
../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#12 QQmlPrivate::QQmlElement::~QQmlElement() 
(this=0x55b8e7eb0930, __in_chrg=) at 
../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#13 0x7f8f43edb28e in QObjectPrivate::deleteChildren() 
(this=this@entry=0x55b8e4008a00) at kernel/qobject.cpp:2137
#14 0x7f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e7fd9e40, 
__in_chrg=) at kernel/qobject.cpp:1115
#15 0x7f8f42a566a2 in QQuickItem::~QQuickItem() 
(this=this@entry=0x55b8e7fd9e40, __in_chrg=) at 
items/qquickitem.cpp:2388
#16 0x7f8f42bd03e5 in QQmlPrivate::QQmlElement::~QQmlElement() 
(this=0x55b8e7fd9e40, __in_chrg=) at 
../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#17 QQmlPrivate::QQmlElement::~QQmlElement() (this=0x55b8e7fd9e40, 
__in_chrg=) at 
../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#18 0x7f8f43edb28e in QObjectPrivate::deleteChildren() 
(this=this@entry=0x55b8e7fd9960) at kernel/qobject.cpp:2137
#19 0x7f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e7f5a030, 
__in_chrg=) at kernel/qobject.cpp:1115
#20 0x7f8f42a566a2 in QQuickItem::~QQuickItem() 
(this=this@entry=0x55b8e7f5a030, __in_chrg=) at 
items/qquickitem.cpp:2388
#21 0x7f8f42bd03e5 in QQmlPrivate::QQmlElement::~QQmlElement() 
(this=0x55b8e7f5a030, __in_chrg=) at 
../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#22 QQmlPrivate::QQmlElement::~QQmlElement() (this=0x55b8e7f5a030, 
__in_chrg=) at 
../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#23 0x7f8f43edb28e in QObjectPrivate::deleteChildren() 
(this=this@entry=0x55b8e7f59cc0) at kernel/qobject.cpp:2137
#24 0x7f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e7f59c00, 
__in_chrg=) at kernel/qobject.cpp:1115
#25 0x7f8f42a566a2 in 

Bug#1018747: fixed - gimp-gap recommends mplayer that is (finally) in bookworm

[Alexis PM]

mplayer is (finally) in bookworm: Bug 1005899 is fixed.

[2023-02-13] mplayer 2:1.5+svn38408-1 MIGRATED to testing  
https://tracker.debian.org/news/1420921/mplayer-215svn38408-1-migrated-to-testing/

So Bug#1018747 is fixed and gimp-gap can be returned to bookworm

Bug#1034456: offlineimap: mail fails to sync when fcntl is used if portalocker is available

[Benjamin Mako Hill]

Package: offlineimap
Version: 7.3.3+dfsg1-1+0.0~git20211018.e64c254+dfsg-2.1
Severity: important

Greetings!

Thank you for maintaining offlineimap.

When I run offlineimap, several of my mailboxes fail to sync because are
attempting access symbols in the fcntl module in Python while the module is not
imported.

The problem comes from these lines 30-36 of offlineimap/imaplibutil.py in the
current verions of the Debian package in bookworm and sid:

> try:
> import portalocker
> except:
> try:
> import fcntl
> except:
> pass  # Ok if this fails, we can do without.

The problem is because (a) I have portalocker installed on my system and (b)
the function "set_nonblocking" defined on line 140 of the same file relies on
fcntl being available.

I've not attached a patch because I'm not sure how to best to fix this.

I've fixed this on my system by simply importing fcntl in a line above the
quoted chunk of code above. The fcntl module is in the Python 3.11 standard
library in Python on Linux so it is should be safe. I believe fcntl might not
be installed on Windows.

It might be better to add new code to use portalocker instead of fcntl to the
function on line 140.

If it's helpful, I happy to help prepare a patch if you give me direction on
how you want to solve the problem.

Regards,
Mako


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'stable'), (500, 'testing'), (100, 'bullseye-fasttrack'), (100, 
'bullseye-backports-staging')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-1-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages offlineimap depends on:
ii  offlineimap3  0.0~git20211018.e64c254+dfsg-2

offlineimap recommends no packages.

offlineimap suggests no packages.

-- no debconf information

Bug#1034454: bullseye-pu: package galera-3 25.3.37-0+deb11u1

[Otto Kekäläinen]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

I propose that the latest version of Galera 3 be included in
the upcoming stable release update of Debian. Package ready at
https://salsa.debian.org/mariadb-team/galera-3/-/commits/bullseye

Current changelog:


galera-3 (25.3.37-0+deb11u1) bullseye; urgency=medium

  * New upstream version 25.3.37. Includes multiple bug fixes, see

https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-25.3.37.txt
- Arbitrator daemon garbd now has parameters -w, --workdir and
  WORK_DIR in garb.conf which can be used to set the working
  directory for garbd process, which helps to fix long standing
  issue from 2015 (https://github.com/codership/galera/issues/313).

 -- Otto Kekäläinen   Sat, 15 Apr 2023 12:14:05 -0700



Debdiff attached. Created with commands:
git diff --stat debian/25.3.36-0+deb11u1..bullseye | xz >
debian-25.3.37-0+deb11u1.debdiff.stat.xz
git diff debian/25.3.36-0+deb11u1..bullseye | xz >
debian-25.3.37-0+deb11u1.debdiff.xz

Commit history for easy review visible at
https://salsa.debian.org/mariadb-team/galera-3/-/commits/bullseye

Quality control:
- Bullseye specific CI passed at
https://salsa.debian.org/mariadb-team/galera-3/-/pipelines/520096


debian-25.3.37-0+deb11u1.debdiff.stat.xz
Description: application/xz


debian-25.3.37-0+deb11u1.debdiff.xz
Description: application/xz

Bug#1034453: gcc-snaphot: Bad practice for LD_LIBRARY_PATH (and PATH)

[Jan-Benedict Glaw]

Package: gcc-snapshot

Hi!

Installing the `gcc-snapshot` binary package, there's README.Debian
(in the source package, this is README.snapshot), which (in two
places) shows how to assign LD_LIBRARY_PATH (and PATH) extended values
to allow to use the snapshot compiler.

  These two assignments are unintendedly wrong. While this usually
isn't a problem for PATH (as it is almost always set beforehand), is
actually is an issue for LD_LIBRARY_PATH:

LD_LIBRARY_PATH=/usr/lib/gcc-snapshot/lib:$LD_LIBRARY_PATH

With this assignment, the outcome will usually be

LD_LIBRARY_PATH=/usr/lib/gcc-snapshot/lib:

which has an empty path component at the end. While, in earlier days,
I believed that this would be ignored, it actually expands to the
current(!) directory. (With LD_LIBRARY_PATH exported, I had quite a
fun time tracking down a build problem when cross-building NetBSD
configured for amd64 from a Debian amd64 system. ld.so ended up using
freshly built target components from NetBSD to fulfill host tool's
library dependencies, but that target lib was then missing NetBSD's
libc.) I suggest to change it to:


LD_LIBRARY_PATH="/usr/lib/gcc-snapshot/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"

The same principle applies to PATH, but as previous PATH is typically
non-empty, this won't probably break in obscure ways.

Thanks,
  Jan-Benedict

-- 


signature.asc
Description: PGP signature

Bug#1000008: openscap: depends on obsolete pcre3 library

[Alan Coopersmith]

Upstream bug: https://github.com/OpenSCAP/openscap/issues/1873

Bug#1033811: unblock: mariadb/1:10.11.2-2

[Paul Gevers]

Control: tags -1 moreinfo

Hi Otto,

On 02-04-2023 05:50, Otto Kekäläinen wrote:

This Debian revision has been carefully crafted to only include bug
fixes, test improvements and translations (following the release
policy[2]). There are no risky functional changes, and the package has
not had any new bugs reported for several weeks and confidence that
this is the best version for Bookworm is high.


I hope you realize that you're stretching it:
 68 files changed, 11039 insertions(+), 404 deletions(-)

Several of these changes are not really appropriate and should have been 
done before the hard freeze. The idea of the freeze schedule is to 
stabilize the archive, particularly key packages. mariadb is a key package.


One of the changes I'm not please with is that you are renaming 
variables. Really, now?


Why now change from /usr/bin/mysql to /usr/bin/mariadb when the former 
is a symlink to the latter. Seems like unnecessary risks. (You even seem 
to have missed usr/bin/mysqladmin in mariadb-server.postrm, or is it in 
postrm better to have the link?)


Renaming patches (why and why now?) also doesn't help with a review; 
it's difficult to see if they are the same.


You drop the Hurd patch, but I couldn't find it documented. (Hurd has 
been failing since the first unversioned mariadb, so I can guess, but 
the point of unblock requests is that I shouldn't need to).


During my review several days ago I got to the 
2464-log-missing-upgrade.patch. I might continue the review later but 
for now I'm out of spoons.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034452: Wayland Incompatible

[Barak A. Pearlmutter]

Package: veyon-service
Version: 4.7.5+repack1-1

Veyon does not have Wayland support, which is slated to be released
with version 5.x in about two and a half years ago. In the meantime,
when client machines are logged in with Wayland, the master cannot
view their screens etc. I would suggest that, until Wayland support
materializes, there be a configuration option which tells the display
manager to discourage Wayland sessions. This could of course come with
varying levels of stridency: forbid Wayland entirely, pop up a scary
Wayland warning, just make X11 sessions the default, etc.

Bug#1034451: evince: Dies with an assertion error when trying to print

[Uwe Kleine-König]

Package: evince
Version: 43.1-2+b1
Severity: normal
X-Debbugs-Cc: u...@kleine-koenig.org

Hello,

when trying to print a certain document (note to myself:
plusquemaproprevie.pdf), evince dies with:

evince: ../../../../src/cairo-array.c:182: _cairo_array_index: Assertion `index 
< array->num_elements' failed.

backtrace looks as follows:

#0  __pthread_kill_implementation (threadid=, 
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1  0x7f8b4a2aed2f in __pthread_kill_internal (signo=6, threadid=) at ./nptl/pthread_kill.c:78
#2  0x7f8b4a25fef2 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/posix/raise.c:26
#3  0x7f8b4a24a472 in __GI_abort () at ./stdlib/abort.c:79
#4  0x7f8b4a24a395 in __assert_fail_base (fmt=0x7f8b46b8e8f2 "%s%s%s:%u: 
%s%sZusicherung »%s« nicht erfüllt.\n%n",
assertion=assertion@entry=0x7f8b4a8b338e "index < array->num_elements", 
file=file@entry=0x7f8b4a8b3370 "../../../../src/cairo-array.c",
line=line@entry=182, function=function@entry=0x7f8b4a8b3430 
<__PRETTY_FUNCTION__.2> "_cairo_array_index") at ./assert/assert.c:92
#5  0x7f8b4a258df2 in __GI___assert_fail 
(assertion=assertion@entry=0x7f8b4a8b338e "index < array->num_elements",
file=file@entry=0x7f8b4a8b3370 "../../../../src/cairo-array.c", 
line=line@entry=182,
function=function@entry=0x7f8b4a8b3430 <__PRETTY_FUNCTION__.2> 
"_cairo_array_index") at ./assert/assert.c:101
#6  0x7f8b4a7e74a3 in _cairo_array_index (index=557, array=) 
at ../../../../src/cairo-array.c:182
#7  0x7f8b4a7e7609 in _cairo_array_index (array=, 
index=index@entry=557) at ../../../../src/cairo-array.c:167
#8  0x7f8b4a8581d4 in cairo_cff_parse_charstring 
(font=font@entry=0x55b5c22bec20, charstring=, length=,
glyph_id=glyph_id@entry=0, need_width=1) at 
../../../../src/cairo-cff-subset.c:1580
#9  0x7f8b4a85b063 in cairo_cff_find_width_and_subroutines_used 
(subset_id=0, glyph_id=0, length=, charstring=,
font=0x55b5c22bec20) at ../../../../src/cairo-cff-subset.c:1661
#10 cairo_cff_font_subset_charstrings_and_subroutines (font=0x55b5c22bec20) at 
../../../../src/cairo-cff-subset.c:1778
#11 cairo_cff_font_subset_font (font=0x55b5c22bec20) at 
../../../../src/cairo-cff-subset.c:1959
#12 cairo_cff_font_generate (length=, data=, 
font=) at ../../../../src/cairo-cff-subset.c:2572
#13 _cairo_cff_subset_init (cff_subset=cff_subset@entry=0x7ffe2c68b3f0, 
subset_name=subset_name@entry=0x7ffe2c68b460 "CairoFont-2-0",
font_subset=font_subset@entry=0x7ffe2c68b560) at 
../../../../src/cairo-cff-subset.c:2949
#14 0x7f8b4a8a96e1 in _cairo_pdf_surface_emit_cff_font_subset 
(font_subset=0x7ffe2c68b560, surface=0x55b5c2508000)
at ../../../../src/cairo-pdf-surface.c:5643
#15 _cairo_pdf_surface_emit_unscaled_font_subset (font_subset=0x7ffe2c68b560, 
closure=0x55b5c2508000) at ../../../../src/cairo-pdf-surface.c:6358
#16 0x7f8b4a85ca98 in _cairo_sub_font_collect (closure=0x7ffe2c68b510, 
entry=0x55b5c2326770) at ../../../../src/cairo-scaled-font-subsets.c:746
#17 _cairo_scaled_font_subsets_foreach_internal (font_subsets=,
font_subset_callback=font_subset_callback@entry=0x7f8b4a8a9670 
<_cairo_pdf_surface_emit_unscaled_font_subset>,
closure=closure@entry=0x55b5c2508000, 
type=type@entry=CAIRO_SUBSETS_FOREACH_UNSCALED) at 
../../../../src/cairo-scaled-font-subsets.c:1067
#18 0x7f8b4a85d807 in _cairo_scaled_font_subsets_foreach_unscaled 
(font_subsets=,
font_subset_callback=font_subset_callback@entry=0x7f8b4a8a9670 
<_cairo_pdf_surface_emit_unscaled_font_subset>, 
closure=closure@entry=0x55b5c2508000)
at ../../../../src/cairo-scaled-font-subsets.c:1095
#19 0x7f8b4a8a7638 in _cairo_pdf_surface_emit_font_subsets 
(surface=0x55b5c2508000) at ../../../../src/cairo-pdf-surface.c:6408
#20 _cairo_pdf_surface_finish (abstract_surface=0x55b5c2508000) at 
../../../../src/cairo-pdf-surface.c:2220
#21 0x7f8b4a845c52 in _cairo_surface_finish 
(surface=surface@entry=0x55b5c2508000) at ../../../../src/cairo-surface.c:1030
--Type  for more, q to quit, c to continue without paging--
#22 0x7f8b4a8469bb in INT_cairo_surface_finish (surface=0x55b5c2508000) at 
../../../../src/cairo-surface.c:1079
#23 INT_cairo_surface_finish (surface=0x55b5c2508000) at 
../../../../src/cairo-surface.c:1063
#24 0x7f8b4a814075 in _cairo_paginated_surface_finish 
(abstract_surface=0x55b5c1920800) at 
../../../../src/cairo-paginated-surface.c:214
#25 0x7f8b4a845c52 in _cairo_surface_finish 
(surface=surface@entry=0x55b5c1920800) at ../../../../src/cairo-surface.c:1030
#26 0x7f8b4a8469bb in INT_cairo_surface_finish (surface=0x55b5c1920800) at 
../../../../src/cairo-surface.c:1079
#27 INT_cairo_surface_finish (surface=0x55b5c1920800) at 
../../../../src/cairo-surface.c:1063
#28 0x7f8b4ada0e37 in unix_end_run (op=0x55b5c18a12a0, wait=0, cancelled=0) 
at ../../../gtk/gtkprintoperation-unix.c:374
#29 0x7f8b4ac60739 in print_pages_idle (user_data=0x55b5c24da240) at 

Bug#1033570: unblock: kdenlive/22.12.3-2

[Paul Gevers]

Control: tags -1 confirmed

Hi Patrick,

Thanks.

On 14-04-2023 10:45, Patrick Matthäi wrote:
You may have guessed from the silence (see also our FAQ [1]) that 
we're not enthusiastic about mlt. I'm currently leaning towards the 
tpu route for kdenlive.


Please upload the version you have in unstable to 
testing-proposed-uploads with only an added changelog entry. I prefer a 
+deb12u1 version bump (because that will automatically be synced to 
unstable), but I can live with ~deb12u1 too if you prefer that.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034450: jekyll: autopkgtest fails on arm64 (in UTC+8 timezone): a document with a date with timezone should have the expected date

[Paul Gevers]

Source: jekyll
Version: 4.3.1+dfsg-1
Severity: serious
Control: tags -1 bookworm-ignore
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

Your package has an autopkgtest, great. However, it fails on arm64 since 
mid 2022. I noticed that the two tests that failed are about timezones 
and our arm64 hosts are located in a UTC+8 timezone. Until 2023-04-13 
the hosts were also configured in their local timezone, but changing 
that to UTC didn't solve the problem. Can you please investigate the 
situation and fix it? I copied some of the output at the bottom of this 
report.


The release team has announced [1] that failing autopkgtest on amd64 and 
arm64 are considered RC in testing. [Release Team member hat on] Because 
we're currently in the hard freeze for bookworm, I have marked this bug 
as bookworm-ignore. Targeted fixes are still welcome.


More information about this bug and the reason for filing it can be 
found on 
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation


Paul

[1] https://lists.debian.org/debian-devel-announce/2019/07/msg2.html

https://ci.debian.net/data/autopkgtest/testing/arm64/j/jekyll/32926900/log.gz


Failure:
Minitest::Result#test_: a document with a date with timezone should have 
the expected date. 
[/tmp/autopkgtest-lxc.a_d0zzn9/downtmp/build.XLd/src/test/test_document.rb:627]

Minitest::Assertion: Expected: "2015/09/30"
  Actual: "2015/10/01"

Failure:
Minitest::Result#test_: a document with a date with timezone should 
return the expected date via Liquid. 
[/tmp/autopkgtest-lxc.a_d0zzn9/downtmp/build.XLd/src/test/test_document.rb:631]

Minitest::Assertion: Expected: "2015/09/30"
  Actual: "2015/10/01"


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034449: ffmpeg: I will wait to the new version to arrive to testing

[Unnamed]

Package: ffmpeg
Followup-For: Bug #1034449
X-Debbugs-Cc: iwillnogiveyo...@email.com

I did not realize that there was a new version coming from sid.

If I do not use a real email is because the last time that I used a real one it 
was exposed to all the people that reached the thread (with good, neutral or 
bad intentions). If some day the personal information is hidden I will not have 
any problem using a real email addres, until then I will follow the threads, I 
will read your reponses and I will give you all the information that you 
request, but allways anonymously.

I can also stop reporting bugs, but I think that it is more important to fill 
an anonimous bug report than not filling one because personal information is 
requested.

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ffmpeg depends on:
ii  libavcodec597:5.1.2-3
ii  libavdevice59   7:5.1.2-3
ii  libavfilter87:5.1.2-3
ii  libavformat59   7:5.1.2-3
ii  libavutil57 7:5.1.2-3
ii  libc6   2.36-8
ii  libpostproc56   7:5.1.2-3
ii  libsdl2-2.0-0   2.26.4+dfsg-1
ii  libswresample4  7:5.1.2-3
ii  libswscale6 7:5.1.2-3

ffmpeg recommends no packages.

Versions of packages ffmpeg suggests:
pn  ffmpeg-doc  

-- no debconf information

Bug#1034446: unblock: linux/6.1.24-1

[Paul Gevers]

Hi Salvatore,

On 15-04-2023 17:02, Salvatore Bonaccorso wrote:

Would you in principle agree on that, imporantly, at this stage of the
release? The current debian/changelog is attached.


I'm pretty sure I've mentioned this to you before, but to be clear to 
everybody I'll state it in public here: we currently trust the kernel 
maintainers to make the right decision until (around) the full freeze 
under the condition that they consider the following:


* would you propose the same for a point release?
* if activity in the archive on the d-i front is ongoing or expected
  check with d-boot.

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034260: update reportbug for bookworm release

[Paul Gevers]

Hi Nis,

On 13-04-2023 22:54, Nis Martensen wrote:

To avoid the need to update reportbug in a bookworm point release and
prevent bug 992332 from happening in this release, can we have a version
of reportbug that does the right thing in bookworm?


Yes we can.

Is it acceptable for us to include one or two other small fixes in the
new version? You will want to review the diff before the upload,
correct? Until when do we have time to get this ready?


We'll want to see a debdiff in an unblock bug report against 
release.debian.org, yes.


We don't have a release date yet [1], so I can't say, but the sooner the 
better to have it tested. Also, the later it gets, the more picky we get.


Paul

[1] See also
https://lists.debian.org/debian-release/2023/04/msg00571.html


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1028149: bookworm: ntp has been replaced by ntpsec

[Paul Gevers]

Hi,

On 15-04-2023 17:31, Richard Lewis wrote:

if no-one else does,  i can draft some text that says
- ntp is dropped (do we know why?). ntpsec is a direct replacement,
but there is also chrony
- and, if you do not need the strong guarantees of correct clock,
systemd-timesyncd is part of a standard debian installation

thoughts?


IMVHO that sounds like a plan.

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#893921: free-form triangle shading support available since v2.4.0

[Athos Ribeiro]

This has been merged upstream in
https://github.com/libharu/libharu/pull/157/commits/9e8ba2f5453552909e52fde5ec30856004a616d0
and is available since libharu v2.4.0

AFAICT, this bug can be closed when this package gets bumped to the
latest version (2.4.3 ATM).

--
Athos Ribeiro

Bug#1000012: nmap: depends on obsolete pcre3 library

[Alan Coopersmith]

Upstream bug: https://github.com/nmap/nmap/issues/1335

Bug#1034353: mime-type: image/jpeg instead of image/jls

[Christoph Biedl]

Control: tags 1034353 confirmed upstream

Mathieu Malaterre wrote...

> % wget -O filelogo.jls
> "https://bugs.astron.com/file_download.php?file_id=214=bug;
> % file --mime-type filelogo.jls
> filelogo.jls: image/jpeg
> 
> However upstream claims this is fixed since 5.41, some kind of regression ?

Upstream regression, bisect led to

commit 19d5ac6c83fb5d0d9a3868f0f6f2709b1f11882f
Author: Christos Zoulas 
Date:   Sat Aug 28 12:30:52 2021 +

restore jpeg strength to beat msdos boot sector

Christoph


signature.asc
Description: PGP signature

Bug#1020621: ITA netkit-rusers

[Bastian Germann]

On Mon, 03 Oct 2022 00:55:20 -0700 Sydney Cripe wrote:

Thank you for your maintence on the package!
I'd like to adopt it.

Please submit a source package to review.
You can upload to mentors.debian.net.

Bug#1034449: ffmpeg: converting from any image codec to jxl fails

[Sebastian Ramacher]

Control: tags -1 moreinfo

On 2023-04-15 18:24:29 +0200, Unnamed wrote:
> Package: ffmpeg
> Version: 7:5.1.2-3
> Severity: important
> X-Debbugs-Cc: iwillnogiveyo...@email.com
> 
> Dear Maintainer,
> 
> Trying to convert any image to jpeg-xl fails and throws the next error 
> message:
> 
> Error submitting video frame to the encoder
> Conversion failed!
> 
> Example of failing conversion:
> 
> ffmpeg -i input.jpeg -c:v libjxl -effort 9 -distance 1.5 -y output.jxl
> ffmpeg version 5.1.2-3 Copyright (c) 2000-2022 the FFmpeg developers
>   built with gcc 12 (Debian 12.2.0-14)
>   configuration: --prefix=/usr --extra-version=3 --toolchain=hardened 
> --libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu 
> --arch=amd64 --enable-gpl --disable-stripping --enable-gnutls --enable-ladspa 
> --enable-libaom --enable-libass --enable-libbluray --enable-libbs2b 
> --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d 
> --enable-libflite --enable-libfontconfig --enable-libfreetype 
> --enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm 
> --enable-libjack --enable-libmp3lame --enable-libmysofa --enable-libopenjpeg 
> --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq 
> --enable-librist --enable-librubberband --enable-libshine --enable-libsnappy 
> --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libssh 
> --enable-libsvtav1 --enable-libtheora --enable-libtwolame --enable-libvidstab 
> --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libx265 
> --enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq 
> --enable-libzvbi --enable-lv2 --enable-omx --enable-openal --enable-opencl 
> --enable-opengl --enable-sdl2 --disable-sndio --enable-libjxl 
> --enable-pocketsphinx --enable-librsvg --enable-libmfx --enable-libdc1394 
> --enable-libdrm --enable-libiec61883 --enable-chromaprint --enable-frei0r 
> --enable-libx264 --enable-libplacebo --enable-librav1e --enable-shared
>   libavutil  57. 28.100 / 57. 28.100
>   libavcodec 59. 37.100 / 59. 37.100
>   libavformat59. 27.100 / 59. 27.100
>   libavdevice59.  7.100 / 59.  7.100
>   libavfilter 8. 44.100 /  8. 44.100
>   libswscale  6.  7.100 /  6.  7.100
>   libswresample   4.  7.100 /  4.  7.100
>   libpostproc56.  6.100 / 56.  6.100
> Input #0, j2k_pipe, from 'input.jpeg':
>   Duration: N/A, bitrate: N/A
>   Stream #0:0: Video: jpeg2000, rgb24, 600x600, lossless, 25 fps, 25 tbr, 25 
> tbn
> Stream mapping:
>   Stream #0:0 -> #0:0 (jpeg2000 (native) -> jpegxl (libjxl))
> Press [q] to stop, [?] for help
> Output #0, image2, to 'output.jxl':
>   Metadata:
> encoder : Lavf59.27.100
>   Stream #0:0: Video: jpegxl, rgb24(progressive), 600x600, q=2-31, 200 kb/s, 
> 25 fps, 25 tbn
> Metadata:
>   encoder : Lavc59.37.100 libjxl
> [libjxl @ 0x559c57207dc0] Unknown color range, assuming full (pc)
> [libjxl @ 0x559c57207dc0] Unknown transfer function, assuming 
> IEC61966-2-1/sRGB. Colors may be wrong.
> Error submitting video frame to the encoder
> Conversion failed!

I cannot reproduce this issue in unstable. Please check with 5.1.3-1.

Cheers

> 
> 
> -- System Information:
> Debian Release: 12.0
>   APT prefers testing-security
>   APT policy: (500, 'testing-security'), (500, 'testing')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
> TAINT_UNSIGNED_MODULE
> Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not 
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages ffmpeg depends on:
> ii  libavcodec597:5.1.2-3
> ii  libavdevice59   7:5.1.2-3
> ii  libavfilter87:5.1.2-3
> ii  libavformat59   7:5.1.2-3
> ii  libavutil57 7:5.1.2-3
> ii  libc6   2.36-8
> ii  libpostproc56   7:5.1.2-3
> ii  libsdl2-2.0-0   2.26.4+dfsg-1
> ii  libswresample4  7:5.1.2-3
> ii  libswscale6 7:5.1.2-3
> 
> ffmpeg recommends no packages.
> 
> Versions of packages ffmpeg suggests:
> pn  ffmpeg-doc  
> 
> -- no debconf information
> 

-- 
Sebastian Ramacher

Bug#1018072: RFP: quickemu -- Quickly create and run highly optimised desktop virtual machines for Linux, macOS and Windows.

[Hilko Bengen]

Hi Julian,

you wrote:

> As weird as it might sound coming from the person requesting the
> package, I would package it myself it there was a sponsor for it. Reason
> being that I have never packaged anything for the official Debian
> repositories and have a lot of higher priority stuff to do before
> learning *proper* Debian packaging.

If you like, I'd be happy to sponsor your package.

Cheers,
-Hilko

Bug#765335: ITA libexplain

[Bastian Germann]

Control: retitle -1 O: libexplain -- utility to explain system call errors

Bug#1034242: unblock: tirex/0.7.0-3

[Sebastiaan Couwenberg]

Control: tags -1 - moreinfo

On 4/15/23 18:03, Sebastian Ramacher wrote:

Please remove the moreinfo tag once the package is available in
unstable.


tirex (0.7.0-3) is built & installed on all release architectures.

Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#1003976: RFS: xmrig/6.16.2-1 [ITP] -- High performance, open source CPU/GPU miner and RandomX benchmark.

[Ben Westover]

Hi Bastian,

If you submit the package for package maintenance in the Cryptocoin 
Team, I would be inclined to take a look.


That sounds great! I wish I would've known of that team this whole time. 
I've listed team+cryptoc...@tracker.debian.org as the maintainer in my 
d/control file, and requested access to the Salsa group.


Thanks,
--
Ben Westover


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034444: www.debian.org: Incorrect information in https://www.debian.org/releases/

[Laura Arjona Reina]

Hello Charles
Thanks for your report.

I have done the following updates:

webwml master c5614b3 Laura Arjona Reina english/releases/ 
jessie/index.wml wheezy/index.wml

* Update paragraph about LTS support, writing in past tense
* https://salsa.debian.org/webmaster-team/webwml/-/commit/c5614b3

webwml master 318de67 Laura Arjona Reina english/releases/buster/index.wml
* Update buster page to show currently under LTS
* https://deb.li/3D5KV

webwml master c79a49c Laura Arjona Reina english/releases/index.wml
* Update info about releases under ELTS and current LTS. Closes: #103
* https://deb.li/BY31

I think the English pages should show the accurate information in the 
following hours (after the next website build). Translations should 
follow in the next days.


Kind regards,
--
Laura Arjona Reina
https://wiki.debian.org/LauraArjona

Bug#1034449: ffmpeg: converting from any image codec to jxl fails

[Unnamed]

Package: ffmpeg
Version: 7:5.1.2-3
Severity: important
X-Debbugs-Cc: iwillnogiveyo...@email.com

Dear Maintainer,

Trying to convert any image to jpeg-xl fails and throws the next error message:

Error submitting video frame to the encoder
Conversion failed!

Example of failing conversion:

ffmpeg -i input.jpeg -c:v libjxl -effort 9 -distance 1.5 -y output.jxl
ffmpeg version 5.1.2-3 Copyright (c) 2000-2022 the FFmpeg developers
  built with gcc 12 (Debian 12.2.0-14)
  configuration: --prefix=/usr --extra-version=3 --toolchain=hardened 
--libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu 
--arch=amd64 --enable-gpl --disable-stripping --enable-gnutls --enable-ladspa 
--enable-libaom --enable-libass --enable-libbluray --enable-libbs2b 
--enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libdav1d 
--enable-libflite --enable-libfontconfig --enable-libfreetype 
--enable-libfribidi --enable-libglslang --enable-libgme --enable-libgsm 
--enable-libjack --enable-libmp3lame --enable-libmysofa --enable-libopenjpeg 
--enable-libopenmpt --enable-libopus --enable-libpulse --enable-librabbitmq 
--enable-librist --enable-librubberband --enable-libshine --enable-libsnappy 
--enable-libsoxr --enable-libspeex --enable-libsrt --enable-libssh 
--enable-libsvtav1 --enable-libtheora --enable-libtwolame --enable-libvidstab 
--enable-libvorbis --enable-libvpx --enable-libwebp --enable-libx265 
--enable-libxml2 --enable-libxvid --enable-libzimg --enable-libzmq 
--enable-libzvbi --enable-lv2 --enable-omx --enable-openal --enable-opencl 
--enable-opengl --enable-sdl2 --disable-sndio --enable-libjxl 
--enable-pocketsphinx --enable-librsvg --enable-libmfx --enable-libdc1394 
--enable-libdrm --enable-libiec61883 --enable-chromaprint --enable-frei0r 
--enable-libx264 --enable-libplacebo --enable-librav1e --enable-shared
  libavutil  57. 28.100 / 57. 28.100
  libavcodec 59. 37.100 / 59. 37.100
  libavformat59. 27.100 / 59. 27.100
  libavdevice59.  7.100 / 59.  7.100
  libavfilter 8. 44.100 /  8. 44.100
  libswscale  6.  7.100 /  6.  7.100
  libswresample   4.  7.100 /  4.  7.100
  libpostproc56.  6.100 / 56.  6.100
Input #0, j2k_pipe, from 'input.jpeg':
  Duration: N/A, bitrate: N/A
  Stream #0:0: Video: jpeg2000, rgb24, 600x600, lossless, 25 fps, 25 tbr, 25 tbn
Stream mapping:
  Stream #0:0 -> #0:0 (jpeg2000 (native) -> jpegxl (libjxl))
Press [q] to stop, [?] for help
Output #0, image2, to 'output.jxl':
  Metadata:
encoder : Lavf59.27.100
  Stream #0:0: Video: jpegxl, rgb24(progressive), 600x600, q=2-31, 200 kb/s, 25 
fps, 25 tbn
Metadata:
  encoder : Lavc59.37.100 libjxl
[libjxl @ 0x559c57207dc0] Unknown color range, assuming full (pc)
[libjxl @ 0x559c57207dc0] Unknown transfer function, assuming 
IEC61966-2-1/sRGB. Colors may be wrong.
Error submitting video frame to the encoder
Conversion failed!


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ffmpeg depends on:
ii  libavcodec597:5.1.2-3
ii  libavdevice59   7:5.1.2-3
ii  libavfilter87:5.1.2-3
ii  libavformat59   7:5.1.2-3
ii  libavutil57 7:5.1.2-3
ii  libc6   2.36-8
ii  libpostproc56   7:5.1.2-3
ii  libsdl2-2.0-0   2.26.4+dfsg-1
ii  libswresample4  7:5.1.2-3
ii  libswscale6 7:5.1.2-3

ffmpeg recommends no packages.

Versions of packages ffmpeg suggests:
pn  ffmpeg-doc  

-- no debconf information

Bug#1034448: bind9: Typo in documentation file name

[Gard Spreemann]

Package: bind9
Version: 1:9.16.37-1~deb11u1
Severity: minor
X-Debbugs-Cc: g...@nonempty.org

Dear Maintainer,

/etc/bind/named.conf refers to documentation in
/usr/share/doc/bind9/README.Debian.gz. The correct file name is
seemingly /usr/share/doc/bind9/README.Debian.


 -- Gard
 


signature.asc
Description: PGP signature

Bug#1034242: unblock: tirex/0.7.0-3

[Sebastian Ramacher]

Control: tags -1 confirmed moreinfo

On 2023-04-11 10:30:23 +0200, Bas Couwenberg wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: ti...@packages.debian.org
> Control: affects -1 + src:tirex
> 
> Please unblock package tirex

Please remove the moreinfo tag once the package is available in
unstable.

Cheers

> 
> It moves the systemd services back to /lib/systemd to fix #1034222.
> 
> [ Reason ]
> Fix service activation by debhelper.
> 
> [ Impact ]
> Services not activated as expected.
> 
> [ Tests ]
> N/A
> 
> [ Risks ]
> Low, leaf package.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> The package has not been uploaded to unstable yet.
> 
> The pending changes in git are also included which we'd rather not have to 
> revert.
> 
> unblock tirex/0.7.0-3

> diff -Nru tirex-0.7.0/debian/changelog tirex-0.7.0/debian/changelog
> --- tirex-0.7.0/debian/changelog  2022-08-03 10:27:51.0 +0200
> +++ tirex-0.7.0/debian/changelog  2023-04-11 10:20:03.0 +0200
> @@ -1,3 +1,14 @@
> +tirex (0.7.0-3) unstable; urgency=medium
> +
> +  * Team upload.
> +  * Add Rules-Requires-Root to control file.
> +  * Update lintian overrides.
> +  * Bump Standards-Version to 4.6.2, no changes.
> +  * Move systemd services to /lib/systemd.
> +(closes: #1034222)
> +
> + -- Bas Couwenberg   Tue, 11 Apr 2023 10:20:03 +0200
> +
>  tirex (0.7.0-2) unstable; urgency=medium
>  
>[ Frederik Ramm ]
> diff -Nru tirex-0.7.0/debian/control tirex-0.7.0/debian/control
> --- tirex-0.7.0/debian/control2022-06-21 07:23:56.0 +0200
> +++ tirex-0.7.0/debian/control2023-01-18 17:21:22.0 +0100
> @@ -9,10 +9,11 @@
> libipc-sharelite-perl,
> libjson-perl,
> libmapnik-dev
> -Standards-Version: 4.6.1
> +Standards-Version: 4.6.2
>  Vcs-Browser: https://salsa.debian.org/debian-gis-team/tirex
>  Vcs-Git: https://salsa.debian.org/debian-gis-team/tirex.git
>  Homepage: https://wiki.openstreetmap.org/wiki/Tirex
> +Rules-Requires-Root: no
>  
>  Package: tirex
>  Section: utils
> diff -Nru tirex-0.7.0/debian/patches/rules-requires-root.patch 
> tirex-0.7.0/debian/patches/rules-requires-root.patch
> --- tirex-0.7.0/debian/patches/rules-requires-root.patch  1970-01-01 
> 01:00:00.0 +0100
> +++ tirex-0.7.0/debian/patches/rules-requires-root.patch  2022-11-29 
> 19:11:38.0 +0100
> @@ -0,0 +1,12 @@
> +Description: Fix FTBFS Rules-Requires-Root: no.
> +Author: Bas Couwenberg 
> +Forwarded: not-needed
> +
> +--- a/Makefile
>  b/Makefile
> +@@ -1,4 +1,4 @@
> +-INSTALLOPTS=-g root -o root
> ++INSTALLOPTS=
> + build: Makefile.perl
> + cd backend-mapnik; $(MAKE) $(MFLAGS)
> + $(MAKE) -f Makefile.perl
> diff -Nru tirex-0.7.0/debian/patches/series tirex-0.7.0/debian/patches/series
> --- tirex-0.7.0/debian/patches/series 2021-10-07 17:46:27.0 +0200
> +++ tirex-0.7.0/debian/patches/series 2022-11-29 19:10:50.0 +0100
> @@ -1 +1,2 @@
>  0001-Make-sure-usr-libexec-directory-extists.patch
> +rules-requires-root.patch
> diff -Nru tirex-0.7.0/debian/rules tirex-0.7.0/debian/rules
> --- tirex-0.7.0/debian/rules  2021-10-08 10:02:58.0 +0200
> +++ tirex-0.7.0/debian/rules  2022-11-29 19:04:47.0 +0100
> @@ -9,7 +9,4 @@
>  %:
>   dh $@ --with apache2
>  
> -override_dh_auto_install:
> - dh_auto_install --destdir=debian/tmp
> -
>  .PHONY: templates
> diff -Nru tirex-0.7.0/debian/tirex.install tirex-0.7.0/debian/tirex.install
> --- tirex-0.7.0/debian/tirex.install  2021-10-07 17:46:27.0 +0200
> +++ tirex-0.7.0/debian/tirex.install  2023-04-11 10:03:09.0 +0200
> @@ -24,7 +24,7 @@
>  debian/etc/tirex/tirex.conf  etc/tirex
>  debian/etc/tirex/renderer/mapnik.confetc/tirex/renderer
>  debian/tmpfiles.d/tirex.conf usr/lib/tmpfiles.d
> -debian/tirex-master.service  usr/lib/systemd/system/
> -debian/tirex-backend-manager.service usr/lib/systemd/system/
> +debian/tirex-master.service  lib/systemd/system/
> +debian/tirex-backend-manager.service lib/systemd/system/
>  usr/libexec/tirex-backend-mapnik
>  usr/libexec/tirex-backend-test
> diff -Nru tirex-0.7.0/debian/tirex.lintian-overrides 
> tirex-0.7.0/debian/tirex.lintian-overrides
> --- tirex-0.7.0/debian/tirex.lintian-overrides2021-10-08 
> 09:39:26.0 +0200
> +++ tirex-0.7.0/debian/tirex.lintian-overrides2022-11-29 
> 19:18:57.0 +0100
> @@ -1,2 +1,6 @@
>  # This package only provides systemd unit files:
>  package-supports-alternative-init-but-no-init.d-script
> +
> +# False positive, lat/lon
> +typo-in-manual-page lon long *
> +


-- 
Sebastian Ramacher

Bug#1034368: unblock: amazon-ec2-net-utils/2.3.0-3

[Sebastian Ramacher]

Control: tags -1 moreinfo confirmed

On 2023-04-13 10:41:06 -0700, Noah Meyerhans wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: amazon-ec2-net-ut...@packages.debian.org
> Control: affects -1 + src:amazon-ec2-net-utils
> 
> Please unblock package amazon-ec2-net-utils

Please remove the moreinfo tag once the package is available in
unstable.

Cheers

> 
> This is a targeted change to work around the debhelper dh_installsystemd 
> issues
> with management of unit files in /usr/lib/systemd/system (background in
> #1031695). This closes RC bug #1034212 by moving these files to
> /lib/systemd/system as shown below:
> 
> $ debdiff amazon-ec2-net-utils_2.3.0-2.dsc amazon-ec2-net-utils_2.3.0-3.dsc   
>  
> dpkg-source: warning: extracting unsigned source package 
> (/home/noahm/src/debian/cloud/amazon-ec2-net-utils_2.3.0-2.dsc)
> dpkg-source: warning: extracting unsigned source package 
> (/home/noahm/src/debian/cloud/amazon-ec2-net-utils_2.3.0-3.dsc)
> diff -Nru amazon-ec2-net-utils-2.3.0/debian/changelog 
> amazon-ec2-net-utils-2.3.0/debian/changelog
> --- amazon-ec2-net-utils-2.3.0/debian/changelog 2023-01-21 11:25:53.0 
> -0800
> +++ amazon-ec2-net-utils-2.3.0/debian/changelog 2023-04-13 10:22:32.0 
> -0700
> @@ -1,3 +1,9 @@
> +amazon-ec2-net-utils (2.3.0-3) unstable; urgency=medium
> +
> +  * Install systemd services to /lib/systemd/system. (Closes: 1034212)
> +
> + -- Noah Meyerhans   Thu, 13 Apr 2023 10:22:32 -0700
> +
>  amazon-ec2-net-utils (2.3.0-2) unstable; urgency=medium
>  
>* Set Maintainer to the cloud team and add myself to Uploaders
> diff -Nru amazon-ec2-net-utils-2.3.0/debian/patches/debian-changes 
> amazon-ec2-net-utils-2.3.0/debian/patches/debian-changes
> --- amazon-ec2-net-utils-2.3.0/debian/patches/debian-changes2023-01-21 
> 11:25:53.0 -0800
> +++ amazon-ec2-net-utils-2.3.0/debian/patches/debian-changes2023-04-13 
> 10:22:32.0 -0700
> @@ -1,3 +1,16 @@
> +diff --git a/GNUmakefile b/GNUmakefile
> +index d06847d..dd077a7 100644
> +--- a/GNUmakefile
>  b/GNUmakefile
> +@@ -6,7 +6,7 @@ PREFIX?=/usr/local
> + BINDIR=${DESTDIR}${PREFIX}/bin
> + UDEVDIR=${DESTDIR}/usr/lib/udev/rules.d
> + SYSTEMDDIR=${DESTDIR}/usr/lib/systemd
> +-SYSTEMD_SYSTEM_DIR=${SYSTEMDDIR}/system
> ++SYSTEMD_SYSTEM_DIR=${DESTDIR}/lib/systemd/system
> + SYSTEMD_NETWORK_DIR=${SYSTEMDDIR}/network
> + SHARE_DIR=${DESTDIR}/${PREFIX}/share/${pkgname}
> + 
>  diff --git a/lib/lib.sh b/lib/lib.sh
>  index d01dd23..02357d9 100644
>  --- a/lib/lib.sh
> $ debdiff amazon-ec2-net-utils_2.3.0-2_amd64.changes 
> amazon-ec2-net-utils_2.3.0-3_amd64.changes
> [The following lists of changes regard files as different if they have
> different names, permissions or owners.]
> 
> Files in second .changes but not in first
> -
> -rw-r--r--  root/root   /lib/systemd/system/policy-routes@.service
> -rw-r--r--  root/root   /lib/systemd/system/refresh-policy-routes@.service
> -rw-r--r--  root/root   /lib/systemd/system/refresh-policy-routes@.timer
> 
> Files in first .changes but not in second
> -
> -rw-r--r--  root/root   /usr/lib/systemd/system/policy-routes@.service
> -rw-r--r--  root/root   /usr/lib/systemd/system/refresh-policy-routes@.service
> -rw-r--r--  root/root   /usr/lib/systemd/system/refresh-policy-routes@.timer
> 
> Control files: lines which differ (wdiff format)
> 
> Installed-Size: [-44-] {+47+}
> Version: [-2.3.0-2-] {+2.3.0-3+}
> 
> [ Impact ]
> 
> Without this change, systemd services and timers installed by
> amazon-ec2-net-utils may not be activated as expected when the package is
> installed.
> 
> [ Tests ]
> 
> n/a
> 
> [ Risks ]
> 
> Worst case, if everything goes horribly wrong, is that certain non-default
> network configuration in Amazon EC2 won't be applied. This includes
> configuration of secondary network interfaces and secondary IPv4 addresses on
> any interfaces.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> (Anything else the release team should know.)
> 
> unblock amazon-ec2-net-utils/2.3.0-3
> 

-- 
Sebastian Ramacher

Bug#1034447: O: gkermit -- file transfer program

[Bastian Germann]

Package: wnpp

I am orphaning gkermit because I do not really use it.
Please adopt it if you have the time and skills to maintain it.

Bug#1028149: bookworm: ntp has been replaced by ntpsec

[Richard Lewis]

On Mon, 27 Mar 2023 11:15:20 +0200 Miroslav Lichvar  wrote:
> On Thu, 23 Mar 2023 12:12:04 + Richard Lewis 
>  wrote:
> > Presumably the release notes should also say that most people should
> > consider systemd-timesyncd as this is priority:standard (since at
> > least buster, but i dont remember seeing this in release notes then)?
> > - i assume the idea is that if you dont have any special needs beyond
> > "set the clock" should use systemd-timesyncd, And people who need
> > extra features (like running their own ntp server) should install
> > ntpsec / chrony / opennntpd ?
>
> Recommending timesyncd as an NTP client to replace ntpd would not be a
> good idea, especially if you consider the default configuration using
> servers from pool.ntp.org.

Isnt that effectively what debian has done by setting systemd-timesync
to "standard" priority?

if that's a bad decision, you should make the case to debian to change
it i would think?
(standard = installed by default, per debian policy)

>  individual servers cannot be
> relied on. They are run by volunteers. Some are well maintained, some
> are not.

like debian packages :p

> timesyncd needs to be configured with a reliable server to work well.
> Canonical maintains their own NTP servers and uses them by default in
> Ubuntu. That makes senses. Debian uses pool.ntp.org, so it should
> recommend a proper NTP client for a reliable service.

sounds like something beyond the scope of release-notes...

if no-one else does,  i can draft some text that says
- ntp is dropped (do we know why?). ntpsec is a direct replacement,
but there is also chrony
- and, if you do not need the strong guarantees of correct clock,
systemd-timesyncd is part of a standard debian installation

thoughts?

Bug#1034436: libxml2: diff for NMU version 2.9.14+dfsg-1.2

[Salvatore Bonaccorso]

Control: tags 1034436 + patch
Control: tags 1034436 + pending
Control: tags 1034437 + patch
Control: tags 1034437 + pending


Dear maintainer,

I've prepared an NMU for libxml2 (versioned as 2.9.14+dfsg-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer, but ideally at this point of the relese
preparations for bookworm, would be good to not delay it.

Regards,
Salvatore
diff -Nru libxml2-2.9.14+dfsg/debian/changelog libxml2-2.9.14+dfsg/debian/changelog
--- libxml2-2.9.14+dfsg/debian/changelog	2022-10-30 11:18:06.0 +0100
+++ libxml2-2.9.14+dfsg/debian/changelog	2023-04-15 16:25:06.0 +0200
@@ -1,3 +1,14 @@
+libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
+  * Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484)
+(Closes: #1034436)
+  * Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
+(Closes: #1034437)
+
+ -- Salvatore Bonaccorso   Sat, 15 Apr 2023 16:25:06 +0200
+
 libxml2 (2.9.14+dfsg-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libxml2-2.9.14+dfsg/debian/patches/CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch libxml2-2.9.14+dfsg/debian/patches/CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch
--- libxml2-2.9.14+dfsg/debian/patches/CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch	1970-01-01 01:00:00.0 +0100
+++ libxml2-2.9.14+dfsg/debian/patches/CVE-2023-28484-Fix-null-deref-in-xmlSchemaFixupCompl.patch	2023-04-15 16:25:06.0 +0200
@@ -0,0 +1,76 @@
+From: Nick Wellnhofer 
+Date: Fri, 7 Apr 2023 11:46:35 +0200
+Subject: [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
+Origin: https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
+Bug-Debian: https://bugs.debian.org/1034436
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-28484
+
+Fix a null pointer dereference when parsing (invalid) XML schemas.
+
+Thanks to Robby Simpson for the report!
+
+Fixes #491.
+---
+ result/schemas/issue491_0_0.err |  1 +
+ test/schemas/issue491_0.xml |  1 +
+ test/schemas/issue491_0.xsd | 18 ++
+ xmlschemas.c|  2 +-
+ 4 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 result/schemas/issue491_0_0.err
+ create mode 100644 test/schemas/issue491_0.xml
+ create mode 100644 test/schemas/issue491_0.xsd
+
+diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err
+new file mode 100644
+index ..9b2bb9691f55
+--- /dev/null
 b/result/schemas/issue491_0_0.err
+@@ -0,0 +1 @@
++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'.
+diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml
+new file mode 100644
+index ..e2b2fc2e359b
+--- /dev/null
 b/test/schemas/issue491_0.xml
+@@ -0,0 +1 @@
++http://www.test.com;>5
+diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd
+new file mode 100644
+index ..8170264987b7
+--- /dev/null
 b/test/schemas/issue491_0.xsd
+@@ -0,0 +1,18 @@
++
++http://www.w3.org/2001/XMLSchema; xmlns="http://www.test.com; targetNamespace="http://www.test.com; elementFormDefault="qualified" attributeFormDefault="unqualified">
++  
++
++  
++
++  
++  
++
++  
++
++  
++
++  
++
++  
++  
++
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 152b7c3f521b..eec24a95fca9 100644
+--- a/xmlschemas.c
 b/xmlschemas.c
+@@ -18619,7 +18619,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt,
+ 			"allowed to appear inside other model groups",
+ 			NULL, NULL);
+ 
+-		} else if (! dummySequence) {
++		} else if ((!dummySequence) && (baseType->subtypes != NULL)) {
+ 		xmlSchemaTreeItemPtr effectiveContent =
+ 			(xmlSchemaTreeItemPtr) type->subtypes;
+ 		/*
+-- 
+2.40.0
+
diff -Nru libxml2-2.9.14+dfsg/debian/patches/CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch libxml2-2.9.14+dfsg/debian/patches/CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch
--- libxml2-2.9.14+dfsg/debian/patches/CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch	1970-01-01 01:00:00.0 +0100
+++ libxml2-2.9.14+dfsg/debian/patches/CVE-2023-29469-Hashing-of-empty-dict-strings-isn-t-d.patch	2023-04-15 16:25:06.0 +0200
@@ -0,0 +1,38 @@
+From: Nick Wellnhofer 
+Date: Fri, 7 Apr 2023 11:49:27 +0200
+Subject: [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
+Origin: https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
+Bug-Debian: https://bugs.debian.org/1034437
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-29469
+
+When hashing empty strings which 

Bug#1034446: unblock: linux/6.1.24-1

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: li...@packages.debian.org, k...@debian.org, car...@debian.org
Control: affects -1 + src:linux

Dear release team,

Please unblock package linux

I'm seaking for pre-approval and your opinion on time availability to
still do at least (and depending on finding the release date for
bookworm) further stable series imports. After 6.1.20-2 migration to
testing (which I see it is already unblocked, thanks Paul Gevers), the
next update could be to update to at least 6.1.24:

There are stable series imports from 6.1.20 up to 6.1.24, convering as
well fixes for CVE-2023-1989, CVE-2023-1583 and CVE-2023-1611. Ideally
we as well address #1033058 (Cyril will be happy).

There are fixed in different areas as well, which we can benefit of
(e.g. fixes for the newly enabled mpi3mr driver, this was known the
fixes will land in post 6.1.20). With the stable series import there
is as well always a slight risk on new upstream regressions.

Would you in principle agree on that, imporantly, at this stage of the
release? The current debian/changelog is attached.

unblock linux/6.1.24-1

Regards,
Salvatore
linux (6.1.24-1) UNRELEASED; urgency=medium

  * New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.21
- xfrm: Allow transport-mode states with AF_UNSPEC selector
- drm/virtio: Pass correct device to dma_sync_sgtable_for_device()
- drm/msm/gem: Prevent blocking within shrinker loop
- [arm64,armhf] drm/panfrost: Don't sync rpm suspension after mmu flushing
- cifs: Move the in_send statistic to __smb_send_rqst()
- [arm64] drm/meson: fix 1px pink line on GXM when scaling video overlay
- [x86] ASoC: SOF: Intel: MTL: Fix the device description
- [x86] ASoC: SOF: Intel: HDA: Fix device description
- [x86] ASoC: SOF: Intel: SKL: Fix device description
- [x86] ASOC: SOF: Intel: pci-tgl: Fix device description
- docs: Correct missing "d_" prefix for dentry_operations member
  d_weak_revalidate
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
- ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
- netfilter: nft_nat: correct length for loading protocol registers
- netfilter: nft_masq: correct length for loading protocol registers
- netfilter: nft_redir: correct length for loading protocol registers
- netfilter: nft_redir: correct value of inet type `.maxattrs`
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD
- scsi: core: Fix a procfs host directory removal regression
- ftrace,kcfi: Define ftrace_stub_graph conditionally
- tcp: tcp_make_synack() can be called from process context
- wifi: nl80211: fix NULL-ptr deref in offchan check
- wifi: cfg80211: fix MLO connection ownership
- nfc: pn533: initialize struct pn533_out_arg properly
- ipvlan: Make skb->skb_iif track skb->dev for l3s mode
- i40e: Fix kernel crash during reboot when adapter is in recovery mode
- [s390x] PCI: s390: Fix use-after-free of PCI resources with per-function
  hotplug
- [x86] drm/i915/psr: Use calculated io and fast wake lines
- [x86] drm/i915/sseu: fix max_subslices array-index-out-of-bounds access
- net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
- qed/qed_dev: guard against a possible division by zero
- block: do not reverse request order when flushing plug list
- loop: Fix use-after-free issues
- net: tunnels: annotate lockless accesses to dev->needed_headroom
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status
  fails
- tcp: Fix bind() conflict check for dual-stack wildcard address.
- net/smc: fix deadlock triggered by cancel_delayed_work_syn()
- net: usb: smsc75xx: Limit packet length to skb->len
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts
  kdoc
- [powerpc*] mm: Fix false detection of read faults
- nvme: fix handling single range discard request
- nvmet: avoid potential UAF in nvmet_req_complete()
- block: sunvdc: add check for mdesc_grab() returning NULL
- net/mlx5e: Fix macsec ASO context alignment
- net/mlx5e: Don't cache tunnel offloads capability
- net/mlx5: Fix setting ec_function bit in MANAGE_PAGES
- net/mlx5: Disable eswitch before waiting for VF pages
- net/mlx5e: Support Geneve and GRE with VF tunnel offload
- net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs
  internal port
- net/mlx5e: Fix cleanup null-ptr deref on encap lock
- net/mlx5: Set BREAK_FW_WAIT flag first when removing driver
- veth: Fix use after free in XDP_REDIRECT
- ice: xsk: disable txq irq before flushing hw
- [arm64,armhf] net: dsa: don't error out when drivers return ETH_DATA_LEN
  in 

Bug#1034445: linux-image-5.10.0-21-amd64: Sometimes kernel-oops occurs reloading the psmouse module

[Michael Fritscher]

Package: src:linux
Version: 5.10.162-1
Severity: important

Sometimes, the touchpad/trackpoint on my x210 (no typo, it is a x201 with a new 
motherboard, hence "x210", looses the settings or does not work work anymore at 
all.

To fix this, I created a script like

#!/bin/sh
rmmod psmouse
sleep 2
modprobe psmouse
sleep 5
echo "Trackpoint einstellen"
# Trackpoint sensibler
for i in /sys/devices/platform/i8042/serio2/serio*; do
if [ ! -e $i/sensitivity ]; then
continue
fi
echo -n 200 > $i/sensitivity
# und schneller
echo -n 230 > $i/speed
echo 1 > $i/press_to_select
done


which works in 95% of the cases. But in some cases. I get a kernel oops 
(attached). Then the system begins to get instable, and a clean shutdown is not 
possible anymore.
I've hade the problem since the beginning, at least starting with the 5.4 
kernel. I get the same problem with the Ubuntu 20.04 HWW kernel (5.15).

Best regards
Michael



kernel-oops:

[33198.813226] psmouse serio2: synaptics: queried max coordinates: x [..5888], 
y [..4810]
[33198.866631] psmouse serio2: synaptics: Touchpad model: 1, fw: 7.4, id: 
0x1e0b1, caps: 0xd047b1/0xb4/0xa/0x0, board id: 0, fw id: 615624
[33198.866646] psmouse serio2: synaptics: serio: Synaptics pass-through port at 
isa0060/serio2/input0
[33198.900422] input: SynPS/2 Synaptics TouchPad as 
/devices/platform/i8042/serio2/input/input97
[33198.907202] psmouse serio2: TouchPad at isa0060/serio2/input0 lost sync at 
byte 1
[33198.908315] psmouse serio2: TouchPad at isa0060/serio2/input0 lost sync at 
byte 1
[33199.108041] psmouse serio2: TouchPad at isa0060/serio2/input0 lost sync at 
byte 1
[33199.109151] psmouse serio2: TouchPad at isa0060/serio2/input0 lost sync at 
byte 1
[33200.106629] psmouse serio2: Failed to deactivate mouse on isa0060/serio2: -5
[33200.107226] psmouse serio2: Failed to enable mouse on isa0060/serio2
[33200.112507] input: PS/2 Generic Mouse as 
/devices/platform/i8042/serio2/input/input101
[33200.113291] psmouse serio2: Failed to enable mouse on isa0060/serio2
[33200.113419] BUG: kernel NULL pointer dereference, address: 0048
[33200.113429] #PF: supervisor write access in kernel mode
[33200.113434] #PF: error_code(0x0002) - not-present page
[33200.113439] PGD 0 P4D 0 
[33200.113454] Oops: 0002 [#1] SMP PTI
[33200.113464] CPU: 4 PID: 1104044 Comm: kworker/4:1 Tainted: P   OE
 5.10.0-21-amd64 #1 Debian 5.10.162-1
[33200.113469] Hardware name: Default string Default string/Default string, 
BIOS 5.12 01/11/2019
[33200.113482] Workqueue: events_long serio_handle_event
[33200.113505] RIP: 0010:synaptics_pt_start+0x2e/0x60 [psmouse]
[33200.113511] Code: 00 41 54 55 53 48 8b 87 00 01 00 00 48 89 fb 48 8b a8 d0 
01 00 00 48 8b 45 10 4c 8b 65 00 48 8d b8 d0 00 00 00 e8 52 a6 3b dd <49> 89 5c 
24 48 48 8b 7d 10 48 81 c7 d0 00 00 00 c6 07 00 0f 1f 40
[33200.113518] RSP: 0018:afbf247f3e30 EFLAGS: 00010046
[33200.113523] RAX:  RBX: 91d2c8ac5800 RCX: 91d2c8ac5908
[33200.113527] RDX: 0001 RSI: 91d2e9586448 RDI: 91d2e95818d0
[33200.113531] RBP: 91d7659f4600 R08: 9e7f8bd0 R09: 9e7f8bd0
[33200.113534] R10: 0001 R11:  R12: 
[33200.113538] R13: 91d2e9586448 R14: 91d2c8ac5c48 R15: 91d2e9581918
[33200.113543] FS:  () GS:91d9ded0() 
knlGS:
[33200.113547] CS:  0010 DS:  ES:  CR0: 80050033
[33200.113551] CR2: 0048 CR3: 00054bc0a006 CR4: 003706e0
[33200.113555] Call Trace:
[33200.113571]  serio_handle_event+0x273/0x2e0
[33200.113580]  process_one_work+0x1b3/0x350
[33200.113587]  worker_thread+0x53/0x3e0
[33200.113594]  ? process_one_work+0x350/0x350
[33200.113601]  kthread+0x118/0x140
[33200.113608]  ? __kthread_bind_mask+0x60/0x60
[33200.113617]  ret_from_fork+0x1f/0x30
[33200.113625] Modules linked in: psmouse wacom usbhid hid snd_hrtimer 
snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device ctr ccm 
rfcomm xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 
xt_tcpudp nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 
nf_defrag_ipv4 nft_counter nf_tables crc32c_generic nfnetlink bridge 
cpufreq_conservative cpufreq_userspace cpufreq_powersave cpufreq_ondemand ifb 
sch_fq_codel vmw_vsock_vmci_transport vsock vmw_vmci 8021q garp stp mrp llc 
qrtr ns cmac algif_hash algif_skcipher af_alg bnep uinput binfmt_misc nls_ascii 
nls_cp437 vfat fat snd_hda_codec_hdmi snd_hda_codec_conexant 
snd_hda_codec_generic ledtrig_audio snd_soc_skl snd_soc_hdac_hda 
snd_hda_ext_core snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_acpi_intel_match 
snd_soc_acpi snd_hda_intel snd_intel_dspcfg soundwire_intel 
soundwire_generic_allocation snd_soc_core iwlmvm btusb btrtl snd_compress btbcm 
btintel soundwire_cadence snd_hda_codec bluetooth mac80211 snd_hda_core
[33200.113766]  snd_hwdep soundwire_bus uvcvideo snd_pcm_oss 

Bug#1034429: coreutils: install: -s runs ["strip", $f] instead of ["strip", "--", $f]; should use strip from $STRIP

[наб]

On Sat, Apr 15, 2023 at 02:04:18PM +0100, Pádraig Brady wrote:
> But perhaps the strip program doesn't handle the convention
> that -- indicates end of option processing?
Inasmuch as "perhaps strip doesn't use getopt(3)" /and/
"perhaps strip doesn't conform to the XCU"
(https://pubs.opengroup.org/onlinepubs/9699919799/utilities/strip.html;
 note no changes since Issue 2, which means this has been a requirement
 realistically since 1989
 (it's in my copy of XSI Issue 3, saying it's equivalent to Issue 2,
  but it's only Volume 1, and it's unclear to me if the XBD USG
  was fully developed; Issue 2 hasn't been archived),
 and definitely since SUSv1, whose Guideline 10 and Utility Description
 Defaults, OPTIONS, Default Behaviour are both as present-day)
can both hold at the same time, I guess?
You can probably tell I'm quite sceptical any such strip exists.

> > It would also be nice for $STRIP to provide a default if -S isn't set;
> > the usefulness of install -s is doubtful if
> >install -s binary $DESTDIR/bin
> > only works if binary happens to match the host arch.
> Yes it's a fair point that calling strip without options is quite restrictive.
> Though I suppose --strip-program can point to a script that calls strip 
> appropriately.
My target usecase is for third-party programs running install -s,
which, without modification, cannot be made to work if strip is binutils
strip and the binary is non-native.

Of course I can edit them to be install --strip-program=llvm-strip -s ...,
but, y'know, at some point using install instead of cp and strip
stops making sense. I guess it'd just be nice if ${CC:-cc}
synergised with ${STRIP:-strip}.

> There are some security issues with env vars that impact what is executed.
> I do see that FreeBSD install(1) does support $STRIPBIN, though they
> don't support --strip-program, so functionality is equivalent from that point 
> of view.
Functionality is greatly improved since the target is no longer
effectively hard-coded into the caller. The impact of this is reduced on
FreeBSD since it uses elftoolchain strip, which appears to be
target-agnostic.

Best,
наб


signature.asc
Description: PGP signature

Bug#1034208: Partman may reset user's choice for ESP partitions use

[Pascal Hambourg]

Control: tags -1 patch

On 11/04/2023 at 08:53, I wrote:


as discussed in #debian-boot (you asked for it), I observed that partman 
resets the method set by the user on ESP partitions after setting LVM or 
RAID (and possibly encryption, I forgot to test).

(...)
This is caused by /lib/partman/init.d/50efi rewriting "efi" to $id/ 
method when being re-run after leaving LVM/RAID setup.


Suggested fix: do not rewrite $id/method if 
/var/lib/partman/uefi_check_done exists, either by moving the check 
before the device loop (my preferred) or by adding a check before 
writing the method.


Here are patches implementing the two versions of the above fix.

Note: in order to deal with a similar issue with swap devices, 
partman-basicfilesystems init.d/autouse_swap sets a per-device flag to 
only run the first time each device is encountered. I guess per-device 
flags were used instead of a single global flag because new swap devices 
may be discovered later in virtual devices (e.g. logical volumes), but 
per-device flags are not needed for ESPs because AFAIK ESPs can only be 
plain partitions on local disks and it is unlikely that new local disks 
are discovered later (unless the user attaches a removable drive).From 4bb7694a6750a0fd56bd4399c2412bb5304b1bd6 Mon Sep 17 00:00:00 2001
From: Pascal Hambourg 
Date: Tue, 11 Apr 2023 14:35:44 +0200
Subject: [PATCH] init.d/efi: Only run checks and set method "efi" for ESPs
 once

Only set method "efi" for ESP partitions once, else user's
choice (e.g. "do not use") may be reset to "ESP" after
setting up LVM, RAID or encrypted volumes.
Also run the whole checks once, pointless otherwise.

Fixes: #1034208
---
 init.d/efi | 49 +
 1 file changed, 25 insertions(+), 24 deletions(-)

diff --git a/init.d/efi b/init.d/efi
index fa44a97..4f408c2 100755
--- a/init.d/efi
+++ b/init.d/efi
@@ -34,6 +34,11 @@ fi
 
 . /lib/partman/lib/base.sh
 
+if [ -f /var/lib/partman/uefi_check_done ]; then
+	log "Found flag file /var/lib/partman/uefi_check_done, not checking further"
+	exit 0
+fi
+
 gpt_efi_type=c12a7328-f81f-11d2-ba4b-00a0c93ec93b
 gpt_bios_boot_type=21686148-6449-6e6f-744e-656564454649
 msdos_efi_type=0xef
@@ -133,28 +138,24 @@ done
 
 log "Found $NUM_ESP ESP(s), $NUM_NOT_ESP BIOS-bootable disk(s) total"
 
-if [ -f /var/lib/partman/uefi_check_done ]; then
-	log "Found flag file /var/lib/partman/uefi_check_done, not checking further"
-else
-	if in_efi_mode && [ $NUM_ESP = 0 ] && [ $NUM_NOT_ESP -gt 0 ]; then
-		case $ARCH in
-			i386/*|amd64/*)
-db_input critical partman-efi/non_efi_system || true
-db_go || exit 1
-db_fset partman-efi/non_efi_system seen true
-db_get partman-efi/non_efi_system
-if [ "$RET" = false ]; then
-	log "User chose to ignore UEFI"
-	touch /var/lib/partman/ignore_uefi
-else
-	log "User chose to continue in UEFI mode"
-fi
-;;
-		esac
-	fi
-	# We've got this far at least once without triggering the
-	# check. Flag that so that any further changes we make in this
-	# d-i session can't trigger a false-positive here.
-	touch /var/lib/partman/uefi_check_done
-	log "UEFI check done, wrote flag file /var/lib/partman/uefi_check_done"
+if in_efi_mode && [ $NUM_ESP = 0 ] && [ $NUM_NOT_ESP -gt 0 ]; then
+	case $ARCH in
+		i386/*|amd64/*)
+			db_input critical partman-efi/non_efi_system || true
+			db_go || exit 1
+			db_fset partman-efi/non_efi_system seen true
+			db_get partman-efi/non_efi_system
+			if [ "$RET" = false ]; then
+log "User chose to ignore UEFI"
+touch /var/lib/partman/ignore_uefi
+			else
+log "User chose to continue in UEFI mode"
+			fi
+			;;
+	esac
 fi
+# We've got this far at least once without triggering the
+# check. Flag that so that any further changes we make in this
+# d-i session can't trigger a false-positive here.
+touch /var/lib/partman/uefi_check_done
+log "UEFI check done, wrote flag file /var/lib/partman/uefi_check_done"
-- 
2.30.2

From 6109240a6b599a5f198fd1b1a3747e81ec306118 Mon Sep 17 00:00:00 2001
From: Pascal Hambourg 
Date: Tue, 11 Apr 2023 14:16:29 +0200
Subject: [PATCH] init.d/efi: Only set method "efi" on ESP partitions once

Else user's choice (e.g. "do not use") may be reset to "ESP"
after setting up LVM, RAID or encrypted volumes.

Fixes: #1034208
---
 init.d/efi | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/init.d/efi b/init.d/efi
index fa44a97..af3e7e8 100755
--- a/init.d/efi
+++ b/init.d/efi
@@ -110,8 +110,11 @@ for dev in /var/lib/partman/devices/*; do
 		if [ "$efi" = yes ]; then
 			# An ESP is clearly not for BIOS use!
 			log "$dev $id is an ESP"
-			mkdir -p $id
-			echo efi >$id/method
+			# set method only once, see #1034208
+			if [ -f /var/lib/partman/uefi_check_done ]; then
+mkdir -p $id
+echo efi >$id/method
+			fi
 			NUM_ESP=$(($NUM_ESP + 1))
 		else
 			# BIOS may well work with anything else
-- 
2.30.2

Bug#1034443: python3-brial: uninstallable on arcitectures where sagemath is unavailable, breaks building of singular

[Peter Green]

Package: python3-brial
Version: 1.2.11-2
Severity: serious
X-debbugs-cc: singu...@packages.debian.org

python3-brial recently added a dependency on python3-sage, however python3-sage
is only available on amd64, arm64, i386 and riscv64.

This also means that the build-depends of singular on those architectures are
unsatisfied.

Strangely, when I look at the singular build log the only mentions of brial
I see are in the Debian packaging steps, I don't see any mentions of it from
the upstream build system. Grepping for brial in the polybori source doesn't
reveal anything outside the debian dir either. I maintain a downstream
distribution and, after removing the build-dependency, was able to build
singular there without having any brial related packages installed.

So assuming the dependency on python3-sage is real and unavoidable what I
think needs to happen to get things back in a consistent state is.

* The architecture list of python3-brial needs to be limited to architectures
  where python3-sage is available.
* The build-dependency of singular on python3-brial needs to be either
  removed or limited to architectures where python3-sage is available
* Removal of the old python3-brial packages needs to be requested.

Bug#1034444: www.debian.org: Incorrect information in https://www.debian.org/releases/

[Charles Curley]

Package: www.debian.org
Severity: normal
X-Debbugs-Cc: charlescur...@charlescurley.com

Dear Maintainer,

Apparently https://www.debian.org/releases/ has some errors. See the discussion 
at https://lists.debian.org/debian-user/2023/04/msg00602.html and the two (so 
far) replies.

Thank you.

Bug#1034438: i915: Flickering in framebuffer console and "*ERROR* CPU pipe A FIFO underrun" kernel message

[Salvatore Bonaccorso]

Control: tags -1 + moreinfo

Hi Enrique,

On Sat, Apr 15, 2023 at 12:26:06PM +0200, Enrique Garcia wrote:
> Package: src:linux
> Version: 6.1.20-1
> Severity: normal
> X-Debbugs-Cc: cqu...@arcor.de
> 
> I have been running debian testing for a while and I see that from time to 
> time
> a get a flickering screen when switching to the virtual console with Ctrl-
> Alt-F1. It does occur also ocassionally when booting the laptop just before
> systemctl starts printing the start messages.
> I can see the following messages with journalctl:
> 
> abr 15 11:53:10 hostname kernel: i915 :00:02.0: [drm] *ERROR* CPU pipe A
> FIFO underrun
> 
> There are other i915 related messages in the log, but it does not seem they 
> are
> directly related to the problem:
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] VT-d active for gfx
> access
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: vgaarb: deactivate vga
> console
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] Using Transparent
> Hugepages
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: vgaarb: changed VGA
> decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] Disabling 
> framebuffer
> compression (FBC) to prevent screen flicker with VT-d enabled
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: firmware: direct-loading
> firmware i915/skl_dmc_ver1_27.bin
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] Finished loading DMC
> firmware i915/skl_dmc_ver1_27.bin (v1.27)
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] [ENCODER:102:DDI
> B/PHY B] is disabled/in DSI mode with an ungated DDI clock, gate it
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] [ENCODER:117:DDI
> C/PHY C] is disabled/in DSI mode with an ungated DDI clock, gate it
> abr 15 11:41:46 hostname kernel: [drm] Initialized i915 1.6.0 20201103 for
> :00:02.0 on minor 0
> abr 15 11:41:46 hostname kernel: fbcon: i915drmfb (fb0) is primary device
> abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] fb0: i915drmfb frame
> buffer device
> abr 15 11:41:47 hostname kernel: snd_hda_intel :00:1f.3: bound 
> :00:02.0
> (ops i915_audio_component_bind_ops [i915])
> abr 15 11:52:49 hostname kernel: (NULL device *): firmware: direct-loading
> firmware i915/skl_dmc_ver1_27.bin
> abr 15 11:53:07 hostname kernel: i915 :00:02.0: [drm] [ENCODER:94:DDI 
> A/PHY
> A] is disabled/in DSI mode with an ungated DDI clock, gate it
> abr 15 11:53:07 hostname kernel: i915 :00:02.0: [drm] [ENCODER:102:DDI
> B/PHY B] is disabled/in DSI mode with an ungated DDI clock, gate it
> abr 15 11:53:07 hostname kernel: i915 :00:02.0: [drm] [ENCODER:117:DDI
> C/PHY C] is disabled/in DSI mode with an ungated DDI clock, gate it
> 
> 
> Looking into the logs I can see that the problem started to appear when I
> upgraded my system to testing last August. The kernel that was installed was
> linux-image-5.18.0-3-amd64:amd64 (5.18.14-1, automatic) according to apt logs.
> Since then the kernel has been upgraded to the 6 series but the problem
> persists.
> The flickering happens every couple of seconds, which makes it inconvenient to
> work with the virtual console.

As you say you start noticing it with 5.18.14-1, would you be able to
verify it directly with 5.18.14, test as well 5.18.5 (which was the
basis for the previous update 5.18.5-1) and then bisect the changes
inbetween to determine the potential introducing commit?

And I assume you can still reproduce the issue with upstream's 6.1.24?

Regards,
Salvatore

Bug#1034442: RFS: trurl/0.4-1 [ITP] -- command line tool for URL parsing and manipulation

[Michael Ablassmeier]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "trurl":

 * Package name : trurl
   Version  : 0.4-1
   Upstream contact : Daniel Stenberg, 
 * URL  : https://github.com/curl/trurl
 * License  : curl
 * Vcs  : https://github.com/curl/trurl
   Section  : utils

The source builds the following binary packages:

  trurl - command line tool for URL parsing and manipulation

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/trurl/

Alternatively, you can download the package with 'dget' using this command:

  dget -x https://mentors.debian.net/debian/pool/main/t/trurl/trurl_0.4-1.dsc

Changes for the initial release:

 trurl (0.4-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1034375)

Regards,
-- 
  Michael Ablassmeier

Bug#1034439: attr: attr -R forces uses "trusted" and "xfsroot" prefixes instead of actual root

[наб]

Hi!

On Sat, Apr 15, 2023 at 02:09:25PM +0200, Guillem Jover wrote:
> The user namespace is called "user" and it is the default used, the
> security namespace is "security", and the root namespace is either
> "trusted" or "xfsroot" (for IRIX compatibility).
> 
> This is also in the man page:
> 
>   ,--
>   Extended attributes use 2 disjoint attribute  name  spaces  associated
>   with every filesystem object.  They are the root and user address spa‐
>   ces.  The root address space is accessible only to the superuser,  and
>   then  only  by specifying a flag argument to the function call.  Other
>   users will not see or be able to modify attributes in the root address
>   space.  The user address space is protected by the normal file permis‐
>   sions mechanism, so the owner of the file can decide who  is  able  to
>   see and/or modify the value of attributes on any particular file.
>   `---
Wait, that paragraph's relevant here? The -L and -R thing says \fIroot\fP
and \fIUSER\fP; this paragraph says \fBroot\fP and \fBuser\fP. If
they're supposed to refer to the same thing then that's where you've
lost me, because they very explicitly say they don't.

To make this less confusing, I'd also either call it "root's attribute
namespace" or "the trusted attribute namespace".
"root namespace", to me as a UNIX user, means the same as thing as
"root directory" (especially since they're structured the same).

If either of these were applied, I wouldn't've gotten caught by this.

> I guess I could extend the description and mention explicitly what the
> root namespaces are call, to avoid confusion.
Here's a (mdoc(7), idk what the original uses) paragraph that I think
works better:
-- >8 --
Extended attributes use two disjoint attribute namespaces associated
with every filesystem object: the 
.Sy user
namespace, beholden to the normal file access control mechanism,
and the trusted namespace
.Pq Sy trusted , xfsroot ,
readable, writable, and observable only by the superuser.
-- >8 --
(original has "address space" here a few times, which I think is
 nonsense? or at least it reads like nonsense; changed to "namespace")
and in DESCRIPTION:
-- >8 --
When the 
.Fl R
option is given and the process has appropriate privileges, operate in
the trusted namespace instead of the 
.Sy user
namespace.
.Pp
The
.Fl S
option is similar, except it specifies use of the
.Sy security
namespace.
-- >8 --
(original also has a "rather that" here).

This, to me, would've hinted at precisely what I was observing.

> I guess I should also
> modify it to make it more clear this is a legacy program for IRIX
> compatibility.
Yeah, it was definitely unclear to me why attr ships attr(1) and
getfattr(1), so I assumed the one that with the same name as the
package is the more canonical one.

That said, it looks like the latter points to the former
to explain namespaces, so.

If there were a link in attr(1) to getfattr(1), this wouldn't've been an
issue, since it looks like
  getfattr -n system.posix_acl_access /tmp/stat
Just Works.

Thanks,
наб


signature.asc
Description: PGP signature

Bug#1034441: unblock: irssi/1.4.3-2

[Rhonda D'Vine]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package irssi

The update has just a one-line fix for CVE-2023-29132 applied.
See #1033785 about it.

[ Reason ]
Fixes a security issue.

[ Risks ]
It's one-line that got removed, so the code change is trivial.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock irssi/1.4.3-2
-- 
Fühlst du dich mutlos, fass endlich Mut, los  |
Fühlst du dich hilflos, geh raus und hilf, los| Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los|
diff -Nru irssi-1.4.3/debian/changelog irssi-1.4.3/debian/changelog
--- irssi-1.4.3/debian/changelog2022-11-04 04:12:48.0 +0100
+++ irssi-1.4.3/debian/changelog2023-04-14 10:25:21.0 +0200
@@ -1,3 +1,9 @@
+irssi (1.4.3-2) unstable; urgency=critical
+
+  * Pull commit c554a4 from upstream to fix CVE-2023-29132 (closes: #1033785)
+
+ -- Rhonda D'Vine   Fri, 14 Apr 2023 10:25:21 +0200
+
 irssi (1.4.3-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru irssi-1.4.3/debian/patches/04fix_stale_special_collector 
irssi-1.4.3/debian/patches/04fix_stale_special_collector
--- irssi-1.4.3/debian/patches/04fix_stale_special_collector1970-01-01 
01:00:00.0 +0100
+++ irssi-1.4.3/debian/patches/04fix_stale_special_collector2023-04-14 
10:23:46.0 +0200
@@ -0,0 +1,20 @@
+From c554a45738712219c066897b09a44d99afeb4240 Mon Sep 17 00:00:00 2001
+From: Ailin Nemui 
+Date: Sun, 26 Mar 2023 23:36:41 +0200
+Subject: [PATCH] fix stale special collector use after free
+
+reported by ednash and investigated by @dwfreed
+---
+ src/fe-text/textbuffer-formats.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/src/fe-text/textbuffer-formats.c
 b/src/fe-text/textbuffer-formats.c
+@@ -213,7 +213,6 @@
+   if (!scrollback_format)
+   return;
+ 
+-  special_push_collector(NULL);
+   info = store_lineinfo_tmp(dest);
+ 
+   info->format = format_rec_new(NULL, NULL, 2, (const char *[]){ NULL, 
text });
diff -Nru irssi-1.4.3/debian/patches/series irssi-1.4.3/debian/patches/series
--- irssi-1.4.3/debian/patches/series   2022-07-16 21:12:10.0 +0200
+++ irssi-1.4.3/debian/patches/series   2023-04-14 10:23:24.0 +0200
@@ -1,6 +1,7 @@
 01chanmode_expando_strip
 02ctcp_version_reply
 03firsttimer_text
+04fix_stale_special_collector
 12manpage-fix
 ## disabled for now, Ubuntu-only patch.
 #20fix_ssl_proxy_hostname_check

Bug#1034429: coreutils: install: -s runs ["strip", $f] instead of ["strip", "--", $f]; should use strip from $STRIP

[Pádraig Brady]

On 15/04/2023 03:13, наб wrote:

Package: coreutils
Version: 8.32-4+b1
Version: 9.1-1
Severity: normal

Dear Maintainer,

-- >8 --
$ install -vs /bin/install -- q
removed 'q/install'
'/bin/install' -> 'q/install'
$ install -vs /bin/install -- -v
'/bin/install' -> '-v'
Usage: strip  in-file(s)



install: strip process terminated abnormally
-- >8 --

Probably don't do that.


Fair point.
But perhaps the strip program doesn't handle the convention
that -- indicates end of option processing?
Perhaps a more portable workaround would be to prepend "./"
if the name starts with "-".


It would also be nice for $STRIP to provide a default if -S isn't set;
the usefulness of install -s is doubtful if
   install -s binary $DESTDIR/bin
only works if binary happens to match the host arch.


Yes it's a fair point that calling strip without options is quite restrictive.
Though I suppose --strip-program can point to a script that calls strip 
appropriately.
There are some security issues with env vars that impact what is executed.
I do see that FreeBSD install(1) does support $STRIPBIN, though they
don't support --strip-program, so functionality is equivalent from that point 
of view.

cheers,
Pádraig

Bug#630538: Vixie cron PID confusion

[Christian Kastner]

Hi Teal,

I'm no longer a maintainer of cron, but I was the one last replying to
the original report (can't believe it's been 12 years...)

On 2023-04-08 12:30, Teal Bauer wrote:
> The same Selective logging patch added a version of the logging in the
> default branch of the fork() switch, so if the -L log levels for "log
> job start" and "log job pid" are set, the starting PID is not logged by
> the child but the parent process instead.
> 
> So basically there is now what seems to me to be a "do things right"
> flag - if log level includes 8 (log PIDs) then both CMD and END messages
> are sent by the same process and contain the same correct PIDs:
> 
>     Apr  8 10:17:56 e02fc37faf65 CRON[27]: (root) CMD ([28]
> /tmp/runner.sh >>/tmp/runner.log)
>     Apr  8 10:19:12 e02fc37faf65 CRON[27]: (root) END ([28]
> /tmp/runner.sh >>/tmp/runner.log)
> 
> (PID 27 is the cron parent, PID 28 is the command child, PID 29 is the
> PID of the actual command).
> If the log level includes only e.g. "log start" and "log end", then the
> PIDs will differ:
> 
>     Apr  8 10:14:06 2d9c73749325 CRON[28]: (root) CMD (/tmp/runner.sh
>>>/tmp/runner.log)
>     Apr  8 10:15:27 2d9c73749325 CRON[27]: (root) END (/tmp/runner.sh
>>>/tmp/runner.log)
> 
> (PID 28 is the command child which sends the CMD message, PID 27 is the
> cron parent which sends the END message, the actual command is PID 29)
> 
> I would like to propose (and intend on submitting a patch soon) to
> always log in the same place.
> Ideally, that would be the child process, so that the PID that openlog()
> uses and the PID that cron would log are the same, but I'm not sure
> that's possible in a reliable way. Doing it in the parent is just as
> well for me, though - my original intent was trying to match CMDs to
> ENDs in the logs of a wildly active system.
> 
> Curious to hear your thoughts!

Sounds good to me!

Best,
Christian

Bug#1034378: Allow Percentage Formatting in apt

[David Kalnischkies]

Hi,

On Thu, Apr 13, 2023 at 11:49:01PM +0300, Emir SARI wrote:
> The percentage formatting among different locales can vary. For instance, 
> Turkish uses %100 style formatting, whereas French uses 100 %. There are also 
> other languages that use varying styles like using non-break spaces between 
> the sign and the number and else. However, the percentage values displayed in 
> apt only uses a fixed format, such as 100%.

Can you give example(s) of the messages you refer to?


On the top of my head I can only think of the bottom line while packages
are installed, which reads (in English) "Progress: [ 42%] …" (on a green
background). That message, including the percentage value is already
translatable.

A few translations have this line translated so far, Turkish among them
which reads as of today:

msgid "Progress: [%3li%%]"
msgstr "Durum: [%3li%%]"

French has it translated, too, but also hasn't touched the %3li%% part.

So you might want to talk it up with the respektive language teams and
last active translation maintainers (see the top of the po files in the
source for the contact information). My own knowledge in either language
(as well as many others) is non-existent.


The other place I can think of is the progress indication shown as the
bottom line while files are downloaded (e.g. indexes in 'update' or debs
pretty much everywhere else).

These "%.0f%%" are indeed not marked for translation, but I am not sure
if it is a good idea as they come without any explanation and show info
pretty densely more or less to the benefit of "something is happening"
rather than "here are all the details you could possibly ask for so you
can refer back to this great knowledge forever".

Never the less I suppose we can put in the work to make them
translatable (currently the formatting is hardcoded in a few places,
that would need to be fixed).
On the other hand, it seems pointless labour to make the string
translatable if a similar translatable string isn't used in this way,
so as a compromise I suggest a deal: I will see to implement it if
a language team/translator asks for it here.

(translation updates are allowed in freeze, the other part would likely
 need to wait for trixie through as that likely doesn't sell as release-
 critical code change)


Best regards

David Kalnischkies


signature.asc
Description: PGP signature

Bug#1034375: trurl_0.4-1: ACCEPTED on mentors (unstable)

[mentors . debian . net]

Hi.

Your upload of the package 'trurl' to mentors.debian.net was
successful. Others can now see it. The URL of your package is:

https://mentors.debian.net/package/trurl/

The respective dsc file can be found at:

https://mentors.debian.net/debian/pool/main/t/trurl/trurl_0.4-1.dsc

If you do not yet have a sponsor for your package you may want to go to:

https://mentors.debian.net/sponsors/rfs-howto/trurl/

and set the "Seeking a sponsor" option to highlight your package on the
welcome page.

You can also send an RFS (request for sponsorship) to the debian-mentors
mailing list. Your package page will give you suggestions on how to
send that mail.

Good luck in finding a sponsor!

Thanks,
-- 
mentors.debian.net

Bug#1034439: attr: attr -R forces uses "trusted" and "xfsroot" prefixes instead of actual root

[Guillem Jover]

Hi!

On Sat, 2023-04-15 at 13:43:01 +0200, наб wrote:
> Package: attr
> Version: 1:2.5.1-4
> Severity: normal

> I would like to inspect the value of the system.posix_acl_access xattr.
> However, no matter which parameter I pass, I always get a forced prefix:
> -- >8 --
> # strace attr -g system.posix_acl_access install 2>&1 | grep xattr
> lgetxattr("install", "user.system.posix_acl_access", 0x56c02c00, 65536) = -1 
> EOPNOTSUPP (Operation not supported)
> lgetxattr("install", "user.system.posix_acl_access", 0x56c02c00, 65536) = -1 
> EOPNOTSUPP (Operation not supported)
> # strace attr -Sg system.posix_acl_access install 2>&1 | grep xattr
> lgetxattr("install", "security.system.posix_acl_access", 0x574f8c00, 65536) = 
> -1 ENODATA (No data available)
> lgetxattr("install", "security.system.posix_acl_access", 0x574f8c00, 65536) = 
> -1 ENODATA (No data available)
> # strace attr -Rg system.posix_acl_access install 2>&1 | grep xattr
> lgetxattr("install", "trusted.system.posix_acl_access", 0x5832ac00, 65536) = 
> -1 ENODATA (No data available)
> lgetxattr("install", "xfsroot.system.posix_acl_access", 0x5832ac00, 65536) = 
> -1 EOPNOTSUPP (Operation not supported)
> -- >8 --

This looks to be working as expected, though.

> Whereas attr(1) says:
> -- >8 --
>When the -R option is given and the process has appropriate
>privileges, operate in the root attribute namespace rather
>that the USER attribute namespace.
> 
>The -S option is similar, except it specifies use of the security
>attribute namespace.
> -- >8 --
> 
> Which appears to be wrong, since -R makes attr
> "operate in the 'trusted' and 'xfsroot'" namespaces,
> not the root one.

The user namespace is called "user" and it is the default used, the
security namespace is "security", and the root namespace is either
"trusted" or "xfsroot" (for IRIX compatibility).

This is also in the man page:

  ,--
  Extended attributes use 2 disjoint attribute  name  spaces  associated
  with every filesystem object.  They are the root and user address spa‐
  ces.  The root address space is accessible only to the superuser,  and
  then  only  by specifying a flag argument to the function call.  Other
  users will not see or be able to modify attributes in the root address
  space.  The user address space is protected by the normal file permis‐
  sions mechanism, so the owner of the file can decide who  is  able  to
  see and/or modify the value of attributes on any particular file.
  `---

I guess I could extend the description and mention explicitly what the
root namespaces are call, to avoid confusion. I guess I should also
modify it to make it more clear this is a legacy program for IRIX
compatibility.

Thanks,
Guillem

Bug#1033877: release-notes: general version mismatch

[Holger Wansing]

Hi,

Preuße...@buxtehude.debian.org,  Hilmar  wrote (Sat, 15 Apr 
2023 13:02:36 +0200):
> > I have prepared a patch, to update versions.
> >
> I've no clue how the documentation is built, but I guess all other
> languages are affected too...

Sure, translations have the same wrong numbers.
But changing them in English will also show the updated versions in all
translations too, so no problem.


Holger


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#1034440: RFP: freac -- fre:ac is a free audio converter and CD ripper with support for various popular formats and encoders.

[David VANTYGHEM]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: david.vantyg...@laposte.net

* Package name: freac
  Version : 1.1.7
  Upstream Author : Robert KAUSCH 
* URL : https://freac.org
* License : GNU GPL2
  Programming Lang: C++
  Description : fre:ac is a free audio converter and CD ripper with support
for various popular formats and encoders.

fre:ac converts freely between MP3, M4A/AAC, FLAC, WMA, Opus, Ogg Vorbis,
Speex, Monkey's Audio (APE), WavPack, WAV and other formats.

With fre:ac you easily rip your audio CDs to MP3 or M4A files for use with your
hardware player or convert files that do not play with other audio software.
You can even convert whole music libraries retaining the folder and filename
structure.

The integrated CD ripper supports the CDDB/GNUdb online CD database. It will
automatically query song information and write it to ID3v2 or other title
information tags.

Bug#1034439: attr: attr -R forces uses "trusted" and "xfsroot" prefixes instead of actual root

[наб]

Package: attr
Version: 1:2.5.1-4
Severity: normal

Dear Maintainer,

I would like to inspect the value of the system.posix_acl_access xattr.
However, no matter which parameter I pass, I always get a forced prefix:
-- >8 --
# strace attr -g system.posix_acl_access install 2>&1 | grep xattr
lgetxattr("install", "user.system.posix_acl_access", 0x56c02c00, 65536) = -1 
EOPNOTSUPP (Operation not supported)
lgetxattr("install", "user.system.posix_acl_access", 0x56c02c00, 65536) = -1 
EOPNOTSUPP (Operation not supported)
# strace attr -Sg system.posix_acl_access install 2>&1 | grep xattr
lgetxattr("install", "security.system.posix_acl_access", 0x574f8c00, 65536) = 
-1 ENODATA (No data available)
lgetxattr("install", "security.system.posix_acl_access", 0x574f8c00, 65536) = 
-1 ENODATA (No data available)
# strace attr -Rg system.posix_acl_access install 2>&1 | grep xattr
lgetxattr("install", "trusted.system.posix_acl_access", 0x5832ac00, 65536) = -1 
ENODATA (No data available)
lgetxattr("install", "xfsroot.system.posix_acl_access", 0x5832ac00, 65536) = -1 
EOPNOTSUPP (Operation not supported)
-- >8 --

Whereas attr(1) says:
-- >8 --
   When the -R option is given and the process has appropriate privileges, 
operate in the root attribute namespace rather that the USER attribute 
namespace.

   The -S option is similar, except it specifies use of the security 
attribute namespace.
-- >8 --

Which appears to be wrong, since -R makes attr
"operate in the 'trusted' and 'xfsroot'" namespaces,
not the root one.

Best,
наб

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: amd64, i386

Kernel: Linux 6.1.0-2-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages attr depends on:
ii  libattr1  1:2.5.1-4
ii  libc6 2.36-9

attr recommends no packages.

attr suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1034372: ncurses: CVE-2023-29491

[Thomas Dickey]

On Sat, Apr 15, 2023 at 09:05:25AM +0200, Sven Joachim wrote:
> On 2023-04-13 20:39 +0200, Moritz Mühlenhoff wrote:
> 
> > The following vulnerability was published for ncurses.
> >
> > CVE-2023-29491 was assigned to 
> > https://invisible-island.net/ncurses/NEWS.html#index-t20230408
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2023-29491
> > https://www.cve.org/CVERecord?id=CVE-2023-29491
> 
> Security boundaries are only crossed for setuid/setgid programs here,
> and we probably do not have many setuid binaries linked to libtinfo in
> the distribution (on my system, I could not find any).  So I guess you
> probably do not want to issue a DSA here, right?
> 
> Gentoo users have noticed a few problems after upgrading to the 20230408
> patchlevel[1,2,3], most notably output of openrc being completely
> broken.  While we do not have that particular problem because openrc in

It was already broken (the "(null)" strings come from its misuse of the
ncurses interface, which will require fixes in OpenRC).  I'm not going
to provide a patch for OpenRC itself - any maintainer should be able to
do _that_.

Today I'll put out the fix for zero-parameter tsl, along with similar minor
improvements, and if nothing else surfaces, use that as the basis for the
security-patch.

> Debian is built without ncurses support, I do not currently have an idea
> which other packages might show misbehavior.  So I am rather reluctant
> to fix this bug before the bookworm release.

Actually, the discussion there should be based on what the disclosure covers.
I'm addressing their concerns as well as I'm able.
 
> Cheers,
>Sven
> 
> 
> 1. https://bugs.gentoo.org/904247
> 2. https://bugs.gentoo.org/904263
> 3. https://bugs.gentoo.org/904277
> 

-- 
Thomas E. Dickey 
https://invisible-island.net


signature.asc
Description: PGP signature

Bug#1033877: release-notes: general version mismatch

[Preuße]

On 15.04.2023 12:56, Holger Wansing wrote:

Control: tags -1 + patch
Hilmar Preusse  wrote (Sat, 15 Apr 2023 10:11:56 +0200):


Hi,


all information in section "x.y.z. Desktops and well known packages"
are still outdated. When one compares that section from

https://www.debian.org/releases/bookworm/amd64/release-notes.en.txt
https://www.debian.org/releases/stable/amd64/release-notes.en.txt

one notices that just the release code names and release versions were
replaced. The software version information are still untouched.


I have prepared a patch, to update versions.


I've no clue how the documentation is built, but I guess all other
languages are affected too...

H.
--
sigfault

Bug#1033877: release-notes: general version mismatch

[Holger Wansing]

Control: tags -1 + patch


Hilmar Preusse  wrote (Sat, 15 Apr 2023 10:11:56 +0200): 
> all information in section "x.y.z. Desktops and well known packages"
> are still outdated. When one compares that section from
> 
> https://www.debian.org/releases/bookworm/amd64/release-notes.en.txt
> https://www.debian.org/releases/stable/amd64/release-notes.en.txt
> 
> one notices that just the release code names and release versions were
> replaced. The software version information are still untouched.

I have prepared a patch, to update versions.


Holger


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076
diff --git a/en/whats-new.dbk b/en/whats-new.dbk
index 89959513..bf290b89 100644
--- a/en/whats-new.dbk
+++ b/en/whats-new.dbk
@@ -176,12 +176,12 @@ Some descriptions of the ports: https://www.debian.org/ports/
   
 	 again ships with several desktop applications and
 	environments.  Among others it now includes the desktop environments
-	GNOMEGNOME 3.38,
-	KDE PlasmaKDE 5.20,
+	GNOMEGNOME 43,
+	KDE PlasmaKDE 5.27,
 	LXDELXDE 11,
-	LXQtLXQt 0.16,
-	MATEMATE 1.24, and
-	XfceXfce 4.16.
+	LXQtLXQt 1.2.0,
+	MATEMATE 1.26, and
+	XfceXfce 4.18.
   
   
 	Productivity applications have also been upgraded, including the
@@ -191,21 +191,21 @@ Some descriptions of the ports: https://www.debian.org/ports/
 	
 	  
 	LibreOfficeLibreOffice
-	is upgraded to version 7.0;
+	is upgraded to version 7.4;
 	  
 	
 	
 	  
-	CalligraCalligra
-	is upgraded to 3.2.
+	GNUcashGNUcash is upgraded to 4.13;
 	  
 	
+	
 	
   CryptsetupCryptsetup
-	  2.1
 	  2.3
+	  2.6
 	
 	
 	
 	  DovecotDovecot MTA
-	  2.3.4
 	  2.3.13
+	  2.3.19
 	
 	
 	  Emacs
-	  26.1
 	  27.1
+	  28.2
 	
 	
 	  EximExim default e-mail server
-	  4.92
 	  4.94
+	  4.96
 	
 	
 	
 	  GNU Compiler Collection as default compilerGCC
-	  8.3
 	  10.2
+	  12.2
 	
 	
 	  GIMPGIMP
-	  2.10.8
 	  2.10.22
+	  2.10.34
 	
 	
 	  GnuPGGnuPG
-	  2.2.12
 	  2.2.27
+	  2.2.40
 	
 	
 	  InkscapeInkscape
-	  0.92.4
 	  1.0.2
+	  1.2.2
 	
 	
 	  the GNU C library
-	  2.28
 	  2.31
+	  2.36
 	
 	
 	  lighttpd
-	  1.4.53
 	  1.4.59
+	  1.4.69
 	
 	
   Linux kernel image
-  4.19 series
   5.10 series
+  6.1 series
 	
 	
   LLVM/Clang toolchain
-  6.0.1 and 7.0.1 (default)
-  9.0.1 and 11.0.1 (default)
+  9.0.1 and 11.0.1 (default) and 13.0.1
+  13.0.1 and 14.0 (default) and 15.0.6
 	
 	
 	  MariaDBMariaDB
-	  10.3
 	  10.5
+	  10.11
 	
 	
 	  NginxNginx
-	  1.14
 	  1.18
+	  1.22
 	
 	
 	
 	  Python 3
-	  3.7.3
-	  3.9.1
+	  3.9.2
+	  3.11.2
 	
 	
 	  Rustc
-	  1.41 (1.34 for armel)
 	  1.48
+	  1.63
 	
 	
 	  Samba
-	  4.9
 	  4.13
+	  4.17
 	
 	
 	  Vim
-	  8.1
 	  8.2
+	  9.0
 	
 	  
 	

Bug#1034425: openssh: incorrection in changelog date

[Colin Watson]

On Fri, Apr 14, 2023 at 07:04:46PM -0500, Peter Samuelson wrote:
> I have no idea what possessed you to fix the dates on those
> 20-year-old changelog entries, but since you care ... 1:3.0.2p1-2 is
> still wrong.
> 
> The correct fix was not s/Sat/Sun/ but s/2003/2002/.

It was automatically generated by lintian-brush.  I generally approve of
having automatic tools fix menial packaging issues like this for me,
even if they make the occasional mistake (I did review it, but I missed
the error in this case).

Thanks for spotting this; fixed.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#1034438: i915: Flickering in framebuffer console and "*ERROR* CPU pipe A FIFO underrun" kernel message

[Enrique Garcia]

Package: src:linux
Version: 6.1.20-1
Severity: normal
X-Debbugs-Cc: cqu...@arcor.de

I have been running debian testing for a while and I see that from time to time
a get a flickering screen when switching to the virtual console with Ctrl-
Alt-F1. It does occur also ocassionally when booting the laptop just before
systemctl starts printing the start messages.
I can see the following messages with journalctl:

abr 15 11:53:10 hostname kernel: i915 :00:02.0: [drm] *ERROR* CPU pipe A
FIFO underrun

There are other i915 related messages in the log, but it does not seem they are
directly related to the problem:
abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] VT-d active for gfx
access
abr 15 11:41:46 hostname kernel: i915 :00:02.0: vgaarb: deactivate vga
console
abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] Using Transparent
Hugepages
abr 15 11:41:46 hostname kernel: i915 :00:02.0: vgaarb: changed VGA
decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem
abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] Disabling framebuffer
compression (FBC) to prevent screen flicker with VT-d enabled
abr 15 11:41:46 hostname kernel: i915 :00:02.0: firmware: direct-loading
firmware i915/skl_dmc_ver1_27.bin
abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] Finished loading DMC
firmware i915/skl_dmc_ver1_27.bin (v1.27)
abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] [ENCODER:102:DDI
B/PHY B] is disabled/in DSI mode with an ungated DDI clock, gate it
abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] [ENCODER:117:DDI
C/PHY C] is disabled/in DSI mode with an ungated DDI clock, gate it
abr 15 11:41:46 hostname kernel: [drm] Initialized i915 1.6.0 20201103 for
:00:02.0 on minor 0
abr 15 11:41:46 hostname kernel: fbcon: i915drmfb (fb0) is primary device
abr 15 11:41:46 hostname kernel: i915 :00:02.0: [drm] fb0: i915drmfb frame
buffer device
abr 15 11:41:47 hostname kernel: snd_hda_intel :00:1f.3: bound :00:02.0
(ops i915_audio_component_bind_ops [i915])
abr 15 11:52:49 hostname kernel: (NULL device *): firmware: direct-loading
firmware i915/skl_dmc_ver1_27.bin
abr 15 11:53:07 hostname kernel: i915 :00:02.0: [drm] [ENCODER:94:DDI A/PHY
A] is disabled/in DSI mode with an ungated DDI clock, gate it
abr 15 11:53:07 hostname kernel: i915 :00:02.0: [drm] [ENCODER:102:DDI
B/PHY B] is disabled/in DSI mode with an ungated DDI clock, gate it
abr 15 11:53:07 hostname kernel: i915 :00:02.0: [drm] [ENCODER:117:DDI
C/PHY C] is disabled/in DSI mode with an ungated DDI clock, gate it


Looking into the logs I can see that the problem started to appear when I
upgraded my system to testing last August. The kernel that was installed was
linux-image-5.18.0-3-amd64:amd64 (5.18.14-1, automatic) according to apt logs.
Since then the kernel has been upgraded to the 6 series but the problem
persists.
The flickering happens every couple of seconds, which makes it inconvenient to
work with the virtual console.


-- Package-specific info:
** Version:
Linux version 6.1.0-7-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 
12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP 
PREEMPT_DYNAMIC Debian 6.1.20-1 (2023-03-19)

** Command line:
BOOT_IMAGE=/vmlinuz-6.1.0-7-amd64 root=/dev/mapper/systemvg-rootlv ro quiet

** Not tainted

** Kernel log:
Unable to read kernel log; any relevant messages should be attached

** Model information
sys_vendor: Dell Inc.
product_name: Latitude 7480
product_version: 
chassis_vendor: Dell Inc.
chassis_version: 
bios_vendor: Dell Inc.
bios_version: 1.30.0
board_vendor: Dell Inc.
board_name: 00F6D3
board_version: A00

** Loaded modules:
rfcomm
cmac
algif_hash
algif_skcipher
af_alg
macvlan
veth
nft_masq
nft_chain_nat
nf_nat
nf_conntrack
nf_defrag_ipv6
nf_defrag_ipv4
bridge
stp
llc
nf_tables
nfnetlink
vhost_vsock
vmw_vsock_virtio_transport_common
vhost
vhost_iotlb
vsock
ccm
snd_seq_dummy
snd_hrtimer
snd_seq
snd_seq_device
qrtr
bnep
ipmi_devintf
ipmi_msghandler
sunrpc
binfmt_misc
x86_pkg_temp_thermal
intel_powerclamp
coretemp
kvm_intel
snd_sof_pci_intel_skl
snd_sof_intel_hda_common
snd_hda_codec_hdmi
soundwire_intel
kvm
soundwire_generic_allocation
soundwire_cadence
snd_sof_intel_hda
snd_sof_pci
snd_sof_xtensa_dsp
snd_sof
irqbypass
snd_sof_utils
snd_ctl_led
soundwire_bus
snd_soc_skl
snd_soc_hdac_hda
snd_hda_ext_core
snd_soc_sst_ipc
snd_soc_sst_dsp
snd_soc_acpi_intel_match
snd_soc_acpi
snd_soc_core
snd_hda_codec_realtek
snd_compress
snd_hda_codec_generic
ghash_clmulni_intel
mei_hdcp
snd_hda_intel
mei_wdt
btusb
snd_intel_dspcfg
btrtl
btbcm
btintel
btmtk
bluetooth
snd_intel_sdw_acpi
intel_rapl_msr
snd_hda_codec
iwlmvm
nls_ascii
mac80211
nls_cp437
dell_rbtn
libarc4
vfat
dell_laptop
ledtrig_audio
fat
jitterentropy_rng
dell_smm_hwmon
sha512_ssse3
aesni_intel
sha512_generic
crypto_simd
uvcvideo
snd_hda_core
iwlwifi
cryptd
rapl
snd_hwdep
intel_cstate
videobuf2_vmalloc
videobuf2_memops
videobuf2_v4l2
snd_pcm
intel_uncore

Bug#1034437: libxml2: CVE-2023-29469

[Salvatore Bonaccorso]

Source: libxml2
Version: 2.9.14+dfsg-1.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libxml2.

CVE-2023-29469[0]:
| Hashing of empty dict strings isn't deterministic

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-29469
https://www.cve.org/CVERecord?id=CVE-2023-29469

Please adjust the affected versions in the BTS as needed.

Regards,
Salvtore

Bug#1034436: libxml2: CVE-2023-28484

[Salvatore Bonaccorso]

Source: libxml2
Version: 2.9.14+dfsg-1.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libxml2.

CVE-2023-28484[0]:
| NULL dereference in xmlSchemaFixupComplexType

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-28484
https://www.cve.org/CVERecord?id=CVE-2023-28484

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1034389: installation-reports: bookworm cannot install base system

[Pascal Hambourg]

On 15/04/2023 at 02:49, Steve Witt wrote:

On 04/15, Pascal Hambourg wrote:


It seems that the USB drive capacity is slightly smaller than the ISO image
size.

USB drive capacity: 7700480 sectors / 3.94 GB / 3.67 GiB
DVD-1 image size:   7758432 sectors / 3.97 GB / 3.70 GiB

The DVD image size is slightly lower than 4 GB to fit into most 4-GB USB
drives but unfortunately there are USB drives whose actual capacity is
significantly lower than the rated capacity.

Didn't it trigger an error when writing the image to the USB drive ?


In recreating writing the image to the USB drive (with dd), it did
show an error, but previously I didn't notice that. So of course it
didn't work properly. I'm very sorry for the spurious bug report and
the waste of your time.


OK, thanks for confirming. debian-cd maintainers may consider reducing 
the DVD-1 image size a bit more to fit in smaller USB drives.

Bug#1034303: nvidia-cuda-toolkit breaks nvidia-cuda-samples autopkgtest on amd64: bad exit status: 2

[Andreas Beckmann]

Control: reassign -1 dkms 3.0.10-6
Control: affects -1 + src:nvidia-cuda-toolkit src:nvidia-cuda-samples
Control: close -1 3.0.10-8

On 12/04/2023 21.58, Paul Gevers wrote:
So, shouldn't it be reassigned to dkms, closed and annotated as 
Affecting nvidia-cuda-toolkit and nvidia-cuda-samples?


Done.

Andreas

Bug#1034394: unblock: zabbix/1:6.0.14+dfsg-1

[Sebastian Ramacher]

Control: tags -1 moreinfo

On 2023-04-14 18:28:51 +1000, Dmitry Smirnov wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> Affects: -1 zabbix
>  
> Dear release team, 
> 
> Please consider unblocking "zabbix/1:6.0.14+dfsg-1"
> in order to fix PHP-8.2 compatibility issues (#1033241).

This request is lacking a debdiff. Also, is #1033241 fixable with a
targetted upload instead? What's upstream's policy on point releases (if
they have any)?

Cheers

> 
> Thank you.
> 
> -- 
> Best wishes,
>  Dmitry Smirnov
>  GPG key : 4096R/52B6BBD953968D1B
> 
> ---
> 
> To suppress free speech is a double wrong. It violates the rights of the
> hearer as well as those of the speaker. It is just as criminal to rob a man
> of his right to speak and hear as it would be to rob him of his money...
>  -- Frederick Douglass



-- 
Sebastian Ramacher

Bug#1034299: unblock: geocode-glib/3.26.3-6

[Sebastian Ramacher]

Control: tags -1 moreinfo

On 2023-04-12 10:11:48 -0400, Jeremy Bícha wrote:
> Package: release.debian.org
> Control: affects -1 + src:geocode-glib
> X-Debbugs-Cc: geocode-g...@packages.debian.org
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package geocode-glib
> 
> [ Reason ]
> This update fixes geolocation in the Initial Setup & GNOME Clocks
> apps, perhaps others.
> 
> Also, the -common package is now installed by the library which
> includes icons that could be used by some apps using the API.
> 
> [ Impact ]
> Although Initial Setup is included by default (for the first time) in
> Debian GNOME Bookworm, the location page is unlikely to be seen
> since it is only used in New User mode. To get to New User mode
> requires a system without any regular users configured, which is not
> typical for Desktop installs of Debian.
> 
> GNOME Clocks is included by default and geolocation is used trivially
> to show a location for the local clock.
> 
> [ Tests ]
> The upstream test suite was successfully run as build tests and as
> installed tests using autopkgtest.
> 
> I tested that geolocation now works for me with both Clocks and Initial Setup.
> 
> [ Risks ]
> 
> [ Checklist ]
>   [X] all changes are documented in the d/changelog
>   [X] I reviewed all changes and I approve them
>   [X] attach debdiff against the package in testing

The debdiff is missing.

Cheers

> 
> unblock geocode-glib/3.26.3-6
> 
> Thank you,
> Jeremy Bicha
> 

-- 
Sebastian Ramacher

Bug#1033877: release-notes: general version mismatch

[Hilmar Preusse]

Package: release-notes
Followup-For: Bug #1033877
Control: retitle -1 "general version mismatch in release notes."

Dear Maintainer,

all information in section "x.y.z. Desktops and well known packages"
are still outdated. When one compares that section from

https://www.debian.org/releases/bookworm/amd64/release-notes.en.txt
https://www.debian.org/releases/stable/amd64/release-notes.en.txt

one notices that just the release code names and release versions were
replaced. The software version information are still untouched.

Hilmar

-- 
sigmentation fault


signature.asc
Description: PGP signature

Bug#1034435: flowblade: Doesn't start (sway)

[Martin Dosch]

Package: flowblade
Version: 2.8.0.3-3
Severity: important

Dear Maintainer,

flowblade doesn't start on sway. When trying to start it from a terminal 
I see the following traceback:

...
MLT detection succeeded, 184 formats, 122 video codecs and 84 audio codecs 
found.
688 MLT services found.
Loading render profiles...
Loading filters...
Loading transitions...
MLT transition region not found.
RGB Adjustment dropped for Color Adjustment
Hue dropped for Color Adjustment
Gamma dropped for Lift Gain Gamma
default profile from prefs not found
G'MIC found
Player initialized with profile:  HD 1080p 30 fps
Selected color NOT detected
BG color detected
Traceback (most recent call last):
  File "/usr/bin/flowblade", line 93, in 
app.main(modules_path)
  File "/usr/share/flowblade/Flowblade/app.py", line 316, in main
launch_player()
  File "/usr/share/flowblade/Flowblade/app.py", line 520, in launch_player
editorstate.player.set_sdl_xwindow(gui.tline_display)
  File "/usr/share/flowblade/Flowblade/mltplayer.py", line 125, in 
set_sdl_xwindow
os.putenv('SDL_WINDOWID', str(widget.get_window().get_xid()))
  ^^^
AttributeError: 'GdkWaylandWindow' object has no attribute 'get_xid'. Did you 
mean: 'get_width'?

Best regards,
Martin

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (900, 'testing-security'), (900, 'testing'), (600, 'unstable'), 
(500, 'unstable-debug'), (500, 'testing-debug'), (500, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages flowblade depends on:
ii  frei0r-plugins1.8.0-1+b1
ii  gir1.2-gdkpixbuf-2.0  2.42.10+dfsg-1+b1
ii  gir1.2-glib-2.0   1.74.0-3
ii  gir1.2-gtk-3.03.24.37-2
ii  gir1.2-pango-1.0  1.50.12+ds-1
ii  gmic  2.9.4-4+b4
ii  libmlt-data   7.12.0-1
ii  librsvg2-common   2.54.5+dfsg-1
ii  python3   3.11.2-1+b1
ii  python3-cairo 1.20.1-5+b1
ii  python3-dbus  1.3.2-4+b1
ii  python3-distutils 3.11.2-2
ii  python3-gi3.42.2-3+b1
ii  python3-gi-cairo  3.42.2-3+b1
ii  python3-mlt   7.12.0-1+b1
ii  python3-numpy 1:1.24.2-1
ii  python3-opencv4.6.0+dfsg-11
ii  python3-pil   9.4.0-1.1+b1
ii  swh-plugins   0.4.17-2

flowblade recommends no packages.

flowblade suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1034434: unblock: pcsc-lite/1.9.9-2

[Ludovic Rousseau]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: pcsc-l...@packages.debian.org
Control: affects -1 + src:pcsc-lite

Please unblock package pcsc-lite

[ Reason ]
Version 1.9.9-2 fixes the RC bug #1034209
" pcscd: dh_installsystemd doesn't handle files in /usr/lib/systemd/system "

[ Impact ]
The daemon may not start as expected if systemd files are in /usr/lib/
instead of /lib/

[ Tests ]
Manual tests on my system.

[ Risks ]
Low or inexistent.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
It is linked to #1031695
" dh_installsystemd doesn't handle files in /usr/lib/systemd/system "

unblock pcsc-lite/1.9.9-2
diff -Nru pcsc-lite-1.9.9/debian/changelog pcsc-lite-1.9.9/debian/changelog
--- pcsc-lite-1.9.9/debian/changelog2022-09-11 16:43:51.0 +0200
+++ pcsc-lite-1.9.9/debian/changelog2023-04-11 19:15:00.0 +0200
@@ -1,3 +1,11 @@
+pcsc-lite (1.9.9-2) unstable; urgency=medium
+
+  * Fix "dh_installsystemd doesn't handle files in
+/usr/lib/systemd/system" (Closes: #1034209)
+  * d/control: remove lsb-base dependency and fix lintian error
+
+ -- Ludovic Rousseau   Tue, 11 Apr 2023 19:15:00 +0200
+
 pcsc-lite (1.9.9-1) unstable; urgency=medium
 
   * new upstream release
diff -Nru pcsc-lite-1.9.9/debian/control pcsc-lite-1.9.9/debian/control
--- pcsc-lite-1.9.9/debian/control  2022-09-11 16:43:51.0 +0200
+++ pcsc-lite-1.9.9/debian/control  2023-04-11 19:15:00.0 +0200
@@ -17,7 +17,7 @@
 
 Package: pcscd
 Architecture: any
-Depends: libccid | pcsc-ifd-handler, ${shlibs:Depends}, ${misc:Depends}, 
lsb-base, libpcsclite1 (= ${binary:Version})
+Depends: libccid | pcsc-ifd-handler, ${shlibs:Depends}, ${misc:Depends}, 
libpcsclite1 (= ${binary:Version})
 Suggests: systemd
 Multi-Arch: foreign
 Pre-Depends: ${misc:Pre-Depends}
diff -Nru pcsc-lite-1.9.9/debian/pcscd.install 
pcsc-lite-1.9.9/debian/pcscd.install
--- pcsc-lite-1.9.9/debian/pcscd.install2022-09-11 16:43:51.0 
+0200
+++ pcsc-lite-1.9.9/debian/pcscd.install2023-04-11 19:15:00.0 
+0200
@@ -1,3 +1,3 @@
 usr/sbin/pcscd
-usr/lib/systemd/system/pcscd.socket
-usr/lib/systemd/system/pcscd.service
+lib/systemd/system/pcscd.socket
+lib/systemd/system/pcscd.service
diff -Nru pcsc-lite-1.9.9/debian/rules pcsc-lite-1.9.9/debian/rules
--- pcsc-lite-1.9.9/debian/rules2022-09-11 16:43:51.0 +0200
+++ pcsc-lite-1.9.9/debian/rules2023-04-11 19:15:00.0 +0200
@@ -12,7 +12,7 @@
 
 override_dh_auto_configure:
dh_auto_configure -- $(EXTRA_CONFIGURE_ARGS) \
-   --with-systemdsystemunitdir=/usr/lib/systemd/system \
+   --with-systemdsystemunitdir=/lib/systemd/system \
--enable-usbdropdir=/usr/lib/pcsc/drivers \
--enable-ipcdir=/run/pcscd \
$(shell dpkg-buildflags --export=configure)

Bug#1034433: libsdl3-doc: missing Breaks+Replaces: libsdl1.2-dev (<< 3)

[Andreas Beckmann]

Package: libsdl3-doc
Version: 3~git20230412+dfsg-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.
This error may also be triggered by having a predecessor package from
'sid' installed while installing the package from 'experimental'.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../libsdl3-doc_3~git20230412+dfsg-2_all.deb ...
  Unpacking libsdl3-doc (3~git20230412+dfsg-2) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libsdl3-doc_3~git20230412+dfsg-2_all.deb (--unpack):
   trying to overwrite '/usr/share/man/man3/SDL_AddTimer.3.gz', which is also 
in package libsdl1.2-dev 1.2.15+dfsg2-8
  Errors were encountered while processing:
   /var/cache/apt/archives/libsdl3-doc_3~git20230412+dfsg-2_all.deb


cheers,

Andreas


libsdl1.2-dev=1.2.15+dfsg2-8_libsdl3-doc=3~git20230412+dfsg-2.log.gz
Description: application/gzip

Bug#1034372: ncurses: CVE-2023-29491

[Sven Joachim]

On 2023-04-13 20:39 +0200, Moritz Mühlenhoff wrote:

> The following vulnerability was published for ncurses.
>
> CVE-2023-29491 was assigned to 
> https://invisible-island.net/ncurses/NEWS.html#index-t20230408
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2023-29491
> https://www.cve.org/CVERecord?id=CVE-2023-29491

Security boundaries are only crossed for setuid/setgid programs here,
and we probably do not have many setuid binaries linked to libtinfo in
the distribution (on my system, I could not find any).  So I guess you
probably do not want to issue a DSA here, right?

Gentoo users have noticed a few problems after upgrading to the 20230408
patchlevel[1,2,3], most notably output of openrc being completely
broken.  While we do not have that particular problem because openrc in
Debian is built without ncurses support, I do not currently have an idea
which other packages might show misbehavior.  So I am rather reluctant
to fix this bug before the bookworm release.

Cheers,
   Sven


1. https://bugs.gentoo.org/904247
2. https://bugs.gentoo.org/904263
3. https://bugs.gentoo.org/904277

Bug#1034432: ITP: golang-github-hashicorp-terraform-registry-address -- Go library to represent, compare and parse Terraform Registry address

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: golang-github-hashicorp-terraform-registry-address
  Version : 0.2.0-1
  Upstream Author : HashiCorp, Inc.
* URL : https://github.com/hashicorp/terraform-registry-address
* License : MPL-2.0
  Programming Lang: Go
  Description : Go library to represent, compare and parse Terraform 
Registry address

 This Go module enables parsing, comparison and canonical representation of
 Terraform Registry (https://registry.terraform.io/) "provider" addresses
 (such as registry.terraform.io/grafana/grafana or hashicorp/aws) and
 "module" addresses (such as hashicorp/subnets/cidr).

Reason for packaging: Needed by terraform (RFP - #808940)

Bug#1034363: firefox: Non-default fonts no longer work

[marillat]

On Fri, 14 Apr 2023 16:17:56 +0200 Andras Korn  
wrote:
> Hi,

Hi,


[...]

> If the setting "Allow pages to choose their own fonts, instead of your 
> selections above" (browser.display.use_document_fonts) is enabled, these 
> labels are invisible (you can select them and their space will be 
> highlighted, but the letters are not rendered).
> 
> Disabling use_document_fonts causes the labels to be rendered correctly (in 
> the font chosen in the preferences).

This fix the problem for me.

Christian