Bug#1036309: xdg-utils: xdg-mime pauses for around 2 seconds running xprop to detect XFCE

2023-05-18 Thread Reuben Thomas 
Package: xdg-utils
Version: 1.1.3-4
Severity: normal

I was noticing that xdg-mime was very slow on one system; this turned out to
be a server where I did not have a desktop environment, so xdg-mime was
going through all of its DE checks every time. Commenting out the calls to
“xprop” fixed it; perhaps because I was ssh-ing into the system, and hence
xprop was querying my local X server over the net?

In any case, xdg-mime shouldn’t run a command that could wait for multiple
seconds like this, at least not just to diagnose its environment.

-- Package-specific info:
Desktop environment: XDG_CURRENT_DESKTOP=GNOME

-- System Information:
Debian Release: bookworm/sid
  APT prefers jammy-updates
  APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), 
(100, 'jammy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-72-generic (SMP w/16 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

xdg-utils depends on no packages.

Versions of packages xdg-utils recommends:
ii  libfile-mimeinfo-perl  0.31-1
ii  libnet-dbus-perl   1.2.0-1build3
ii  libx11-protocol-perl   0.56-7.1
ii  x11-utils  7.7+5build2
ii  x11-xserver-utils  7.7+9build1

xdg-utils suggests no packages.

-- no debconf information

Bug#1036308: r-base: R CMD check --as-cran fails for packages with math in help files

2023-05-18 Thread Johannes Ranke 
Package: r-base
Version: 4.3.0-1
Severity: normal

Dirk,

as recently discussed on the r-pkg-devel list[1], checking a package with
using the --as-cran option fails when using R 4.3.0-1 currently sitting
in unstable.

Please apply the fix proposed by Ivan Kyrilov on the list, or, alternatively,
apply commit r84321 that addressed the problem upstream as mentioned in
the R bug tracker [2].

To facilitate testing, I have created a test package using your useful
pkgKitten package [3].

Cheers,

Johannes

[1] https://stat.ethz.ch/pipermail/r-package-devel/2023q2/009088.html
[2] https://bugs.r-project.org/show_bug.cgi?id=18517
[3] https://github.com/jranke/katexTestPackage

Bug#1036307: unblock: ufw/0.36.2-1

2023-05-18 Thread Jamie Strandboge 

Package: release.debian.org

This has additional information:
https://alioth-lists.debian.net/pipermail/piuparts-devel/2023-May/009566.html

On May 18, 2023 10:33:36 PM Jamie Strandboge  wrote:


Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ufw

It seems that adduser 3.133 has caused problems for a lot of packages in sid,
including ufw. See:

https://piuparts.debian.org/sid/fail/adduser_3.133.log
https://piuparts.debian.org/sid/fail/
https://piuparts.debian.org/sid/fail/ufw_0.36.2-1.log
https://piuparts.debian.org/sid/fail/...

In the case of ufw, it ships a logrotate file and logrotate gets installed,
which pulls in adduser, but adduser can't be removed and piuparts fails:

0m18.6s DEBUG: Starting command: ['chroot', 
'/srv/piuparts.debian.org/tmp/tmpwv4fmpa7', 'apt-get', 'install', '-y', 
'logrotate']

0m19.9s DUMP:
 Reading package lists...
 Building dependency tree...
 Reading state information...
 The following additional packages will be installed:
   adduser cron cron-daemon-common libpopt0 sensible-utils
...
m20.2s ERROR: Command failed (status=1): ['chroot', 
'/srv/piuparts.debian.org/tmp/tmpwv4fmpa7', 'dpkg', '--purge', 'adduser', 
'cron', 'cron-daemon-common', 'libpopt0:amd64', 'logrotate', 'sensible-utils']

 dpkg: error processing package adduser (--purge):
  this is a protected package; it should not be removed
...

As mentioned, there seem to be several packages in this state. ufw has shipped
a logrotate file for years and this isn't new to ufw 0.36.2-1.

[ Reason ]
ufw did not cause adduser to be unremovable, and adduser being unremovable
should not affect ufw's migration.

[ Impact ]
Bug fixes and translations will not be available in bookworm (I am upstream ufw
and I cut 0.36.2 specifically for bookworm users).

[ Tests ]
Build tests (unit and functional) and autopkgtests pass.

[ Risks ]
Leaf package.

[ Checklist ]
 [x] all changes are documented in the d/changelog
 [x] I reviewed all changes and I approve them
 [x] attach debdiff against the package in testing


unblock ufw/0.36.2-1

Bug#1036306: unblock: ufw/0.36.2-1

2023-05-18 Thread Jamie Strandboge 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ufw

It seems that adduser 3.133 has caused problems for a lot of packages in sid,
including ufw. See:

https://piuparts.debian.org/sid/fail/adduser_3.133.log
https://piuparts.debian.org/sid/fail/
https://piuparts.debian.org/sid/fail/ufw_0.36.2-1.log
https://piuparts.debian.org/sid/fail/...

In the case of ufw, it ships a logrotate file and logrotate gets installed,
which pulls in adduser, but adduser can't be removed and piuparts fails:

0m18.6s DEBUG: Starting command: ['chroot', 
'/srv/piuparts.debian.org/tmp/tmpwv4fmpa7', 'apt-get', 'install', '-y', 
'logrotate']
0m19.9s DUMP:
  Reading package lists...
  Building dependency tree...
  Reading state information...
  The following additional packages will be installed:
adduser cron cron-daemon-common libpopt0 sensible-utils
...
m20.2s ERROR: Command failed (status=1): ['chroot', 
'/srv/piuparts.debian.org/tmp/tmpwv4fmpa7', 'dpkg', '--purge', 'adduser', 
'cron', 'cron-daemon-common', 'libpopt0:amd64', 'logrotate', 'sensible-utils']
  dpkg: error processing package adduser (--purge):
   this is a protected package; it should not be removed
...

As mentioned, there seem to be several packages in this state. ufw has shipped
a logrotate file for years and this isn't new to ufw 0.36.2-1. 

[ Reason ]
ufw did not cause adduser to be unremovable, and adduser being unremovable
should not affect ufw's migration.

[ Impact ]
Bug fixes and translations will not be available in bookworm (I am upstream ufw
and I cut 0.36.2 specifically for bookworm users).

[ Tests ]
Build tests (unit and functional) and autopkgtests pass.

[ Risks ]
Leaf package.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock ufw/0.36.2-1
diff -Nru ufw-0.36.1/ChangeLog ufw-0.36.2/ChangeLog
--- ufw-0.36.1/ChangeLog2021-09-18 20:29:52.0 -0500
+++ ufw-0.36.2/ChangeLog2023-05-18 08:45:35.0 -0500
@@ -1,3 +1,23 @@
+ufw (0.36.2) RELEASED; urgency=medium
+
+  * src/ufw-init-functions: set default policy after loading rules. Thanks to
+Mauricio Faria de Oliveira. (LP: #1946804)
+  * doc/ufw.8:
+- document 'insert' and 'prepend' can't be used to update comments
+  (LP: #1927737)
+  * src/backend_iptables.py: remove unreachable code (LP: #1927734)
+  * src/util.py:
+- properly parse /proc/pid/stat for WSL (LP: #2015645)
+- mitigate odd length string with unhexlify (Closes: 1034568)
+- support vrrp protocol (LP: #1996636)
+  * add locales/po/ro.po. Thanks Remus-Gabriel Chelu (Closes: 1034119)
+  * add '-h' and show help with no args (LP: #1965462)
+  * src/backend.py: add get_rules_ipv4() and get_rules_ipv6() (LP: #1951018)
+  * tests/check-requirements: update for python 3.10+
+  * tests/root: normalize 'ACCEPT {all,tcp}' and 'ACCEPT N' for newer systems
+
+ -- Jamie Strandboge   Thu, 18 May 2023 08:45:30 -0500
+
 ufw (0.36.1) RELEASED; urgency=medium
 
   * snap packaging updates:
diff -Nru ufw-0.36.1/debian/changelog ufw-0.36.2/debian/changelog
--- ufw-0.36.1/debian/changelog 2022-10-15 05:54:27.0 -0500
+++ ufw-0.36.2/debian/changelog 2023-05-18 09:03:07.0 -0500
@@ -1,3 +1,30 @@
+ufw (0.36.2-1) unstable; urgency=medium
+
+  * New upstream release (LP: #1946804, LP: #1927737, LP: #1927734,
+LP: #2015645, LP: #1996636, LP: #1965462, LP: #1951018, Closes: 1034568,
+Closes: 1034119). Drop the following (included upstream):
+- 0002-fix-copyright.patch
+- 0003-python3-versions.patch
+- 0004-set-default-policy-after-load.patch
+  * Remaining changes:
+- 0001-optimize-boot.patch
+  * add new debian/po/ro.po. Thanks Remus-Gabriel Chelu (Closes: 1033758)
+  * debian/control:
+- Breaks with iptables-persistent and netfilter-persistent. When ufw is
+  installed, it is not enabled by default, so it doesn't interfere with
+  other firewall software (until it is enabled). In contrast,
+  iptables-persistent and netfilter-persistent install enabled, which
+  interferes with ufw. Add a breaks on these to avoid them being
+  co-installed with ufw (and causing problems for users).
+- use Python-Version instead of XB-Python-Version
+- remove Depends on obsolete lsb-base
+  * ufw.lintian-overrides:
+- update for breaks-without-version iptables-persistent and
+  netfilter-persistent
+- update for newer lintian
+
+ -- Jamie Strandboge   Thu, 18 May 2023 14:03:07 +
+
 ufw (0.36.1-4.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ufw-0.36.1/debian/control ufw-0.36.2/debian/control
--- ufw-0.36.1/debian/control   2021-09-19 00:46:12.0 -0500
+++ ufw-0.36.2/debian/control   2023-05-16 09:37:21.0 -0500
@@ -13,7 +13,7 @@
  po-debconf,
  python3 (>= 3.2),
  python3-distutils
-Standards-Version:

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Arnaud Rebillout 

On 19/05/2023 01:33, Luca Boccassi wrote:

We heard so much in the past couple of weeks about how important it is
for the project not to cause issues for derivatives and
cross-compatibility use cases, even speculatively. This is not even
speculative, it is certain to cause damage (as we experienced first
hard last year), I don't see how we can ignore it after all of these
discussions.

Speaking as Kali maintainer, we patched it out already a while ago:
https://gitlab.com/kalilinux/packages/dpkg/-/commit/bff5fa3c

Best,

Arnaud

Bug#1036305: qtpass: Recommends transitional package: pass-extension-otp

2023-05-18 Thread sergio 
Package: qtpass
Version: 1.3.2-4
Severity: minor

Dear Maintainer,

Recommends: pass, pass-extension-otp, pwgen

Package: pass-extension-otp
Description: transitional package
 This is a transitional package. It can safely be removed.

Bug#1036304: guix: /etc/profile.d/guix.sh not updated for 1.4.0

2023-05-18 Thread Philip McGrath 
Package: guix
Version: 1.4.0-3
Severity: important
X-Debbugs-Cc: phi...@philipmcgrath.com

Dear Maintainer,

The /etc/profile.d/guix.sh script was not updated for 1.4.0, or indeed 
seemingly since it was first added to the Debian package to address #985916.

Among other changes upstream, I changed it in 
23aafc800c9e678662766440916449ec5bbce830 to initialize various XDG environment 
variables, fixing a bug that can prevent KDE Plasma sessions from starting 
properly, instead leaving the user with a black screen. I encountered that bug 
again today when I logged back in after running `guix home reconfigure` for the 
first time on a new Bookworm installation. I described the problem in more 
detail upstream in https://issues.guix.gnu.org/56050 and the linked mailing-
list thread.

Note also that the file was renamed to zzz-guix.sh in 
93be56a3ab28ed0a482f354b7f536681c99b6999.

Thanks for packaging Guix for Debian!
Philip


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not 
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages guix depends on:
ii  guile-3.0   3.0.8-2
ii  guile-3.0-libs  3.0.8-2
ii  guile-gcrypt0.4.0-2
ii  guile-git   0.5.2-5
ii  guile-gnutls3.7.9-2
ii  guile-json  4.7.3-2
ii  guile-lzlib 0.0.2-3
ii  guile-sqlite3   0.1.3-3
ii  guile-ssh   0.16.2-1
ii  guile-zlib  0.1.0-4
ii  libbz2-1.0  1.0.8-5+b1
ii  libc6   2.36-9
ii  libgcc-s1   12.2.0-14
ii  libgcrypt20 1.10.1-3
ii  libsqlite3-03.40.1-2
ii  libssh-dev  0.10.4-2
ii  libstdc++6  12.2.0-14
ii  zlib1g  1:1.2.13.dfsg-1

Versions of packages guix recommends:
ii  ca-certificates  20230311
ii  less 590-1.2
ii  nscd 2.36-9
ii  systemd  252.6-1

guix suggests no packages.

-- no debconf information


signature.asc
Description: This is a digitally signed message part.

Bug#1036277: Ship keama - The KEA Migration Assistant

2023-05-18 Thread Athos Ribeiro 

I filed a salsa MR at
https://salsa.debian.org/debian/isc-dhcp/-/merge_requests/10 with a
patch to include keama as a new binary package here.


--
Athos Ribeiro

Bug#932957: #932957 Please migrate Release Notes to reStructuredText

2023-05-18 Thread Richard Lewis 
On Thu, 18 May 2023 22:39:11 +0200 Holger Wansing  wrote:

> I worked on this recently, and I have something like a prototype ready.
> It can be found (as html) at
> https://people.debian.org/~holgerw/release-notes_sphinx/

I hope the below doesn't come across as negative - it;s not meant to
be: i've been submitted MRs for release-notes and
found the XML syntax adds complexity to the source that mostly only
results in the output using bold or fixed-width:
So it would be great to simplify to rst!

Unfortunately, my first impression is that it the output has quite a
few issues which make it a lot harder to read than
the docbook version - which im sure is because it's still only a
prototype, but thought it might helpful to list the things that jumped
out at me:
- It is a lot more cluttered than the docbook version - it feels
off-putting and dense to read
- it's all a bit 'blue' - i'd suggest red is more on-brand for debian
- the "next"/"prev" links at the bottom-right are white on green  ---
I totally missed at first, and found hard to read
- i was a bit confused by the "12.1" version number at the bottom of
every page, and having 'sphinx' reminded me of websites with "hosted
by geocities"
- are the red hyphens in eg the 'deb...' line near the top of
https://people.debian.org/~holgerw/release-notes_sphinx/en/html/issues.html
meant to be red? (maybe it is a syntax error?)
- package names are no longer distinguished from other text (eg 'ntp'
in 
https://people.debian.org/~holgerw/release-notes_sphinx/en/html/issues.html#changes-to-packages-that-set-the-system-clock)
- the order in the contents pane on the left is a bit...unusual: it
starts with the current section, then does previous, then next, so eg
on chapter 2,
 https://people.debian.org/~holgerw/release-notes_sphinx/en/html/whats-new.html
it lists chapters 2, then 1, then 3.
- https://people.debian.org/~holgerw/release-notes_sphinx/en/html/genindex.html
is completely blank
- not sure "show source" on the left is all that useful for readers

I'm sure these are easy to fix!

> while the git repo containing the migration is at
> https://salsa.debian.org/holgerw/release-notes

Im sure i am being dumb, but i couldnt spot where the actual rst files
are? - i still see eg
https://salsa.debian.org/holgerw/release-notes/-/blob/master/en/issues.dbk
in XML

> as far as I know, sphinx/reStructuredText is still lacking some functionality,
> which is heavily used in the release-notes.
> That is the use of substitutions within URLs.

You could always keep the entities and do a 'sed
s//bookworm/g' etc before "building" with sphinx.

Actually if i click 'show source'  l get to
https://people.debian.org/~holgerw/release-notes_sphinx/en/html/_sources/about.rst.txt
which seems to have |RELEASE| and |RELEASENAME| rather than 12 and
bookworm: perhaps sphinx supports entities after all?

Bug#1036302: free(): double free detected in tcache 2 during history search

2023-05-18 Thread Ben Wong 
Package: bash
Version: 5.2.15-2+b2
Severity: normal
X-Debbugs-Cc: bugs.debian@wongs.net

Dear Maintainer,

Using history-search-backward and -forward can cause bash to die with
an error:

free(): double free detected in tcache 2
Aborted (core dumped)

This is easily replicated by binding keys to run the history-search-
functions. Start up a fresh bash shell and type the following.

bind '"\C-p": history-search-backward'
bind '"\C-n": history-search-forward'
^P^U^P^U^N^J

Bash will immediately crash.

Note ^ means hold down the control key while pressing the next letter.
So, in the above example, you'd by hitting:

Control-P   # history-search-backward
Control-U   # unix-line-discard
Control-P   # history-search-backward
Control-U   # unix-line-discard
Control-N   # history-search-forward
Control-J   # accept-line


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bash depends on:
ii  base-files   12.4
ii  debianutils  5.7-0.4
ii  libc62.36-9
ii  libtinfo66.4-4

Versions of packages bash recommends:
ii  bash-completion  1:2.11-6

Versions of packages bash suggests:
ii  bash-doc  5.2.15-2

-- no debconf information

Bug#1036245: “Any arguments after the -- are treated as filenames and arguments.” in the bash man page makes no sense the way stated

2023-05-18 Thread Al Ma 
Thanks! First, if the arguments `-' and `--' are absolutely equivalent, there's 
no need for parens (which make the stuff inside the parens, well, parenthetic). 
Second, pay attention to the consistency of the quotation marks, whichever you 
choose. Therefore:
A single argument `--' or `-' stops bash interpreting further arguments as its 
own options. Any arguments after the `--' or `-' are treated as a new command 
line that bash will run. For example, `bash -- ls --help' passes the `--help' 
to `ls' rather than bash.
However, there's a problem:
$ bash -- ls --help
/usr/bin/ls: /usr/bin/ls: cannot execute binary file
AlMa

Bug#1036301: fetch-crl: purging the package leaves files behind

2023-05-18 Thread Christoph Anton Mitterer 
Package: fetch-crl
Version: 3.0.20-1
Severity: normal



Hey.

When purging the package one gets:
Purging configuration files for fetch-crl (3.0.20-1) ...
dpkg: warning: while removing fetch-crl, directory '/var/cache/fetch-crl' not 
empty so not removed
dpkg: warning: while removing fetch-crl, directory 
'/etc/grid-security/certificates' not empty so not removed


I think at least /var/cache/fetch-crl shouldn't happen, as it contains only
fetch-crl related files:
l /var/cache/fetch-crl
total 1,3M
drwx-- 1 root root 4,1k Mar 29 15:31 .
drwxr-xr-x 1 root root  188 Mar 27 23:55 ..
-rw-r--r-- 1 root root 3,3k May 18 20:29 AC-GRID-FR-Personnels.0.state
-rw-r--r-- 1 root root 1,2k May 18 20:29 AC-GRID-FR-Robots.0.state
-rw-r--r-- 1 root root 1,8k May 18 20:29 AC-GRID-FR-Services.0.state
-rw-r--r-- 1 root root 1,2k May 18 20:29 AC-GRID-FR.0.state
-rw-r--r-- 1 root root 4,1k May 18 20:29 AEGIS.0.state
-rw-r--r-- 1 root root  45k May 18 20:29 ANSPGrid.0.state
-rw-r--r-- 1 root root 123k May 18 20:29 ASGCCA-2007.0.state
-rw-r--r-- 1 root root 1,4k May 18 20:29 ArmeSFo.0.state
-rw-r--r-- 1 root root 2,6k May 18 20:29 BG-ACAD-CA.0.state
-rw-r--r-- 1 root root 1,1k May 18 20:29 BYGCA.0.state
...

Not so sure what to do about:
/etc/grid-security/certificates


It does contain my certs (which were not installed there by fetch-crl of 
course),
but neither by the ietf-* packages (I use those only on one central node, and
rsync everything from there).

I'm not even sure whether the package should ship:
/etc/grid-security
/etc/grid-security/certificates
at all, or better just somehow fail gracefully if they're not there?


Cheers,
Chris.

Bug#1036300: Fwd: bullseye-pu: package curl/7.74.0-1.3+deb11u8

2023-05-18 Thread Samuel Henrique 
Package: release.debian.org
Control: affects -1 + src:curl
X-Debbugs-Cc: c...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bullseye
X-Debbugs-Cc: samuel...@debian.org
Severity: normal

[ Reason ]
* Backport upstream patches to fix 5 CVEs:
  - CVE-2023-27533: TELNET option IAC injection
  - CVE-2023-27534: SFTP path ~ resolving discrepancy
  - CVE-2023-27535: FTP too eager connection reuse
  - CVE-2023-27536: GSS delegation too eager connection re-use
  - CVE-2023-27538: SSH connection too eager reuse still
* d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(),
  required for CVE-2023-27535.

[ Impact ]
None of the vulnerabilities are critical, but they have already been
fixed in buster and we should do the same for bullseye.

[ Tests ]
curl's testsuite didn't spot any regressions.
The same CVEs have also been fixed in buster already.

[ Risks ]
Regressions on TELNET, SFTP, FTP, GSS and SSH functionalities of curl.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Nothing besides the CVE fixes.
The patches were changed to apply cleanly on bullseye, all the changes
can be seen here:
https://salsa.debian.org/debian/curl/-/commit/4adf0d7c4d47610336294d39f84a8360522a5936
https://salsa.debian.org/debian/curl/-/commit/b3dedba95658cea02405af32f0652f83d87f6eac
https://salsa.debian.org/debian/curl/-/commit/6909425ffa87e4c35730ecc2801ef40492239048
https://salsa.debian.org/debian/curl/-/commit/54e6a929643fe14160049ed8d1bda72dd34db9f7
https://salsa.debian.org/debian/curl/-/commit/19c382231a004b45b3096f72fb722f6df5d31902

[ Other info ]
I will be working on the latest CVEs that have been published for curl
but I'll push those fixes in a different upload.


-- 
Samuel Henrique 


curl_7.74.0-1.3+deb11u8.debdiff
Description: Binary data

Bug#1023472: Workaround implemented for live images

2023-05-18 Thread Cyril Brulebois 
Hi,

Speaking as someone who happen{ed,s} to come across live-build things for
unrelated reasons:

Roland Clobus  (2023-05-18):
> I've implemented a workaround for the live images at [1].
> As a result, the xfwm4 desktop manager is now the only desktop manager.

This seems to have been merged in live-build master.

I'm not sure whether this is a workaround or a real fix; if that's the
latter, it should probably be reassigned to live-build?

Two questions, with RC 4 in mind (and as a reminder, while I'll be dealing
with D-I Bookworm RC 4 with a focus on… the installer primarily, live images
are being built and released at the same time):
 - Is there a live-build upload planned to publish this fix to unstable?
 - With or without an extra upload, is there a plan to ask for an unblock?
   It seems best to ship in $codename the tools being built to build
   $codename. (Similar example: debian-cd.)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036082: linphone: Unable to enable H.264 video codec required for Zoom SIP connections

2023-05-18 Thread Petter Reinholdtsen 
[Dennis Filder]
> If you're behind NAT-ing router like most people then you usually need
> some kind of SIP proxy that connects to your ISP's SIP gateway to make
> it work.  So, if Linphone is not working with your Asterisk server you
> need to fix that first somehow.

This was on the local network, on the same subnet as the Asterisk
server.

> Well, I don't really use Zoom, mainly for privacy reasons, so you're a
> bit on your own here.

I do not expect anyone to use Zoom voluntarely, I was just asking if you
had actually tested it following the recipe mentioned earlier in the
issue.

In any case, sad to learn that Linphone is still useless to me.  I was
hoping it could provide an alternative SIP client to replace Jami, which
has proved to be a bit unstable.

-- 
Happy hacking
Petter Reinholdtsen

Bug#1036299: unbound: can't bind to 127.0.0.1:53

2023-05-18 Thread andrej 
Package: unbound
Version: 1.17.1-2
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
 With our unbound configuration file unbound couldn't start

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
 Place the unbound apparmor profile into complain mode rather than enforcing

   * What was the outcome of this action?
 Managed to launch both unbond and bgpd

   * What outcome did you expect instead?
 I would have expected unound to be allowed to bind to a port out of the box

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_NZ:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unbound depends on:
ii  adduser3.132
ii  init-system-helpers1.65.2
ii  libc6  2.36-9
ii  libevent-2.1-7 2.1.12-stable-8
ii  libnghttp2-14  1.52.0-1
ii  libprotobuf-c1 1.4.1-1+b1
ii  libpython3.11  3.11.2-6
ii  libssl33.0.8-1
ii  libsystemd0252.6-1
ii  sysvinit-utils [lsb-base]  3.06-4

Versions of packages unbound recommends:
ii  dns-root-data  2023010101

Versions of packages unbound suggests:
ii  apparmor  3.0.8-3
ii  openssl   3.0.8-1

-- Configuration Files:
/etc/apparmor.d/usr.sbin.unbound changed:
profile unbound /usr/sbin/unbound flags=(attach_disconnected, complain) {
  #include 
  #include 
  #include 
  # chown (chgrp) the Unix control socket
  capability chown,
  # chmod the Unix control socket
  capability fowner,
  capability fsetid,
  # added to abstractions/nameservices in Apparmor 2.12
  /var/lib/sss/mc/initgroups r,
  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_chroot,
  capability sys_resource,
  # root hints from dns-data-root
  /usr/share/dns/root.* r,
  # non-chrooted paths
  /etc/unbound/** r,
  owner /etc/unbound/*.key* rw,
  # explicitly deny (and audit) attempts to write to the key files
  # this should be unnecessary after switch to /run/unbound.ctl control socket
  # (here and below)
  audit deny /etc/unbound/unbound_control.{key,pem} rw,
  audit deny /etc/unbound/unbound_server.key w,
  # chrooted paths
  # unbound can be chrooted into /etc/unbound (upstream default) with
  #  /var/lib/unbound/ bind-mounted to /etc/unbound/var/lib/unbound/,
  # or it can be chrooted into /var/lib/unbound/ with /etc/unbound/ copied
  # into there (previous debian package default).
  /{,etc/unbound/}var/lib/unbound/** r,
  owner /{,etc/unbound/}var/lib/unbound/** rw,
  audit deny /{,etc/unbound/}var/lib/unbound/**/unbound_control.{key,pem} rw,
  audit deny /{,etc/unbound/}var/lib/unbound/**/unbound_server.key w,
  /usr/sbin/unbound mr,
  /run/systemd/notify w,
  /run/unbound.pid rw,
  # Unix control socket
  /run/unbound.ctl rw,
  #include 
}

/etc/unbound/unbound.conf [Errno 13] Permission denied: 
'/etc/unbound/unbound.conf'
/etc/unbound/unbound.conf.d/remote-control.conf [Errno 13] Permission denied: 
'/etc/unbound/unbound.conf.d/remote-control.conf'
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf [Errno 13] 
Permission denied: 
'/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf'

-- no debconf information

Bug#1032400: virt-manager: Windows 11 VM starts to cause system lock-up after upgrading to Bookworm

2023-05-18 Thread Xiyue Deng 
Package: virt-manager
Followup-For: Bug #1032400

It turns out that the issue has nothing to do with virt-manager or qemu but the
BIOS of the system that could cause the system to freeze when accessing the
TPM[1].  Closing and sorry for the trouble.

[1] https://lists.debian.org/debian-user/2023/04/msg00425.html


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages virt-manager depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  gir1.2-gtk-3.0   3.24.37-2
ii  gir1.2-gtk-vnc-2.0   1.3.1-1
ii  gir1.2-gtksource-4   4.8.4-4
ii  gir1.2-libosinfo-1.0 1.10.0-2
ii  gir1.2-libvirt-glib-1.0  4.0.0-2
ii  gir1.2-vte-2.91  0.70.3-1
ii  python3  3.11.2-1+b1
ii  python3-gi   3.42.2-3+b1
ii  python3-gi-cairo 3.42.2-3+b1
ii  python3-libvirt  9.0.0-1
ii  virtinst 1:4.1.0-2

Versions of packages virt-manager recommends:
ii  gir1.2-ayatanaappindicator3-0.1  0.5.92-1
ii  gir1.2-spiceclientglib-2.0   0.42-1
ii  gir1.2-spiceclientgtk-3.00.42-1
ii  libvirt-daemon-system9.0.0-3

Versions of packages virt-manager suggests:
ii  gir1.2-secret-1  0.20.5-3
ii  gnome-keyring42.1-1+b2
pn  python3-guestfs  
pn  ssh-askpass  
ii  virt-viewer  11.0-2

Versions of packages virt-manager is related to:
ii  libvirt-clients  9.0.0-3
ii  libvirt-daemon   9.0.0-3
ii  libvirt0 9.0.0-3
ii  osinfo-db0.20221130-2

-- no debconf information

Bug#1036293: [Pkg-pascal-devel] Bug#1036293: Bug#1036293: lazarus: LHelp needs CHM files to display online help

2023-05-18 Thread Peter B 

On 18/05/2023 22:24, Mike Swanson wrote:

On Thu, 2023-05-18 at 22:28 +0200, Abou Al Montacir wrote:

Yes these files were removed from the source package. This was
intentional not only to remove lintian warning but also to force
using doct build during the lazarus build process.


You can find them in lazarus-doc-2.2 package. If any is missing,
please report it here.


Interesting, I do see the lcl.chm in /usr/share/doc/lazarus/... but
LHelp doesn't open it by default.  I recall that working on Debian 11's
version of the package.  I may have placed blame in the wrong place
then, but there is still a bug (it is annoying to navigate to that
file, even when I do know what's going on).

___
Pkg-pascal-devel mailing list
pkg-pascal-de...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-pascal-devel


Regarding the html help, looks to me that lazarus is looking in
/usr/share/doc/lazarus/2.2.0/index.html
a 2.2.0 folder, but the index is now in 2.2.6

Bug#1036237: Moving my packages to the perl group

2023-05-18 Thread Michael Ablassmeier 
hi debian-perl,

after years of inactivity i got some new packages going and also
had a look at old perl packages which are still "maintained" by
me. Some of them have seen various nmu's already, so it makes
sense to move them to the debian-perl group.

Here are the RFS for those, without the maintainer set to the
perl group, but beeing updated to the latest standards:

 https://bugs.debian.org/1036238
 https://bugs.debian.org/1036237

my salsa handle is a...@debian.org, so if anyone want to assist
moving them over, i'd be happy do to so. Its unlikely those
packages will see any upstream activity, but since im not
using perl these days anyway, i think its best to move them
over to a team maintained approach..

greetings,
- michael

Bug#1036293: [Pkg-pascal-devel] Bug#1036293: lazarus: LHelp needs CHM files to display online help

2023-05-18 Thread Mike Swanson 
On Thu, 2023-05-18 at 22:28 +0200, Abou Al Montacir wrote:
> Yes these files were removed from the source package. This was
> intentional not only to remove lintian warning but also to force
> using doct build during the lazarus build process.
> 
> 
> You can find them in lazarus-doc-2.2 package. If any is missing,
> please report it here.
> 

Interesting, I do see the lcl.chm in /usr/share/doc/lazarus/... but
LHelp doesn't open it by default.  I recall that working on Debian 11's
version of the package.  I may have placed blame in the wrong place
then, but there is still a bug (it is annoying to navigate to that
file, even when I do know what's going on).

Bug#1036293: [Pkg-pascal-devel] Bug#1036293: lazarus: LHelp needs CHM files to display online help

2023-05-18 Thread Abou Al Montacir 
On Thu, 2023-05-18 at 12:13 -0700, Mike Swanson wrote:
> ...
> In order to resolve lintian reports in the Lazarus source package, the
> precompiled Windows help files (*.chm format) were removed and the package
> reuploaded.
Yes these files were removed from the source package. This was intentional not
only to remove lintian warning but also to force using doct build during the
lazarus build process.

>   However, these files are actually essential to Lazarus's ability
> to display help via the built-in LHelp program, which is launched via the Help
> menu in the application.  Without these files, Lazarus is unable to display
> help through this mechanism. 
You can find them in lazarus-doc-2.2 package. If any is missing, please report
it here.
> 
> Instead of removing the files, I would recommend shutting up Lintian through
> any possible means, if there is a way to make an exception or teach Lintian
> how to do an exception for that particular warning.
It is possible to override lintian errors, but we don't think this is the right
way to go. Documentation is subject of a dedicated package and is built from
source documentation. If any file is missing, please report it here and we will
see how to fix that.

Same for FPC documentation, it is packaged in a separate and dedicated package.
-- 
Cheers,
Abou Al Montacir


signature.asc
Description: This is a digitally signed message part

Bug#932957: #932957 Please migrate Release Notes to reStructuredText

2023-05-18 Thread Holger Wansing 
[[ debian-devel in CC, to get a wider audience regarding reStructuredText ]]


Hi,

I worked on this recently, and I have something like a prototype ready.
It can be found (as html) at
https://people.debian.org/~holgerw/release-notes_sphinx/
while the git repo containing the migration is at
https://salsa.debian.org/holgerw/release-notes


However, I may have some objections against the migration at all:
as far as I know, sphinx/reStructuredText is still lacking some functionality,
which is heavily used in the release-notes.
That is the use of substitutions within URLs.
In docbook speach these were entities, and you could use them in URLs like this:

Please follow the instructions in the https://www.debian.org/releases//releasenotes;>Release
Notes for   to upgrade to 
 first if needed.

Please note the  in the URL!
I could not get this working with sphinx (if someone knows better, please
contact me!)
In sphinx, I used hardcoded codenames like
https://www.debian.org/releases/bullseye/releasenotes instead, which means,
that there is much work to do to make the release-notes fit for the next 
release,
while with docbook you only need to change the entity in one place !!!
In sphinx you need to change every single occurence, and don't forget the 
translations !!!



Beside this, I need help to adapt the buildchain, to get the possibility of
building the release-notes for the different architectures.
I have no python knowledge, so I will most likely not get this running myself.

And the last point is the integration into the debhelper tools: I don't know
if it is required, to have the release-notes fit for building as a whole
package with sbuild or debuild or similar. Salsa tries to build it via CI
at every push, but currently fails.
However, there is no package "release-notes" in the archive, so currently
it is only a matter of building it on wolkenstein for www.debian.org, right?


Regards
Holger



-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

Bug#1036082: linphone: Unable to enable H.264 video codec required for Zoom SIP connections

2023-05-18 Thread Dennis Filder 
X-Debbugs-CC: Petter Reinholdtsen 

On Wed, May 17, 2023 at 08:05:44PM +0200, Petter Reinholdtsen wrote:
> [Petter Reinholdtsen]  writes:
> > Nope.  It do not seem to be available in Bullseye.  I'll try with a
> > Bookworm machine and see if there is greater success there.
>
> I tested on Bookworm, and while it is different, I did not manage to
> call the SIP endpoint of Zoom.
>
> With the mediastreamer2-plugin-openh264 package installed, the H.264
> option show up as enabled, and disabling and enabling it do not ask for
> anything to be downloaded.  This is great.
>
> The problem is that I try to connect it to my local Asterisk server,
> which appear to not work.  I get a proxy account with the correct
> settings, but linphone do not seem to reach the server.

If you're behind NAT-ing router like most people then you usually need
some kind of SIP proxy that connects to your ISP's SIP gateway to make
it work.  So, if Linphone is not working with your Asterisk server you
need to fix that first somehow.

> > Are you able to connect to Zoom yourself?
>
> Would be interesting to know the answer to this question.

Well, I don't really use Zoom, mainly for privacy reasons, so you're a
bit on your own here.

> It behave a lot better.  I guess this issue can be seen as solved with
> linphone version 5.1.65-4.  Still have not found a way to make Linphone
> useful, but at least the download popup seem to be gone.
>
> I am happy to debug some more, and am available on #debian-voip if
> someone want direct contact.

Okay, I will close the bug report then.

Regards.

Bug#1036298: xen: CVE-2022-42336: XSA-431: Mishandling of guest SSBD selection on AMD hardware

2023-05-18 Thread Salvatore Bonaccorso 
Source: xen
Version: 4.17.0+74-g3eac216e6e-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for xen.

CVE-2022-42336[0]:
| Mishandling of guest SSBD selection on AMD hardware The current logic
| to set SSBD on AMD Family 17h and Hygon Family 18h processors requires
| that the setting of SSBD is coordinated at a core level, as the
| setting is shared between threads. Logic was introduced to keep track
| of how many threads require SSBD active in order to coordinate it,
| such logic relies on using a per-core counter of threads that have
| SSBD active. When running on the mentioned hardware, it's possible for
| a guest to under or overflow the thread counter, because each write to
| VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that
| does the per-core active accounting. Underflowing the counter causes
| the value to get saturated, and thus attempts for guests running on
| the same core to set SSBD won't have effect because the hypervisor
| assumes it's already active.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-42336
https://www.cve.org/CVERecord?id=CVE-2022-42336
[1] https://xenbits.xen.org/xsa/advisory-431.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1036123: [pre-approval] unblock: libcap2/1:2.66-4

2023-05-18 Thread Salvatore Bonaccorso 
Hi Christian,

On Tue, May 16, 2023 at 11:39:52AM +0200, Christian Kastner wrote:
> Control: tags -1 - moreinfo
> 
> On 2023-05-15 22:12, Sebastian Ramacher wrote:
> > Please go ahead and remove the moreinfo tag once the package is
> > available in unstable.
> 
> Done (this time with the right recipients)

I just realized, that apart gettin the unblock by the release team as
it affects d-i as well (shipping libcap2-udeb), CC'ing Cyril here as
well.

Regards,
Salvatore

Bug#1036279: XSS in RSS syntax

2023-05-18 Thread Axel Beckert 
Hi Moritz,

Moritz Muehlenhoff wrote:
> Severity: grave

Thanks for the severity assessment by the security team. I wasn't
really sure if this is RC or "just important".

I've had a look at the new upstream tar balls, but the diff is
unfortunately huge:

$ tardiff dokuwiki-2022-07-31{a,b}.tgz
- composer.json
- composer.lock
- data/pages/playground
- data/pages/playground/playground.txt
- lib/plugins/authpdo/_test
- lib/plugins/authpdo/_test/mysql
- lib/plugins/authpdo/_test/mysql.test.php
- lib/plugins/authpdo/_test/mysql/fluxbb.php
- lib/plugins/authpdo/_test/mysql/fluxbb.sql
- lib/plugins/authpdo/_test/mysql/mybb.php
- lib/plugins/authpdo/_test/mysql/mybb.sql
- lib/plugins/authpdo/_test/mysql/wordpress.php
- lib/plugins/authpdo/_test/mysql/wordpress.sql
- lib/plugins/authpdo/_test/pgsql
- lib/plugins/authpdo/_test/pgsql.test.php
- lib/plugins/authpdo/_test/pgsql/django.php
- lib/plugins/authpdo/_test/pgsql/django.sql
- lib/plugins/authpdo/_test/sqlite.test.php
- lib/plugins/authpdo/_test/test.sqlite3
- lib/plugins/authplain/_test
- lib/plugins/authplain/_test/conf
- lib/plugins/authplain/_test/conf/auth.users.php
- lib/plugins/authplain/_test/escaping.test.php
- lib/plugins/authplain/_test/userdata.test.php
- lib/plugins/config/_test
- lib/plugins/config/_test/ConfigParserTest.php
- lib/plugins/config/_test/DocumentationTest.php
- lib/plugins/config/_test/LoaderExtraDefaultsTest.php
- lib/plugins/config/_test/LoaderTest.php
- lib/plugins/config/_test/Setting
- lib/plugins/config/_test/Setting/AbstractSettingTest.php
- lib/plugins/config/_test/Setting/SettingArrayTest.php
- lib/plugins/config/_test/Setting/SettingNumericTest.php
- lib/plugins/config/_test/Setting/SettingNumericoptTest.php
- lib/plugins/config/_test/Setting/SettingOnoffTest.php
- lib/plugins/config/_test/Setting/SettingStringTest.php
- lib/plugins/config/_test/Setting/SettingTest.php
- lib/plugins/config/_test/WriterTest.php
- lib/plugins/config/_test/data
- lib/plugins/config/_test/data/config.php
- lib/plugins/config/_test/data/metadata.php
- lib/plugins/extension/_test
- lib/plugins/extension/_test/extension.test.php
- lib/plugins/extension/_test/testdata
- lib/plugins/extension/_test/testdata/either1
- lib/plugins/extension/_test/testdata/either1/script.js
- lib/plugins/extension/_test/testdata/eithersub2
- lib/plugins/extension/_test/testdata/eithersub2/either2
- lib/plugins/extension/_test/testdata/eithersub2/either2/script.js
- lib/plugins/extension/_test/testdata/plgfoo5
- lib/plugins/extension/_test/testdata/plgfoo5/plugin.info.txt
- lib/plugins/extension/_test/testdata/plgsub3
- lib/plugins/extension/_test/testdata/plgsub3/plugin3
- lib/plugins/extension/_test/testdata/plgsub3/plugin3/syntax.php
- lib/plugins/extension/_test/testdata/plgsub4
- lib/plugins/extension/_test/testdata/plgsub4/plugin4
- lib/plugins/extension/_test/testdata/plgsub4/plugin4/plugin.info.txt
- lib/plugins/extension/_test/testdata/plgsub6
- lib/plugins/extension/_test/testdata/plgsub6/plgfoo6
- lib/plugins/extension/_test/testdata/plgsub6/plgfoo6/plugin.info.txt
- lib/plugins/extension/_test/testdata/plugin1
- lib/plugins/extension/_test/testdata/plugin1/syntax.php
- lib/plugins/extension/_test/testdata/plugin2
- lib/plugins/extension/_test/testdata/plugin2/plugin.info.txt
- lib/plugins/extension/_test/testdata/template1
- lib/plugins/extension/_test/testdata/template1/main.php
- lib/plugins/extension/_test/testdata/template1/style.ini
- lib/plugins/extension/_test/testdata/template2
- lib/plugins/extension/_test/testdata/template2/template.info.txt
- lib/plugins/extension/_test/testdata/tplfoo5
- lib/plugins/extension/_test/testdata/tplfoo5/template.info.txt
- lib/plugins/extension/_test/testdata/tplsub3
- lib/plugins/extension/_test/testdata/tplsub3/template3
- lib/plugins/extension/_test/testdata/tplsub3/template3/main.php
- lib/plugins/extension/_test/testdata/tplsub3/template3/style.ini
- lib/plugins/extension/_test/testdata/tplsub4
- lib/plugins/extension/_test/testdata/tplsub4/template4
- lib/plugins/extension/_test/testdata/tplsub4/template4/template.info.txt
- lib/plugins/extension/_test/testdata/tplsub6
- lib/plugins/extension/_test/testdata/tplsub6/tplfoo6
- lib/plugins/extension/_test/testdata/tplsub6/tplfoo6/template.info.txt
- lib/plugins/styling/.travis.yml
- lib/plugins/styling/_test
- lib/plugins/styling/_test/colors.test.php
- lib/plugins/styling/_test/general.test.php
- lib/plugins/testing
- lib/plugins/testing/_test
- lib/plugins/testing/_test/dummy_plugin_integration_test.test.php
- lib/plugins/testing/_test/dummy_plugin_test.test.php
- lib/plugins/testing/action.php
- lib/plugins/testing/conf
- lib/plugins/testing/conf/default.php
- lib/plugins/testing/conf/metadata.php
- lib/plugins/testing/lang
- lib/plugins/testing/lang/en
- lib/plugins/testing/lang/en/settings.php
- lib/plugins/testing/plugin.info.txt
- lib/plugins/usermanager/_test
- lib/plugins/usermanager/_test/csv_export.test.php
-

Bug#1036297: libvirt: CVE-2023-2700

2023-05-18 Thread Salvatore Bonaccorso 
Source: libvirt
Version: 9.0.0-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: fixed -1 9.3.0-1

Hi,

The following vulnerability was published for libvirt.

CVE-2023-2700[0]:
| A vulnerability was found in libvirt. This security flaw ouccers due
| to repeatedly querying an SR-IOV PCI device's capabilities that
| exposes a memory leak caused by a failure to free the
| virPCIVirtualFunction array within the parent struct's g_autoptr
| cleanup.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-2700
https://www.cve.org/CVERecord?id=CVE-2023-2700
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2203653
[2] 
https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1036296: wordpress: CVE-2023-2745

2023-05-18 Thread Salvatore Bonaccorso 
Source: wordpress
Version: 6.2+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 6.1.1+dfsg1-1

Hi,

The following vulnerability was published for wordpress.

CVE-2023-2745[0]:
| WordPress Core is vulnerable to Directory Traversal in versions up to,
| and including, 6.2, via the #8216;wp_lang#8217; parameter.
| This allows unauthenticated attackers to access and load arbitrary
| translation files. In cases where an attacker is able to upload a
| crafted translation file onto the site, such as via an upload form,
| this could be also used to perform a Cross-Site Scripting attack.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-2745
https://www.cve.org/CVERecord?id=CVE-2023-2745
[1] https://core.trac.wordpress.org/changeset?old=55765=55765
[2] 
https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/

Regards,
Salvatore

Bug#1036182: spyder 4.2.1+dfsg1-3+deb11u2 flagged for acceptance

2023-05-18 Thread Adam D Barratt 
package release.debian.org
tags 1036182 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: spyder
Version: 4.2.1+dfsg1-3+deb11u2

Explanation: fix broken patch in previous update

Bug#1035522: debian-security-support 11+2023.05.04 flagged for acceptance

2023-05-18 Thread Adam D Barratt 
package release.debian.org
tags 1035522 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: debian-security-support
Version: 11+2023.05.04

Explanation: set DEB_NEXT_VER_ID=12 as bookworm is the next release; 
security-support-limited: add gnupg1

Bug#1036245: “Any arguments after the -- are treated as filenames and arguments.” in the bash man page makes no sense the way stated

2023-05-18 Thread Richard Lewis 
On Thu, 18 May 2023, 00:57 Al Ma,  wrote:

>
> In the man page for bash we see the line,
>
> “-- A -- signals the end of options and disables further option
> processing. Any arguments after the -- are treated as filenames and
> arguments. An argument of - is equivalent to --.”
>

I suggest the confusion is because the "argument" at the end is described
as both an argument and also...not an argument. i the first is a bit
redundant.

i suggest including an example, such as:


A `--' (or a single `-') stops bash interpreting further arguments as
options. Any arguments after the `--' are treated as a new command line
that bash will run. For example, 'bash -- ls --help' passes the `--help' to
ls rather than bash.

Bug#1036295: etcd: CVE-2023-32082

2023-05-18 Thread Salvatore Bonaccorso 
Source: etcd
Version: 3.4.23-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/etcd-io/etcd/pull/15656
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for etcd.

CVE-2023-32082[0]:
| etcd is a distributed key-value store for the data of a distributed
| system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API
| allows access to key names (not value) associated to a lease when
| `Keys` parameter is true, even a user doesn't have read permission to
| the keys. The impact is limited to a cluster which enables auth
| (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known
| workarounds.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32082
https://www.cve.org/CVERecord?id=CVE-2023-32082
[1] https://github.com/etcd-io/etcd/pull/15656
[2] https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1036294: sysstat: CVE-2023-33204

2023-05-18 Thread Salvatore Bonaccorso 
Source: sysstat
Version: 12.6.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/sysstat/sysstat/pull/360
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for sysstat.

CVE-2023-33204[0]:
| sysstat through 12.7.2 allows a multiplication integer overflow in
| check_overflow in common.c. NOTE: this issue exists because of an
| incomplete fix for CVE-2022-39377.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33204
https://www.cve.org/CVERecord?id=CVE-2023-33204
[1] https://github.com/sysstat/sysstat/pull/360

Regards,
Salvatore

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Gunnar Wolf 
Bastian Blank dijo [Thu, May 18, 2023 at 09:05:44PM +0200]:
> But why does the state of the package (native vs non-native) can have
> any effect on a CTTE decision?  Or do you want to say I can block CTTE
> from reaching any kind of decision just by uploading a package as
> native?  Sorry, but this does not compute.
> (...)
> Sure, but this is a direct violation of a CTTE decision.  How often do
> you think someone could do that?

During my time as a Technical Committe member, /usr-merge was the
point we most came back to. And yes, the way the TC decisions were
dodged or omitted by the dpkg maintainers was... quite depressing.

However, my reply should only be read regarding what I believe should
be done in the following ~month before the release.

Of course, I don't see the situation as ideal, nor as something that
should persist. I hope a _fixed_ dpkg is uploaded and becomes part of
Bookworm's first point release.

But, even if it were on the table (which is not AFAICT), I would (in a
strictly personal capacity) oppose the TC requiring such a patch at
this point.

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Matthias Klumpp 
Am Do., 18. Mai 2023 um 20:39 Uhr schrieb Luca Boccassi :
> [...]
> We heard so much in the past couple of weeks about how important it is
> for the project not to cause issues for derivatives and
> cross-compatibility use cases, even speculatively. This is not even
> speculative, it is certain to cause damage (as we experienced first
> hard last year), I don't see how we can ignore it after all of these
> discussions.

Speaking as maintainer of two Debian derivatives (PureOS and an
internal one), keeping this warning means we will need to patch dpkg
which of course is possible, but also a bit annoying. It is also odd
that Debian's configuration suddenly becomes "invalid" just by
changing the name of the OS.
(FWIW, PureOS has been usrmerged before Debian did that officially,
and so was Ubuntu - so far we haven't experienced any issues and our
users are happy - syncing dpkg without patching it will for sure cause
a lot of confusion though).

Cheers,
Matthias

-- 
I welcome VSRE emails. See http://vsre.info/

Bug#1036293: lazarus: LHelp needs CHM files to display online help

2023-05-18 Thread Mike Swanson 
Source: lazarus
Version: 2.2.6+dfsg2-1
Severity: normal
X-Debbugs-Cc: mikeonthecompu...@gmail.com

In order to resolve lintian reports in the Lazarus source package, the
precompiled Windows help files (*.chm format) were removed and the package
reuploaded.  However, these files are actually essential to Lazarus's ability
to display help via the built-in LHelp program, which is launched via the Help
menu in the application.  Without these files, Lazarus is unable to display
help through this mechanism. 

Instead of removing the files, I would recommend shutting up Lintian through
any possible means, if there is a way to make an exception or teach Lintian
how to do an exception for that particular warning.

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/32 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Bastian Blank 
Hi Gunar

On Thu, May 18, 2023 at 12:14:42PM -0600, Gunnar Wolf wrote:
> dpkg has many bits that make it special. It has been discussed whethe
> dpkg should be a native package or it should become non-native; if it
> were non-native, having a patch that contradicts the upstream author's
> wishes would be easier (and I'm not saying that I'd be up for patching
> this warning out as it is).

But why does the state of the package (native vs non-native) can have
any effect on a CTTE decision?  Or do you want to say I can block CTTE
from reaching any kind of decision just by uploading a package as
native?  Sorry, but this does not compute.

> If we were to force a patch silencing out this warning right now and
> for all of the Bookworm cycle, and the dpkg authors disagree with it,
> they could remove (even omit to include it) in any updates.

Sure, but this is a direct violation of a CTTE decision.  How often do
you think someone could do that?

Bastian

-- 
"Life and death are seldom logical."
"But attaining a desired goal always is."
-- McCoy and Spock, "The Galileo Seven", stardate 2821.7

Bug#1035654: non-essential adduser poses problems to purging packages

2023-05-18 Thread Johannes Schauer Marin Rodrigues 
Hi,

Quoting Nicolas Dandrimont (2023-05-18 20:51:04)
> On Thu, May 18, 2023, at 10:03, Marc Haber wrote:
> > adduser probably needs an additional hint because the new upload makes
> > piuparts fail now, as discussed yesterday.
> To work around this issue on the piuparts side, it sounds like we should make
> piuparts treat adduser as fake-essential for tests ending at bookworm or sid,
> so that we don't try to uninstall it; Andreas, what do you think?

a more general solution would be to skip uninstallation on all packages marked
with Protected:yes or to only uninstall with --allow-remove-essential. Such a
solution would not only benefit adduser but also any future packages marked
with Protected:yes.

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#1035654: non-essential adduser poses problems to purging packages

2023-05-18 Thread Nicolas Dandrimont 
On Thu, May 18, 2023, at 10:03, Marc Haber wrote:
> On Thu, May 18, 2023 at 12:24:39AM +0200, Johannes Schauer Marin 
> Rodrigues wrote:
>> Marc, the same offer to you for your recent adduser upload to unstable.
>
> Yes, please. Thanks for your work.
>
> adduser probably needs an additional hint because the new upload makes
> piuparts fail now, as discussed yesterday.

Hi,

To work around this issue on the piuparts side, it sounds like we should make 
piuparts treat adduser as fake-essential for tests ending at bookworm or sid, 
so that we don't try to uninstall it; Andreas, what do you think?

Thanks,
-- 
Nicolas Dandrimont

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Luca Boccassi 
On Thu, 18 May 2023 at 19:27, Ansgar  wrote:
>
> On Thu, 2023-05-18 at 12:14 -0600, Gunnar Wolf wrote:
> > Ansgar dijo [Thu, May 18, 2023 at 07:55:03PM +0200]:
> > > Why not?
> > >
> > > Do you think the implications of removing the warning are unclear?
> > >
> > > Do you think we need to explore alternative solutions?
> >
> > (I am no longer part of the Committee, answering just as another
> > developer)
> >
> > dpkg has many bits that make it special. It has been discussed whethe
> > dpkg should be a native package or it should become non-native; if it
> > were non-native, having a patch that contradicts the upstream
> > author's wishes would be easier (and I'm not saying that I'd be up
> > for patching this warning out as it is).
>
> Do you think this implementation detail is relevant for what we do in
> Debian? I don't care how a patch is applied and don't think that detail
> has to be part of the decision.
>
> I also don't see any further active discussion on this aspect (unless I
> missed something).
>
>
> > If we were to force a patch silencing out this warning right now and
> > for all of the Bookworm cycle, and the dpkg authors disagree with it,
> > they could remove (even omit to include it) in any updates.
>
> So? That is the case with any ruling the ctte makes, including the non-
> binding one the ctte just did under Constitution 6.1.5.
>
> >  Upstream
> > has repeatedly expressed their opposition to the way usrmerge has
> > been brought forward, and the warning silenced specifically for
> > Debian is already the best compromise situation we have been able to
> > reach -- even though we are aware the situation is far from ideal.
>
> If the best solution we have been able to reach is telling users of
> derivative distributions to configure their system in a way that is
> expected to cause breakage, then it would be worth documenting that
> this is the case and we cannot do more for derivative users.
>
> If the ctte believes this to be fine, then the ctte can decide to not
> overrule the maintainer.
>
> I don't think this is a good reason to delay the decision indefinitely
> unless there is some reason to believe something will change within a
> reasonable period of time (which I don't see happening).

We heard so much in the past couple of weeks about how important it is
for the project not to cause issues for derivatives and
cross-compatibility use cases, even speculatively. This is not even
speculative, it is certain to cause damage (as we experienced first
hard last year), I don't see how we can ignore it after all of these
discussions.

Kind regards,
Luca Boccassi

Bug#1036255: python3-onelogin-saml2: FTBFS in testing: AssertionError: "Invalid issuer in the Logout Request" does not match "Could not validate timestamp: expired. Check system clock.)"

2023-05-18 Thread Andrey Rakhmatullin 
On Thu, May 18, 2023 at 09:01:16AM +0200, Lucas Nussbaum wrote:
> > ==
> > FAIL: testIsInvalidIssuer 
> > (tests.src.OneLogin.saml2_tests.logout_request_test.OneLogin_Saml2_Logout_Request_Test.testIsInvalidIssuer)
> > Tests the is_valid method of the OneLogin_Saml2_LogoutRequest
> > --
> > onelogin.saml2.errors.OneLogin_Saml2_ValidationError: Could not validate 
> > timestamp: expired. Check system clock.)
> > 
> > During handling of the above exception, another exception occurred:
> > 
> > Traceback (most recent call last):
> >   File 
> > "/<>/tests/src/OneLogin/saml2_tests/logout_request_test.py", 
> > line 331, in testIsInvalidIssuer
> > with self.assertRaisesRegex(Exception, 'Invalid issuer in the Logout 
> > Request'):
> > AssertionError: "Invalid issuer in the Logout Request" does not match 
> > "Could not validate timestamp: expired. Check system clock.)"
https://github.com/SAML-Toolkits/python-saml/commit/a6a21109179571c9ca23f92e03017759741603c2
looks like a fix for this, though I haven't tested it.

Bug#1036021: cadabra2,python3-notebook: undeclared file conflict on /usr/lib/python3/dist-packages/notebook/static/components/codemirror

2023-05-18 Thread Andrey Rakhmatullin 
On Sat, May 13, 2023 at 11:14:38AM +0200, Helmut Grohne wrote:
> I noticed a suprising undeclared file conflict. While Andreas' tooling
> finds most of these, it missed this one.  It's about
> /usr/lib/python3/dist-packages/notebook/static/components/codemirror. In
> cadabra2, this is a directory. In python3-notebook, this is a symbolic
> link. Since dpkg does not yet track the type of files, it does not
> notice this conflict and the result depends on the unpack order. Worse,
> due to the symbolic link, aliasing (and its bad effects) may happen.
> 
> As such, these packages should coordinate what to do about the file.
> Failing that, they must declare Conflicts for one another.
Looks like the file in cadabra2, let's say, provides integration between
it and python3-notebook. So while it may make sense to not have cadabra2
depend on python3-notebook, it doesn't make sense for them to conflict, as
just removing this file is strictly better. The actual solution (as we
can't just keep this as is because of dpkg) should be moving the file to
the real path, which is, if I'm not mistaken,
/usr/share/javascript/codemirror. That directory is provided by
libjs-codemirror but I don't know if it makes sense for cadabra2 to depend
on it or not.

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Ansgar 
On Thu, 2023-05-18 at 12:14 -0600, Gunnar Wolf wrote:
> Ansgar dijo [Thu, May 18, 2023 at 07:55:03PM +0200]:
> > Why not?
> > 
> > Do you think the implications of removing the warning are unclear?
> > 
> > Do you think we need to explore alternative solutions?
> 
> (I am no longer part of the Committee, answering just as another
> developer)
> 
> dpkg has many bits that make it special. It has been discussed whethe
> dpkg should be a native package or it should become non-native; if it
> were non-native, having a patch that contradicts the upstream
> author's wishes would be easier (and I'm not saying that I'd be up
> for patching this warning out as it is).

Do you think this implementation detail is relevant for what we do in
Debian? I don't care how a patch is applied and don't think that detail
has to be part of the decision.

I also don't see any further active discussion on this aspect (unless I
missed something).


> If we were to force a patch silencing out this warning right now and
> for all of the Bookworm cycle, and the dpkg authors disagree with it,
> they could remove (even omit to include it) in any updates.

So? That is the case with any ruling the ctte makes, including the non-
binding one the ctte just did under Constitution 6.1.5.

>  Upstream
> has repeatedly expressed their opposition to the way usrmerge has
> been brought forward, and the warning silenced specifically for
> Debian is already the best compromise situation we have been able to
> reach -- even though we are aware the situation is far from ideal.

If the best solution we have been able to reach is telling users of
derivative distributions to configure their system in a way that is
expected to cause breakage, then it would be worth documenting that
this is the case and we cannot do more for derivative users.

If the ctte believes this to be fine, then the ctte can decide to not
overrule the maintainer.

I don't think this is a good reason to delay the decision indefinitely
unless there is some reason to believe something will change within a
reasonable period of time (which I don't see happening).

Ansgar

Bug#1036292: python-sunlight: ROM; deprecated, API is discontinued

2023-05-18 Thread Paul R. Tagliamonte 
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove

The Sunlight Foundation (very sadly) dissolved a few years back, and
the API is now offline. This package is no longer useful and should be
removed.

-- 
:wq

Bug#1036291: RM: pyocd -- RoQA; orphaned; outdated; low popcon; RC-buggy

2023-05-18 Thread Andrey Rakhmatullin 
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: py...@packages.debian.org
Control: affects -1 + src:pyocd

Upstream version released in 2018.
Orphaned since 2020: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976075
Doesn't work on Python 3.10+: https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=1034399
Popcon 35.

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Gunnar Wolf 
Ansgar dijo [Thu, May 18, 2023 at 07:55:03PM +0200]:
> Why not?
> 
> Do you think the implications of removing the warning are unclear?
> 
> Do you think we need to explore alternative solutions?

(I am no longer part of the Committee, answering just as another
developer)

dpkg has many bits that make it special. It has been discussed whethe
dpkg should be a native package or it should become non-native; if it
were non-native, having a patch that contradicts the upstream author's
wishes would be easier (and I'm not saying that I'd be up for patching
this warning out as it is).

If we were to force a patch silencing out this warning right now and
for all of the Bookworm cycle, and the dpkg authors disagree with it,
they could remove (even omit to include it) in any updates. Upstream
has repeatedly expressed their opposition to the way usrmerge has been
brought forward, and the warning silenced specifically for Debian is
already the best compromise situation we have been able to reach --
even though we are aware the situation is far from ideal.

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Ansgar 
Hi,

On Thu, 2023-05-18 at 10:48 -0700, Sean Whitton wrote:
> On Thu 18 May 2023 at 07:21PM +02, Ansgar wrote:
> 
> > The full freeze is approaching and there has been no progress on
> > this
> > issue. Does the ctte think a decision before the release is still
> > possible?
> 
> Not speaking for the whole ctte, but I don't think that is possible.

Why not?

Do you think the implications of removing the warning are unclear?

Do you think we need to explore alternative solutions?

Ansgar

Bug#1035904: dpkg currently warning about merged-usr systems (revisited)

2023-05-18 Thread Sean Whitton 
Hello,

On Thu 18 May 2023 at 07:21PM +02, Ansgar wrote:

> The full freeze is approaching and there has been no progress on this
> issue. Does the ctte think a decision before the release is still
> possible?

Not speaking for the whole ctte, but I don't think that is possible.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#876626: [Xastir] Bug#876626: Xastir loose TCP/IP data afer 12 hours of use

2023-05-18 Thread tony mancill 
On Thu, May 18, 2023 at 12:30:57AM +0200, MLHPUB wrote:
> I come back after too long time, sorry.
> After submitting the bug, I could discuss with Tom Russo and Curt Mills
> (Xastir developers).
> The problem was my configuration picking all reports Worldwide from APRS-IS
> up, overloading the software after a too long time.
> A reasonable range solved the problem.

Hi Matthieu,

Thank you for following up with the solution to the problem.

I will close the bug report.

Cheers,
tony KG7IEL


signature.asc
Description: PGP signature

Bug#1036290: Support ~/.config; set ZDOTDIR in zshenv

2023-05-18 Thread Jörg Sommer 
Package: zsh
Version: 5.9-4+b2
Severity: wishlist

Hi,

what's your opinion about the following patch for /etc/zsh/zshenv? It sets
ZDOTDIR to ~/.config/zsh if a Zsh config file exists in this directory. This
gives Zsh support for the XDG directory standard.

https://specifications.freedesktop.org/basedir-spec/latest/ar01s03.html

```diff
--- /tmp/zshenv 2023-05-18 19:16:39.134041352 +0200
+++ debian/zshenv   2023-05-18 19:16:57.286240552 +0200
@@ -16,3 +16,10 @@
 then
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/games"
 fi
+
+if [[ -z ${ZDOTDIR:-} &&
+  -z $(echo $HOME/.(zlogin|zlogout|zprofile|zshenv|zshrc)(N)) &&
+  -n $(echo 
${XDG_CONFIG_HOME:-$HOME/.config}/zsh/.(zlogin|zlogout|zprofile|zshenv|zshrc)(N))
 ]]
+then
+ZDOTDIR=${XDG_CONFIG_HOME:-$HOME/.config}/zsh
+fi
```

Kind regards Jörg

-- Package-specific info:
Packages which provide code meant to be sourced in .zshrc:

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ NameVersion  Architecture Description
+++-===---==
ii  grml-rescueboot 0.5.2all  Integrates Grml ISO 
booting into GRUB
ii  zsh-autosuggestions 0.7.0-1  all  Fish-like 
fast/unobtrusive autosuggestions for zsh
ii  zsh-syntax-highlighting 0.7.1-2  all  Fish shell like syntax 
highlighting for zsh

Packages which provide vendor completions:

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++--===--===
ii  bubblewrap   0.8.0-2 amd64utility for unprivileged 
chroot and namespace manipulation
ii  cargo0.66.0+ds1-1amd64Rust package manager
ii  curl 7.88.1-9amd64command line tool for 
transferring data with URL syntax
ii  dpkg-dev 1.21.22 all  Debian package development 
tools
ii  khal 1:0.10.5-1.1all  Standards based CLI and 
terminal calendar program
ii  lua-busted   2.1.2-1 all  Lua unit testing framework 
focused on ease of use
ii  meson1.0.1-5 all  high-productivity build system
ii  mpv  0.35.1-4amd64video player based on 
MPlayer/mplayer2
ii  ninja-build  1.11.1-1amd64small build system closest in 
spirit to Make
ii  pulseaudio-utils 16.1+dfsg1-2+b1 amd64Command line tools for the 
PulseAudio sound server
ii  restic   0.14.0-1+b5 amd64backup program with multiple 
revisions, encryption and more
ii  systemd  253-1   amd64system and service manager
ii  systemd-coredump 253-1   amd64tools for storing and 
retrieving coredumps
ii  systemd-resolved 253-1   amd64systemd DNS resolver
ii  udev 252.6-1 amd64/dev/ and hotplug management 
daemon
ii  vlc-bin  3.0.18-2amd64binaries from VLC

dpkg-query: no path found matching pattern /usr/share/zsh/vendor-functions/


-- System Information:
Debian Release: 12.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-0-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages zsh depends on:
ii  debianutils  5.7-0.4
ii  libc62.36-9
ii  libcap2  1:2.66-4
ii  libtinfo66.4-4
ii  zsh-common   5.9-4

Versions of packages zsh recommends:
ii  libc6 2.36-9
ii  libgdbm6  1.23-3
ii  libncursesw6  6.4-4
ii  libpcre3  2:8.39-15

Versions of packages zsh suggests:
ii  zsh-doc  5.9-4

-- no debconf information


signature.asc
Description: PGP signature

Bug#1036101: swtpm: FTBFS: Test timeout on mipsel

2023-05-18 Thread Bastian Germann 

Control: severity -1 serious

I am uploading a NMU to fix this.

Bug#1035904: dpkg currently warning about merged-usr systems (revisited) (was: Re: DEP 17: Improve support for directory aliasing in dpkg)

2023-05-18 Thread Ansgar 
Hi,

On Thu, 2023-05-11 at 00:32 +0200, Ansgar wrote:
> On Wed, 2023-05-10 at 23:47 +0200, Ansgar wrote:
> > Cool, then let's ask tech-ctte.
> > 
> > Dear ctte, please consider overruling the dpkg maintainer to
> > include
> > the patch from #994388[1].
> > 
> > Thanks,
> > Ansgar
> > 
> >   [1]: https://bugs.debian.org/994388#397
> 
> For derivatives based on Debian stable it might be worth having this
> included in the next stable release; this would need a fairly quick
> decision on this issue.

The full freeze is approaching and there has been no progress on this
issue. Does the ctte think a decision before the release is still
possible?

As asked earlier I'm also interested in whether the ctte thinks there
is enough consensus about how this issue should be solved or do we
need a longer discussion to explore the solution space?

I admit not having read all mails in the thread as it went fairly off
topic IMHO.

Ansgar

Bug#1036289: dicomscope: Please do not depend on default jre

2023-05-18 Thread Olivier Cailloux 
Package: dicomscope
Version: 3.6.0-25
Severity: normal
X-Debbugs-Cc: olivier.caill...@gmail.com

Dear Maintainer,

dicomscope should be satisfied with any sufficiently recent JRE, not just with 
default-jre.

As an example, I have JRE 17 installed but dicomscope wants me to install JRE 
11 (the current default on my system), which does not make sense (and takes a 
lot of space).

-- System Information:
Debian Release: 11.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Versions of packages dicomscope depends on:
pn  default-jre
pn  jarwrapper 
pn  libdicomscope-jni  
ii  tk [wish]  8.6.11+1
ii  tk8.6  8.6.11-2

dicomscope recommends no packages.

dicomscope suggests no packages.

Bug#1030320: tango: New version 9.4.1 available

2023-05-18 Thread Santiago Ruano Rincón 
Control: retitle -1 Upstream version 9.4.2-rc2 available

On Thu, 02 Feb 2023 21:29:12 +0100 Thomas Braun  
wrote:
> Package: tango
> Severity: normal
> 
> We would really like to have 9.4.1 [0] in upcoming debian bookworm
> instead of the old 9.3.x.
> 
> I've already tested if our tests pass on debian testing on amd64, yes
> they do [1].
> 
> The changes compared to 9.3.x are listed at [2]. Packaging wise the
> biggest change is that we now only support cmake.
> 
> As you are using the TangoSourceDistribution we have some info posted
> at [3] wrt to the cmake options.
> 
> Thanks,
> Thomas
...

Hi!

Not exactly 9.4.1, but I've preparing a release of 9.4.2-rc2 for
experimental. A WIP branch can be found here:
https://salsa.debian.org/science-team/tango/-/tree/pre-9.4.2_rc2+dfsg1

Cheers,

 -- Santiago


signature.asc
Description: PGP signature

Bug#1023472: Workaround implemented for live images

2023-05-18 Thread Roland Clobus 

Hello Holger, LXQt-list,

I've implemented a workaround for the live images at [1].
As a result, the xfwm4 desktop manager is now the only desktop manager.

The results can be seen in openQA for the live image [2] and netinst 
daily [3] and RC3 [4].
The daily and the RC3 netinst installer shows the wrong desktop manager 
after installation, they could be fixed by the patch I proposed.


With kind regards,
Roland Clobus

[1] https://salsa.debian.org/live-team/live-build/-/merge_requests/305
[2] 
https://openqa.debian.net/tests/overview?distri=debian=sid_lxqt=20230517T141208Z_sid_lxqt=14

[2] Breadcrumb: Debian Live | Build20230517T141208Z_sid_lxqt
[3] https://openqa.debian.net/tests/148148#step/_graphical_wait_login/2
[3] Breadcrumb: Debian (amd64) | Build20230518_1104-testing-amd64 | 
lxqt@uefi | _graphical_wait_login
[4] 
https://openqa.debian.net/tests/overview?build=DI_rc3=debian=bookworm=10

[4] Breadcrumb: Debian (amd64) | DI_rc3 | lxqt@uefi | _graphical_wait_login


OpenPGP_signature
Description: OpenPGP digital signature

Bug#994395: cups: uses sides=one-sided by default

2023-05-18 Thread Thomas Renard 
I can confirm this bug on 2.4.2-3. I am not able to print double sided 
even if double sided is selected.


On Mon, 4 Oct 2021 16:17:07 +0200 Vincent Lefevre  
wrote:

Additional information:

On both Debian 10 and Debian unstable, I get

$ ipptool -tv ipp://localhost/printers/print-1 get-printer-attributes.test | 
grep sides-
sides-supported (1setOf keyword) = 
one-sided,two-sided-long-edge,two-sided-short-edge
sides-default (keyword) = one-sided

I suspect that for some reason, the old client did not take
into account sides-default, but the fork does. I don't know
whether this is intended, but I couldn't find any information
about such a change.

--
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1034951: ktexteditor: diff for NMU version 5.103.0-1.1

2023-05-18 Thread Andreas Metzler 
Control: tags 1034951 + patch
Control: tags 1034951 + pending

Dear maintainer,

I've prepared an NMU for ktexteditor (versioned as 5.103.0-1.1) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.

kind regards
Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru ktexteditor-5.103.0/debian/changelog ktexteditor-5.103.0/debian/changelog
--- ktexteditor-5.103.0/debian/changelog	2023-02-12 21:44:34.0 +0100
+++ ktexteditor-5.103.0/debian/changelog	2023-05-18 18:20:13.0 +0200
@@ -1,3 +1,11 @@
+ktexteditor (5.103.0-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add missing Breaks/Replaces of ktexteditor-data against
+libkf5texteditor-dev. Closes: #1034951
+
+ -- Andreas Metzler   Thu, 18 May 2023 18:20:13 +0200
+
 ktexteditor (5.103.0-1) unstable; urgency=medium
 
   [ Aurélien COUDERC ]
diff -Nru ktexteditor-5.103.0/debian/control ktexteditor-5.103.0/debian/control
--- ktexteditor-5.103.0/debian/control	2023-02-11 21:14:01.0 +0100
+++ ktexteditor-5.103.0/debian/control	2023-05-18 18:19:30.0 +0200
@@ -40,8 +40,8 @@
 Package: ktexteditor-data
 Section: kde
 Architecture: all
-Breaks: libkf5texteditor5 (<< 5.74),
-Replaces: libkf5texteditor5 (<< 5.74),
+Breaks: libkf5texteditor5 (<< 5.74), libkf5texteditor-dev (<< 5.90.0-1),
+Replaces: libkf5texteditor5 (<< 5.74), libkf5texteditor-dev (<< 5.90.0-1),
 Depends: ${misc:Depends},
 Multi-Arch: foreign
 Description: provide advanced plain text editing services


signature.asc
Description: PGP signature

Bug#1036288: blender: cycles renderer does not work

2023-05-18 Thread Alberto Luaces 
Package: blender
Version: 3.4.1+dfsg-2+b1
Severity: important
X-Debbugs-Cc: alua...@udc.es

Dear Maintainer,

while trying to bake some textures I realized that the cycles renderer does not 
work at all.

Steps to reproduce: new file → set renderer to cycles → render → nothing is 
shown in the render window.

I have tested upstream's 3.4.1 binary and it works fine.

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages blender depends on:
ii  blender-data  3.4.1+dfsg-2
ii  fonts-dejavu  2.37-6
ii  libavcodec59  7:5.1.2-3
ii  libavdevice59 7:5.1.2-3
ii  libavformat59 7:5.1.2-3
ii  libavutil57   7:5.1.2-3
ii  libboost-locale1.74.0 1.74.0+ds1-20
ii  libc6 2.36-9
ii  libembree3-3  3.13.5+dfsg-2
ii  libepoxy0 1.5.10-1
ii  libfftw3-double3  3.3.10-1
ii  libfreetype6  2.12.1+dfsg-5
ii  libgcc-s1 12.2.0-14
ii  libgmp10  2:6.2.1+dfsg1-1.1
ii  libgomp1  12.2.0-14
ii  libimath-3-1-29   3.1.6-1
ii  libjack-jackd2-0 [libjack-0.125]  1.9.21~dfsg-3
ii  libjemalloc2  5.3.0-1
ii  libjpeg62-turbo   1:2.1.5-2
ii  libopenal11:1.19.1-2
ii  libopencolorio2.1 2.1.2+dfsg1-4+b3
ii  libopenexr-3-1-30 3.1.5-5
ii  libopenimageio2.4 2.4.7.1+dfsg-2
ii  libopenjp2-7  2.5.0-1+b1
ii  libopenvdb10.010.0.1-2
ii  libosdcpu3.5.03.5.0-2
ii  libosdgpu3.5.03.5.0-2
ii  libpcre3  2:8.39-15
ii  libpng16-16   1.6.39-2
ii  libpotrace0   1.16-2
ii  libpugixml1v5 1.13-0.2
ii  libpulse0 16.1+dfsg1-2+b1
ii  libpython3.11 3.11.2-6
ii  libsdl2-2.0-0 2.26.5+dfsg-1
ii  libsndfile1   1.2.0-1
ii  libspnav0 1.0-1
ii  libstdc++612.2.0-14
ii  libswscale6   7:5.1.2-3
ii  libtbb12  2021.8.0-1
ii  libtiff6  4.5.0-5
ii  libwebp7  1.2.4-0.1
ii  libx11-6  2:1.8.4-2
ii  libxfixes31:6.0.0-2
ii  libxi62:1.8-1+b1
ii  libxml2   2.9.14+dfsg-1.2
ii  libxxf86vm1   1:1.1.4-1+b2
ii  libzstd1  1.5.4+dfsg2-5
ii  zlib1g1:1.2.13.dfsg-1

blender recommends no packages.

blender suggests no packages.

-- no debconf information

Bug#959187: ITP: ooni-probe-cli -- OONI Probe Command Line Interface)

2023-05-18 Thread Antoine Beaupré 
Hi tous!

You have expressed an intent to package (ITP) the ooni-probe-cli
package, how far have you gotten there? Do you still plan on working on
this?

I'll note that upstream seems to have Debian packages for this:

https://ooni.org/install/cli/ubuntu-debian

It doesn't seem to provide a source package unfortunately, and a quick
tour of their git repositories doesn't seem to show one either.

Thanks for any update!

a.

Bug#902928: Cannot bring the grub menu up with Shift key along with GRUB_TIMEOUT_STYLE=hidden with GRUB_TIMEOUT=0

2023-05-18 Thread Andrey Butirsky 

Works fine on my UEFI system.

I was needed to do some preparations described here:
https://wiki.archlinux.org/title/GRUB/Tips_and_tricks#Hide_GRUB_unless_the_Shift_key_is_held_down

Bug#1025956: u-boot-menu: Allow automatic sync of DTBs when /boot is a separate partition

2023-05-18 Thread Vagrant Cascadian 
On 2023-05-18, Christopher Obbard wrote:
> On Mon, 12 Dec 2022 15:16:45 +0100 Arnaud Ferraris  
> wrote:
>> It is common practice for /boot to be on a separate partition, requiring DTBs
>> to be synced to this partition for u-boot to be able to access them.
>> 
>> This used to be done manually, or required additional scripts to be installed
>> by the user for automatic processing. As I think it would be useful for 
>> u-boot-
>> menu to automatically perform such synchronization, I have implemented such a
>> feature and attached the corresponding patches.
>> 
>> Please note this feature is currently guarded by a new config option, as I
>> expect users might get surprised and/or unexpected results by a sudden
>> behaviour change that important.
>> 
>> Comments and suggestions are obviously welcome.
>
> Ack from me on these patches.
>
> I think this patch series is the final part in letting u-boot-menu handle 
> systems
> where  a separate /boot partition is useful.

Unfortunately, this will have to wait till after bookworm release,
currently scheduled for June.


> I'd even suggest to enable this by default on systems where there is a 
> separate
> /boot partition.

That would take a bit more work, as (for better or worse) flash-kernel
is still installed by debian-installer by default and there may be
conflicts between how the two scripts handle the .dtb copying...


live well,
  vagrant


signature.asc
Description: PGP signature

Bug#1021514: Please address in Debian packaging

2023-05-18 Thread Erik Auerswald 
Hi,

as far as I understand  this issue
is caused by GCC (and LLVM, ...) default behaviour.  It seems to me
as if creating so called "reproducible builds" is quite involved and
comprises setting environment variables as well as additional compiler
flags (and possibly more, I only skimmed the web page).

Assuming that the patch attached to the bug report fixes the reported
issue, I would suggest to add the patch or some functionally similar
adjustments to the Debian package.

Best regards,
Erik
-- 
The most effective debugging tool is still careful thought, coupled with
judiciously placed print statements.
-- Brian W. Kernighan

Bug#1036213: apache2: frequent SIGSEGV in mod_http2.so (purge_consumed_buckets)

2023-05-18 Thread Stefan Eissing 
Could you get me a full backtrace of all threads?

> Am 18.05.2023 um 15:04 schrieb Bastien Durel :
> 
> Le 18/05/2023 à 14:41, Stefan Eissing a écrit :
>> Did you have an warning message like "AH03516: unexpected NN streams in 
>> hold" at that time in out error log?
> 
> No (grepping AH03516 in *.log returns nothing (nor does "streams in hold"))
> 
> -- 
> Bastien Durel
>

Bug#1021516: Upstream ssocr version 2.23.1 addresses the man page date issue

2023-05-18 Thread Erik Auerswald 
Hi,

I have just released the upsteam ssocr version 2.23.1 to address the issue
of the build date in the man page (by using the latest release date as the
man page date).

[This ssocr release also adds a bit of information to the man page (i.e.,
has some documentation improvements).  All other changes are internal and
should not affect the ssocr functionality.]

Kind regards,
Erik
-- 
Be water, my friend.
-- Bruce Lee

Bug#1036287: O: plait -- command-line jukebox

2023-05-18 Thread Bastian Germann 

Package: wnpp

plait is obviously not maintained anymore. Therefore, I hereby orphan it.
Please only consider adopting if you have the skills and time to maintain it.

Bug#1036286: i2p: [INTL:tr] turkish translation of debconf messages

2023-05-18 Thread Atila KOÇ 

Package: i2p
Version: N/A
Severity: wishlist
Tags: l10n patch

Hello,

Find attached the updated Turkish translation of the i2p debconf messages.
It has been submitted for review to the debian-l10n-turkish mailing list.

Regards,
Atila KOÇ

--- YASAL UYARI ---

# Turkish debconf translation of i2p
# This file is distributed under the same license as the i2p package.
# Kaya Zeren , 2013, 2015, 2017.
# Atila KOÇ , 2023.
#
msgid ""
msgstr ""
"Project-Id-Version: i2p\n"
"Report-Msgid-Bugs-To: i...@packages.debian.org\n"
"POT-Creation-Date: 2017-11-12 14:01+\n"
"PO-Revision-Date: 2023-03-25 22:37+0300\n"
"Last-Translator: Atila KOÇ \n"
"Language-Team: Debian L10n Turkish \n"
"Language: tr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
"X-Generator: Poedit 2.4.2\n"

#. Type: boolean
#. Description
#: ../i2p.templates:2001
msgid "Should the I2P router be started at boot?"
msgstr "I2P yönlendiricisi önyükleme sırasında başlatılsın mı?"

#. Type: boolean
#. Description
#: ../i2p.templates:2001
msgid ""
"The I2P router can be run as a daemon that starts automatically when your "
"computer boots up. This is the recommended configuration."
msgstr ""
"I2P yönlendiricisi, sisteminizin önyüklemesi sırasında başlayacak bir "
"artalan hizmeti olarak çalıştırılabilir. Önerilen yapılandırma şekli budur."

#. Type: string
#. Description
#: ../i2p.templates:3001
msgid "I2P daemon user:"
msgstr "I2P artalan süreci kullanıcısı:"

#. Type: string
#. Description
#: ../i2p.templates:3001
msgid ""
"By default I2P is configured to run under the account i2psvc when running as "
"a daemon. To use an **existing** I2P profile you may enter a different "
"account name here. For example, if your previous I2P installation is at /"
"home/user/i2p, you may enter 'user' here."
msgstr ""
"I2P artalan süreci olarak kullanıldığında öntanımlı olarak i2psvc hesabı "
"altında çalışır. Varolan bir I2P profilini kullanmak için buraya farklı bir "
"hesap adı girebilirsiniz. Örneğin önceki I2P kurulumunuz /home/user/i2p "
"dizini altındaysa, buraya 'user' girebilirsiniz."

#. Type: string
#. Description
#: ../i2p.templates:3001
msgid ""
"Very important: If a user other than the default of 'i2psvc' is entered "
"here, the chosen username *MUST* already exist."
msgstr ""
"Çok önemli: Buraya öntanımlı 'i2psvc' hesabından başka bir kullanıcı "
"girilirse, bu kullanıcı adı mutlaka varolan bir hesabın olmalıdır."

#. Type: string
#. Description
#: ../i2p.templates:4001
msgid "Memory that can be allocated to I2P:"
msgstr "I2P için ayrılabilecek bellek:"

#. Type: string
#. Description
#: ../i2p.templates:4001
msgid "By default, I2P will only be allowed to use up to 128MB of RAM."
msgstr ""
"Öntanımlı olarak, I2P'nin yalnızca 128MB RAM belleği kullanmasına izin "
"verilir."

#. Type: string
#. Description
#: ../i2p.templates:4001
msgid ""
"High bandwidth routers, as well as routers with a lot of active torrents / "
"plugins, may need to have this value increased."
msgstr ""
"Yüksek bant genişliğine sahip yönlendiriciler ya da etkin bir çok torrent "
"veya eklenti çalıştıran yönlendiriciler için bu değerin arttırılması "
"gerekebilir."

#. Type: boolean
#. Description
#: ../i2p.templates:5001
msgid "Should the I2P daemon be confined with AppArmor?"
msgstr "I2P artalan süreci AppArmor ile kısıtlansın mı?"

#. Type: boolean
#. Description
#: ../i2p.templates:5001
msgid ""
"With this option enabled I2P will be sandboxed with AppArmor, restricting "
"which files and directories may be accessed by I2P."
msgstr ""
"Bu seçenek etkinleştirildiğinde, I2P tarafından erişilebilecek dosya ve "
"dizinler AppArmor ile kısıtlanacaktır."

Bug#1036285: RM: haskell-doc -- RoQA; orphaned; empty; low popcon

2023-05-18 Thread Bastian Germann 

Package: ftp.debian.org
User: ftp.debian@packages.debian.org
Usertags: remove
Severity: normal

Please remove the empty package haskell-doc. It is orphaned and has not 
migrated to bookworm.
The package has no reverse dependencies.

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

2023-05-18 Thread Adam D. Barratt 
On Thu, 2023-05-18 at 09:22 +, Holger Levsen wrote:
> On Thu, May 18, 2023 at 06:44:18AM +0100, Adam D. Barratt wrote:
> > On Thu, 2023-05-18 at 00:44 +, Holger Levsen wrote:
> > >  debian-security-support (1:11+2023.05.04) bullseye-updates;
> > > urgency=medium
> > Hmmm. I didn't expect that would work, although apparently it did,
> > at
> > least for the package to get as far as stable-new. I'm hoping dak
> > also
> > dtrt for accepts of such packages, i.e. moves them to p-u as for
> > any
> > other stable upload.
> > 
> > -updates isn't an upload target; packages enter it by SRM asking
> > dak to
> > copy them from p-u.
>  
> ic. so I should have uploaded to bullseye-proposed-updates instead?

Any upload goes to p-u first, yeah. So the target should always be
simply "bullseye", by preference. dak will accept a bunch of other
things, including "stable", "bullseye-proposed-updates", "proposed-
updates" and, as you've demonstrated, "bullseye-updates" and DTRT, but
it's cleaner and less potentially confusing if everything uses the
same.

The relevant section of dev-ref implies this, fwiw. I think some
combination of you and I wrote it. :-)

Regards,

Adam

Bug#1035844: matrix-sydent fails to purge without adduser

2023-05-18 Thread Hubert Chathi 
On Wed, 17 May 2023 20:22:37 +0200, Johannes Schauer Marin Rodrigues 
 said:

> Hi Hubert, Quoting Hubert Chathi (2023-05-17 00:43:00)
>> On Tue, 16 May 2023 23:31:16 +0200, Johannes Schauer Marin Rodrigues
>>  said: > since time is running short, I am going to
>> NMU matrix-sydent on Thursday > with a delay of 2 days unless you
>> disagree and/or want to do this yourself.  Thanks for the report and
>> the offer to fix it.  I'm not objecting to your NMU, but I wanted to
>> point out that matrix-sydent isn't in testing (and AFAICT never has
>> been), so it isn't holding up the release.  So I don't think there's
>> any particular rush to fix this issue.  There's also another RC bug
>> (https://bugs.debian.org/1029442) that would block it from migrating.

> well that's even better news! Less work for me then because in that
> case, closing this bug is of no urgency.

> Would you like a merge request on the matrix-sydent packaging git
> fixing this or will you take care of implementing this fix yourself?

I'm not the maintainer, and I can't speak for what he would prefer, but
unless he says otherwise, I'd expect that the patch that you provided in
your first email should be sufficient, since it's pretty straightforward.

-- 
Hubert Chathi  -- https://www.uhoreg.ca/
Jabber: hub...@uhoreg.ca -- Matrix: @uhoreg:matrix.org
PGP/GnuPG key: 4096R/F24C F749 6C73 DDB8 DCB8  72DE B2DE 88D3 113A 1368

Bug#678881: poco-doc: please remove Krzysztof Burghardt as (co-)maintainer

2023-05-18 Thread Bastian Germann 

Control: retitle -1 O: poco-doc -- Documentation for POCO - The C++ Portable 
Components
Control: reassign -1 wnpp

Nothing happend since this request, so I am orphaning the package now.

Bug#1036284: civicrm: CVE-2023-28115

2023-05-18 Thread Moritz Mühlenhoff 
Source: civicrm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for snappy, which is bundled
by civicrm:

CVE-2023-28115[0]:
| Snappy is a PHP library allowing thumbnail, snapshot or PDF generation
| from a url or a html page. Prior to version 1.4.2, Snappy is
| vulnerable to PHAR deserialization due to a lack of checking on the
| protocol before passing it into the `file_exists()` function. If an
| attacker can upload files of any type to the server he can pass in the
| phar:// protocol to unserialize the uploaded file and instantiate
| arbitrary PHP objects. This can lead to remote code execution
| especially when snappy is used with frameworks with documented POP
| chains like Laravel/Symfony vulnerable developer code. If a user can
| control the output file from the `generateFromHtml()` function, it
| will invoke deserialization. This vulnerability is capable of remote
| code execution if Snappy is used with frameworks or developer code
| with vulnerable POP chains. It has been fixed in version 1.4.2.

https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
https://github.com/KnpLabs/snappy/pull/469
https://github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6
 (v1.4.2)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-28115
https://www.cve.org/CVERecord?id=CVE-2023-28115

Please adjust the affected versions in the BTS as needed.

Bug#1036283: jruby: CVE-2023-28755 CVE-2023-28756

2023-05-18 Thread Moritz Mühlenhoff 
Source: jruby
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security

Hi,

The following vulnerabilities were published for jruby.

CVE-2023-28755[0]:
| A ReDoS issue was discovered in the URI component through 0.12.0 in
| Ruby through 3.2.1. The URI parser mishandles invalid URLs that have
| specific characters. It causes an increase in execution time for
| parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1,
| 0.10.2 and 0.10.0.1.

Fixed by: 
https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 
(v3_1_4)
Fixed by: 
https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 
(v0.12.1)
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/

CVE-2023-28756[1]:
| A ReDoS issue was discovered in the Time component through 0.2.1 in
| Ruby through 3.2.1. The Time parser mishandles invalid URLs that have
| specific characters. It causes an increase in execution time for
| parsing strings to Time objects. The fixed versions are 0.1.1 and
| 0.2.2.

Fixed by: 
https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e 
(v3_1_4)
Fixed by: 
https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 
(v0.2.2)
Fixed by: 
https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 
(v0.2.2)
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-28755
https://www.cve.org/CVERecord?id=CVE-2023-28755
[1] https://security-tracker.debian.org/tracker/CVE-2023-28756
https://www.cve.org/CVERecord?id=CVE-2023-28756

Please adjust the affected versions in the BTS as needed.

Bug#1036282: tiff: CVE-2023-2731

2023-05-18 Thread Moritz Mühlenhoff 
Source: tiff
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for tiff.

CVE-2023-2731[0]:
| A NULL pointer dereference flaw was found in Libtiff's LZWDecode()
| function in the libtiff/tif_lzw.c file. This flaw allows a local
| attacker to craft specific input data that can cause the program to
| dereference a NULL pointer when decompressing a TIFF format file,
| resulting in a program crash or denial of service.

https://gitlab.com/libtiff/libtiff/-/issues/548
https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-2731
https://www.cve.org/CVERecord?id=CVE-2023-2731

Please adjust the affected versions in the BTS as needed.

Bug#1036281: libraw: CVE-2023-1729

2023-05-18 Thread Moritz Mühlenhoff 
Source: libraw
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for libraw.

CVE-2023-1729[0]:
| A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex()
| caused by a maliciously crafted file may lead to an application crash.

https://bugzilla.redhat.com/show_bug.cgi?id=2188240
https://github.com/LibRaw/LibRaw/issues/557
Fixed by: 
https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93
 (master)
Fixed by: 
https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828
 (0.21-stable)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-1729
https://www.cve.org/CVERecord?id=CVE-2023-1729

Please adjust the affected versions in the BTS as needed.

Bug#1036280: openjdk-11: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968

2023-05-18 Thread Moritz Mühlenhoff 
Source: openjdk-11
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for openjdk-11.

CVE-2023-21930[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: JSSE). Supported versions that
| are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6,
| 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1.
| Difficult to exploit vulnerability allows unauthenticated attacker
| with network access via TLS to compromise Oracle Java SE, Oracle
| GraalVM Enterprise Edition. Successful attacks of this vulnerability
| can result in unauthorized creation, deletion or modification access
| to critical data or all Oracle Java SE, Oracle GraalVM Enterprise
| Edition accessible data as well as unauthorized access to critical
| data or complete access to all Oracle Java SE, Oracle GraalVM
| Enterprise Edition accessible data. Note: This vulnerability applies
| to Java deployments, typically in clients running sandboxed Java Web
| Start applications or sandboxed Java applets, that load and run
| untrusted code (e.g., code that comes from the internet) and rely on
| the Java sandbox for security. This vulnerability can also be
| exploited by using APIs in the specified Component, e.g., through a
| web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4
| (Confidentiality and Integrity impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).


CVE-2023-21937[1]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: Networking). Supported versions
| that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,
| 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and
| 22.3.1. Difficult to exploit vulnerability allows unauthenticated
| attacker with network access via multiple protocols to compromise
| Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks
| of this vulnerability can result in unauthorized update, insert or
| delete access to some of Oracle Java SE, Oracle GraalVM Enterprise
| Edition accessible data. Note: This vulnerability applies to Java
| deployments, typically in clients running sandboxed Java Web Start
| applications or sandboxed Java applets, that load and run untrusted
| code (e.g., code that comes from the internet) and rely on the Java
| sandbox for security. This vulnerability can also be exploited by
| using APIs in the specified Component, e.g., through a web service
| which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity
| impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).


CVE-2023-21938[2]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: Libraries). Supported versions
| that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,
| 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and
| 22.3.0. Difficult to exploit vulnerability allows unauthenticated
| attacker with network access via multiple protocols to compromise
| Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks
| of this vulnerability can result in unauthorized update, insert or
| delete access to some of Oracle Java SE, Oracle GraalVM Enterprise
| Edition accessible data. Note: This vulnerability applies to Java
| deployments, typically in clients running sandboxed Java Web Start
| applications or sandboxed Java applets, that load and run untrusted
| code (e.g., code that comes from the internet) and rely on the Java
| sandbox for security. This vulnerability does not apply to Java
| deployments, typically in servers, that load and run only trusted code
| (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7
| (Integrity impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).


CVE-2023-21939[3]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition
| product of Oracle Java SE (component: Swing). Supported versions that
| are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6,
| 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1.
| Easily exploitable vulnerability allows unauthenticated attacker with
| network access via HTTP to compromise Oracle Java SE, Oracle GraalVM
| Enterprise Edition. Successful attacks of this vulnerability can
| result in unauthorized update, insert or delete access to some of
| Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
| Note: This vulnerability applies to Java deployments, typically in
| clients running sandboxed Java Web Start applications or sandboxed
| Java applets, that load and run untrusted code (e.g., code that comes
| from the internet) and rely on the Java sandbox for security. This
| vulnerability can also be exploited by using APIs in the specified
| Component, e.g., through a web service which

Bug#1036279: XSS in RSS syntax

2023-05-18 Thread Moritz Muehlenhoff 
Source: dokuwiki
Version: 0.0.20220731.a-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

No CVE yet:
https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
https://github.com/dokuwiki/dokuwiki/pull/3967
https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de

Cheers,
 Moritz

Bug#1036278: libpodofo: CVE-2023-31566 CVE-2023-31567

2023-05-18 Thread Moritz Mühlenhoff 
Source: libpodofo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for libpodofo.

CVE-2023-31566[0]:
| Podofo v0.10.0 was discovered to contain a heap-use-after-free via the
| component PoDoFo::PdfEncrypt::IsMetadataEncrypted().

https://github.com/podofo/podofo/issues/70

CVE-2023-31567[1]:
| Podofo v0.10.0 was discovered to contain a heap buffer overflow via
| the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.

https://github.com/podofo/podofo/issues/71

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-31566
https://www.cve.org/CVERecord?id=CVE-2023-31566
[1] https://security-tracker.debian.org/tracker/CVE-2023-31567
https://www.cve.org/CVERecord?id=CVE-2023-31567

Please adjust the affected versions in the BTS as needed.

Bug#957366: intercal: ftbfs with GCC-10

2023-05-18 Thread Bastian Germann 

I am uploading a NMU to fix this.diff -Nru intercal-0.30/buildaux/Makefile.in intercal-0.30/buildaux/Makefile.in
--- intercal-0.30/buildaux/Makefile.in  2023-05-18 15:11:21.0 +0200
+++ intercal-0.30/buildaux/Makefile.in  2015-04-02 18:30:18.582992990 +0200
@@ -1699,7 +1699,7 @@
chmod u+w $(top_srcdir)/pit
chmod u+w $(top_srcdir)/pit/lib
chmod u+w $(top_srcdir)/pit/tests
-   make -f $(top_srcdir)/pit/Makefile ICK="./ick$(EXEEXT)" ICKOPTS="-b" 
PIT=$(top_srcdir)/pit test
+   make -f $(top_srcdir)/pit/Makefile ICK="./ick$(EXEEXT) -b" 
PIT=$(top_srcdir)/pit test
 
 # Run the fuzztest
 fuzz: ick$(EXEEXT) src/idiotism.oil $(top_srcdir)/etc/interfuzz.pl
diff -Nru intercal-0.30/debian/changelog intercal-0.30/debian/changelog
--- intercal-0.30/debian/changelog  2023-05-18 15:11:21.0 +0200
+++ intercal-0.30/debian/changelog  2023-05-18 15:01:42.0 +0200
@@ -1,3 +1,11 @@
+intercal (30:0.30-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix build with gcc-10 (closes: #957366).
+  * Convert to source format 3.0 (quilt).
+
+ -- Bastian Germann   Thu, 18 May 2023 15:01:42 +0200
+
 intercal (30:0.30-3) unstable; urgency=low
 
   * Fix symlink for lib in examples (closes: #861502).
diff -Nru intercal-0.30/debian/patches/c-intercal-31.0-no-common.patch 
intercal-0.30/debian/patches/c-intercal-31.0-no-common.patch
--- intercal-0.30/debian/patches/c-intercal-31.0-no-common.patch
1970-01-01 01:00:00.0 +0100
+++ intercal-0.30/debian/patches/c-intercal-31.0-no-common.patch
2023-05-18 14:55:02.0 +0200
@@ -0,0 +1,13 @@
+https://bugs.gentoo.org/711902
+
+--- intercal-0.31-orig/src/perpet.c
 intercal-0.31/src/perpet.c
+@@ -85,7 +85,7 @@
+ /* function created by yacc */
+ extern int yyparse(void);
+ 
+-int yydebug;
++extern int yydebug;
+ 
+ /* compilation options */
+ bool compile_only;/* just compile into C, don't run the linker */
diff -Nru intercal-0.30/debian/patches/debian.patch 
intercal-0.30/debian/patches/debian.patch
--- intercal-0.30/debian/patches/debian.patch   1970-01-01 01:00:00.0 
+0100
+++ intercal-0.30/debian/patches/debian.patch   2023-05-18 15:00:47.0 
+0200
@@ -0,0 +1,30 @@
+--- intercal-0.30.orig/buildaux/Makefile.in
 intercal-0.30/buildaux/Makefile.in
+@@ -1699,7 +1699,7 @@ check-am: ick$(EXEEXT)
+   chmod u+w $(top_srcdir)/pit
+   chmod u+w $(top_srcdir)/pit/lib
+   chmod u+w $(top_srcdir)/pit/tests
+-  make -f $(top_srcdir)/pit/Makefile ICK="./ick$(EXEEXT) -b" 
PIT=$(top_srcdir)/pit test
++  make -f $(top_srcdir)/pit/Makefile ICK="./ick$(EXEEXT)" ICKOPTS="-b" 
PIT=$(top_srcdir)/pit test
+ 
+ # Run the fuzztest
+ fuzz: ick$(EXEEXT) src/idiotism.oil $(top_srcdir)/etc/interfuzz.pl
+--- intercal-0.30.orig/doc/Makefile
 intercal-0.30/doc/Makefile
+@@ -34,14 +34,14 @@ original.ps: intercal.mm
+   -rm -f intercal.refs.qrf intercal.refs.tmp
+ 
+ intercal.txt: intercal.mm
+-  groff -U -dc=y -Tascii -p -t -mm intercal.mm >/dev/null
++  groff -U -dc=y -Tascii -p -t -mm intercal.mm >intercal.refs.tmp
+   sed tmp.refs;
+   mv tmp.refs intercal.refs.tmp
+   GROFF_NO_SGR=1 groff -U -dc=y -Tascii -p -t -mm intercal.mm 
>intercal.txt
+   -rm -f intercal.refs.qrf intercal.refs.tmp
+ 
+ original.txt: intercal.mm
+-  groff -U -dc=n -Tascii -p -t -mm intercal.mm >/dev/null
++  groff -U -dc=n -Tascii -p -t -mm intercal.mm >intercal.refs.tmp
+   sed tmp.refs;
+   mv tmp.refs intercal.refs.tmp
+   GROFF_NO_SGR=1 groff -U -dc=n -Tascii -p -t -mm intercal.mm 
>original.txt
diff -Nru intercal-0.30/debian/patches/series 
intercal-0.30/debian/patches/series
--- intercal-0.30/debian/patches/series 1970-01-01 01:00:00.0 +0100
+++ intercal-0.30/debian/patches/series 2023-05-18 15:01:24.0 +0200
@@ -0,0 +1,2 @@
+debian.patch
+c-intercal-31.0-no-common.patch
diff -Nru intercal-0.30/debian/rules intercal-0.30/debian/rules
--- intercal-0.30/debian/rules  2023-05-18 15:11:21.0 +0200
+++ intercal-0.30/debian/rules  2023-05-18 15:01:42.0 +0200
@@ -1,5 +1,6 @@
 #!/usr/bin/make -f
 
+export DEB_CFLAGS_MAINT_APPEND=-fno-toplevel-reorder
 DPKG_EXPORT_BUILDFLAGS=1
 include /usr/share/dpkg/buildflags.mk
 
diff -Nru intercal-0.30/debian/source/format intercal-0.30/debian/source/format
--- intercal-0.30/debian/source/format  1970-01-01 01:00:00.0 +0100
+++ intercal-0.30/debian/source/format  2023-05-18 14:59:32.0 +0200
@@ -0,0 +1 @@
+3.0 (quilt)
diff -Nru intercal-0.30/doc/Makefile intercal-0.30/doc/Makefile
--- intercal-0.30/doc/Makefile  2023-05-18 15:11:21.0 +0200
+++ intercal-0.30/doc/Makefile  2010-09-11 13:09:46.0 +0200
@@ -34,14 +34,14 @@
-rm -f intercal.refs.qrf intercal.refs.tmp
 
 intercal.txt: intercal.mm
-   groff -U -dc=y -Tascii -p -t -mm intercal.mm >intercal.refs.tmp
+   groff -U -dc=y -Tascii -p -t -mm intercal.mm >/dev/null
sed tmp.refs;

Bug#1036213: apache2: frequent SIGSEGV in mod_http2.so (purge_consumed_buckets)

2023-05-18 Thread Bastien Durel 

Le 18/05/2023 à 14:41, Stefan Eissing a écrit :

Did you have an warning message like "AH03516: unexpected NN streams in hold" 
at that time in out error log?


No (grepping AH03516 in *.log returns nothing (nor does "streams in hold"))

--
Bastien Durel

Bug#1036275: O: bit-babbler -- BitBabbler hardware TRNG and kernel entropy source support

2023-05-18 Thread Bastian Germann 

Package: wnpp

bit-babbler is obviously not maintained anymore. Therefore, I hereby orphan it.
Please only consider adopting if you have the skills and time to maintain it.

Bug#1028631: media-types: rss is associated with application/x-rss+xml instead of application/rss+xml

2023-05-18 Thread Patrice Duroux 
Hi Charles,

Maybe it should be redirected to the members of the RSS Advisory Board, right?
I think that I'm not a relevant contact to apply for such a media type. I will
not be able to exchange and provide additional information.
Also, if the content of etc/mime.types is based on the IANA one[1], then why it
provides this 'application/x-rss+XML' entry? What for?

Many thanks,
Patrice

[1] https://www.iana.org/assignments/media-types/

Bug#1036277: isc-dhcp: Ship keama - The KEA Migration Assistant

2023-05-18 Thread Athos Ribeiro 
Package: isc-dhcp
Severity: normal

Dear Maintainer,

Please, consider shipping the keama binary as a standalone package from
isc-dhcp.

The KEA Migration Assistant (aka keama) is an experimental tool
which helps to translate ISC DHCP configurations to Kea [1].

It is maintained within the isc-dhcp sources [2], therefore, it is
reasonable to ship it as another binary within the isc-dhcp package.

The build process should be straightforward and all the package needs to
ship is a binary file and a manpage.

We are tracking this in Ubuntu in [3].

[1] 
https://kb.isc.org/docs/migrating-from-isc-dhcp-to-kea-dhcp-using-the-migration-assistant
[2] https://gitlab.isc.org/isc-projects/dhcp/tree/master/keama
[3] https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2020086

-- 
Athos Ribeiro

Bug#1036276: gthumb: gThumb deletes xattr

2023-05-18 Thread olaf 
Package: gthumb
Version: 3:3.12.2-3+b1
Severity: normal

Dear Maintainer,

gThumb removes already during the tagging of images all extended file 
attributes attached to the image, so called xattr.

You can check this by writing tags with "setfattr" and reading them with 
"getfattr". Or you can use the file manager Dolphin or the image viewer 
Gwenview, which lives from extended file attributes.

For security reasons, this incompatibility should be pointed out as early as 
possible. For example, in the package description, which describes gThumb as 
"advanced".

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (990, 'testing'), (99, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de:en_GB:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gthumb depends on:
ii  gsettings-desktop-schemas   43.0-1
ii  gthumb-data 3:3.12.2-3
ii  libbrasero-media3-1 3.12.3-2
ii  libc6   2.36-9
ii  libcairo2   1.16.0-7
ii  libchamplain-0.12-0 0.12.20-1+b1
ii  libchamplain-gtk-0.12-0 0.12.20-1+b1
ii  libclutter-1.0-01.26.4+dfsg-4
ii  libclutter-gtk-1.0-01.8.4-4+b1
ii  libcolord2  1.4.6-2.2
ii  libexiv2-27 0.27.6-1
ii  libgcc-s1   12.2.0-14
ii  libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1
ii  libgl1-mesa-dri 23.1.0~rc2-1
ii  libglib2.0-02.74.6-2
ii  libgstreamer-plugins-base1.0-0  1.22.2-dmo1
ii  libgstreamer1.0-0   1.22.0-2
ii  libgtk-3-0  3.24.37-2
ii  libheif11.15.1-1
ii  libjpeg62-turbo 1:2.1.5-2
ii  liblcms2-2  2.14-2
ii  libpango-1.0-0  1.50.12+ds-1
ii  libpangocairo-1.0-0 1.50.12+ds-1
ii  libpng16-16 1.6.39-2
ii  libraw200.20.2-2+b1
ii  librsvg2-2  2.54.5+dfsg-1
ii  libsecret-1-0   0.20.5-3
ii  libsoup2.4-12.74.3-1
ii  libstdc++6  12.2.0-14
ii  libtiff64.5.0-5
ii  libwebkit2gtk-4.0-372.40.1-1
ii  libwebp71.2.4-0.1
ii  libx11-62:1.8.4-2
ii  zlib1g  1:1.2.13.dfsg-1

Versions of packages gthumb recommends:
ii  libgphoto2-6   2.5.30-1
ii  libgphoto2-port12  2.5.30-1

gthumb suggests no packages.

-- debconf-show failed

Bug#1036274: aplus-fsf: please consider upgrading to 3.0 source format

2023-05-18 Thread Bastian Germann 

Source: aplus-fsf
Severity: wishlist
Version: 4.22.1-10.2

This package is among the few that still use source format 1.0 in
bookworm. Please upgrade it to source format 3.0, as this contributes
to standardization of packaging practices.

Bug#1036213: apache2: frequent SIGSEGV in mod_http2.so (purge_consumed_buckets)

2023-05-18 Thread Stefan Eissing 
Did you have an warning message like "AH03516: unexpected NN streams in hold" 
at that time in out error log?

> Am 18.05.2023 um 11:04 schrieb Bastien Durel :
> 
> Hello,
> 
> I ran with /usr/lib/apache2/modules/mod_http2_2.0.15.so &
> /usr/lib/apache2/modules/mod_proxy_http2_2.0.15.so since yesterday
> 15:20, and got a SIGSEGV at 21:29:30 : it's not in
> purge_consumed_buckets but it's in the h2_proxy stack ...
> 
> Here is the bt full of the core:
> 
> #0  0x7f9bb0464efe in ssl_io_filter_output (f=0x7f9ba02088d8, 
> bb=0x7f9ba04cf3b8) at ssl_engine_io.c:1963
>bucket = 0x7f9ba04c4108
>status = 0
>filter_ctx = 0x7f9ba0208880
>inctx = 
>outctx = 0x7f9ba0208900
>rblock = 
> #1  0x7f9bb0597999 in proxy_pass_brigade (flush=1, bb=, 
> origin=, p_conn=0x7f9ba020a0a0, bucket_alloc=) 
> at h2_proxy_session.c:218
>status = 
>transferred = 9
>status = 
>transferred = 
>e = 
>ap__b = 
> #2  raw_send (ngh2=, data=, length=9, 
> flags=, user_data=0x7f9ba04cf190) at h2_proxy_session.c:244
>session = 0x7f9ba04cf190
>b = 
>status = 
>flush = 1
> #3  0x7f9bb14a11f9 in nghttp2_session_send () from 
> /usr/lib/x86_64-linux-gnu/libnghttp2.so.14
> No symbol table info available.
> #4  0x7f9bb059a9b9 in send_loop (session=0x7f9ba04cf190) at 
> h2_proxy_session.c:1517
>rv = 
> #5  h2_proxy_session_process (session=0x7f9ba04cf190) at 
> h2_proxy_session.c:1553
>status = 
>have_written = 0
>have_read = 0
>run_loop = 
> #6  0x7f9bb059db44 in ctx_run (ctx=0x7f9ba06014e0) at 
> mod_proxy_http2.c:258
>status = 0
>h2_front = 
>status = 
>h2_front = 
>out = 
> #7  proxy_http2_handler (r=, worker=, 
> conf=, url=, proxyname=, 
> proxyport=) at mod_proxy_http2.c:405
>proxy_func = 
>locurl = 0x7f9ba0601610 
> "/dns-query?dns=AAABAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAHAAB"
>u = 
>slen = 
>is_ssl = 
>status = 0
>ctx = 0x7f9ba06014e0
>uri = {scheme = 0x7f9ba0601580 "h2", hostinfo = 0x7f9ba0601588 
> "doh.geekwu.org:5343", user = 0x0, password = 0x0, hostname = 0x7f9ba06015a0 
> "doh.geekwu.org", port_str = 0x7f9ba06015b0 "5343", path = 0x7f9ba06015b8 
> "/dns-query", 
>  query = 0x7f9ba06015c8 
> "dns=AAABAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAHAAB", fragment 
> = 0x0, hostent = 0x0, port = 5343, is_initialized = 1, dns_looked_up = 0, 
> dns_resolved = 0}
>reconnects = 
>run_connect = 
> #8  0x7f9bb0538943 in proxy_run_scheme_handler (r=r@entry=0x7f9ba05910a0, 
> worker=0x7f9bb15cbbb0, conf=conf@entry=0x7f9bb15cba08, 
>url=0x7f9ba060134e 
> "h2://doh.geekwu.org:5343/dns-query?dns=AAABAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAHAAB",
>  proxyhost=proxyhost@entry=0x0, proxyport=proxyport@entry=0) at 
> mod_proxy.c:3437
>pHook = 
>n = 3
>rv = -1
> #9  0x7f9bb053a9d2 in proxy_handler (r=0x7f9ba05910a0) at mod_proxy.c:1510
>url = 0x7f9ba060134e 
> "h2://doh.geekwu.org:5343/dns-query?dns=AAABAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAHAAB"
>uri = 0x7f9ba060134e 
> "h2://doh.geekwu.org:5343/dns-query?dns=AAABAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAHAAB"
>scheme = 0x7f9ba0601470 "h2"
>p = 
>p2 = 0x7f9ba0208300 "(\200 \240\233\177"
>sconf = 
>conf = 0x7f9bb15cba08
>proxies = 0x7f9bb15cbac8
>ents = 0x7f9bb05b4688
>i = 
>rc = 
>access_status = 0
>direct_connect = 
>str = 
>maxfwd = 
>balancer = 0x0
>worker = 0x7f9bb15cbbb0
>attempts = 0
>max_attempts = 0
>list = 
>saved_status = 
> #10 0x556306b489d0 in ap_run_handler (r=r@entry=0x7f9ba05910a0) at 
> config.c:169
>pHook = 
>n = 1
>rv = -1
> #11 0x556306b48fc6 in ap_invoke_handler (r=r@entry=0x7f9ba05910a0) at 
> config.c:443
>handler = 
>p = 
>result = 0
>old_handler = 0x7f9bb054930b "proxy-server"
>ignore = 
> #12 0x556306b619db in ap_process_async_request (r=r@entry=0x7f9ba05910a0) 
> at http_request.c:452
>c = 0x7f9ba06430a0
>access_status = 0
> #13 0x556306b61c1e in ap_process_request (r=r@entry=0x7f9ba05910a0) at 
> http_request.c:487
>bb = 0x7f9ba06434b0
>b = 
>c = 0x7f9ba06430a0
>rv = 
> #14 0x7f9bb116bbe6 in c2_process (c=0x7f9ba06430a0, 
> conn_ctx=0x7f9ba06434b0) at h2_c2.c:723
>cs = 0x7f9ba0643658
>tenc = 
>timeout = 
>req = 0x7f9ba04f7180
>r = 0x7f9ba05910a0
>cleanup = 
>req = 
>cs = 
>r = 
>tenc = 
>timeout = 
>cleanup = 
> #15 h2_c2_hook_process (c=0x7f9ba06430a0) at h2_c2.c:840
>ctx =

Bug#1025956: u-boot-menu: Allow automatic sync of DTBs when /boot is a separate partition

2023-05-18 Thread Christopher Obbard 
Hi Arnaud,

[ +cc Vagrant who seems to care about u-boot-menu. ]

On Mon, 12 Dec 2022 15:16:45 +0100 Arnaud Ferraris  wrote:
> Source: u-boot-menu
> Version: 4.2.0
> Severity: wishlist
> Tags: patch
> X-Debbugs-Cc: aferra...@debian.org
> 
> Dear Maintainer,
> 
> It is common practice for /boot to be on a separate partition, requiring DTBs
> to be synced to this partition for u-boot to be able to access them.
> 
> This used to be done manually, or required additional scripts to be installed
> by the user for automatic processing. As I think it would be useful for 
> u-boot-
> menu to automatically perform such synchronization, I have implemented such a
> feature and attached the corresponding patches.
> 
> Please note this feature is currently guarded by a new config option, as I
> expect users might get surprised and/or unexpected results by a sudden
> behaviour change that important.
> 
> Comments and suggestions are obviously welcome.

Ack from me on these patches.

I think this patch series is the final part in letting u-boot-menu handle 
systems
where  a separate /boot partition is useful.

I'd even suggest to enable this by default on systems where there is a separate
/boot partition.


Thank you!

Christopher Obbard

Bug#1034921: colord-gtk: diff for NMU version 0.3.0-3.1

2023-05-18 Thread Andreas Metzler 
Control: tags 1034921 + patch
Control: tags 1034921 + pending

Dear maintainer,

I've prepared an NMU for colord-gtk (versioned as 0.3.0-3.1) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.

kind regards
Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru colord-gtk-0.3.0/debian/changelog colord-gtk-0.3.0/debian/changelog
--- colord-gtk-0.3.0/debian/changelog	2022-03-31 20:12:29.0 +0200
+++ colord-gtk-0.3.0/debian/changelog	2023-05-18 14:17:42.0 +0200
@@ -1,3 +1,10 @@
+colord-gtk (0.3.0-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix typo "Replacs" in debian/control. Closes: #1034921
+
+ -- Andreas Metzler   Thu, 18 May 2023 14:17:42 +0200
+
 colord-gtk (0.3.0-3) unstable; urgency=medium
 
   * Source-only rebuild
diff -Nru colord-gtk-0.3.0/debian/control colord-gtk-0.3.0/debian/control
--- colord-gtk-0.3.0/debian/control	2022-03-31 20:12:29.0 +0200
+++ colord-gtk-0.3.0/debian/control	2023-05-18 14:17:32.0 +0200
@@ -107,7 +107,7 @@
 Depends: ${shlibs:Depends},
  ${misc:Depends},
 Breaks: libcolord-gtk-dev (<< 0.3.0-2~)
-Replacs: libcolord-gtk-dev (<< 0.3.0-2~)
+Replaces: libcolord-gtk-dev (<< 0.3.0-2~)
 Suggests: libcolord-gtk4-dev | libcolord-gtk-dev
 Description: GTK convenience library for interacting with colord - headers
  colord is a system service that makes it easy to manage, install and generate


signature.asc
Description: PGP signature

Bug#1036273: unblock: javamail/1.6.5-2

2023-05-18 Thread Bastian Germann 

Package: release.debian.org
Control: affects -1 + src:javamail
X-Debbugs-Cc: javam...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package javamail.

[ Reason ]
RC bug #1036206 (FTBFS).

[ Impact ]
auto-removal of the package.

[ Tests ]
Building the package (-1 fails, -2 succeeds).

[ Risks ]
None.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock javamail/1.6.5-2diff -Nru javamail-1.6.5/debian/changelog javamail-1.6.5/debian/changelog
--- javamail-1.6.5/debian/changelog 2020-06-24 13:44:33.0 +0200
+++ javamail-1.6.5/debian/changelog 2023-05-17 08:24:34.0 +0200
@@ -1,3 +1,11 @@
+javamail (1.6.5-2) unstable; urgency=medium
+
+  * Team upload.
+  * Fix ftbfs bug (Closes: #1036206)
+  * Update upstream homepage (Closes: #1033247)
+
+ -- Sun Min   Wed, 17 May 2023 14:24:34 +0800
+ 
 javamail (1.6.5-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru javamail-1.6.5/debian/control javamail-1.6.5/debian/control
--- javamail-1.6.5/debian/control   2020-06-24 13:35:15.0 +0200
+++ javamail-1.6.5/debian/control   2023-05-17 07:32:23.0 +0200
@@ -20,7 +20,7 @@
 Standards-Version: 4.5.0
 Vcs-Git: https://salsa.debian.org/java-team/javamail.git
 Vcs-Browser: https://salsa.debian.org/java-team/javamail
-Homepage: http://javamail.java.net
+Homepage: https://jakartaee.github.io/mail-api
 
 Package: libmail-java
 Architecture: all
diff -Nru javamail-1.6.5/debian/maven.properties 
javamail-1.6.5/debian/maven.properties
--- javamail-1.6.5/debian/maven.properties  2020-06-24 13:24:50.0 
+0200
+++ javamail-1.6.5/debian/maven.properties  2023-05-17 07:14:05.0 
+0200
@@ -6,3 +6,6 @@
 
 # Set the OSGi version to compensate the disabled osgiversion plugin
 mail.osgiversion=${project.version}
+
+maven.compiler.source=1.8
+maven.compiler.target=1.8

Bug#1034915: vdr-plugin-xineliboutput: diff for NMU version 2.2.0+git20211212-2.2

2023-05-18 Thread Andreas Metzler 
Control: tags 1034915 + patch
Control: tags 1034915 + pending

Dear maintainer,

I've prepared an NMU for vdr-plugin-xineliboutput (versioned as
2.2.0+git20211212-2.2) and uploaded it to DELAYED/10. Please feel free
to tell me if I should delay it longer.

Kind regards
Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru vdr-plugin-xineliboutput-2.2.0+git20211212/debian/changelog vdr-plugin-xineliboutput-2.2.0+git20211212/debian/changelog
--- vdr-plugin-xineliboutput-2.2.0+git20211212/debian/changelog	2022-01-25 19:06:50.0 +0100
+++ vdr-plugin-xineliboutput-2.2.0+git20211212/debian/changelog	2023-05-18 13:40:36.0 +0200
@@ -1,3 +1,11 @@
+vdr-plugin-xineliboutput (2.2.0+git20211212-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add missing Breaks/Replaces for correction of xineliboutput-fbfe desktop
+icon. Closes: #1034915
+
+ -- Andreas Metzler   Thu, 18 May 2023 13:40:36 +0200
+
 vdr-plugin-xineliboutput (2.2.0+git20211212-2.1) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -Nru vdr-plugin-xineliboutput-2.2.0+git20211212/debian/control vdr-plugin-xineliboutput-2.2.0+git20211212/debian/control
--- vdr-plugin-xineliboutput-2.2.0+git20211212/debian/control	2022-01-25 19:06:50.0 +0100
+++ vdr-plugin-xineliboutput-2.2.0+git20211212/debian/control	2023-05-18 13:39:22.0 +0200
@@ -54,6 +54,8 @@
 Package: xineliboutput-fbfe
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, libxine2-xvdr (= ${binary:Version}), libxine2-console
+Breaks: xineliboutput-sxfe (<< 2.2.0+git20211212-2.1)
+Replaces: xineliboutput-sxfe (<< 2.2.0+git20211212-2.1)
 Description: Remote Framebuffer frontend for vdr-plugin-xineliboutput
  This frambuffer remote frontend plays back streams provided by
  vdr-plugin-xineliboutput.


signature.asc
Description: PGP signature

Bug#1028631: media-types: rss is associated with application/x-rss+xml instead of application/rss+xml

2023-05-18 Thread Charles Plessy 
Hi Patrice,

maybe you or someone else can register the media type to the IANA based
on the expired IETF draft and see if it goes?

In any case, we have time as Debian is currently frozen...

Have a nice day,

-- 
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med
Tooting from home  https://framapiaf.org/@charles_plessy
- You  do not have  my permission  to use  this email  to train  an AI -

Bug#1035795: [Debian-astro-maintainers] Bug#1035795: libricohcamerasdk: does not ship SONAME link /usr/lib//libRicohCameraSDKCpp.so -> libRicohCameraSDKCpp.so.1.1.0

2023-05-18 Thread Thorsten Alteholz 

Hi Andreas,

On 09.05.23 12:17, Andreas Beckmann wrote:


during a test with piuparts I noticed your package does not ship the
SONAME link for its library (Policy 8.1).


I am a bit at a loss here.
If you look at the binary packages, libricocamerasdk contains:
-rw-r--r-- root/root   1255128 2023-05-18 11:30 
./usr/lib/x86_64-linux-gnu/libRicohCameraSDKCpp.so.1.1.0
-rw-r--r-- root/root   1156392 2023-05-18 11:30 
./usr/lib/x86_64-linux-gnu/libmtpricoh.so.9.3.0
lrwxrwxrwx root/root 0 2023-05-18 11:30 
./usr/lib/x86_64-linux-gnu/libRicohCameraSDKCpp.so.1 -> 
libRicohCameraSDKCpp.so.1.1.0
lrwxrwxrwx root/root 0 2023-05-18 11:30 
./usr/lib/x86_64-linux-gnu/libmtpricoh.so.9 -> libmtpricoh.so.9.3.0


and libricocamerasdk-dev contains:
lrwxrwxrwx root/root 0 2023-05-18 11:30 
./usr/lib/x86_64-linux-gnu/libRicohCameraSDKCpp.so -> 
libRicohCameraSDKCpp.so.1
lrwxrwxrwx root/root 0 2023-05-18 11:30 
./usr/lib/x86_64-linux-gnu/libmtpricoh.so -> libmtpricoh.so.9



From my point of view all these links for both libraries look good.
I have no clue where the link:
   /usr/lib/x86_64-linux-gnu/libRicohCameraSDKCpp.so -> 
libRicohCameraSDKCpp.so.1.1.0

that is mentioned in your log, comes from.

Also I have no idea why this only happens for libRicohCameraSDKCpp.so 
and not libmtpricoh.so, which is in the same package and should not be 
handled differently!?


Do you have any idea?

Best regards
Thorsten

Bug#1000518: logcheck: separate filtering for apt term.log and or unattended-upgrades-dpkg.log etc?

2023-05-18 Thread Richard Lewis 
On Thu, 18 May 2023, 04:45 Paul Wise,  wrote:

> Thanks for the info and thoughts.
>
> The idea would do something like your second suggestion; run logcheck
> on apt logs separately, but within Debian instead of just on my system.
> Perhaps we could also distribute the ignore regexes across packages
> like logcheck itself does.


(i wonder how well this distributed model works  -  i dont think most
packages have understood the violations layer, and rules do not seem to be
kept updated (also true of logcheck-database). it also means
logcheck-database is less useful for other consumers, and creates cruft for
people that do not use logcheck or who want to write all the rules
themselves)


> PS: do you know if logcheck supports printing nearby ignored lines for
> context for each non-ignored log message that was printed? That would
> be essential for this apt log filtering because the non-ignored
> messages are usually produced by package maintainer scripts and the
> ignored nearby lines contain the name of the relevant packages.
>

it doesnt out of the box - yet: but adding support for replacing grep wih
faster tools like rg or ag is already on my list for bookworm and the
implementation-in-progress allows other options such as -C etc to be passed
through.

 I assume grep does something sensible when outputting context with -f  but
there would be some subtleties with how it interacts with the violations
and violations-ignore layers and sorting/collating of rules simplifying
that mess is also on the list.

Bug#1035971: linux-image-6.3.0-0-amd64: IRQ warnings from amdgpu Navi 33 / Radeon RX 7700S ...

2023-05-18 Thread Diederik de Haas 
On Thursday, 18 May 2023 13:19:52 CEST Diederik de Haas wrote:
> I _think_ I got the right commit for the 6.3 branch attached.

It seems a '>' snuck in the attachment/patch as the very first char, so you may 
want to remove that.

signature.asc
Description: This is a digitally signed message part.

Bug#1028631: media-types: rss is associated with application/x-rss+xml instead of application/rss+xml

2023-05-18 Thread Patrice Duroux 
Hi,

I would also like to argue along the same lines on this point.

Please, consider:
https://www.rssboard.org/rss-mime-type-application.txt
https://codesearch.debian.net/search?q=rss%2Bxml=1
https://www.w3.org/wiki/WebIntents/MIME_Types
https://en.wikipedia.org/wiki/RSS

Thanks,
Patrice

Bug#1035971: linux-image-6.3.0-0-amd64: IRQ warnings from amdgpu Navi 33 / Radeon RX 7700S ...

2023-05-18 Thread Diederik de Haas 
On Thursday, 18 May 2023 12:52:24 CEST David Reviejo wrote:
> Seems to be an amdgpu bug introduced two or three kernel releases ago, as
> you can see googling around; for example here:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=2191739
> 
> or here:
> 
> https://gitlab.freedesktop.org/drm/amd/-/issues/2522
> 
> If it's this bug, the fix seems to be in yesterday's latest upstream
> kernel update: 6.3.3 (and 6.1.29 for the stable longterm).

I _think_ I got the right commit for the 6.3 branch attached.

Para 4.5(.2) of the Debian Kernel Handbook describes how to test a simple patch:
https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#s-common-official

Could you try that and see whether it indeed fixes your issue?>From c5123c193696bf97fdf259c825ebfac517b54e44 Mon Sep 17 00:00:00 2001
From: Guchun Chen 
Date: Sat, 6 May 2023 16:52:59 +0800
Subject: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in
 suspend

commit 8b229ada2669b74fdae06c83fbfda5a5a99fc253 upstream.

sdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini,
driver unconditionally disables ecc_irq which is only enabled on
those asics enabling sdma ecc. This will introduce a warning in
suspend cycle on those chips with sdma ip v4.0, while without
sdma ecc. So this patch correct this.

[ 7283.166354] RIP: 0010:amdgpu_irq_put+0x45/0x70 [amdgpu]
[ 7283.167001] RSP: 0018:9a5fc3967d08 EFLAGS: 00010246
[ 7283.167019] RAX: 98d88afd3770 RBX: 0001 RCX: 
[ 7283.167023] RDX:  RSI: 98d89da30390 RDI: 98d89da2
[ 7283.167025] RBP: 98d89da2 R08: 00036838 R09: 0006
[ 7283.167028] R10: d5764243c008 R11:  R12: 98d89da30390
[ 7283.167030] R13: 98d89da38978 R14: 999ae15a R15: 98d880130105
[ 7283.167032] FS:  () GS:98d996f0() knlGS:
[ 7283.167036] CS:  0010 DS:  ES:  CR0: 80050033
[ 7283.167039] CR2: f7a9d178 CR3: 0001c42ea000 CR4: 003506e0
[ 7283.167041] Call Trace:
[ 7283.167046]  
[ 7283.167048]  sdma_v4_0_hw_fini+0x38/0xa0 [amdgpu]
[ 7283.167704]  amdgpu_device_ip_suspend_phase2+0x101/0x1a0 [amdgpu]
[ 7283.168296]  amdgpu_device_suspend+0x103/0x180 [amdgpu]
[ 7283.168875]  amdgpu_pmops_freeze+0x21/0x60 [amdgpu]
[ 7283.169464]  pci_pm_freeze+0x54/0xc0

Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2522
Signed-off-by: Guchun Chen 
Reviewed-by: Tao Zhou 
Signed-off-by: Alex Deucher 
Cc: sta...@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
index b5affba221569..8b8ddf0502661 100644
--- a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
@@ -1903,9 +1903,11 @@ static int sdma_v4_0_hw_fini(void *handle)
 		return 0;
 	}
 
-	for (i = 0; i < adev->sdma.num_instances; i++) {
-		amdgpu_irq_put(adev, >sdma.ecc_irq,
-			   AMDGPU_SDMA_IRQ_INSTANCE0 + i);
+	if (amdgpu_ras_is_supported(adev, AMDGPU_RAS_BLOCK__SDMA)) {
+		for (i = 0; i < adev->sdma.num_instances; i++) {
+			amdgpu_irq_put(adev, >sdma.ecc_irq,
+   AMDGPU_SDMA_IRQ_INSTANCE0 + i);
+		}
 	}
 
 	sdma_v4_0_ctx_switch_enable(adev, false);
-- 
cgit 



signature.asc
Description: This is a digitally signed message part.

Bug#1034931: flex: diff for NMU version 2.6.4-8.2

2023-05-18 Thread Andreas Metzler 
Control: tags 1034931 + patch
Control: tags 1034931 + pending

Dear maintainer,

I've prepared an NMU for flex (versioned as 2.6.4-8.2) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.

kind regards

Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -u flex-2.6.4/debian/changelog flex-2.6.4/debian/changelog
--- flex-2.6.4/debian/changelog
+++ flex-2.6.4/debian/changelog
@@ -1,3 +1,14 @@
+flex (2.6.4-8.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix package-relationships with flex-old:
++ Add flex Conflicts/Replaces flex-old
++ Change versioned libfl2-dev Replaces/Breaks against flex-old (<=
+  2.5.4a-10) to unversioned Conflicts/Replaces flex-old.
+Closes: #1034931
+
+ -- Andreas Metzler   Thu, 18 May 2023 11:33:49 +0200
+
 flex (2.6.4-8.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u flex-2.6.4/debian/control flex-2.6.4/debian/control
--- flex-2.6.4/debian/control
+++ flex-2.6.4/debian/control
@@ -16,6 +16,8 @@
 Architecture: any
 Pre-Depends: debconf | debconf-2.0
 Depends: ${shlibs:Depends}, m4, ${misc:Depends}
+Conflicts: flex-old
+Replaces: flex-old
 Recommends: gcc | c-compiler, libfl-dev
 Suggests: bison, build-essential, flex-doc
 Multi-Arch: foreign
@@ -70,8 +72,9 @@
 Architecture: any
 Multi-Arch: same
 Depends: ${misc:Depends}, flex (= ${binary:Version}), libfl2 (= ${binary:Version})
-Replaces: flex (<< 2.5.39), flex-old (<= 2.5.4a-10)
-Breaks: flex (<< 2.5.39), flex-old (<= 2.5.4a-10)
+Replaces: flex (<< 2.5.39), flex-old
+Breaks: flex (<< 2.5.39)
+Conflicts: flex-old
 Description: static library for flex (a fast lexical analyzer generator)
  Flex is a tool for generating scanners: programs which recognized lexical
  patterns in text. It reads the given input files for a description of a


signature.asc
Description: PGP signature

Bug#1036272: youtube-dl - Should this be released with Bookworm?

2023-05-18 Thread Bastian Blank 
Source: youtube-dl
Version: 2021.12.17-2
Severity: serious

We have a maintained and uptodate fork of this package in the archive
and the release: yt-dlp.  Do we really need to release this package in a
not so usable state?

Hint: transitional packages are supposed to be at the target of a
transiton and more empty.

Bastian

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (700, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1023585: I really hope to use various software packages provided by Debian on the Loongarch architecture

2023-05-18 Thread huangjia...@kylinsec.com.cn 
Dear Maintainer:
Thank you for reading. Have a nice day!
I'm a developer of loongarch,Loongarch already has an ISO release based on 
Debian, which is very user-friendly and smooth. I hope to use various software 
packages provided by Debian on the Loongarch architecture to let more people 
know about the breadth of Debian !
Regards
Jiawen Huang



huangjia...@kylinsec.com.cn

Bug#1035971: linux-image-6.3.0-0-amd64: IRQ warnings from amdgpu Navi 33 / Radeon RX 7700S ...

2023-05-18 Thread David Reviejo 

Hi, Nathan

I have similar warnings with the last longterm 6.1.27 image from
bookworm, in my case when suspending to RAM.

Seems to be an amdgpu bug introduced two or three kernel releases ago, as
you can see googling around; for example here:

https://bugzilla.redhat.com/show_bug.cgi?id=2191739

or here:

https://gitlab.freedesktop.org/drm/amd/-/issues/2522

If it's this bug, the fix seems to be in yesterday's latest upstream
kernel update: 6.3.3 (and 6.1.29 for the stable longterm).

We can only hope that the developers are not too busy with the bookworm
release to apply these patches ASAP ;)

Cheers,
--
David

Bug#1036271: towitoko: New upstream version

2023-05-18 Thread Bastian Germann 

Source: towitoko
Version: 2.0.7-9
Severity: wishlist

New upstream version available at: https://github.com/cprados/towitoko-linux

  1   2   >