Bug#1036656: unblock: grub2/2.06-13

[Cyril Brulebois]

Hi,

Paul Gevers  (2023-05-24):
> The following needs your approval too.
> 
> On 23-05-2023 23:39, Steve McIntyre wrote:
> > unblock grub2/2.06-13
> > unblock grub-efi-amd64-signed/1+2.06+13
> > unblock grub-efi-arm64-signed/1+2.06+13
> > unblock grub-efi-ia32-signed/1+2.06+13

Yes please!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1034558: rnp: CVE-2023-29479 VE-2023-29480

[Salvatore Bonaccorso]

Hi Daniel,

On Tue, May 23, 2023 at 06:29:43PM -0400, Daniel Kahn Gillmor wrote:
> In https://bugs.debian.org/1034558, Salvatore Bonaccorso wrote:
> 
> > Source: rnp
> > Version: 0.16.2-1
> > Severity: grave
> > Tags: security upstream
> > Justification: user security hole
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> > 
> 
> Thanks for tracking this in the BTS, Salvatore.
> 
> I aim to have 0.16.3 (which is a targeted upstream release with a very
> narrow set of changes) uploaded to unstable in the next day or two.

Thanks! Note the deadline for unblock requests will be on 28th. So the
unblock needs to be granted by then so we have the fixes in bookworm.

Thanks for your work!

Salvatore

Bug#1036656: unblock: grub2/2.06-13

[Paul Gevers]

Control: tags -1 confirmed d-i

Hi Cyril,

The following needs your approval too.

On 23-05-2023 23:39, Steve McIntyre wrote:

Please unblock package grub2 and its derived signed packages.

As promised in the -12 ublock request, we now have a lot more
translations updated for the changed template questions for os-prober.

Also, I've included 1 RC bug fix which fixes up an RC bug which stops
machines booting:

* When *also* installing to the removable media path, include the
   relevant mokmanager binary. Closes: #1034409

And a small fix for generating boot menu options on systems
dual-booting with Arch and derivatives:

* Allow initrd to contain spaces. Closes: #838177, #820838.

unblock grub2/2.06-13
unblock grub-efi-amd64-signed/1+2.06+13
unblock grub-efi-arm64-signed/1+2.06+13
unblock grub-efi-ia32-signed/1+2.06+13

debdiff attached, filtering out noise from *.po updates.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1030171: clamav-daemon: clamav-clamonacc.service fails to start

[Martin-Éric Racine]

Package: clamav-daemon
Version: 1.0.1+dfsg-2
Followup-For: Bug #1030171

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I bumped into this one after upgrading from Bullseye to Bookworm.

x clamav-clamonacc.service - ClamAV On-Access Scanner
 Loaded: loaded (/lib/systemd/system/clamav-clamonacc.service; enabled; 
preset: enabled)
 Active: failed (Result: timeout) since Wed 2023-05-24 07:48:22 EEST; 18min 
ago
   Docs: man:clamonacc(8)
 man:clamd.conf(5)
 https://docs.clamav.net/
CPU: 131ms

May 24 07:46:52 p8h61 systemd[1]: Starting clamav-clamonacc.service - ClamAV 
On-Access Scanner...
May 24 07:48:22 p8h61 systemd[1]: clamav-clamonacc.service: start-pre operation 
timed out. Terminating.
May 24 07:48:22 p8h61 systemd[1]: clamav-clamonacc.service: Control process 
exited, code=killed, status=15/TERM
May 24 07:48:22 p8h61 systemd[1]: clamav-clamonacc.service: Failed with result 
'timeout'.
May 24 07:48:22 p8h61 systemd[1]: Failed to start clamav-clamonacc.service - 
ClamAV On-Access Scanner.

This REALLY needs to be fixed now, before Bookworm is released.

Martin-Éric

- -- Package-specific info:
- --- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
- ---
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
GenerateMetadataJson disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "6"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "12"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "1"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "1"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled

Config file: freshclam.conf
- ---
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = 

Bug#1036660: unblock: node-socket.io-parser/4.2.1+~3.1.0-2

[Yadd]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-socket.io-par...@packages.debian.org
Control: affects -1 + src:node-socket.io-parser

Please unblock package node-socket.io-parser

[ Reason ]
node-socket.io-parser is vulnerable to CVE-2023-32695: a malformet
packet can trigger an uncaught exception on the Socket.IO server,
thus killing the Node.js process.

[ Impact ]
Medium security issue

[ Tests ]
Test updated, passed

[ Risks ]
No risk:
 * patch is trivial
 * the patch is a revert, version 4.0.2 (Bullseye) isn't vulnerable even
   if included in the report
   (see https://github.com/socketio/socket.io/discussions/4721)

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

Cheers,
Yadd

unblock node-socket.io-parser/4.2.1+~3.1.0-2

Bug#1035710: unblock: doc-debian/11.3

[Joost van Baal-Ilić]

Hi Luca,

On Wed, May 24, 2023 at 12:04:57AM +0100, Luca Boccassi wrote:
> Control: retitle -1 unblock: doc-debian/11.3+nmu1
> Control: tags -1 -moreinfo
> 
> On Tue, 23 May 2023 23:37:23 +0100 Luca Boccassi 
> wrote:
> > On Tue, 23 May 2023 06:46:19 +0200 Joost van =?utf-8?Q?Baal-
> Ili=C4=87?=
> >  wrote:
> > > On Sat, May 20, 2023 at 04:21:47PM +0200, Sebastian Ramacher wrote:
> > >  
> > > > On 2023-05-14 06:47:18 +0200, Joost van Baal-Ilić wrote:
> > > > > reopen 1035710
> > > > > retitle 1035710 unblock: doc-debian/11.3
> > > > > thanks
> > > > > 
> > > > > Please unblock package doc-debian
> > > > > 
> > > > 
> > > > Please go ahead with the upload to unstable. Remove the moreinfo
> > > > tag once the package is available.
> > > 
> > > Thank you.  Unfortunately I don't think I'll make it before the deadline
> > > / in the next couple of hours, real life currently doesn't allow me that.
> > > 
> > > If anybody else has time to take a shot at it: here's the current
> > > issue's: I made a mistake in the upload to experimental: it says
> > > 'experimental' in the top of debian/changelog; should probably be
> > > 'unstable'.  And the last commit on salsa is misguided.
> > > 
> > > If nobody steps up I can probably prepare an upload for the first
> > > bookworm point release.
> > 
> > I can take care of this, I'll do a changelog-only upload of the current
> > version that's in experimental to unstable.
> 
> Done, you can find the changelog-only commit to pull from at:
> 
> https://salsa.debian.org/bluca/doc-debian/-/commits/master?ref_type=heads

Excellent, thanks a lot, you made my day \o/

Bye,

Joost

Bug#1036659: installation-reports: LUKs Prompt Splash Screen and Console Prompt Disappears After Installing Nvidia Drivers

[Asmodean]

Package: installation-reports
Severity: normal
X-Debbugs-Cc: place4...@gmail.com

(Please provide enough information to help the Debian
maintainers evaluate the report efficiently - e.g., by filling
in the sections below.)

Boot method: USB
Image version: debian-bookworm-DI-rc3-amd64-DVD-1.iso
Date: 05/23/23

Machine: i7-6700k, Nvidia 980 Ti, HDMI lik to monitor, 1080p monitor
Partitions: `df -Tl`:
/dev/mapper/nvme0n1p3_crypt btrfs248993792  17590048 229590192   8% /
/dev/mapper/nvme0n1p3_crypt btrfs248993792  17590048 229590192   8% 
/snapshots
/dev/mapper/nvme0n1p3_crypt btrfs248993792  17590048 229590192   8% /swap
/dev/mapper/nvme0n1p3_crypt btrfs248993792  17590048 229590192   8% /var
/dev/nvme0n1p2  ext2515668 80388409068  17% /boot
/dev/nvme0n1p1  vfat54 11096511128   3% 
/boot/efi
/dev/mapper/sda1_crypt  btrfs488368128 380438904 107203864  79% /home


Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [O]
Detect network card:[O]
Configure network:  [O]
Detect media:   [O]
Load installer modules: [O]
Clock/timezone setup:   [O]
User/password setup:[O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[O]
Install tasks:  [O]
Install boot loader:[O]
Overall install:[O]

Comments/Problems:
`initrd` was installed with the general option, and no extra modules
were loaded when prompted to do so in the expert installer. After
finishing the installation, the system rebooted correctly, albeit there
being no splash screen for the LUKs prompt, only a console text prompt
to enter the encryption passphrase. After decrypting everything and
loading the graphical environment, i.e. XFCE, the `non-free` component was
added to `/etc/apt/sources.list`, the package `linux-headers-amd64` was
installed, and lastly the command `apt install nvidia-driver
firmware-misc-nonfree` was run to install the proprietary Nvidia drivers
for my GPU. At reboot time, bootloader GRUB appeared without problem,
but after selecting the kernel and the initial loading that follows, the
console only displayed the line "XDG something disabled" instead of
showing the LUKs prompt. Though after waiting a few moments, supposedly
for the keyboard modules to load, the passphrase can be entered without
any visual feedback, with only the "XDG..." line on the screen. Pressing
 following the passphrase boots the system into graphical target
without problems. The questions are: 1. Why was the GUI splash screen 
unavailable
 after the reboot following installation? 2. Why did the prompt disappear after
installing Nvidia drivers? 3. Is there a way to fix this?
Note: I installed the same system on the W550s Thinkpad which has a
Nvidia GPU. The splash screen displayed correctly after pressing
 following the initial boot, and loaded correctly too after
installing the Nvidia drivers with identical steps detailed above. 


-- Package-specific info:

==
Installer lsb-release:
==
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="12 (bookworm) - installer build 20230515"
X_INSTALLATION_MEDIUM=cdrom

==
Installer hardware-summary:
==
uname -a: Linux 6700k 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 
(2023-05-08) x86_64 GNU/Linux
lspci -knn: 00:00.0 Host bridge [0600]: Intel Corporation Xeon E3-1200 
v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers [8086:191f] 
(rev 07)
lspci -knn: Subsystem: ASUSTeK Computer Inc. Device [1043:8694]
lspci -knn: 00:01.0 PCI bridge [0604]: Intel Corporation 6th-10th Gen Core 
Processor PCIe Controller (x16) [8086:1901] (rev 07)
lspci -knn: Subsystem: ASUSTeK Computer Inc. Device [1043:8694]
lspci -knn: Kernel driver in use: pcieport
lspci -knn: 00:02.0 VGA compatible controller [0300]: Intel Corporation HD 
Graphics 530 [8086:1912] (rev 06)
lspci -knn: DeviceName:  Onboard IGD
lspci -knn: Subsystem: ASUSTeK Computer Inc. Device [1043:8694]
lspci -knn: 00:14.0 USB controller [0c03]: Intel Corporation 100 Series/C230 
Series Chipset Family USB 3.0 xHCI Controller [8086:a12f] (rev 31)
lspci -knn: Subsystem: ASUSTeK Computer Inc. Device [1043:8694]
lspci -knn: Kernel driver in use: xhci_hcd
lspci -knn: Kernel modules: xhci_pci
lspci -knn: 00:16.0 Communication controller [0780]: Intel Corporation 100 
Series/C230 Series Chipset Family MEI Controller #1 [8086:a13a] (rev 31)
lspci -knn: Subsystem: ASUSTeK Computer Inc. Device [1043:8694]
lspci -knn: 00:17.0 SATA controller [0106]: Intel Corporation 
Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode] 
[8086:a102] (rev 31)
lspci -knn: Subsystem: ASUSTeK Computer Inc. Device 

Bug#959187: ITP: ooni-probe-cli -- OONI Probe Command Line Interface)

[tous]

Hi Antoine,

Unfortunately I didn't get so far, but I intend to work on it on these next 
days. It needs packaging on the following dependencies:

gitlab.com/yawning/utls
github.com/ooni/probe-assets
gitlab.com/yawning/obfs4
github.com/ooni/oocrypto
github.com/ooni/netem
github.com/upper/db
github.com/Psiphon-Labs/psiphon-tunnel-core
github.com/ooni/oohttp

You can find what I worked on here: 
https://salsa.debian.org/touss-guest/probe-cli

Thanks for waiting this long for me to pack the probe-cli. I'd appreciate any 
help i can get on this.

Best regards,

tous

Bug#1036587: samba: named crashes on DLZ zone update

[Steven Monai]

On 2023-05-23 3:04 a.m., Michael Tokarev wrote:

At this point I don't plan to push new samba release to debian. Next
upstream 4.17 is planned - I guess now when the issue is rehashed by
you, next stable upstream release will include the fix.  I definitely
plan to push this to bookworm, hopefully the first point release of
it.  If I were to push it now, I'll have to add a new patch now and
remove it when next 4.17 is out, making double work for the release
managers, - first to review the patch, next to review patch move to
upstream source, - the latter is always more difficult than to review
just the upstream differences.  I understand you want to see it in
debian before 12.1, but having in mind the amount of work being done
by the release managers now.. 


No worries, I can wait for 12.1. In the meantime, Bullseye still works 
for me.



I can make it available in my usual repository.


Please do! Where can I find your repo?


Thank you for being persistent, despite some of the samba members
being not as useful.. ;)


Bah, I've seen worse. I've been in IT/tech-support for 10+ years. :)

Cheers,
--
-S.M.

Bug#946677:

[Nikos Andrikos]

It seems that we have to set DEB_DH_COMPAT_DISABLE in debian/rules to avoid
this problem, as it is implemented in
https://salsa.debian.org/debian/cdbs/-/blob/master/1/rules/debhelper.mk.in#L208

Kind regards,
Nikos

Bug#1036306: unblock: ufw/0.36.2-1

[Jamie Strandboge]

On Tue, 23 May 2023, Paul Gevers wrote:

> > Bug fixes and translations will not be available in bookworm (I am upstream 
> > ufw
> > and I cut 0.36.2 specifically for bookworm users).
> 
> Please elaborate. It's Full Freeze time. A new upstream needs a lot of
> defending to be considered a targeted fix at this stage of the release.

Sorry I didn't elaborate more initially. I too misread the timing and
thought that due to autopkgtests that the timing was still ok.

As mentioned, I am the upstream author for ufw as well as the Debian
maintainer for ufw and I had a choice to either cherrypick the changes
and apply as patches in a 0.36.1-5 release or to gather them all into a
0.36.2-1 release. I chose the later since I didn't expect there to be a
problem. Practically speaking though, it would've been essentially the
same.

Importantly, ufw had very good coverage via unit tests and functional
tests which are both part of the package build. There are additional
runtime functional tests that are part of autopkgtests that run on a
live system. It migrated to Ubuntu 23.10 and passed its build and
autopkgtests too.

ufw is also a leaf package and not installed by default or as part of
any tasks. Upgrades were manually tested from 0.36.1-4.1 to 0.36.2-1 on
bookworm.

I'll outline the changes below.

## Upstream ChangeLog:

* src/ufw-init-functions: set default policy after loading rules. Thanks to
  Mauricio Faria de Oliveira. (LP: #1946804)

This was already in 0.36.1-2 and I simply pulled it upstream. It was
debian/patches/0004-set-default-policy-after-load.patch


* doc/ufw.8:
  - document 'insert' and 'prepend' can't be used to update comments
(LP: #1927737)

This is new to 0.36.2, but only a documentation change to make existing
functionality clearer. I feel this is a useful usability improvement for
bookworm users.


* src/backend_iptables.py: remove unreachable code (LP: #1927734)

This is new to 0.36.2 but a very minor change:
https://git.launchpad.net/ufw/commit/?h=release/0.36=dc350c53c9bc8bad8d9cbd810adf53111bcd5c10

This is safe to remove due to this line a few lines before it:
https://git.launchpad.net/ufw/tree/src/backend_iptables.py?h=release/0.36=dc350c53c9bc8bad8d9cbd810adf53111bcd5c10#n997

(ie, line 997 is already doing an 'position > len(rules)' check so it is
safe to remove the unreachable code in the aforementioned commit). This
change could've been omitted for bookworm, but is also harmless.


* src/util.py:
  - properly parse /proc/pid/stat for WSL (LP: #2015645)

This is one of the main reasons why I wanted an update for bookworm
since I wanted bookworm users on WSL to have a functional ufw. The
change is here:
https://git.launchpad.net/ufw/commit/?h=release/0.36=55669b732255c224343605272b793ae3fd534557

Unit tests existed for prior behavior and new tests were added for the
bug fix. I feel this is an important bug fix for for bookworm users
since without it, ufw fails to run on WSL.


* src/util.py:
  - mitigate odd length string with unhexlify (Closes: 1034568)

This mitigates a traceback in the case of if a rules file is somehow
corrupted. The change is here:
https://git.launchpad.net/ufw/commit/?h=release/0.36=751e3aa510a992140f748987221600ee4722ea75

Unit tests existed for prior behavior and new tests were added for the
bug fix. I feel this is a useful usability improvement for bookworm
users.


* src/util.py:
  - support vrrp protocol (LP: #1996636)

This is a technically a new feature, but all it did was add a new
protocol to an existing list and so the change is considered safe. Most
of the changes are for the man page and unit tests. The change is here:
https://git.launchpad.net/ufw/commit/?h=release/0.36=49b50d9ebd4a381af9886fc1bff17191358188fc

Unit tests existed for prior behavior and new tests were added for the
bug fix. I debated this change as it could've been omitted for bookworm,
but the change was obvious and small and added functionality that might
be useful to keepalived users on bookworm.


* add locales/po/ro.po. Thanks Remus-Gabriel Chelu (Closes: 1034119)

This adds the .ro translation that was submitted via the BTS. I verified
the translations via Google Translate and also ran 0.36.2-1 through
https://git.launchpad.net/qa-regression-testing/tree/scripts/test-ufw.py#n474
which specifically tests that ufw runs under all the different locales.
This test script is part of Ubuntu (of which I am also an Ubuntu
developer) and doesn't work without modification on bookworm, but I did
so and the locale works fine. I felt it important to shepherd the
contribution to Debian into bookworm.


* add '-h' and show help with no args (LP: #1965462)

This change simply add '-h' to the already existing '--help' and 'help'
commands and adjusts the parsing to show raise a ValueError which
triggers showing the help message instead of just showing a
less-than-helpful "not enough args" message like 0.36.1 did. This change
is here:

Bug#1019717: Display of an SVG file broken due to gsfonts transition

[Bob Friesenhahn]

On Tue, 23 May 2023, László Böszörményi wrote:


On Tue, May 23, 2023 at 9:45 PM Albrecht Dreß  wrote:

I added the attached patch file to the Debian patches and re-build the package, 
which now processes SVG files as expected, so this seems to be a fix


Sorry, I had totally forgotten about this issue.

I did not see the final generated product attached to the issue.  On 
the system I am looking at, there is a 
/etc/ghostscript/fontmap.d/10gsfonts.conf file which must be similar 
in nature to the /etc/ghostscript/fontmap.d/10fonts-urw-base35.conf 
which Debian is using.


Rather than modify type-ghostscript.mgk.in, it is likely better to 
create a new file "type-urw-base35.mgk" and add it to the list of 
files specifically for Debian.  Since the font installation paths are 
fixed for Debian then just store hard-coded paths in the mgk file 
since there is no reason to configure or search for them.


I recall that Ghostscript (i.e. "Artifex Software, Inc.") has disowned 
the original set of font files which was distributed with it so 
perhaps these URW fonts are not accurately described as Ghostscript 
fonts.


GraphicsMagick should of course support Fontconfig.  I am not sure 
what the impact of doing so (e.g. run-time performance) is.  I have 
not studied it at all.


Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,http://www.GraphicsMagick.org/
Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt

Bug#1036658: release-notes: 5.1.8. rsyslog creates fewer log files - mail.log is not dropped

[Christoph Anton Mitterer]

Oh and there's more which IMO can be improved.

If people take the currently named pattern:
- /var/log/mail.{info,warn,err,log}*
- /var/log/lpr.log*
- /var/log/{messages,debug,daemon}*

the may accidentally delete quite some other files. e.g. anything that
starts with debug.

Also, daemon is actually daemon.log .


The following would be at least a bit more restrictive:
  /var/log/mail.{info,warn,err} /var/log/lpr.log 
/var/log/{messages,debug,daemon.log}
  /var/log/mail.{info,warn,err}.* /var/log/lpr.log.* 
/var/log/{messages,debug,daemon.log}.*

not perfect though, cause it could still select unrelated files like
/var/log/debug.myproject.log



Cheers,
Chris.

Bug#1036658: release-notes: 5.1.8. rsyslog creates fewer log files - mail.log is not dropped

[Christoph Anton Mitterer]

Package: release-notes
Severity: normal
X-Debbugs-Cc: bi...@debian.org

Hey.

As of now, the section says that the following files are no longer
created:
- /var/log/mail.{info,warn,err,log}*
- /var/log/lpr.log*
- /var/log/{messages,debug,daemon}*


I've looked through rsyslog's changelog.Debian.gz (for version 8.2210.0-3)
as well as the commits on salsa:
https://salsa.debian.org/debian/rsyslog/-/commit/95e5e45b6e136196a7ac9ad85882391c44b641a4
 AFAIU, only /var/log/mail.{info,warn,err}* are gone. mail.log is kept.


So:
/var/log/mail.{info,warn,err,log}*
should be changed to:
/var/log/mail.{info,warn,err}*

Thanks,
Chris.


PS: CCing Michael, so he can tell when I'm wrong.

Bug#1036591: reaver: segmentation fault

[Leandro Cunha]

Hi,

On Tue, May 23, 2023 at 7:33 PM Samuel Henrique  wrote:
>
> > On Tue, May 23, 2023 at 10:21:35PM +0100, Samuel Henrique wrote:
> > > Andrey, Leandro meant to use the "patch" tag instead of "fixed", here's 
> > > his fix:
> > > https://salsa.debian.org/leandrocunha/reaver
> > Do you think this change will be approved for bookworm, especially at this
> > point in the freeze?
>
> I don't see any other better alternative.
> I don't think it's worthy to cherry-pick a single possible fix since
> the package might be broken in other ways as well.
>
> The correct action here is to update to 1.6.6, which has been released
> years ago and is being shipped by a lot of other distros.
>
> To be clear, I haven't tried to reproduce the issue myself, but it
> looks general enough and easy to do so, I'll do it in the next few
> days, but wanted to make sure we keep moving on fixing this.
>
> Cheers,
>
> --
> Samuel Henrique 

There was a user who reported that the problem also occurs in Debian
11 (Bullseye).
But I can't confirm because I don't use stable.
Samuel, I know you use testing.
Andrey Rakhmatullin, do you use stable or do you have machines with stable?

See https://github.com/t6x/reaver-wps-fork-t6x/issues/365

-- 
Cheers,
Leandro Cunha

Bug#1035710: unblock: doc-debian/11.3

[Luca Boccassi]

Control: retitle -1 unblock: doc-debian/11.3+nmu1
Control: tags -1 -moreinfo

On Tue, 23 May 2023 23:37:23 +0100 Luca Boccassi 
wrote:
> On Tue, 23 May 2023 06:46:19 +0200 Joost van =?utf-8?Q?Baal-
Ili=C4=87?=
>  wrote:
> > On Sat, May 20, 2023 at 04:21:47PM +0200, Sebastian Ramacher wrote:
> >  
> > > On 2023-05-14 06:47:18 +0200, Joost van Baal-Ilić wrote:
> > > > reopen 1035710
> > > > retitle 1035710 unblock: doc-debian/11.3
> > > > thanks
> > > > 
> > > > Please unblock package doc-debian
> > > > 
> > > > [ Reason ]
> > > > The doc-debian package claims to ship the Constitution for the
> Debian Project,
> > > > the Debian Social Contract and other Debian documents.  The
> versions of those
> > > > documents are obsolete [obsolete], which makes the package as
now
> in testing
> > > > very buggy.
> > 
> > > > 
> > > > unblock doc-debian/11.3
> > > 
> > > Please go ahead with the upload to unstable. Remove the moreinfo
> tag
> > > once the package is available.
> > 
> > Thank you.  Unfortunately I don't think I'll make it before the
> deadline / in
> > the next couple of hours, real life currently doesn't allow me
that.
> > 
> > If anybody else has time to take a shot at it: here's the current
> issue's: I
> > made a mistake in the upload to experimental: it says
'experimental'
> in the top
> > of debian/changelog; should probably be 'unstable'.  And the last
> commit on
> > salsa is misguided.
> > 
> > If nobody steps up I can probably prepare an upload for the first
> bookworm
> > point release.
> 
> I can take care of this, I'll do a changelog-only upload of the
current
> version that's in experimental to unstable.

Done, you can find the changelog-only commit to pull from at:

https://salsa.debian.org/bluca/doc-debian/-/commits/master?ref_type=heads

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1035710: unblock: doc-debian/11.3

[Luca Boccassi]

On Tue, 23 May 2023 06:46:19 +0200 Joost van =?utf-8?Q?Baal-Ili=C4=87?=
 wrote:
> On Sat, May 20, 2023 at 04:21:47PM +0200, Sebastian Ramacher wrote:
>  
> > On 2023-05-14 06:47:18 +0200, Joost van Baal-Ilić wrote:
> > > reopen 1035710
> > > retitle 1035710 unblock: doc-debian/11.3
> > > thanks
> > > 
> > > Please unblock package doc-debian
> > > 
> > > [ Reason ]
> > > The doc-debian package claims to ship the Constitution for the
Debian Project,
> > > the Debian Social Contract and other Debian documents.  The
versions of those
> > > documents are obsolete [obsolete], which makes the package as now
in testing
> > > very buggy.
> 
> > > 
> > > unblock doc-debian/11.3
> > 
> > Please go ahead with the upload to unstable. Remove the moreinfo
tag
> > once the package is available.
> 
> Thank you.  Unfortunately I don't think I'll make it before the
deadline / in
> the next couple of hours, real life currently doesn't allow me that.
> 
> If anybody else has time to take a shot at it: here's the current
issue's: I
> made a mistake in the upload to experimental: it says 'experimental'
in the top
> of debian/changelog; should probably be 'unstable'.  And the last
commit on
> salsa is misguided.
> 
> If nobody steps up I can probably prepare an upload for the first
bookworm
> point release.

I can take care of this, I'll do a changelog-only upload of the current
version that's in experimental to unstable.

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1034558: rnp: CVE-2023-29479 VE-2023-29480

[Daniel Kahn Gillmor]

In https://bugs.debian.org/1034558, Salvatore Bonaccorso wrote:

> Source: rnp
> Version: 0.16.2-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> 

Thanks for tracking this in the BTS, Salvatore.

I aim to have 0.16.3 (which is a targeted upstream release with a very
narrow set of changes) uploaded to unstable in the next day or two.

   --dkg


signature.asc
Description: PGP signature

Bug#1036591: reaver: segmentation fault

[Samuel Henrique]

> On Tue, May 23, 2023 at 10:21:35PM +0100, Samuel Henrique wrote:
> > Andrey, Leandro meant to use the "patch" tag instead of "fixed", here's his 
> > fix:
> > https://salsa.debian.org/leandrocunha/reaver
> Do you think this change will be approved for bookworm, especially at this
> point in the freeze?

I don't see any other better alternative.
I don't think it's worthy to cherry-pick a single possible fix since
the package might be broken in other ways as well.

The correct action here is to update to 1.6.6, which has been released
years ago and is being shipped by a lot of other distros.

To be clear, I haven't tried to reproduce the issue myself, but it
looks general enough and easy to do so, I'll do it in the next few
days, but wanted to make sure we keep moving on fixing this.

Cheers,

-- 
Samuel Henrique 

Bug#1036649: util-linux: leftover conffiles

[Christoph Anton Mitterer]

Hey.

Clarifying on this:

With "clean up" I didn't mean "remove"... ;-)

AFAICS, the two files are now contained in util-linux-extra (again as
conffiles).

On a Debian sid system of mine (that I typically upgrade every day - so
it got every version in between installed),... the files are in fact
*only* registered as conffiles for util-linux-extra, and don't show up
as obsoletes.

However, on one system that I upgraded few days ago from bullseye to
bookworm I get:
# dpkg -S /etc/init.d/hwclock.sh /etc/default/hwclock
util-linux-extra: /etc/init.d/hwclock.sh
util-linux-extra: /etc/default/hwclock

=> ok, still good

but:
# dpkg-query --showformat='${Package}\n${Conffiles}\n' --show
...
util-linux
 /etc/pam.d/runuser b8b44b045259525e0fae9e38fdb2aeeb
 /etc/pam.d/runuser-l 2106ea05877e8913f34b2c77fa02be45
 /etc/pam.d/su 60fbbe65c90d741bc0d380543cefe8af
 /etc/pam.d/su-l 756fef5687fecc0d986e5951427b0c4f
 /etc/init.d/hwclock.sh c06bc68c12cbdd9c7f60ba25ee587efe obsolete
 /etc/default/hwclock 02f94aaf57aff4e2e6751ec7b877a997 obsolete
util-linux-extra
 /etc/default/hwclock 02f94aaf57aff4e2e6751ec7b877a997
 /etc/init.d/hwclock.sh c06bc68c12cbdd9c7f60ba25ee587efe
util-linux-locales
...

So for some reason it's still registered to both as conffile.

I always though, dpkg -S would show that, too.


Cheers,
Chris.

Bug#1036526: needrestart: leftover conffiles

[Christoph Anton Mitterer]

btw: The reason for the file not being cleaned up is that a wrong
version is used in the maintainer scripts:

dpkg-maintscript-helper rm_conffile /etc/needrestart/hook.d/30-pacman 3.5-4 -- 
"$@"

But according to changelog.Debian, it was removed in 3.5-5.

dpkg-maintscript-helper(1) says:
   prior-version
   Defines the latest version of the package whose upgrade should
   trigger the operation.
   ...
   For example, for a conffile removed in version 2.0-1 of a package,
   prior-version should be set to 2.0-1~. This will cause the conffile
   to be removed even if the user rebuilt the previous version 1.0-1
   as 1.0-1local1. Or a package switching a path from a symlink
   (shipped in version 1.0-1) to a directory (shipped in version
   2.0-1), but only performing the actual switch in the maintainer
   scripts in version 3.0-1, should set prior-version to 3.0-1~.


So in your case, this was never executed anywhere.

It needs to be aligned to the future version of the package, where this
is fixed, instead.

Bug#1036591: reaver: segmentation fault

[Andrey Rakhmatullin]

On Tue, May 23, 2023 at 10:21:35PM +0100, Samuel Henrique wrote:
> Andrey, Leandro meant to use the "patch" tag instead of "fixed", here's his 
> fix:
> https://salsa.debian.org/leandrocunha/reaver
Do you think this change will be approved for bookworm, especially at this
point in the freeze?

Bug#1036657: bridge-utils: inconsistent IPv6 local-link between Ethernet and WiFi

[Martin-Éric Racine]

Package: bridge-utils
Version: 1.7.1-1
Severity: important

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I'm not use whether this is caused by ifupdown or bridge-utils. Please reassign 
if necessary.

Having just upgraded from Bullseye to Bookworm, I noticed that the behavior has 
changed once again, when it comes to whether interfaces conncted to a bridge 
have their own IPv6 link-local or not. 

In Bullseye, Ethernet cards did not have any IPv6 local-link, while Wifi 
adapters did. In Bookworm, it the opposite.

It should be neither. Only configured interfaces should have an IPv6 
local-link. For bridges, it means that only the bridge should have an IPv6 
local-link, not the interfaces attached to it.

Martin-Éric

- -- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 
'stable-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bridge-utils depends on:
ii  libc6  2.36-9

bridge-utils recommends no packages.

Versions of packages bridge-utils suggests:
ii  ifupdown  0.8.41

- -- Configuration Files:
/etc/default/bridge-utils changed:
BRIDGE_HOTPLUG=yes
BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS=yes


- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmRtO9oACgkQrh+Cd8S0
17b0PA/9Evd+ErmnIfEmJwp3KjGHVa6qsGV//OFqtt6bTAr16lfRnNHrar61F1U/
KJ3GPK/e9gxw8Bxeh8lXelGW5+25vei1H7iC8bGDTPrAKOXZIGFn+FlFqll1KuIY
/uc4GAEXE85gjul+b/9aNY3KynWu6i7KpubYhbXxS/i2QlzmH29SNxpdloRLvLRj
9g7trmv0d8v0YLsFL48se2dFhUivLEaM4roSvwh+M8buuwlTXdZJ1j22L1ncHSdc
BirJdE5sCkQgOsS7vqmH5QH5idHVpgoZYefizBim0REfW8+mFueoJ1oLiU01I5YX
Dn3XZCae3/OUw2ic3yhhGEFg9+M2Zcxp9pg94CMq9++v78UmmIPCNEMgLzWanEBb
U9/IEQRRCg+GbUIfupEbTGeg0XpK4P/VQOJvYD6cApP21/jEzo+tL2TzW1aJmsJ9
+ak6c3R2Qxi6heNwAg7SInJR3TsScHo51bRdNk6Glr8kk2L3lwPEjMenjU4MvX0O
Awfaq3mgxNEVyj5prX1x0a5QnR/WibAb/q2Sq3cn3rfD6z4X+9r+1VnLJI2igOgq
xon42p4FBammOWe0Vwj1o94xX9reLy3X98VIqWDSbEHV+QcuHPAaBgLm6YqueyaW
2bs0LKg/6bx1sOgtn5Mtj3EHUqjv3AOWk4g1lOcCRLy5ZeJrkGE=
=qJP7
-END PGP SIGNATURE-

Bug#1036591: reaver: segmentation fault

[Leandro Cunha]

Hi Samuel,

On Tue, May 23, 2023 at 6:22 PM Samuel Henrique  wrote:
>
> Control: tags -1 patch fixed-upstream
>
> Hello Bartosz,
>
> We are planning to perform an NMU, changing the package's maintership
> to the Security Tools team (while keeping you as an Uploader), fixing
> this RC bug and filling an unblock request so we can ship this package
> for bookworm.

I'm going to make these changes, since he is still the package maintainer.

> Please let me know if you disagree, we will have to act quickly due to
> the freeze.
>
> Andrey, Leandro meant to use the "patch" tag instead of "fixed", here's his 
> fix:
> https://salsa.debian.org/leandrocunha/reaver

Thank you, I apologize because I always confuse the tags use.
Even looking in the documentation about debbugs BTS I was a little
confused about this.

-- 
Cheers,
Leandro Cunha

Bug#1036656: unblock: grub2/2.06-13

[Steve McIntyre]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package grub2 and its derived signed packages.

As promised in the -12 ublock request, we now have a lot more
translations updated for the changed template questions for os-prober.

Also, I've included 1 RC bug fix which fixes up an RC bug which stops
machines booting:

* When *also* installing to the removable media path, include the
  relevant mokmanager binary. Closes: #1034409

And a small fix for generating boot menu options on systems
dual-booting with Arch and derivatives:

* Allow initrd to contain spaces. Closes: #838177, #820838.

unblock grub2/2.06-13
unblock grub-efi-amd64-signed/1+2.06+13
unblock grub-efi-arm64-signed/1+2.06+13
unblock grub-efi-ia32-signed/1+2.06+13

debdiff attached, filtering out noise from *.po updates.
diff -Nru grub2-2.06/debian/changelog grub2-2.06/debian/changelog
--- grub2-2.06/debian/changelog 2023-04-21 13:30:26.0 +0100
+++ grub2-2.06/debian/changelog 2023-04-23 20:55:54.0 +0100
@@ -1,3 +1,35 @@
+grub2 (2.06-13) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * When *also* installing to the removable media path, include the
+relevant mokmanager binary. Closes: #1034409
+
+  [ General Chaos ]
+  * Allow initrd to contain spaces. Closes: #838177, #820838.
+
+  [ Translators ]
+  * Update lots of translations of debconf templates, thanks to the
+following:
++ Welsh (Dafydd Tomos)
++ German (Helge Kreutzmann). Closes: #1034850
++ Croatian (Tomislav Krznar)
++ Greek (Emmanuel Galatoulas)
++ Esperanto (Felipe Castro)
++ French (Baptiste Jammet). Closes: #1035761
++ Italian (Luca Monducci). Closes: #1034825
++ Kazakh (Baurzhan Muftakhidinov)
++ Korean (Changwoo Ryu). Closes: #1034868
++ Latvian (Rudolfs Mazurs)
++ Dutch (Frans Spiesschaert). Closes: #1035399
++ Norwegian Bokmål (Petter Reinholdtsen, Sverre Vaabenoe)
++ Brazilian Portuguese (Adriano Rafael Gomes). Closes: #1035905
++ Romanian (Remus-Gabriel Chelu)
++ Russian (Yuri Kozlov). Closes: #1035294
++ Turkish (Atila KOÇ). Closes: #1035846
++ Swedish (Luna Jernberg)
+
+ -- Steve McIntyre <93...@debian.org>  Sun, 23 Apr 2023 20:55:54 +0100
+
 grub2 (2.06-12) unstable; urgency=medium
 
   * Fix up arm64 SB patch to fix build failure on 32-bit arm systems
diff -Nru grub2-2.06/debian/patches/grub-install-removable-shim.patch 
grub2-2.06/debian/patches/grub-install-removable-shim.patch
--- grub2-2.06/debian/patches/grub-install-removable-shim.patch 2023-02-09 
01:32:18.0 +
+++ grub2-2.06/debian/patches/grub-install-removable-shim.patch 2023-04-23 
20:55:54.0 +0100
@@ -107,7 +107,7 @@
  
fb_src = grub_util_path_concat (2, "/usr/lib/shim/",
fb_signed);
-@@ -2154,30 +2152,81 @@ main (int argc, char *argv[])
+@@ -2154,30 +2152,82 @@ main (int argc, char *argv[])
if (!removable)
  grub_install_copy_file (fb_src,
  fb_dst, 0);
@@ -129,6 +129,7 @@
 +  also_install_removable (shim_signed, base_efidir, 
removable_file, 1);
 +
 +  also_install_removable (efi_signed, base_efidir, 
chained_base, 1);
++  also_install_removable (mok_src, base_efidir, mok_file, 0);
 +
 +  /* If we're updating the NVRAM, add fallback too - it
 +  will re-update the NVRAM later if things break */
diff -Nru 
grub2-2.06/debian/patches/os-prober-Allow-initrd-to-contain-spaces.patch 
grub2-2.06/debian/patches/os-prober-Allow-initrd-to-contain-spaces.patch
--- grub2-2.06/debian/patches/os-prober-Allow-initrd-to-contain-spaces.patch
1970-01-01 01:00:00.0 +0100
+++ grub2-2.06/debian/patches/os-prober-Allow-initrd-to-contain-spaces.patch
2023-04-23 20:55:54.0 +0100
@@ -0,0 +1,50 @@
+From 1f982e2a7c35e14d5a92c76db998afafd1bd9e87 Mon Sep 17 00:00:00 2001
+From: General Chaos 
+Date: Tue, 12 Apr 2016 22:28:52 +
+Subject: [PATCH] os-prober: Allow initrd to contain spaces
+
+linux-boot-prober produces structured output with newline-terminated rows
+representing kernels, each with colon-delimited columns. We translate
+this into a sequence of space-separated words representing kernels,
+each containing colon-delimited fields where spaces are represented by
+carets.
+
+When we parse each of those words into colon-delimited fields, if the
+field could conceivably contain spaces then we need to translate
+carets back into spaces. We did this for label and parameters, but not
+for the initrd.
+
+In particular, when CPU microcode is installed on Arch Linux or its
+derivatives, they write CPU microcode into one initrd archive and the
+rest of early user-space into another, instead of concatenating the
+archives into a single file like Debian derivatives do. To boot Arch
+successfully from the 

Bug#1036590: Acknowledgement (gajim: Insists on creating a kwalletd keystore, preventing startup)

[Matt Marjanovic]

A follow-up:

There appear to be a couple of layers of bugs involved with this misbehavior.

What is happening:

  The configuration for an account (stored in a sqlite database) can/should 
have a
  boolean parameter named "savepass".  If "savepass" is missing, the default 
value
  is "True".  (See gajim/common/setting_values.py)

  In my config db, for reasons unknown to me, the "Local" account has no 
"savepass"
  parameter.  Thus gajim treats it as "savepass == True" for this account, and 
that
  triggers the unstoppable kwallet dialogs.

I do not actually use the Local account, so after a battle with the kwallet
dialogs, I was able to turn off "Connect on startup" for this account.  Upon a
restart, gajim no longer tries to connect to that account and no longer insists
on getting a password from a wallet.  This lets me get on with using gajim.

However, the Local account still has no savepass parameter, and I know of no way
to provoke gajim to provision one.


There appear to be (at least) three bugs involved here:

 1) The default value for "savepass" should probably be False (or even None, 
with
a code path that tries to solve the problem of whether or not there is a
saved password involved).

 2) If accessing a keystore/wallet fails, e.g. because someone hits a Cancel 
button,
then gajim should take the hint and quit demanding access to a non-existent 
keystore.

 3) There needs to be a mechanism to reset/clear the "savepass" parameter --- 
i.e.,
a mechanism to tell gajim to _stop_ storing the password in a keystore.

-mm

Bug#1036591: reaver: segmentation fault

[Samuel Henrique]

Control: tags -1 patch fixed-upstream

Hello Bartosz,

We are planning to perform an NMU, changing the package's maintership
to the Security Tools team (while keeping you as an Uploader), fixing
this RC bug and filling an unblock request so we can ship this package
for bookworm.

Please let me know if you disagree, we will have to act quickly due to
the freeze.

Andrey, Leandro meant to use the "patch" tag instead of "fixed", here's his fix:
https://salsa.debian.org/leandrocunha/reaver

Cheers,

-- 
Samuel Henrique 

Bug#1036651: coreutils: split: -n with (some?) devices fails with EOVERFLOW, accepts some chardevs?

[Pádraig Brady]

On 23/05/2023 20:44, наб wrote:

Package: coreutils
Version: 9.1-1
Version: 8.32-4+b1
Severity: normal

Dear Maintainer,

This happens regardless of the blockdev size:
   $ split -n20 /dev/loop2
   split: /dev/loop2: cannot determine file size: Value too large for defined 
data type
and with
   $ split -n3 /dev/full
   split: /dev/full: cannot determine file size: Value too large for defined 
data type
the normal message is
   $ cat | split -n20
   split: -: cannot determine file size
i.e. w/o strerror.
Nothing's EOVERFLOW-worthy here, one'd think.

However:
   $ split -n20
   split: -: cannot determine file size
   $ split -n20 /dev/pts/0
   split: /dev/pts/0: cannot determine file size
   $ split -n20 /dev/full
   split: /dev/full: cannot determine file size: Value too large for defined 
data type
   $ split -n20 /dev/zero
   split: /dev/zero: cannot determine file size: Value too large for defined 
data type
   $ split -n20 /dev/rfkill
   split: /dev/rfkill: cannot determine file size
so normal unseekable files get no strerror,
/dev/full and /dev/zero are seekable and somehow yield EOVERFLOWs as well.

Oddly:
   $ split -n20 /dev/autofs
   split: /dev/autofs: cannot determine file size: Invalid argument
but /dev/autofs is seekable, and only EINVALs on read()s.

Also oddly:
   $ split -n20 /dev/null
just works.
Is it hard-coded somehow? This isn't noted in the manual.


This has all changed in coreutils 9.2 with:
https://github.com/coreutils/coreutils/commit/aa266f1b3

That causes data to be read, rather than depending on lseek.

cheers,
Pádraig

Bug#1036306: unblock: ufw/0.36.2-1

[Gunnar Hjalmarsson]

On 2023-05-23 22:01, Paul Gevers wrote:

On 23-05-2023 18:56, Gunnar Hjalmarsson wrote:

ufw has autopkgtest, so strictly it's not blocked because of the
freeze, but because of a piuparts failure.


That's not true. We're in Hard Freeze, so ufw qualifies to migrate
with passing autopkgtest when it's age is 20 days. However, once
those 20 days are over, we're in Full Freeze so it won't migrate. So
yes, strictly speaking it's *also* blocked by the freeze.


I stand corrected. (And with that I understand wrt ufw why Jamie needs 
to justify the freeze related unblock request.)



As you can see my primary concern is another package, i.e.
ibus-pinyin. That package has already been unblocked from freeze:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036225


And missed the ignore-piuparts hint. Thanks for bringing that to our
attention, I added that hint.


Thanks! (And I understand from your reply that otherwise I should have
simply submitted a separate unblock request. Or maybe re-opened the 
already submitted bug...)



From tomorrow on, all packages that haven't migrated need an unblock
request or they will not be part of bookworm. Normally we'd spot the
piuparts problem and add the ignore hint if it's caused by the
adduser issue.


Sounds like the release team has it under control, then, so I will stop 
worrying. :)


--
Thanks again!

Gunnar

Bug#1036655: pinentry-curses: leaks keystrokes to the shell

[Martin-Éric Racine]

Package: pinentry-curses
Version: 1.2.1-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team 

Having just upgraded from Bullseye to Bookworm, I notice that pinentry-curses 
leaks keystrokes to the CLI.

1) This is a serious security issue, since the passphrase gets written to the 
CLI history (in my case, to .bash_history).
2) Additionally, it results in the passphrase failing to get entered. I see an 
"X to 3 try" warning.

Martin-Éric

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages pinentry-curses depends on:
ii  libassuan0 2.5.5-5
ii  libc6  2.36-9
ii  libgpg-error0  1.46-1
ii  libncursesw6   6.4-4
ii  libtinfo6  6.4-4

pinentry-curses recommends no packages.

Versions of packages pinentry-curses suggests:
pn  pinentry-doc  

-- no debconf information

Bug#1019717: Display of an SVG file broken due to gsfonts transition

[GCS]

On Tue, May 23, 2023 at 9:45 PM Albrecht Dreß  wrote:
> I added the attached patch file to the Debian patches and re-build the 
> package, which now processes SVG files as expected, so this seems to be a fix.
>
> Also attached is the *very* ugly Python script I used to extract the URW font 
> paths from the Ghostscript config and to modify type-ghostscript.mgk.in - 
> maybe it is helpful.
 These fixes [1] you submitted look OK, let's loop-in the upstream developer.

Thanks,
Laszlo/GCS
[1] https://bugs.debian.org/1019717#20

Bug#1036654: [PATCH] cmake: set -DBUILD_TESTING=OFF for nocheck builds

[Helmut Grohne]

Package: debhelper
Tags: patch
X-Debbugs-Cc: jspricke%40debian.org, roehl...@debian.org

Hi Niels et al,

I noticed that disabling CTest for nocheck is a recurring pattern.
Rather than patch lots of packages, maybe we could automate that in some
central tool? I'm attaching a patch for your convenience.

Helmut

---
 debhelper-compat-upgrade-checklist.pod| 5 +
 lib/Debian/Debhelper/Buildsystem/cmake.pm | 4 
 2 files changed, 9 insertions(+)

diff --git a/debhelper-compat-upgrade-checklist.pod 
b/debhelper-compat-upgrade-checklist.pod
index e9965258..1ddeba7e 100644
--- a/debhelper-compat-upgrade-checklist.pod
+++ b/debhelper-compat-upgrade-checklist.pod
@@ -107,6 +107,11 @@ B, respectively, instead of B and B call.  Any override of B that
 passes extra parameters to the upstream build system should be reviewed.
 
+=item -
+
+The B build system passes B<< -DBUILD_TESTING:BOOL=OFF >> to B
+if B contains B thus disabling CTest.
+
 =back
 
 =item v13
diff --git a/lib/Debian/Debhelper/Buildsystem/cmake.pm 
b/lib/Debian/Debhelper/Buildsystem/cmake.pm
index c4a2ad9c..2b793939 100644
--- a/lib/Debian/Debhelper/Buildsystem/cmake.pm
+++ b/lib/Debian/Debhelper/Buildsystem/cmake.pm
@@ -135,6 +135,10 @@ sub configure {
$ENV{CXXFLAGS} .= ' ' . $ENV{CPPFLAGS};
}
 
+   if (get_buildoption("nocheck") && ! compat(13)) {
+   push(@flags, "-DBUILD_TESTING:BOOL=OFF");
+   }
+
$this->mkdir_builddir();
eval { 
$this->doit_in_builddir("cmake", @flags, @_, 
$this->get_source_rel2builddir());
-- 
2.39.2

Bug#1036634: RM: monado/stable -- NVIU; 2 years old codebase for very active project targeting recent hardware and software stack (new version didn't make it into stable).

[Paul Gevers]

Hi David,

On 23-05-2023 16:59, David Heidelberg wrote:

Monado package is in very active development, offering support for
recent XR headsets.

The risk is getting users discouraged by very old and already unsupported
package, rather than just using the Monado package from unstable or git.


I'm slightly wondering, you want to remove the package from stable, but 
the version in bookworm (the next stable) is hardly newer. Should we 
also remove the package from testing?


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1019717: Display of an SVG file broken due to gsfonts transition

[GCS]

Hi Albrecht, Bob,

[Written a day ago, forgot to send.]

On Mon, May 22, 2023 at 6:51 PM Albrecht Dreß  wrote:
> The issue is still present in libgraphicsmagick-q16-3 v. 1.4+really1.3.40-4 
> and makes using the library with the standard config files somehow unusable 
> as soon as any SVG with a "text" container is involved.  It would be great if 
> a fix would be available before the final Bookworm release.
 It's an upstream bug; there was a gsfonts -> fonts-urw-base35
transition which resulted in different font files. But GM has the font
names hardcoded. The default seems to be n019003l.pfb [1] and font
variants are also hardcoded [2]. But the package fonts-urw-base35 has
none of these pfb files.
Not sure what to do at this point. Alter the font names in GM or ship
the hardcoded fonts?

Regards,
Laszlo/GCS
[1] 
http://hg.graphicsmagick.org/hg/GraphicsMagick/file/c41d8933edef/magick/nt_base.c#l1713
[2] 
http://hg.graphicsmagick.org/hg/GraphicsMagick/file/c41d8933edef/wmf/src/font.h#l82
[3] https://packages.debian.org/bookworm/all/fonts-urw-base35/filelist

Bug#1036591: reaver: segmentation fault

[Leandro Cunha]

Hi,

On Tue, May 23, 2023 at 5:27 PM Andrey Rakhmatullin  wrote:
>
> On Tue, May 23, 2023 at 04:38:26PM -0300, Leandro Cunha wrote:
> > Control: tags +1 fixed
> Please don't tag this "fixed".

The problem itself has been fixed, it's just pending upload.

> > However, the package is at risk with an NMU of see link for more 
> > information.[1]
> >
> > [1] https://wiki.debian.org/PackageSalvaging
> Not sure what do you mean and how is that related to this bug, sorry.
Because of this here:
The last upload was an NMU and there was no maintainer upload within one year.

But due to the condition of the package, I believe it is really
heading towards salvaging.

-- 
Cheers,
Leandro Cunha

Bug#1009152: unixodbc-common: leftover conffile

[Christoph Anton Mitterer]

Hey.

Sorry, your reply slipped somehow through.

The problem is not the removal of the file, which indeed happens in
postrm,... but that it's still wrongly registered as dpkg conffile.

I think the proper solution here would be to (on the next upgrade of
the package):
- cp -a the current file to some mktmp location
- use dpkg-maintscript-helper's rm_conffile to remove/unregister the
  file
- move the copy back to original location
(better test, before uploading that)


Should yield a configuration file with the same content, but not longer
registered as a conffile.

Cheers,
Chris.

Bug#1036653: libworkflow0: broken symlink: /usr/lib//libworkflow.so.0.10.6 -> libworkflow.so.0

[Andreas Beckmann]

Package: libworkflow0
Version: 0.10.6-1.1
Severity: normal
User: debian...@lists.debian.org
Usertags: piuparts
Control: found -1 0.10.5-1

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

0m13.7s ERROR: FAIL: Broken symlinks:
  /usr/lib/x86_64-linux-gnu/libworkflow.so.0.10.6 -> libworkflow.so.0 
(libworkflow0:amd64)

The package does not ship the shared library at all, only the broken
link. I haven't checked the source, but my guess is that the symlink
gets created in the wrong direction (link source and target swapped),
owerwriting the actual library.


cheers,

Andreas

Bug#1036644: linux-image-6.1.0-9-amd64: System crashes. Netconsole reports CPUs not responding to MCE broadcast

[Diederik de Haas]

Control: found -1 6.1.25-1
Control: retitle -1 Kernel panic - not syncing: Timeout: Not all CPUs entered 
broadcast exception handler

On Tuesday, 23 May 2023 18:49:00 CEST Olivier Berger wrote:
> It used to work fine with 6.1.0-7 but has had problems with the 2 later
> updates of the testing kernel.

The stack traces should be useful for someone who understands those (which
isn't me), but I did notice several other items:

- [  465.284645] GPT: Use GNU Parted to correct GPT errors
That happened after you plugged in an USB drive?
I would follow that advice, but it would be useful to get that USB drive
'out of the equation'.
Does the issue also occur when that USB drive isn't used?
The kernel seems to assign both sda and sdb before settling on sda(1)?
Not sure what to make of that, but it doesn't look good

- [  535.857315] EXT4-fs (dm-0): recovery complete
I can understand a FS recovery when you're dealing with a freeze/crash,
but I find the timing a 'bit' unusual. After 9.5 minutes, I doubt it's the
primary/boot drive (and we had the USB drive before that), so where
is that coming from?

- [  543.576681] systemd-journald[428]: Sent WATCHDOG=1 notification
I'm not really sure what that means, but afaik a watchdog is used to
(automatically) reboot the machine if the system hangs.
So seeing that message numerous times, is worrisome. And it looks like it
doesn't do its actual job?

- BIOS T70 Ver. 01.13.01 03/30/2023
Can you check whether there is a newer BIOS version available?
I believe 'NMI' is BIOS related, so it may have an effect.

signature.asc
Description: This is a digitally signed message part.

Bug#1036591: reaver: segmentation fault

[Andrey Rakhmatullin]

On Tue, May 23, 2023 at 04:38:26PM -0300, Leandro Cunha wrote:
> Control: tags +1 fixed
Please don't tag this "fixed".

> However, the package is at risk with an NMU of see link for more 
> information.[1]
> 
> [1] https://wiki.debian.org/PackageSalvaging
Not sure what do you mean and how is that related to this bug, sorry.

Bug#1036642: [Pkg-zfsonlinux-devel] Bug#1036642: zfsutils-linux: Fix description in man page for periodic scrubs (Debian's own implementation not explained & OpenZFS unit files missing)

[Felix Stupp]

Dear Yurii,

sorry, I messed up my check & the verification I did.
I checked for it by auto completing "systemctl status" command and then trying 
to manually type it in, which both of course does not work for "systemctl 
status" but for "systemctl enable" (because there is no instance known yet).
An dI verified it by searching for the files on packages.debian.org, but most 
probably searched only for bullseye / stable and not for bookworm, I'm sorry 
for that.

I would then change the title myself, but I don't know how to do that on this 
tracker.

Am Dienstag, 23. Mai 2023, 20:38:03 CEST schrieben Sie:
> Dear Felix, I’m unsure how you checked for it, but it’s been shipped [0] in 
> the Debian for over a year since 04c0728c [1].
> 
> [0] 
> https://packages.debian.org/search?searchon=contents=zfs-scrub=filename=testing=any
> [1] 
> https://salsa.debian.org/zfsonlinux-team/zfs/-/commit/04c0728cdb8c2f58aa7958ef72ab41f3d20df26f
> 
> 

signature.asc
Description: This is a digitally signed message part.

Bug#1036648: zlib1g-dev: Missing manual pages for the functions

[Mark Brown]

On Tue, May 23, 2023 at 09:57:42PM +0200, Alejandro Colomar wrote:

> I'm going to use zlib in the near future in my job, so I can write some
> manual pages for the functions I use.  I'll keep upstream in the loop,
> in case they want to pick the pages.  I will probably only write pages
> for the functions I use, though, of course.

That'd be excellent!


signature.asc
Description: PGP signature

Bug#1036306: unblock: ufw/0.36.2-1

[Paul Gevers]

Hi Gunnar,

On 23-05-2023 18:56, Gunnar Hjalmarsson wrote:

On 2023-05-23 17:31, Paul Gevers wrote:

On 19-05-2023 05:33, Jamie Strandboge wrote:
Sure. The migration is currently blocked because the upload happened 
very recently


That description is not quite accurate. ufw has autopkgtest, so strictly 
it's not blocked because of the freeze, but because of a piuparts failure.


That's not true. We're in Hard Freeze, so ufw qualifies to migrate with 
passing autopkgtest when it's age is 20 days. However, once those 20 
days are over, we're in Full Freeze so it won't migrate. So yes, 
strictly speaking it's *also* blocked by the freeze.



Maybe you didn't see my reply to Jamie's initial bug, but it was archived:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036306#10


Yes I saw that. People around me (I'm at DebianReunionHamburg) are 
working to figure out how to fix the piuparts situation, but filing 
unblock requests *now* is appropriate *if* the upload is a targeted fix 
(as it should be). The adduser problem is relatively new, so all 
packages that are 20 days now or tomorrow were piuparts tested before 
the problem. So all the packages that are blocked by piuparts need our 
attention via an unblock request anyways, if they need to migrate to 
bookworm.


As you can see my primary concern is another package, i.e. ibus-pinyin. 
That package has already been unblocked from freeze:


https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036225


And missed the ignore-piuparts hint. Thanks for bringing that to our 
attention, I added that hint.


But since it hit the very same adduser/piuparts issue as ufw (and 
probably a bunch of other packages) did, it's still blocked from migration.


Not if we add the right hint, which we have in place already for several 
unblocks.


Maybe it was wrong of me to comment on this ufw bug, but the 
adduser/piuparts situation is special, and I felt it made sense to 
handle all affected packages together.


Sorry, that doesn't scale. We'll handle it per unblock request.

Please advice on how uploaders affected by the adduser/piuparts 
situation should act.


From tomorrow on, all packages that haven't migrated need an unblock 
request or they will not be part of bookworm. Normally we'd spot the 
piuparts problem and add the ignore hint if it's caused by the adduser 
issue.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036648: zlib1g-dev: Missing manual pages for the functions

[Alejandro Colomar]

Hi Mark,

On 5/23/23 21:45, Mark Brown wrote:
> severity 1036648 wishlist
> kthxbye
> 
> On Tue, May 23, 2023 at 09:26:57PM +0200, Alejandro Colomar wrote:
> 
>> This library lacks manual pages for the available functions, which seems
>> to be a violation of the Debian Policy.
> 
> This is an *extremely* widespread violation of policy at this point...
> it'd be nice, certainly.

Heh, that's true.  :')

I'm going to use zlib in the near future in my job, so I can write some
manual pages for the functions I use.  I'll keep upstream in the loop,
in case they want to pick the pages.  I will probably only write pages
for the functions I use, though, of course.

Cheers,
Alex

-- 

GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036531: unblock: firefox-esr/102.11.0esr-1

[Salvatore Bonaccorso]

Hi Release team,

On Mon, May 22, 2023 at 09:57:13AM +0900, Mike Hommey wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package firefox-esr
> 
> [ Reason ]
> Security update for Firefox. The same package has already reached
> bullseye.
> 
> [ Impact ]
> See above
> 
> [ Tests ]
> Usual smoke tests
> 
> [ Risks ]
> See above.
> 
> [ Other info ]
> There are no changes to the package debian/ directory other than
> debian/changelog. Everything else is upstream changes for the security
> update.
> 
> unblock firefox-esr/102.11.0esr-1

To confirm: As we have 102.11.0esr-1~deb11u1 in bullseye, and this is
exactly what will we will do as well for bookworm for DSAs please do
accept this unblock request. According to the grep-excuses there
should not be anything blocking it.

Thanks for your hard work for the release.

Regards,
Salvatore

Bug#1036365: Apology

[Tom Sullivan]

My apologies!

I had missed the fact that noauto appears to be required. If it is 
included, --architectures, etc. are accepted.

Sincerely,
-- 
t...@sullivaninusa.com
FAX: 815-301-2835

Bug#1036628: iptables-persistent: leftover files on upgrade

[gustavo panizzo]

Hi

On Tue, May 23, 2023 at 02:55:55PM +0200, Christoph Anton Mitterer wrote:

Package: iptables-persistent
Version: 1.0.20
Severity: normal


Hey.

When upgrading to 1.0.20 from 1.0.19, there are files left over:
Unpacking iptables-persistent (1.0.20) over (1.0.19) ...
dpkg: warning: unable to delete old directory 
'/etc/systemd/system/netfilter-persistent.service.d': Directory not empty

And the empty directory actually remains after the whole process:
$ l /etc/systemd/system/netfilter-persistent.service.d
total 0
drwxr-xr-x 1 root root   0 May 23 14:54 .
drwxr-xr-x 1 root root 942 Feb  1 15:51 ..
$


Could be that this is actually a bug in debhelper? If so,
please re-assign.


I'm surprised piuparts did not catch that. I'll fix after the release of
bookworm

thanks


Thanks,
Chris.


--
IRC: gfa
GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5
OLD GPG: 0x44BB1BA79F6C6333

Bug#1036646: libhyperscan5: prevents rspamd from starting

[Antoine Le Gonidec]

I bumped the bug severity to prevent the automatic migration to Bookworm, but 
feel free to lower it if you think it is not warranted.


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036646: libhyperscan5: prevents rspamd from starting

[Antoine Le Gonidec]

It looks like an update of rspamd should fix this:
https://github.com/rspamd/rspamd/issues/4409

I am reassigning this bug report to rspamd since it seems that a fix is 
available from their upstream.


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036648: zlib1g-dev: Missing manual pages for the functions

[Mark Brown]

severity 1036648 wishlist
kthxbye

On Tue, May 23, 2023 at 09:26:57PM +0200, Alejandro Colomar wrote:

> This library lacks manual pages for the available functions, which seems
> to be a violation of the Debian Policy.

This is an *extremely* widespread violation of policy at this point...
it'd be nice, certainly.


signature.asc
Description: PGP signature

Bug#1036475: unblock: xen/4.17.1+2-gb773c48e36-1

[Salvatore Bonaccorso]

Dear release team,

On Sun, May 21, 2023 at 10:02:25PM +0200, Maximilian Engelhardt wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock 
> X-Debbugs-Cc: x...@packages.debian.org, t...@security.debian.org, 
> m...@daemonizer.de
> Control: affects -1 + src:xen
> 
> Please unblock package xen.
> 
> [ Reason ]
> Xen in bookworm is currently affected by CVE-2022-42335 and
> CVE-2022-42336 (see #1034842 and #1036298).
> 
> [ Impact ]
> The above mentioned CVEs are not fixed in bookworm.
> 
> [ Tests ]
> The Debian package is based only on upstream commits that have passed
> the upstream automated tests.
> The Debian package has been successfully tested by the xen packaging
> team on their test machines.
> 
> [ Risks ]
> There could be upstream changes unrelated to the above mentioned
> security fixes that cause regressions. However upstream has an automated
> testing machinery (osstest) that only allows a commit in the upstream
> stable branch if all test pass.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> This security fix is based on the latest upstream stable-4.17 branch.
> The branch in general only accepts bug fixes and does not allow new
> features, so the changes there are mainly security and other bug fixes.
> This does not strictly follow the "only targeted fixes" release policy,
> but, as explained below, we believe it is still appropriate for an
> unblock request.
> The package we have uploaded to unstable is exactly what we would have
> done as a security update in a stable release, what we have historically
> done together with the security team and are planning to continue to do.
> As upstream does extensive automated testing on their stable branches
> chances for unnoticed regressions are low. We believe this way the risk
> for bugs is lower than trying to manually pick and adjust patches
> without all the deep knowledge that upstream has. This approach is
> similar to what the linux package is doing.

I can confirm that this is indeed the strategy for src:xen we would
follow, like for bullseye already, as well in bookworm.

Regards,
Salvatore

Bug#1019717: Display of an SVG file broken due to gsfonts transition

[Albrecht Dreß]

Digging a little deeper into this, I /think/ this is a bug in the 
GraphicsMagick source file 
http://hg.code.sf.net/p/graphicsmagick/code/file/tip/config/type-ghostscript.mgk.in
 which hard-codes the font file names and just makes the path configurable.

I added the attached patch file to the Debian patches and re-build the package, 
which now processes SVG files as expected, so this seems to be a fix.

Also attached is the *very* ugly Python script I used to extract the URW font 
paths from the Ghostscript config and to modify type-ghostscript.mgk.in - maybe 
it is helpful.

Thanks, Albrecht.

font-urw35-issue-1019717.patch.gz
Description: application/gzip


fix-gm-fonts.py.gz
Description: application/gzip


pgpwh8glYK_BO.pgp
Description: PGP signature

Bug#1036650: brasero: Brasero stalls burning Blu-ray discs

[bud]

Package: brasero
Version: 3.12.3-2
Severity: normal
X-Debbugs-Cc: budheal...@gmail.com

Dear Maintainer,

   * What led up to the situation?
I invoked Brasero to create bookworm RC3 on rewriteable Blu-ray discs.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
I prepared .iso files (using jigdo) or created a project for Brasero to burn. I 
tried the shell command or invoked Brasero from the menus. Then I pressed the 
burn button.
   * What was the outcome of this action?
One time only, the first (25GB) disc was created. The SHA256sum was the same as 
created by xfburn. one of them installed without error.
Every other time, Brasero stalls, usually about half through. This appears to 
be reproducible. The DLBD files usually stall when about half done, although 
the DLBC-rc3-amd64 1 disc stalls quite early on.
I tried quite a number of files and discs. 
   * What outcome did you expect instead?
The Blu-ray operation should go to completion.

-- System Information:
Debian Release: 12.0
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/24 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages brasero depends on:
ii  brasero-common  3.12.3-2
ii  gstreamer1.0-plugins-base   1.22.0-3
ii  gvfs1.50.3-1
ii  libbrasero-media3-1 3.12.3-2
ii  libc6   2.36-9
ii  libcairo2   1.16.0-7
ii  libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1
ii  libglib2.0-02.74.6-2
ii  libgstreamer-plugins-base1.0-0  1.22.0-3
ii  libgstreamer1.0-0   1.22.0-2
ii  libgtk-3-0  3.24.37-2
ii  libpango-1.0-0  1.50.12+ds-1
ii  libtotem-plparser18 3.26.6-1+b1
ii  libtracker-sparql-3.0-0 3.4.2-1
ii  libxml2 2.9.14+dfsg-1.2

Versions of packages brasero recommends:
ii  brasero-cdrkit  3.12.3-2
ii  yelp42.2-1

Versions of packages brasero suggests:
pn  libdvdcss2  
ii  tracker 3.4.2-1
pn  vcdimager   

-- no debconf information

Bug#1036591: reaver: segmentation fault

[Leandro Cunha]

Control: tags +1 fixed

Hi Andrey Rakhmatullin,

I already fixed the problem and just need to upload.
I'll have a member of the security team upload it for me. Thank you
for your confirmation.
However, the package is at risk with an NMU of see link for more information.[1]

[1] https://wiki.debian.org/PackageSalvaging
-- 
Cheers,
Leandro Cunha

Bug#990144: fail2ban: legacy conffiles leftover

[Christoph Anton Mitterer]

Hey.

Unfortunately the previous leftover conffiles haven't been cleaned up
in the meantime.


And even more conffiles need to be added to that list, namely
$ dpkg-query --showformat='${Package}\n${Conffiles}\n' --show  |  awk '/^[^ 
]/{pkg=$1}/ obsolete$/{print pkg,$0}' | cut -d ' ' -f 1-3 | column -t
fail2ban/etc/fail2ban/action.d/iptables-common.conf
fail2ban/etc/fail2ban/action.d/badips.py
fail2ban/etc/fail2ban/action.d/badips.conf


which all three were left over when upgrading from bullseye to
bookworm.


Cheers,
Chris.

Bug#1035522: debian-security-support 11+2023.05.04 flagged for acceptance

[Holger Levsen]

On Tue, May 23, 2023 at 05:44:30PM +0100, Adam D. Barratt wrote:
> In the interests of not blocking on things other than SRM's free time,
> how does this sound as some blurb for an announcement mail?
> 
> 
> The debian-security-support package tracks the level of security support
> available for packages within Debian releases, allowing administrators to
> be alerted to installed packages for which support has had to be limited
> or prematurely ended.
> 
> The version of the package in bullseye can lead to the production of a
> large number of warning messages during an upgrade to the upcoming
> bookworm release. This update resolves that issue.
> 

sounds pretty good to me, thank you.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

No mas pobres en un pais rico!


signature.asc
Description: PGP signature

Bug#1036649: util-linux: leftover conffiles

[Christoph Anton Mitterer]

Package: util-linux
Version: 2.38.1-5+b1
Severity: normal

Hey.

Seems the package used to contain some conffiles which it now longer does:
# dpkg-query --showformat='${Package}\n${Conffiles}\n' --show  |  awk '/^[^ 
]/{pkg=$1}/ obsolete$/{print pkg,$0}' | cut -d ' ' -f 1-3 | column -t
util-linux  /etc/init.d/hwclock.sh
util-linux  /etc/default/hwclock


Could you please clean them up in a future version of the package? :-)


Thanks,
Chris.

Bug#1036648: zlib1g-dev: Missing manual pages for the functions

[Alejandro Colomar]

Package: zlib1g-dev
Version: 1:1.2.13.dfsg-1
Severity: normal
Tags: upstream
X-Debbugs-Cc: alx.manpa...@gmail.com

Dear maintainer,

This library lacks manual pages for the available functions, which seems
to be a violation of the Debian Policy.

Cheers,
Alex


-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages zlib1g-dev depends on:
ii  libc6-dev [libc-dev]  2.36-9
ii  zlib1g1:1.2.13.dfsg-1

zlib1g-dev recommends no packages.

zlib1g-dev suggests no packages.

-- no debconf information

Bug#1036647: bitcoin: CVE-2023-33297

[Salvatore Bonaccorso]

Source: bitcoin
Version: 22.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for bitcoin.

CVE-2023-33297[0]:
| Bitcoin Core before 24.1, when debug mode is not used, allows
| attackers to cause a denial of service (CPU consumption) because
| draining the inventory-to-send queue is inefficient, as exploited in
| the wild in May 2023.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33297
https://www.cve.org/CVERecord?id=CVE-2023-33297
[1] https://github.com/bitcoin/bitcoin/issues/27586
[2] https://github.com/bitcoin/bitcoin/issues/27623
[3] https://github.com/bitcoin/bitcoin/pull/27610

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1036646: libhyperscan5: prevents rspamd from starting

[Antoine Le Gonidec]

Package: libhyperscan5
Version: 5.4.2-1
Severity: important

After upgrading libhyperscan5 from 5.4.0-2 to 5.4.2-1, rspamd no longer starts.
Even with debug output it does not seem to give any information on what 
prevents it to run:

/usr/bin/rspamd -c /etc/rspamd/rspamd.conf -f -u _rspamd -d
2023-05-23 21:09:58 #1829280(main) ; main; main: rspamd 3.4 is loading 
configuration, build id: release
Aborted

After reverting to libhyperscan5 5.4.0-2, rspamd can run again with no 
noticeable issue.

-- System Information:
Debian Release: 12.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'stable-debug'), (500, 'oldstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-6-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libhyperscan5 depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  libc6  2.36-9
ii  libgcc-s1  12.2.0-14
ii  libstdc++6 12.2.0-14

libhyperscan5 recommends no packages.

libhyperscan5 suggests no packages.

-- debconf information:
  libhyperscan/cpu-ssse3: false

Bug#1036644: linux-image-6.1.0-9-amd64: System crashes. Netconsole reports CPUs not responding to MCE broadcast

[Olivier Berger]

Hi.

Just in order to provide a bit more useful hints, maybe, the latest version 
working fine is linux-image-6.1.0-7-amd64 as 6.1.20-2.

Sorry about the lack of clarity in the initial report.

Le Tue, May 23, 2023 at 06:49:00PM +0200, Olivier Berger a écrit :
> 
> I'm experiencing crashes (computer reset or completely shutting down) without 
> much details available on why. It used to work fine with 6.1.0-7 but has had 
> problems with the 2 later updates of the testing kernel.
> 
> I've managed to get a log of the kernel panic with netconsole (otherwise 
> wouldn't get any hints whatsoever in logs on disks after restarting), bellow.
> 
> I guess this is nasty as being close to the freeze. I've had the issue for a 
> few days now, but only managed to test a netconsole remote log today.
> 
> It seems to me that the crash mainly happen when I'm away from the laptop for 
> several minutes, so maybe related to some kind of energy saving stuff...
> 
> Hope this provides enough details to help.
> 

-- 
Olivier BERGER
https://www-public.imtbs-tsp.eu/~berger_o/ - OpenPGP 2048R/0xF9EAE3A65819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

Bug#1036227: bookworm-pu: package r-cran-shiny/1.7.4+dfsg-3~deb12u1

[Andreas Tille]

Hi Paul,

Am Tue, May 23, 2023 at 01:52:38PM +0200 schrieb Paul Gevers:
> Control: tags -1 confirmed

Thanks.

> On 17-05-2023 19:48, Andreas Tille wrote:
> > I'd like to announce an upload to testing-proposed-updates
> 
> You confused me here. I don't see traces of the upload yet, so I assume this
> is a pre-approval.

Yes, I was asking for pre-approval (sorry for the confusing wording).
 
> > Thus an upload to testing-proposed-updates
> > seems an appropriate solution for this and this bug report is
> > about asking you for confirmation about this solution.
> 
> Ack. For the future ideally this would be fixed by dh-r being less strict in
> what it injects.

I think the injection is sensible in principle to prevent any r-cran
package that is build against r-base with a higher version than in
testing to migrate to testing to early.  Its just the accidental upload
of a higher version which creates the problem.
 
> > I propose to upload the following change to t-p-u:
> 
> Please, always generate your debdiff comparing to what is currently in
> testing.

I'll do - just wanted to wait for confirmation of the versioning
scheme to create the final diff.  It is attached now.
 

> However, I personally prefer the automatic
> syncing of testing to unstable that we get if you use 1.7.4+dfsg-3+deb12u1
> (mind the version being *higher* than testing) or even 1.7.4+dfsg-4. But ACK
> with whatever reasonable version number you choose.

Hope this fits the easy route now.

Kind regards and thanks for working in the release team
Andreas.


[1] https://lists.debian.org/debian-release/2023/05/msg00623.html

-- 
http://fam-tille.de
diff -Nru r-cran-shiny-1.7.4+dfsg/debian/changelog 
r-cran-shiny-1.7.4+dfsg/debian/changelog
--- r-cran-shiny-1.7.4+dfsg/debian/changelog2023-02-21 20:34:31.0 
+0100
+++ r-cran-shiny-1.7.4+dfsg/debian/changelog2023-05-17 07:56:25.0 
+0200
@@ -1,3 +1,12 @@
+r-cran-shiny (1.7.4+dfsg-2+deb12u1) bookworm; urgency=medium
+
+  * Upload to testing-proposed-updates "bookworm" due to the fact that
+there was an accidental upload of a new version of r-base to unstable
+  * Fix link for normalize.css
+Closes: #1035428
+
+ -- Andreas Tille   Wed, 17 May 2023 07:56:25 +0200
+
 r-cran-shiny (1.7.4+dfsg-2) unstable; urgency=medium
 
   * closure-compiler fails - simply symlinking uncompressed JS
diff -Nru r-cran-shiny-1.7.4+dfsg/debian/links 
r-cran-shiny-1.7.4+dfsg/debian/links
--- r-cran-shiny-1.7.4+dfsg/debian/links2023-02-21 20:34:31.0 
+0100
+++ r-cran-shiny-1.7.4+dfsg/debian/links2023-05-17 07:56:25.0 
+0200
@@ -37,5 +37,5 @@
 usr/share/javascript/bootstrap/files/js/locales
usr/lib/R/site-library/shiny/www/shared/datepicker/js/locales
 usr/share/javascript/bootstrap/files/less/datepicker.less  
usr/lib/R/site-library/shiny/www/shared/datepicker/less/datepicker.less
 # usr/share/javascript/selectize.js/selectize.min.js   
usr/lib/R/site-library/shiny/www/shared/selectize/js/selectize.min.js
-usr/lib/nodejs/normalize.css/normalize.css 
usr/lib/R/site-library/shiny/www/shared/ionrangeslider/css/normalize.css
+usr/share/javascript/normalize.css/normalize.css   
usr/lib/R/site-library/shiny/www/shared/ionrangeslider/css/normalize.css
 usr/share/nodejs/html5shiv/dist/html5shiv.min.js   
usr/lib/R/site-library/shiny/www/shared/bootstrap/shim/html5shiv.min.js

Bug#1036645: libportaudio2: crash due to violated assertion

[Daniel Schürmann]

Package: libportaudio2
Version: 19.6.0-1 ... 19.6.0-1.2

Severity: important

Dear Portaudio maintainers,

With Mixxx and Pipewrie installed we see crashes SIGABRT when closing Mixxx.
This leads to losing unsaved user data. The issue seems to be a broken
pipe to the pipewire process.

The original bug is reported here:
https://github.com/mixxxdj/mixxx/issues/11587

When building portaudio without debuild, -DNDEBUG is set that disables assert()
For my understanding that flag should be also set for the debian package.
That would be a solution for this bug.

Alternatively we may patch out the assertion here:
https://github.com/PortAudio/portaudio/blob/2fe67f3568295accc0b4cc47cefd5e0d6a7f6e43/src/hostapi/jack/pa_jack.c#L864
and in some other similar places.

Daniel

Bug#1036554: unblock: iproute2/6.1.0-3

[Luca Boccassi]

On Mon, 22 May 2023 14:30:50 +0100 Luca Boccassi 
wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear Release Team,
> 
> A small regression w.r.t. Bookworm has just been reported on
iproute2.
> It is a trivial fix so I'd like to have it in the release if
possible.
> debdiff attached.
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036534

The regression this fixes is w.r.t. Bullseye, I meant.

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1036591: reaver: segmentation fault

[Andrey Rakhmatullin]

Control: tags -1 - fixed

On Tue, May 23, 2023 at 03:39:24AM -0300, Leandro Cunha wrote:
>* What led up to the situation? The package has a segmentation
> fault on any command I tried to run, but I've used this package in the
> past and it was working and I think some more up-to-date dependency is
> causing this.
I can confirm this, running `reaver -i wlan0 -b 00:90:4C:C1:AC:21 -vv`
(the BSSID is from the -h example).

Program received signal SIGSEGV, Segmentation fault.
0x77df1d19 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x77df1d19 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x77e85d3a in pcap_activate_linux (handle=0x55636e00) at 
./pcap-linux.c:1016
#2  0x77e8d64d in pcap_activate (p=p@entry=0x55636e00) at 
./pcap.c:2716
#3  0x55599e44 in capture_init (capture_source=) at 
init.c:148
#4  0x5559a93d in crack () at cracker.c:59
#5  0x5559e969 in reaver_main (argc=6, argv=) at 
wpscrack.c:106
#6  0x77cc318a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#7  0x77cc3245 in __libc_start_main () from 
/lib/x86_64-linux-gnu/libc.so.6
#8  0x555987fa in _start ()

Bug#1036642: [Pkg-zfsonlinux-devel] Bug#1036642: zfsutils-linux: Fix description in man page for periodic scrubs (Debian's own implementation not explained & OpenZFS unit files missing)

[Yurii Kolesnykov]

Dear Felix, I’m unsure how you checked for it, but it’s been shipped [0] in the 
Debian for over a year since 04c0728c [1].

[0] 
https://packages.debian.org/search?searchon=contents=zfs-scrub=filename=testing=any
[1] 
https://salsa.debian.org/zfsonlinux-team/zfs/-/commit/04c0728cdb8c2f58aa7958ef72ab41f3d20df26f

Bug#1036608: gretl: broken syminks: /usr/share/gretl/{doc,examples} -> ../doc/gretl-doc/*

[Dirk Eddelbuettel]

On 23 May 2023 at 10:32, Andreas Beckmann wrote:
| Package: gretl
| Version: 2022c-1
| Severity: normal
| User: debian...@lists.debian.org
| Usertags: piuparts
| 
| Hi,
| 
| during a test with piuparts I noticed your package ships (or creates)
| broken symlinks:
| 
| 0m54.7s ERROR: FAIL: Broken symlinks:
|   /usr/share/gretl/doc -> ../doc/gretl-doc/doc (gretl)
|   /usr/share/gretl/examples -> ../doc/gretl-doc/examples (gretl)
| 
| gretl-doc now ships these as /usr/share/doc/gretl/{doc,examples}
| ^
| instead of /usr/share/doc/gretl-doc/{doc,examples}
|   ^
| (dh_installdocs change since debhelper compat 12 or 13)

Thanks. Should be good in a -2 upload I am making now (into experimental, of
course).  From a quick post-build check in a container:


root@e24e8a19a73c:/usr/share/gretl# cd ../doc/gretl
root@e24e8a19a73c:/usr/share/doc/gretl# ls -ltr
total 24
-rw-r--r-- 1 root root  976 Oct  2  2015 README
-rw-r--r-- 1 root root 3316 Nov  7  2017 README.packagers
-rw-r--r-- 1 root root  266 Dec 15  2017 README.win32
-rw-r--r-- 1 root root 2662 Jun  4  2018 README.packages
drwxr-xr-x 3 root root 4096 May 23 18:27 examples
drwxr-xr-x 8 root root 4096 May 23 18:29 doc
root@e24e8a19a73c:/usr/share/doc/gretl# ls -l doc/
total 68
drwxr-xr-x 2 root root  4096 May 23 18:29 figures_pt
-rw-r--r-- 1 root root  1066 May 23 18:03 gretl-lite.sty
-rw-r--r-- 1 root root  1056 Oct  2  2015 gretl-lite.sty.in
-rw-r--r-- 1 root root  2832 May 23 18:03 gretl.sty.gz
-rw-r--r-- 1 root root  2842 Aug  9  2022 gretl.sty.in.gz
-rw-r--r-- 1 root root   495 Jun 14  2017 Makefile.in
-rw-r--r-- 1 root root  3445 Oct  2  2015 notes.tex.gz
-rw-r--r-- 1 root root   308 Aug 29  2019 README
drwxr-xr-x 2 root root 16384 May 23 18:29 tex
drwxr-xr-x 2 root root  4096 May 23 18:29 tex_gl
drwxr-xr-x 2 root root  4096 May 23 18:29 tex_it
-rw-r--r-- 1 root root  2445 Jan 15  2022 texmath2png.pl
drwxr-xr-x 2 root root  4096 May 23 18:29 tex_pt
drwxr-xr-x 2 root root  4096 May 23 18:29 tex_ru
root@e24e8a19a73c:/usr/share/doc/gretl# ls -l examples/
total 4
drwxr-xr-x 8 root root 4096 May 23 18:29 utils
root@e24e8a19a73c:/usr/share/doc/gretl# 


Thanks for the heads-up!

Dirk

-- 
dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#1036644: linux-image-6.1.0-9-amd64: System crashes. Netconsole reports CPUs not responding to MCE broadcast

[Olivier Berger]

Package: src:linux
Version: 6.1.27-1
Severity: normal

Hi.

I'm experiencing crashes (computer reset or completely shutting down) without 
much details available on why. It used to work fine with 6.1.0-7 but has had 
problems with the 2 later updates of the testing kernel.

I've managed to get a log of the kernel panic with netconsole (otherwise 
wouldn't get any hints whatsoever in logs on disks after restarting), bellow.

I guess this is nasty as being close to the freeze. I've had the issue for a 
few days now, but only managed to test a netconsole remote log today.

It seems to me that the crash mainly happen when I'm away from the laptop for 
several minutes, so maybe related to some kind of energy saving stuff...

Hope this provides enough details to help.

[  394.735702] netpoll: netconsole: local port 
[  394.735711] netpoll: netconsole: local IPv4 address 192.168.0.23
[  394.735715] netpoll: netconsole: interface 'enp2s0'
[  394.735717] netpoll: netconsole: remote port 
[  394.735719] netpoll: netconsole: remote IPv4 address 192.168.0.47
[  394.735722] netpoll: netconsole: remote ethernet address 38:2c:4a:b1:63:94
[  394.735819] printk: console [netcon0] enabled
[  394.735825] netconsole: network logging started
[  463.655009] usb 3-6: new high-speed USB device number 8 using xhci_hcd
[  463.659448] systemd-journald[428]: Sent WATCHDOG=1 notification.
[  463.943099] usb 3-6: New USB device found, idVendor=1307, idProduct=0190, 
bcdDevice= 1.00
[  463.943133] usb 3-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.943144] usb 3-6: Product: USB Mass Storage Device
[  463.943153] usb 3-6: Manufacturer: USBest Technology
[  463.943160] usb 3-6: SerialNumber: 00027F
[  463.974560] systemd-journald[428]: Successfully sent stream file descriptor 
to service manager.
[  463.974717] systemd-journald[428]: Successfully sent stream file descriptor 
to service manager.
[  463.987184] SCSI subsystem initialized
[  463.990687] usb-storage 3-6:1.0: USB Mass Storage device detected
[  463.990771] scsi host0: usb-storage 3-6:1.0
[  463.990859] usbcore: registered new interface driver usb-storage
[  463.992482] usbcore: registered new interface driver uas
[  464.995952] scsi 0:0:0:0: Direct-Access Ut190USB2FlashStorage 0.00 
PQ: 0 ANSI: 2
[  464.996613] scsi 0:0:0:1: Direct-Access Ut190SD0StorageDevice 0.00 
PQ: 0 ANSI: 2
[  465.008300] scsi 0:0:0:0: Attached scsi generic sg0 type 0
[  465.008343] scsi 0:0:0:1: Attached scsi generic sg1 type 0
[  465.014353] sd 0:0:0:0: [sda] 7897088 512-byte logical blocks: (4.04 GB/3.77 
GiB)
[  465.014619] sd 0:0:0:1: [sdb] Media removed, stopped polling
[  465.014756] sd 0:0:0:0: [sda] Write Protect is off
[  465.014764] sd 0:0:0:0: [sda] Mode Sense: 00 00 00 00
[  465.014804] sd 0:0:0:1: [sdb] Attached SCSI removable disk
[  465.014951] sd 0:0:0:0: [sda] Asking for cache data failed
[  465.014957] sd 0:0:0:0: [sda] Assuming drive cache: write through
[  465.284600] GPT:Primary header thinks Alt. header is not at the end of the 
disk.
[  465.284627] GPT:2590719 != 7897087
[  465.284634] GPT:Alternate GPT header not at the end of the disk.
[  465.284640] GPT:2590719 != 7897087
[  465.284645] GPT: Use GNU Parted to correct GPT errors.
[  465.284659]  sda: sda1
[  465.285144] sd 0:0:0:0: [sda] Attached SCSI removable disk
[  474.111368] systemd-journald[428]: Successfully sent stream file descriptor 
to service manager.
[  497.264500] sda: detected capacity change from 7897088 to 0
[  502.045711] usb 3-6: USB disconnect, device number 8
[  519.695345] systemd-journald[428]: Successfully sent stream file descriptor 
to service manager.
[  535.857315] EXT4-fs (dm-0): recovery complete
[  535.858056] EXT4-fs (dm-0): mounted filesystem with ordered data mode. Quota 
mode: none.
[  543.576681] systemd-journald[428]: Sent WATCHDOG=1 notification.
[  551.263395] systemd-journald[428]: Successfully sent stream file descriptor 
to service manager.
[  634.375963] systemd-journald[428]: Sent WATCHDOG=1 notification.
[  725.578095] systemd-journald[428]: Sent WATCHDOG=1 notification.
[  845.577721] systemd-journald[428]: Sent WATCHDOG=1 notification.
[  871.117193] systemd-journald[428]: Successfully sent stream file descriptor 
to service manager.
[  905.577391] systemd-journald[428]: Sent WATCHDOG=1 notification.
[  905.620289] systemd-journald[428]: Successfully sent stream file descriptor 
to service manager.
[  905.623541] systemd-journald[428]: Successfully sent stream file descriptor 
to service manager.
[  995.577111] systemd-journald[428]: Sent WATCHDOG=1 notification.
[ 1085.576193] systemd-journald[428]: Sent WATCHDOG=1 notification.
[ 1205.575316] systemd-journald[428]: Sent WATCHDOG=1 notification.
[ 1265.574866] systemd-journald[428]: Sent WATCHDOG=1 notification.
[ 1305.267119] mce: CPUs not responding to MCE broadcast (may include false 
positives): 0-1,3-5,7
[ 1305.267121] mce: CPUs not responding to MCE broadcast (may include 

Bug#1036643: monit: Monit caching results of custom script

[js1]

Package: monit
Version: 1:5.32.0-1~bpo11+1
Severity: normal
X-Debbugs-Cc: sujiannm...@gmail.com

Dear Maintainer,

   * What led up to the situation?
 My custom bash script called by Monit seems to be caching old failed 
results which caused monit to run the monitored service restart command 
unnecessarily.
 If I run the monitoring script manually, there is no error, but monit runs 
indicate otherwise.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
 restarted monit
   * What was the outcome of this action?
 Custom script output reported correctly.


-- Package-specific info:

Monit config file /etc/monit/monitrc is *NOT* readable by reportbug.
Please, consider to rerun reportbug as root and *carefully* examine
reportbug's output (e.g., monitrc content), before sending it out.

Contents of /etc/monit/ directory:
/etc/monit:
total 48
drwxr-xr-x 2 root root  4096 May 23 13:59 conf-available
drwxr-xr-x 2 root root95 May 23 13:59 conf-enabled
drwxr-xr-x 2 root root 6 Jul 13  2019 conf.d
-rwxr-xr-x 1 root root45 Nov  1  2020 monit-start.sh
-rw--- 1 root root   653 Mar 30 23:11 monitrc
-rw--- 1 root root 13503 May 12  2022 monitrc.dpkg-dist
-rw--- 1 root root   589 Feb 28 23:55 monitrc.old
drwxr-xr-x 2 root root53 Mar 30 23:08 templates

/etc/monit/conf-available:
total 88
-rw-r--r-- 1 root root  481 Jul 13  2019 acpid
-rw-r--r-- 1 root root  640 Jul 13  2019 apache2
-rw-r--r-- 1 root root  455 Jul 13  2019 at
-rw-r--r-- 1 root root  691 Jul 13  2019 cron
-rw-r--r-- 1 root root  258 Mar 29 09:38 dnsmasq
-rw-r--r-- 1 root root  129 Mar 20 19:22 internet
-rw-r--r-- 1 root root  602 Jul 13  2019 mdadm
-rw-r--r-- 1 root root  669 Jul 13  2019 memcached
-rw-r--r-- 1 root root  703 Jul 13  2019 mysql
-rw-r--r-- 1 root root  227 Mar 21 11:31 nginx
-rw-r--r-- 1 root root  521 Jul 13  2019 nginx.orig
-rw-r--r-- 1 root root  471 Jul 13  2019 openntpd
-rw-r--r-- 1 root root 1200 Oct 25  2020 openssh-server
-rw-r--r-- 1 root root 1114 May 23 13:59 openvpn
-rw-r--r-- 1 root root  683 Jul 13  2019 pdns-recursor
-rw-r--r-- 1 root root 1426 Jul 13  2019 postfix
-rw-r--r-- 1 root root  869 Jul 13  2019 rsyslog
-rw-r--r-- 1 root root  501 Jul 13  2019 smartmontools
-rw-r--r-- 1 root root  306 Jul 13  2019 snmpd
-rw-r--r-- 1 root root  139 Apr  1 17:59 speedtest
-rw-r--r-- 1 root root  299 Mar 20 19:23 squid

/etc/monit/conf-enabled:
total 0
lrwxrwxrwx 1 root root 25 Mar 20 19:43 dnsmasq -> ../conf-available/dnsmasq
lrwxrwxrwx 1 root root 26 Nov  1  2020 internet -> ../conf-available/internet
lrwxrwxrwx 1 root root 23 Mar 21 11:04 nginx -> ../conf-available/nginx
lrwxrwxrwx 1 root root 25 Nov  2  2020 openvpn -> ../conf-available/openvpn
lrwxrwxrwx 1 root root 27 Apr  1 17:59 speedtest -> ../conf-available/speedtest
lrwxrwxrwx 1 root root 23 Jun 25  2021 squid -> ../conf-available/squid

/etc/monit/conf.d:
total 0

/etc/monit/templates:
total 12
-rw-r--r-- 1 root root 164 Jul 13  2019 rootbin
-rw-r--r-- 1 root root 160 Jul 13  2019 rootrc
-rw-r--r-- 1 root root 164 Jul 13  2019 rootstrict


-- System Information:
Debian Release: 11.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 5.10.0-22-686-pae (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages monit depends on:
ii  init-system-helpers  1.60
ii  libc62.31-13+deb11u6
ii  libcrypt11:4.4.18-4
ii  libpam0g 1.4.0-9+deb11u1
ii  libssl1.11.1.1n-0+deb11u4
ii  lsb-base 11.1.0
ii  zlib1g   1:1.2.11.dfsg-2+deb11u2

monit recommends no packages.

Versions of packages monit suggests:
ii  exim4-daemon-light [mail-transport-agent]  4.94.2-7
pn  sysvinit-core  

-- Configuration Files:
/etc/monit/conf-available/nginx changed [not included]
/etc/monit/monitrc [Errno 13] Permission denied: '/etc/monit/monitrc'

-- no debconf information

Bug#1036257: Debian package udm FTBFS

[Abou Al Montacir]

On Tue, 2023-05-23 at 16:55 +0200, Thorsten Alteholz wrote:
> Oh my! I seem to be doing something totally stupid here with creating all
> these links in debian/rules, but back then it worked at least.
> Do you have a recommendation on how to do it better?
> 
>   Thorsten
> 
> On 23.05.23 11:18, Thorsten Alteholz wrote:
>  
> > Hi,
> > 
> > can you please help me with a problem with udm?
> > For whatever reason the package started to FTBFS recently -> [1]
> > The log says: 
> > > /<>/uplaysound.pas(35,22) Fatal: (10022) Can't find unit 
> > > LResources used by uplaysound
> > 
> > but why isn't LResources available anymore? Do you have any idea what went
> > wrong here? Could this be related to your latest uploads of lazarus?
> > 
> > Best regards
> > Thorsten
> > 
> > 
> > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036257
I've managed to compile this using the following patch and rules file.
-- 
Cheers,
Abou Al Montacir
Description: Fixd compilation with Lazarus 2.2.6
 This patch fixes compilation with Lazarus 2.2.6 by adding required packages
 that are used by the softare.
Author: Abou Al Montacir 

---
Bug-Debian: https://bugs.debian.org/1036257
Forwarded: no
Last-Update: 2023-05-23

--- udm-1.0.0.322.orig/playwavepackage.lpk
+++ udm-1.0.0.322/playwavepackage.lpk
@@ -1,6 +1,6 @@
 
 
-  
+  
 
 
 
@@ -56,15 +56,22 @@
 
   
 
+
 
   
   
   
 
-
+
   
-
+
   
+  
+
+  
+  
+
+  
 
 
   
--- udm-1.0.0.322.orig/udm.lpi
+++ udm-1.0.0.322/udm.lpi
@@ -17,6 +17,9 @@
   
   
 
+
+  
+
 
   
   
@@ -81,6 +84,9 @@
   
 
   
+  
+
+  
 
 
   
@@ -131,7 +137,7 @@
 
   
 
-
+
   
 
 
@@ -182,12 +188,12 @@
 
 
 
-
 
 
 
 
 
+
   
   
 
@@ -240,7 +246,7 @@
   
 
 
-
+
 
 
 
@@ -624,127 +630,158 @@
 
 
   
+  
+
+
+
+
+
+
+  
+  
+
+
+
+
+  
+  
+
+
+
+
+
+
+  
+  
+
+
+
+
+
+
+
+  
 
 
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
 
-
+
   
   
 
-
+
   
   
 
-
+
   
   
 
-
+
   
   
 
-
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
   
-
-
+
+
   
 
   
--- udm-1.0.0.322.orig/udm.lpr
+++ udm-1.0.0.322/udm.lpr
@@ -21,7 +21,7 @@ startupoptions;
 {$R *.res}
 
 begin
-  Application.Scaled:=True;
+  Application.Scaled := True;
{$IFDEF DEBUG}
   // Assuming your build mode sets -dDEBUG in Project Options/Other when defining -gh
   // This avoids interference when running a production/default build without -gh
--- udm-1.0.0.322.orig/udmc.lpi
+++ udm-1.0.0.322/udmc.lpi
@@ -1,13 +1,13 @@
 
 
   
-
+
 
   
 
+
   
   
-  
   
   
   
@@ -19,9 +19,11 @@
   
   
   
-  
-  
+  
 
+
+  
+
 
   
 
@@ -30,15 +32,35 @@
 
 
   
-
 
 
   
+  
+  
+
+  
+
+
+  
+
+  
 
-
+
   
-
+
   
+  

Bug#1036308: r-base: R CMD check --as-cran fails for packages with math in help files

[Dirk Eddelbuettel]

On 19 May 2023 at 07:08, Johannes Ranke wrote:
| Package: r-base
| Version: 4.3.0-1
| Severity: normal
| 
| Dirk,
| 
| as recently discussed on the r-pkg-devel list[1], checking a package with
| using the --as-cran option fails when using R 4.3.0-1 currently sitting
| in unstable.
| 
| Please apply the fix proposed by Ivan Kyrilov on the list, or, alternatively,
| apply commit r84321 that addressed the problem upstream as mentioned in
| the R bug tracker [2].

Thanks. Identifying the SVN patch would have been helpful too :)

https://github.com/r-devel/r-svn/commit/63d8aa9b5bad5f5a15662c33ee7f99e1775c
 
| To facilitate testing, I have created a test package using your useful
| pkgKitten package [3].

I think I will not do this: We are in a freeze, and r-base should not be in
unstable anyway (that was one upload out of 50+ since March where I
accidentally let it slip to unstable, rather than experimental).

By the time Debian unfreezes we may get 4.3.1 which may have it.

Else once we are unfrozen and operating normally I can consider a spot-fix.
But this does not warrant messing with the freeze / throwing another upload
into the mix.  We are asked not to. 

Dirk

| Cheers,
| 
| Johannes
| 
| [1] https://stat.ethz.ch/pipermail/r-package-devel/2023q2/009088.html
| [2] https://bugs.r-project.org/show_bug.cgi?id=18517
| [3] https://github.com/jranke/katexTestPackage

-- 
dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#1036642: zfsutils-linux: Fix description in man page for periodic scrubs (Debian's own implementation not explained & OpenZFS unit files missing)

[Felix Stupp]

Package: zfsutils-linux
Version: 2.1.11-1
Severity: normal


Dear maintainer,

in the man page zpool-scrub(8), the OpenZFS maintainers explain how an
admin can setup automatic periodic scrubs on machines using systemd.
The explanation refers to the unit files which they want to be included
in each OpenZFS Installation. See the files
`zfs-scrub-{weekly,monthly}@.{service,timer}.in in:
https://github.com/openzfs/zfs/tree/master/etc/systemd/system

1. The Debian installation of OpenZFS do not include those both files,
making the explanation in the man page not helpful. Either should those
be included in future ZFS installations (which I would prefer, as it
gives the people the most options) or this section of the man page
should be changed.

2. In the Debian Wiki, there is an explanation about a Debian specific
implementation of auto scrub, which automatically scrubs all pools (with
an opt-out), see https://wiki.debian.org/ZFS#Auto_Scrub_of_all_pools .
I think the existance of this mechanism should also be explained in this
man page, otherwise admins, especially ones, which might know ZFS
already from other plattforms might run into the problem of multiple
auto scrub timers running.

(I'm not personally a fan of the opt-out as, on my PC, most pools are on
external drives, which I currently work with & scrub manually, so I have
it permanently disabled on my system by changing the cron file, and opt
in for internal pools by using a systemd timer with Persistent=True. I
can understand why its implemented in the first place, so at least a
hint in that man page would be nice. I found out about this by accident
as I don't really use the Debian Wiki as long as man pages & general
documentation on the Internet are good enough.)

If you have any further questions, just ask.
Thanks for reading & fixing this & in general thanks for packaging ZFS
for Debian.

Felix Stupp


-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (550, 'testing'), (500, 'testing-security'), (500, 
'stable-security'), (400, 'stable-updates'), (400, 'stable'), (350, 
'oldstable-updates'), (350, 'oldstable'), (110, 'unstable'), (102, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages zfsutils-linux depends on:
ii  init-system-helpers  1.65.2
ii  libblkid12.38.1-5+b1
ii  libc62.36-9
ii  libnvpair3linux  2.1.11-1
ii  libuuid1 2.38.1-5+b1
ii  libuutil3linux   2.1.11-1
ii  libzfs4linux 2.1.11-1
ii  libzpool5linux   2.1.11-1
ii  python3  3.11.2-1+b1

Versions of packages zfsutils-linux recommends:
ii  zfs-dkms [zfs-modules]  2.1.11-1
ii  zfs-zed 2.1.11-1

Versions of packages zfsutils-linux suggests:
ii  nfs-kernel-server   1:2.6.2-4
pn  samba-common-bin
pn  zfs-initramfs | zfs-dracut  

-- Configuration Files:
/etc/cron.d/zfsutils-linux changed [not included]
/etc/sudoers.d/zfs [Errno 13] Permission denied: '/etc/sudoers.d/zfs'

-- no debconf information


signature.asc
Description: This is a digitally signed message part.

Bug#1036123: [pre-approval] unblock: libcap2/1:2.66-4

[Cyril Brulebois]

Hi,

Paul Gevers  (2023-05-23):
> On 18-05-2023 22:06, Salvatore Bonaccorso wrote:
> > I just realized, that apart gettin the unblock by the release team as
> > it affects d-i as well (shipping libcap2-udeb), CC'ing Cyril here as
> > well.
> 
> CVE fixes in libcap2. Can you ACK (or udeb-unblock)?

Apologies for losing track of this request. No objections.

FTR reverse dependencies are just brltty-udeb and udev-udeb. Hopefully
neither of those depend on *not* applying those two CVE fixes.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036641: gcc-12-base: please bump the Breaks: gnat (<< 12) for smoother upgrades from bullseye

[Andreas Beckmann]

Package: gcc-12-base
Version: 12.2.0-14
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

As usual, it is helpful to bump the Breaks against gnat (which is not
co-installable) for smoother upgrades from bullseye to ensure the
obsolete gnat-10 stack gets removed.

Andreas

Bug#1036640: debian template's help lists archived releases that are not installable

[Santiago Ruano Rincón]

Source: lxc-templates
Version: 3.0.4.48.g4765da8-1
Severity: minor

Dear LXC team,

The help from the debian lxc template lists the following:

  -r, --release=RELEASE  Debian release. Can be one of: wheezy, jessie,
  stretch, buster, sid.

Wheezy, jessie and stretch are not found in the mirror.

Could you please, update that list? Or even better, make it possible to
install them from archive.debian.org?

Cheers!

 -- S

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information


signature.asc
Description: PGP signature

Bug#1036639: libost-base2.3: please add Breaks: libost-base2.2 for smoother upgrades from bullseye

[Andreas Beckmann]

Package: libost-base2.3
Version: 2.3.1-8
Severity: serious
Tags: patch
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

the openstructure library stacks from bullseye and bookworm are not
co-installable due to a transitive dependency conflict on
libboost-regex1.74.0-icu67 which is a virtual package provided by
libboost-regex1.74.0 in bullseye only, while the bookworm version
provides libboost-regex1.74.0-icu72. This is hard for apt to figure out
correctly and on some upgrade paths apt prefers to keep the obsolete
library stack installed instead of replacng it with the new one.
Adding a Breaks to the base package which is at the top of the
dependency tree helps apt making the right choice: removing the old
library stack s.t. it can upgrade libboost-regex1.74.0.

Please consider applying the attached patch.


Andreas
>From 69fc50fdf3bdc26ed5152a7d6ec3c264e279c143 Mon Sep 17 00:00:00 2001
From: Andreas Beckmann 
Date: Tue, 23 May 2023 18:38:19 +0200
Subject: [PATCH] libost-base2.3: add Breaks: libost-base2.2 for smoother
 upgrades from bullseye

---
 debian/changelog | 7 +++
 debian/control   | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index eda78fd..e6970ac 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openstructure (2.3.1-9) UNRELEASED; urgency=medium
+
+  * libost-base2.3: Add Breaks: libost-base2.2 for smoother upgrades from
+bullseye.  (Closes: #)
+
+ -- Andreas Beckmann   Tue, 23 May 2023 18:37:03 +0200
+
 openstructure (2.3.1-8) unstable; urgency=medium
 
   * Install shlibs into multiarch locations using debian/rules.
diff --git a/debian/control b/debian/control
index f7340ea..310d73b 100644
--- a/debian/control
+++ b/debian/control
@@ -41,6 +41,8 @@ Section: libs
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
+Breaks:
+ libost-base2.2,
 Description: Open-Source Computational Structural Biology Framework
  OpenStructure aims to provide an open-source, modular, flexible, molecular
  modelling and visualization environment. It is targeted at interested method
-- 
2.20.1

Bug#1036306: unblock: ufw/0.36.2-1

[Gunnar Hjalmarsson]

Hi Paul,

On 2023-05-23 17:31, Paul Gevers wrote:

On 19-05-2023 05:33, Jamie Strandboge wrote:
It seems that adduser 3.133 has caused problems for a lot of packages 
in sid, including ufw. See:


https://piuparts.debian.org/sid/fail/adduser_3.133.log
https://piuparts.debian.org/sid/fail/
https://piuparts.debian.org/sid/fail/ufw_0.36.2-1.log
https://piuparts.debian.org/sid/fail/...


Yes, known, let's not worry about that.


Well, I do worry a bit.

ufw did not cause adduser to be unremovable, and adduser being 
unremovable

should not affect ufw's migration.


Sure. The migration is currently blocked because the upload happened 
very recently


That description is not quite accurate. ufw has autopkgtest, so strictly 
it's not blocked because of the freeze, but because of a piuparts failure.


and tomorrow we'll enter Full Freeze. So the upload 
happened too late for it to migrate without us unblocking.


Maybe you didn't see my reply to Jamie's initial bug, but it was archived:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036306#10

As you can see my primary concern is another package, i.e. ibus-pinyin. 
That package has already been unblocked from freeze:


https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036225

But since it hit the very same adduser/piuparts issue as ufw (and 
probably a bunch of other packages) did, it's still blocked from migration.



Maybe it was wrong of me to comment on this ufw bug, but the 
adduser/piuparts situation is special, and I felt it made sense to 
handle all affected packages together.


Please advice on how uploaders affected by the adduser/piuparts 
situation should act.


--
Rgds,
Gunnar Hjalmarsson

Bug#1036453: unblock: libvirt/9.0.0-4

[Paul Gevers]

Control: tags -1 confirmed moreinfo

Hi,

On 21-05-2023 12:37, Andrea Bolognani wrote:

Fix CVE-2023-2700.


Please go ahead. And please remove the moreinfo tag once the upload 
happened.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1035522: debian-security-support 11+2023.05.04 flagged for acceptance

[Adam D. Barratt]

On Fri, 2023-05-19 at 14:38 +0100, Adam D. Barratt wrote:
> On Fri, 2023-05-19 at 13:11 +, Holger Levsen wrote:
> > On Thu, May 18, 2023 at 07:51:36PM +, Adam D Barratt wrote:
> > > The upload referenced by this bug report has been flagged for
> > > acceptance into the proposed-updates queue for Debian bullseye.
> >  
> > thanks! how/when will it moved/be moved to bullseye-updates?
> 
[...]
> I'm hoping to find time to look at it over the weekend, but that
> depends a little on what life thinks of the idea.
> 

Life has very much had other ideas.

In the interests of not blocking on things other than SRM's free time,
how does this sound as some blurb for an announcement mail?


The debian-security-support package tracks the level of security support
available for packages within Debian releases, allowing administrators to
be alerted to installed packages for which support has had to be limited
or prematurely ended.

The version of the package in bullseye can lead to the production of a
large number of warning messages during an upgrade to the upcoming
bookworm release. This update resolves that issue.


Regard,

Adam

Bug#1032268: release-notes: upgrading a xen VM to bookworm will change network interface name to predictable scheme

[Laura Arjona Reina]

Hello

El 23 de mayo de 2023 13:30:28 CEST, Paul Gevers  escribió:
>Control: tags -1 patch
>
[...].
>
>Can you elaborate what those changes are? Or is that extremely straightforward 
>if you're a Xen user?
>
>Proposed text handled here:
>https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/175
>
I'm not sure about all the possible cases where this issue would need to be 
handled (and probably there are different 'ways' like changing the name in all 
the files where the interface is referenced, or disabling the predictable 
naming scheme) so a generic text as you propose looks the best to me.

Thanks!
Kind regards
-- 
Laura Arjona Reina
https://wiki.debian.org/LauraArjona
Sent with K-9 mail

Bug#1035522: bullseye-pu: package debian-security-support/1:11+2023.05.04

[Adam D. Barratt]

On Fri, 2023-05-19 at 13:57 +, Holger Levsen wrote:
> On Thu, May 18, 2023 at 02:44:01PM +0100, Adam D. Barratt wrote:
> > > ic. so I should have uploaded to bullseye-proposed-updates
> > > instead?
> > Any upload goes to p-u first, yeah. So the target should always be
> > simply "bullseye", by preference. dak will accept a bunch of other
> > things, including "stable", "bullseye-proposed-updates", "proposed-
> > updates" and, as you've demonstrated, "bullseye-updates" and DTRT,
> > but
> > it's cleaner and less potentially confusing if everything uses the
> > same.
> 
> ok, thanks. that does make sense.
>  
> > The relevant section of dev-ref implies this, fwiw. I think some
> > combination of you and I wrote it. :-)
> 
> oh dear. however upon re-reading 5.5.1 and 5.5.2 I've noticed that
> 5.5.2
> says nothing about the suite in d/changelog and I think I'm going to
> fix
> that now :)

fwiw that's semi-intentional, because the point is that there is no
difference from an uploader's perspective.

"Uploads to stable-updates" don't exist as a thing; rather, some
uploads to p-u are cherrypicked by SRM and copied to -updates. So
uploaders shouldn't be trying to do anything different from a technical
perspective, just remembering to request the -updates copy while
discussing the request via the BTS.

Regards,

Adam

Bug#1036638: ITP: libhash-ordered-perl -- Perl ordered hash class implementation

[gregor herrmann]

Package: wnpp
Owner: gregor herrmann 
Severity: wishlist
X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org

* Package name: libhash-ordered-perl
  Version : 0.014
  Upstream Author : David Golden 
* URL : https://metacpan.org/release/Hash-Ordered
* License : Apache-2.0
  Programming Lang: Perl
  Description : Perl ordered hash class implementation

Hash::Ordered implements an ordered hash, meaning that it associates keys
with values like a Perl hash, but keeps the keys in a consistent order.
Because it is implemented as an object and manipulated with method calls, it
is much slower than a Perl hash. This is the cost of keeping order.

However, compared to other ordered hash implementations, Hash::Ordered is
optimized for getting and setting individual elements and is generally faster
at most other tasks as well. For specific details, see
Hash::Ordered::Benchmarks.

The package will be maintained under the umbrella of the Debian Perl Group.

--
Generated with the help of dpt-gen-itp(1) from pkg-perl-tools.


signature.asc
Description: Digital Signature

Bug#1036637: RFP: plio - "Pleasant Image Order", image viewer with many sort options

[Oliver Bandel]

Package: wnpp
Severity: wishlist

Package name: plio
Upstream Author: Oliver Bandel 
URL:  https://codeberg.org/klartext/plio
License: GPL-3.0-or-later

Description: image viewer with many sort options and bulk renaming

  Programming Language: C
  Used libraries: SDL2, FreeImage, System-Libs

  PLIO is an image viewer that allows images to be sorted by many
  properties. Default sorting is name, but width, height, size, aspect ratio,
  modification time, brightness, color are possible also.

  After sorting, bulk renaming images is possible and easy (press 'r').
  The new filenames reflect the order that was established by the
  sorting (integer index value prepended to basename).
  In case of sort-by-modification-time, the epoch with subseconds instead of
  the index number is prepended. (Using Index number is also possible - with
  two keystrokes.)

  Arbitrarily reordering of the images can also be done.
  (switch x-pos, switch y-pos, move current image to index position 0.)

  The images of a directory are represented as thumbnails in a 2D array
  (like sxiv does it).
  Additionally, directories are also represented by a thumbnail.
  The Image-View currently supports only fit-to-window, but more options might
  be added later.
  Navigation in x- and y-direction is possible not only in thumbview,
  but also while viewing the images. Moving in y-direction allows
  skimming through a huge collection of images quickly.

  So far all commands are given as keyboard-strokes.
  plio works best with tiling window managers, but intended usage is
  fullscreen mode anyway.

  The bulk-renaming allows the images to be renamed, so that the
  filenames reflect the order.
  Using other image viewers or working on the shell with the images
  can then be done, even when only listing by name.

  No database is used; thumb caching might be added later,
  but it is intended also in the future not to be dependent on
  databases.


Cheers,
  Oliver Bandel

Bug#1036635: default papersize is always "letter"

[Giuseppe Sacco]

Hello,

Il giorno mer, 24/05/2023 alle 00.19 +0900, Osamu Aoki ha scritto:

[...]
> Hi, I tried with all pointing to "a4", but I get "letter".
> ```sh
> $ ls -l /etc/papersize
> -rw-r--r-- 1 root root 3 May 23 23:24 /etc/papersize
> $ cat /etc/papersize
> a4
> $ LANG=ja_JP.UTF-8 LC_ALL=ja_JP.UTF-8 LC_PAPER=ja_JP.UTF-8 PAPERSIZE=a4 
> PAPERCONF=/etc/papersize paperconf -d
> letter
> ```
> There is something wrong?  Or am I doing things wrong?
[...]

you are asking for the default paper size, i.e., the one to be used when no
configuration file is available. If you want the current paper size as per
/etc/papersize, please remove the final "-d" from your command.

It this what you were looking for?

Bye,
Giuseppe

Bug#1036636: PPD files for some HP printers do not support maximum printer's resolution

[Camaleón]

Package: hplip
Version: 3.22.10+dfsg0-2
Severity: normal

Hello,

At the office we have several HP Laserjet printers (4000, 4050, 4100, 
4250) and the HPLIP driver (PPD files from «hpcups») only support 
600x600 for the printers, while in fact, the hardware allows up to 1200x1200 
(fastres/prores).

PostScript driver is so slow that is unuseful.

This issue comes from upstream hplip package so maybe can be forwarded to 
hplip's bug tracking system.

Greetings,

-- 
Camaleón 

Bug#932957: #932957 Please migrate Release Notes to reStructuredText

[Holger Wansing]

Hi Paul,

Am 23. Mai 2023 08:20:18 MESZ schrieb Paul Gevers :
>Hi Holger,
>
>On 18-05-2023 22:39, Holger Wansing wrote:
>> I worked on this recently, and I have something like a prototype ready.
>
>Thanks a lot for working on this. I'm a bit swamped with last minute things 
>that need to happen before the release of bookworm, so I don't expect to have 
>time to look at this until after the release.

As I wrote, I see this as a prototype, and thus I don't expected it to be a 
thing to 
happen before releasing bookworm.


Holger



-- 
Sent from /e/ OS on Fairphone3

Bug#1034457: libqt5quick5: Qt segfault on amd64

[Lisandro Damián Nicanor Pérez Meyer]

El martes, 23 de mayo de 2023 03:41:43 -03 Julian escribió:
> Hello,
> 
> unfortunately I cannot provide such example code. I am neither an expert on 
> C++ nor on QML. This is why I included the core dump. It looked like all the 
> information needed to debug this was shown in KDevelop and exported to the 
> core dump.

That's totally fine.
 
> What *seems* to cause the issue is when a QML animation is being played and 
> then interrupted. Considering that it takes me up to 20 minutes to reproduce 
> the issue each time, I am not sure how accurate this is though.

Perfect, but you need to file the bug against the application that caused the 
crash and not the library.

signature.asc
Description: This is a digitally signed message part.

Bug#1028532: license

[Sudip Mukherjee]

The license information is not correct, so packaging this for Debian
will be postponed until upstream fixes the copyright.

An example from https://github.com/teddywlq/smifb2/blob/main/ddk750/ddk750_2d.c:

* Copyright (c) 2007 by Silicon Motion, Inc. (SMI)
*
*  All rights are reserved. Reproduction or in part is prohibited
*  without the written consent of the copyright owner..


-- 
Regards
Sudip

Bug#1036306: unblock: ufw/0.36.2-1

[Paul Gevers]

Control: tags -1 moreinfo

Hi,

On 19-05-2023 05:33, Jamie Strandboge wrote:

It seems that adduser 3.133 has caused problems for a lot of packages in sid,
including ufw. See:

https://piuparts.debian.org/sid/fail/adduser_3.133.log
https://piuparts.debian.org/sid/fail/
https://piuparts.debian.org/sid/fail/ufw_0.36.2-1.log
https://piuparts.debian.org/sid/fail/...


Yes, known, let's not worry about that.


ufw did not cause adduser to be unremovable, and adduser being unremovable
should not affect ufw's migration.


Sure. The migration is currently blocked because the upload happened 
very recently and tomorrow we'll enter Full Freeze. So the upload 
happened too late for it to migrate without us unblocking.



Bug fixes and translations will not be available in bookworm (I am upstream ufw
and I cut 0.36.2 specifically for bookworm users).


Please elaborate. It's Full Freeze time. A new upstream needs a lot of 
defending to be considered a targeted fix at this stage of the release. 
Please read the policy [1] and the FAQ [2].


Paul

[1] https://release.debian.org/testing/freeze_policy.html
[2] https://release.debian.org/testing/FAQ.html


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034741: ITP: libnet-pop3s-perl -- SSL/STARTTLS support for Net::POP3

[gregor herrmann]

On Sun, 23 Apr 2023 15:48:02 +1200, m...@kohaaloha.com wrote:

> * Package name: libnet-pop3s-perl
>   Version : 0.12
>   Upstream Author : Tomo M. 
> * URL : https://metacpan.org/release/Net-POP3S
> * License : Artistic or GPL-1+
>   Programming Lang: Perl
>   Description : SSL/STARTTLS support for Net::POP3

…

> As of Version 3.10 of Net::POP3(libnet) includes SSL/STARTTLS capabilities,
> so this wrapper module's significance disappareing.

I'm wondering if this package is really needed; Net::POP3 3.10 is in
perl core since v5.25.4, in Debian in
perl-modules-5.28: /usr/share/perl/5.28.1/Net/POP3.pm
perl-modules-5.32: /usr/share/perl/5.32.1/Net/POP3.pm
perl-modules-5.36: /usr/share/perl/5.36.0/Net/POP3.pm

Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#1036635: default papersize is always "letter"

[Osamu Aoki]

Package: libpaper-utils
Version: 1.1.29
Severity: normal

Hi, I tried with all pointing to "a4", but I get "letter".
```sh
$ ls -l /etc/papersize
-rw-r--r-- 1 root root 3 May 23 23:24 /etc/papersize
$ cat /etc/papersize
a4
$ LANG=ja_JP.UTF-8 LC_ALL=ja_JP.UTF-8 LC_PAPER=ja_JP.UTF-8 PAPERSIZE=a4 
PAPERCONF=/etc/papersize paperconf -d
letter
```
There is something wrong?  Or am I doing things wrong?

How can I set default paper size to "a4".

FYI:
$ LANG=ja_JP.UTF-8 LC_ALL=ja_JP.UTF-8 LC_PAPER=ja_JP.UTF-8 PAPERSIZE=a4 
PAPERCONF=/etc/papersize locale
LANG=ja_JP.UTF-8
LANGUAGE=en_US:en
LC_CTYPE="ja_JP.UTF-8"
LC_NUMERIC="ja_JP.UTF-8"
LC_TIME="ja_JP.UTF-8"
LC_COLLATE="ja_JP.UTF-8"
LC_MONETARY="ja_JP.UTF-8"
LC_MESSAGES="ja_JP.UTF-8"
LC_PAPER="ja_JP.UTF-8"
LC_NAME="ja_JP.UTF-8"
LC_ADDRESS="ja_JP.UTF-8"
LC_TELEPHONE="ja_JP.UTF-8"
LC_MEASUREMENT="ja_JP.UTF-8"
LC_IDENTIFICATION="ja_JP.UTF-8"
LC_ALL=ja_JP.UTF-8

So paperconf should be running under ja_JP.UTF8 (in the same papersize=a4 
world.)

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libpaper-utils depends on:
ii  libc6  2.36-9
ii  libpaper1  1.1.29

libpaper-utils recommends no packages.

libpaper-utils suggests no packages.

-- no debconf information

Bug#1036634: RM: monado/stable -- NVIU; 2 years old codebase for very active project targeting recent hardware and software stack (new version didn't make it into stable).

[David Heidelberg]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: debian-rele...@lists.debian.org


Monado package is in very active development, offering support for
recent XR headsets.

The risk is getting users discouraged by very old and already unsupported
package, rather than just using the Monado package from unstable or git.

Bug#1031046: asterisk gone from bookworm ?

[Jonas Smedegaard]

Quoting Bogdan Veringioiu (2023-05-23 14:59:48)
> Is there any news from the asterisk maintainers regarding this?
> what are the chances that asterisk 20 will be included in bookworm ?

No chance: It was removed during freeze which means it will not be part
of Bookworm.

Sorry, requires more man power to maintain than I could muster alone :-(


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1036123: [pre-approval] unblock: libcap2/1:2.66-4

[Paul Gevers]

Hi Cyril,

On 18-05-2023 22:06, Salvatore Bonaccorso wrote:

I just realized, that apart gettin the unblock by the release team as
it affects d-i as well (shipping libcap2-udeb), CC'ing Cyril here as
well.


CVE fixes in libcap2. Can you ACK (or udeb-unblock)?

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036084: [pre-approval] unblock: android-platform-tools-base/2.2.2-5

[Paul Gevers]

Control: tags -1 moreinfo

Hi,

On 15-05-2023 09:21, Emmanuel Bourg wrote:

I'd like to suggest downgrading the dependency on adb to recommended
if #1034982 isn't fixed in time for the Bookworm release.


That seems to be on it's way all right. Please close this bug if it 
migrates or remove the moreinfo tag if it gets stuck and we need to 
revisit this.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036633: firmware-iwlwifi: Wireless AC 7265 lacks D3cold support

[Giovanni]

Package: firmware-iwlwifi
Version: 20230310-1~exp2
Severity: normal
Tags: upstream
X-Debbugs-Cc: u...@junocomputers.com

Dear Maintainer,

If D3Cold is enabled from BIOS the tablet boots without Wifi. The only two ways
to enable wifi support is either by disabling D3Cold from BIOS (not ideal) or
adding pcie_port_pm=off to grub

[   12.681303] iwlwifi :01:00.0: Detected Intel(R) Dual Band Wireless AC
7265, REV=0x210



-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'unstable'), (500, 'testing'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-0-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

firmware-iwlwifi depends on no packages.

firmware-iwlwifi recommends no packages.

Versions of packages firmware-iwlwifi suggests:
ii  initramfs-tools  0.142

-- no debconf information

Bug#1036632: Update Homepage:

[Moritz Muehlenhoff]

Package: elinks
Version: 0.13.2-1+b4
Severity: minor

It seems recent uploads in experimental switched to 
https://github.com/rkd77/elinks/
as upstream, so please update the Homepage: header so that can be linked in the 
PTS.

Cheers,
Moritz

Bug#1035920: cloud-initramfs-growroot: /usr/share/initramfs-tools/hooks/growroot fails in non-merged-/usr environment: expects /usr/bin/udevadm

[Andreas Beckmann]

Followup-For: Bug #1035920
Control: tag -1 patch

The attached patch seems to fix this issue.

The canonical path for udevadm in the udev package has been /bin/udevadm
since jessie.


Andreas
>From b7839503f56aee1252b268401421fb90a69d5456 Mon Sep 17 00:00:00 2001
From: Andreas Beckmann 
Date: Tue, 23 May 2023 00:56:50 +0200
Subject: [PATCH] fix copy_exec /bin/udevadm /sbin

---
 debian/changelog| 6 ++
 growroot/hooks/growroot | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index c1720fa..d4e2fd8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cloud-initramfs-tools (0.18.debian13) UNRELEASED; urgency=medium
+
+  * Fix copy_exec /bin/udevadm /sbin (Closes: #1035920).
+
+ -- Andreas Beckmann   Tue, 23 May 2023 00:54:39 +0200
+
 cloud-initramfs-tools (0.18.debian12) unstable; urgency=medium
 
   [ Martin Pitt ]
diff --git a/growroot/hooks/growroot b/growroot/hooks/growroot
index 5d06aa8..a8ee1ab 100644
--- a/growroot/hooks/growroot
+++ b/growroot/hooks/growroot
@@ -11,7 +11,7 @@ esac
 ##
 copy_exec /sbin/sfdisk /sbin
 copy_exec /usr/bin/growpart /sbin
-copy_exec /usr/bin/udevadm /sbin
+copy_exec /bin/udevadm /sbin
 copy_exec /usr/bin/flock /bin
 
 # vi: ts=4 noexpandtab
-- 
2.20.1

Bug#1036215: installation-reports: PXE netboot x86_64 libvirt guest on aarch64 host

[Emanuele Rocca]

Hello,

following up here on the BTS for the benefit of those not reading #debian-boot.

On Wed, May 17, 2023 at 05:37:07PM +0200, Cyril Brulebois wrote:
> Emanuele Rocca  (2023-05-17):
> > (B) failure to load the grub splash screen

[...] 

> >  sarzana dnsmasq-tftp[7413]: file /srv/tftp/bookworm/isolinux/splash.png 
> > not found for 192.168.122.7
> >  sarzana dnsmasq-tftp[7413]: file /srv/tftp/bookworm/splash.png not found 
> > for 192.168.122.7
> > 
> > The grub.cfg file under /debian-installer/amd64/grub/grub.cfg has the 
> > following
> > conditionals:
> > 
> >  if background_image /isolinux/splash.png; then
> > [...]
> >  elif background_image /splash.png; then
> > 
> > The splash screen is loaded correctly replacing either of those with
> > /debian-installer/amd64/boot-screens/splash.png instead.
> 
> Adding an extra conditional in there really doesn't seem appropriate at
> this point. Seeing how images/netboot/ is 745M, and how splash.png is
> 58K, I think I'd rather have it duplicated in a way that it's found in
> /splash.png for both text and gtk installers (/isolinux/splash.png could
> would be a weird location given the booting happens via GRUB).

Even better than duplicating the image, we can use a symlink instead, see:
https://salsa.debian.org/installer-team/debian-installer/-/merge_requests/32

Bug#1036631: procps: [ps] segmentation fault ps:src/ps/display.c:75

[C Seys]

Package: procps
Version: 2:4.0.3-1
Severity: important

Dear Maintainer,

Running the command:
# ps -wwlmfjAF

leads to a partial listing along with a segmentation fault message:
  F S 
UID  PIDPPIDPGID SID  C PRI  NI ADDR SZ WCHANRSS PSR 
STIME TTY  TIME CMD
4 - root   1   0   1   1  0   -   - - 42369 -  13784   
- May10 ?00:26:24 /sbin/init
4 S root   -   -   -   -  0 597548028 - - -   - 
597547968 May10 -  00:26:24 -
1 - root   2   0   0   0  0   -   - - 0 -  0   
- May10 ?00:00:01 [kthreadd]
Signal 11 (SEGV) caught by ps (4.0.3).
1 S root   -   -   -   -  0  60   0 - 
-ps:src/ps/display.c:75: please report this bug
Segmentation fault

Thanks for your time!
C.

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-8-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages procps depends on:
ii  init-system-helpers  1.65.2
ii  libc62.36-9
ii  libncursesw6 6.4-4
ii  libproc2-0   2:4.0.3-1
ii  libtinfo66.4-4

Versions of packages procps recommends:
ii  psmisc  23.6-1

procps suggests no packages.

-- no debconf information

Bug#1036453: unblock: libvirt/9.0.0-4

[Salvatore Bonaccorso]

Hi Andrea,

On Sun, May 21, 2023 at 12:37:17PM +0200, Andrea Bolognani wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: libv...@packages.debian.org
> Control: affects -1 + src:libvirt
> 
> Please unblock package libvirt
> 
> 
> [ Reason ]
> 
> Fix CVE-2023-2700.
> 
> 
> [ Impact ]
> 
> Fix CVE-2023-2700.
> 
> 
> [ Tests ]
> 
> I haven't found tests covering this specific functionality. However,
> the change is part of libvirt 9.3.0, which is already in Debian
> experimental as well as other distributions such as Fedora, and to
> the best of my knowledge no issues with it have been reported.
> 
> 
> [ Risks ]
> 
> The change has already been reviewed and accepted upstream. The
> function being patched hasn't changed between 9.0.0 and 9.3.0, so the
> backport was a clean one. I have reviewed the changes again in the
> context of the Debian package.
> 
> 
> [ Checklist ]
> 
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> 
> [ Other info ]
> 
> N/A
> 
> 
> unblock libvirt/9.0.0-4

I think in this case you can take advantage of

https://release.debian.org/testing/freeze_policy.html#full

in "Applying for an unblock", item 5, as the diff is very small and
targetted to add the missing g_free you could upload already to
unstable to avoid the additional rountrip (in particular as the hard
deadlines are approaching).

Hope this helps,

Regards,
Salvatore