Bug#919350: hyperv-daemons: hv_get_dhcp_info, hv_get_dns_info not found
On Tue, 29 Mar 2022 13:51:02 + Christian Loos wrote: > I still see this problem in all currently supported Debian versions (9-11). And still in 12, but doesn't seem to end up in syslog/journalctl You can see the errors if you stop the service and run sudo /usr/sbin/hv_kvp_daemon -n sh: 1: /usr/libexec/hypervkvpd/hv_get_dns_info: not found sh: 1: /usr/libexec/hypervkvpd/hv_get_dhcp_info: not found sh: 1: /usr/libexec/hypervkvpd/hv_get_dns_info: not found sh: 1: /usr/libexec/hypervkvpd/hv_get_dhcp_info: not found sh: 1: /usr/libexec/hypervkvpd/hv_get_dns_info: not found sh: 1: /usr/libexec/hypervkvpd/hv_get_dhcp_info: not found sh: 1: /usr/libexec/hypervkvpd/hv_get_dns_info: not found sh: 1: /usr/libexec/hypervkvpd/hv_get_dhcp_info: not found However, Hyper-V still sees the guest IP address information while the daemon is running so I'm not sure what the actual impact of this is. Package: hyperv-daemons Version: 6.1.27-1
Bug#1036865: dpkg-dev: Overreaching Rules-Requires-Root namespace check
Hi! On Sun, 2023-05-28 at 10:26:46 +0200, Niels Thykier wrote: > Package: dpkg > Version: 1.21.22 > Severity: minor > X-Debbugs-Cc: ni...@thykier.net > I was playing around with doing a custom name space for Rules-Requires-Root, > and then dpkg said it owned the namespace: > > ``` > $ grep Rules-Requires-Root debian/control > Rules-Requires-Root: debputy/deb-assembly > $ dpkg-buildpackage -us -uc -nc -B -Pnoudeb > dpkg-buildpackage: error: Rules-Requires-Root field keyword > "debputy/deb-assembly" is unknown in dpkg namespace > ``` > > Personally, I was a bit surprised because I did not feel like dpkg has a > claim on this namespace. It turns out that dpkg currently believes it owns > *all* namespaces: > > ``` > $ grep Rules-Requires-Root debian/control > Rules-Requires-Root: foo/bar > $ dpkg-buildpackage -us -uc -nc -B -Pnoudeb > dpkg-buildpackage: error: Rules-Requires-Root field keyword "foo/bar" is > unknown in dpkg namespace > ``` > > Please review the namespace check. Behaviour-wise there is a bug in it > somewhere. Ugh, so from code staring and git log, it seems this has not worked since the code got added. Which should also mean the debhelper namespace which is documented in the spec does not work either. :/ I've prepared the attached patch which I think should be fixing this, but will test and add some functional tests to check for this to make sure and avoid regressions. I might look into whether to target stable releases too given that it's a small fix (although no one else reported this until now, but that might only mean people thought this was allowed…). Thanks, Guillem diff --git i/scripts/dpkg-buildpackage.pl w/scripts/dpkg-buildpackage.pl index bf43fb5cf..f119f11f5 100755 --- i/scripts/dpkg-buildpackage.pl +++ w/scripts/dpkg-buildpackage.pl @@ -846,7 +846,7 @@ sub parse_rules_requires_root { if ($keyword =~ m{^dpkg/target/(.*)$}p and $target_official{$1}) { error(g_('disallowed target in %s field keyword "%s"'), 'Rules-Requires-Root', $keyword); -} elsif ($keyword ne 'dpkg/target-subcommand') { +} elsif ($keyword =~ m{^dpkg/(.*)$} and $1 ne 'target-subcommand') { error(g_('%s field keyword "%s" is unknown in dpkg namespace'), 'Rules-Requires-Root', $keyword); }
Bug#1035543: init-system-helpers: new systemd units may not get enabled on upgrades from bullseye if systemd is installed
Hi Ted, * Theodore Ts'o [2023-05-27 19:45]: So sure, /etc/systemd.d/system/multi-user.target.wants/e2scrub_reap.service doesn't exist. *But* it still exists in .../default.target.wants/... which seems to be enough to keep the e2scrub_reap service enabled. Right? Yes, that's fine. In any case, I am still unclear (a) what is actually broken in this particular setup, since according to systemctl status the systemd unit is apparently still appropriate enabled, even if it isn't via the expected Wanted-b: multi-user.target. The point of piuparts is that an upgraded system is different to a newly installed system, i.e. that the e2scrub_reap.service symlink lies in a different directory. And secondly, (b) what is e2fsprogs's control scripts supposed to have done differently? That is, if this is indeed this is a bug in e2fsprogs --- what did I do wrong, and how do I fix it? Arguably nothing and init-system-helpers/dh_installsystemd should detect the change and move the symlink. And if the answer is you should never, ever, try to change a Wanted-by line in a systemd script, because debian's systemd unit file infrastructure is too fragile to handle this correctly, given that bookworm is about to ship with "Wanted-by: multi-user.target", what's the best path forward at this point? For now the best way is to do nothing and wait for the bookworm release. In general there are two things. One is to fix the immediate problem this issue is about and we can still do that in a point release. The other one is to have general support for changing Wanted-by: (or state that it is not supported). I would propose to ask the init-system-helpers/dh_installsystemd maintainers for a general solution and then apply that for a bookworm point release. Cheers Jochen signature.asc Description: PGP signature
Bug#1036757: unblock: debian-security-support/1:12+2023.05.12
On Thu, May 25, 2023 at 05:06:20PM +0200, Paul Gevers wrote: > On 25-05-2023 15:40, Holger Levsen wrote: > > unblock debian-security-support/1:12+2023.05.12 > unblocked thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Money is worth nothing on a dead planet. signature.asc Description: PGP signature
Bug#1036867: unblock: qt6-base/6.4.2+dfsg-10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: delta...@debian.org,debian-qt-...@lists.debian.org Please unblock package qt6-base [ Reason ] Fixes CVE-2023-33285 that prevents a buffer overflow. [ Impact ] Lack of security fixes. [ Tests ] Tested by upstream, do not break API/ABI, seems safe. [ Risks ] None that I can think of. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock qt6-base/6.4.2+dfsg-10 diffstat for qt6-base-6.4.2+dfsg qt6-base-6.4.2+dfsg changelog |7 patches/cve-2023-33285.diff | 70 patches/series |3 + 3 files changed, 79 insertions(+), 1 deletion(-) diff -Nru qt6-base-6.4.2+dfsg/debian/changelog qt6-base-6.4.2+dfsg/debian/changelog --- qt6-base-6.4.2+dfsg/debian/changelog2023-05-22 16:40:45.0 +0200 +++ qt6-base-6.4.2+dfsg/debian/changelog2023-05-28 10:41:24.0 +0200 @@ -1,3 +1,10 @@ +qt6-base (6.4.2+dfsg-10) unstable; urgency=medium + + [ Patrick Franz ] + * Add patch to fix CVE-2023-33285 (Closes: #1036848). + + -- Patrick Franz Sun, 28 May 2023 10:41:24 +0200 + qt6-base (6.4.2+dfsg-9) unstable; urgency=medium * Team upload. diff -Nru qt6-base-6.4.2+dfsg/debian/patches/cve-2023-33285.diff qt6-base-6.4.2+dfsg/debian/patches/cve-2023-33285.diff --- qt6-base-6.4.2+dfsg/debian/patches/cve-2023-33285.diff 1970-01-01 01:00:00.0 +0100 +++ qt6-base-6.4.2+dfsg/debian/patches/cve-2023-33285.diff 2023-05-28 10:40:55.0 +0200 @@ -0,0 +1,70 @@ +diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp +index 75f7c6c440..de0113494f 100644 +--- a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp +@@ -193,7 +193,6 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray + // responseLength in case of error, we still can extract the + // exact error code from the response. + HEADER *header = (HEADER*)response; +-const int answerCount = ntohs(header->ancount); + switch (header->rcode) { + case NOERROR: + break; +@@ -226,18 +225,31 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray + return; + } + +-// Skip the query host, type (2 bytes) and class (2 bytes). + char host[PACKETSZ], answer[PACKETSZ]; + unsigned char *p = response + sizeof(HEADER); +-int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); +-if (status < 0) { ++int status; ++ ++if (ntohs(header->qdcount) == 1) { ++// Skip the query host, type (2 bytes) and class (2 bytes). ++status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); ++if (status < 0) { ++reply->error = QDnsLookup::InvalidReplyError; ++reply->errorString = tr("Could not expand domain name"); ++return; ++} ++if ((p - response) + status + 4 >= responseLength) ++header->qdcount = 0x; // invalid reply below ++else ++p += status + 4; ++} ++if (ntohs(header->qdcount) > 1) { + reply->error = QDnsLookup::InvalidReplyError; +-reply->errorString = tr("Could not expand domain name"); ++reply->errorString = tr("Invalid reply received"); + return; + } +-p += status + 4; + + // Extract results. ++const int answerCount = ntohs(header->ancount); + int answerIndex = 0; + while ((p < response + responseLength) && (answerIndex < answerCount)) { + status = local_dn_expand(response, response + responseLength, p, host, sizeof(host)); +@@ -249,6 +261,11 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray + const QString name = QUrl::fromAce(host); + + p += status; ++ ++if ((p - response) + 10 > responseLength) { ++// probably just a truncated reply, return what we have ++return; ++} + const quint16 type = (p[0] << 8) | p[1]; + p += 2; // RR type + p += 2; // RR class +@@ -256,6 +273,8 @@ void QDnsLookupRunnable::query(const int requestType, const QByteArray + p += 4; + const quint16 size = (p[0] << 8) | p[1]; + p += 2; ++if ((p - response) + size > responseLength) ++return; // truncated + + if (type == QDnsLookup::A) { + if (size != 4) { diff -Nru qt6-base-6.4.2+dfsg/debian/patches/series qt6-base-6.4.2+dfsg/debian/patches/series --- qt6-base-6.4.2+dfsg/debian/patches/series 2023-05-22 16:37:22.0 +0200 +++ qt6-base-6.4.2+dfsg/debian/patches/series 2023-05-28 10:22:01.0 +0200 @@ -1,6 +1,7 @@ -# fixed in
Bug#1036865: dpkg-dev: Overreaching Rules-Requires-Root namespace check
Package: dpkg Version: 1.21.22 Severity: minor X-Debbugs-Cc: ni...@thykier.net I was playing around with doing a custom name space for Rules-Requires-Root, and then dpkg said it owned the namespace: ``` $ grep Rules-Requires-Root debian/control Rules-Requires-Root: debputy/deb-assembly $ dpkg-buildpackage -us -uc -nc -B -Pnoudeb dpkg-buildpackage: error: Rules-Requires-Root field keyword "debputy/deb-assembly" is unknown in dpkg namespace ``` Personally, I was a bit surprised because I did not feel like dpkg has a claim on this namespace. It turns out that dpkg currently believes it owns *all* namespaces: ``` $ grep Rules-Requires-Root debian/control Rules-Requires-Root: foo/bar $ dpkg-buildpackage -us -uc -nc -B -Pnoudeb dpkg-buildpackage: error: Rules-Requires-Root field keyword "foo/bar" is unknown in dpkg namespace ``` Please review the namespace check. Behaviour-wise there is a bug in it somewhere. Best regards, Niels
Bug#1036864: unblock: soapysdr/0.8.1-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: tony mancill Control: tag -1 + src:soapysdr Please unblock package soapysdr [ Reason ] The libsoapysdr0.7 (bullseye) and libsoapysdr0.8 (bookworm) library stacks are not co-installable due to a package conflict deep in their dependency tree. This is sometimes hard for apt to figure out and it may prefer to keep some obsolete packages installed and hold some upgradable packages at the bullseye version. This can be hinted into the right direction (removing the whole obsolete tree, and installing all the fancy new stuff) by adding some Breaks between the roots of the dependency trees. The explicit Breaks at the root (which has usually a sufficiently high score) easily propagates the removal through the whole tree. [ Impact ] incomplete upgrades in some cases [ Tests ] Local piuparts bullseye -> bookworm tests using the fixed packages, testing all upgrade paths that had libsoapysdr0.7 (transitively) installed in bookworm. [ Risks ] the Breaks targets only packages not in bookworm and that need to get removed on upgrades from bullseye [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] n/a unblock soapysdr/0.8.1-3 Andreas diff -Nru soapysdr-0.8.1/debian/changelog soapysdr-0.8.1/debian/changelog --- soapysdr-0.8.1/debian/changelog 2021-09-07 00:29:41.0 +0200 +++ soapysdr-0.8.1/debian/changelog 2023-05-24 09:35:42.0 +0200 @@ -1,3 +1,11 @@ +soapysdr (0.8.1-3) unstable; urgency=medium + + * Team upload + * libsoapysdr0.8: Add Breaks: libsoapysdr0.7 for smoother upgrades from +bullseye. (Closes: #1036737) + + -- Andreas Beckmann Wed, 24 May 2023 09:35:42 +0200 + soapysdr (0.8.1-2) unstable; urgency=medium * Upload to unstable diff -Nru soapysdr-0.8.1/debian/control soapysdr-0.8.1/debian/control --- soapysdr-0.8.1/debian/control 2021-08-25 22:17:31.0 +0200 +++ soapysdr-0.8.1/debian/control 2023-05-24 09:35:42.0 +0200 @@ -24,6 +24,7 @@ Multi-Arch: same Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: soapysdr0.8-module-all | soapysdr0.8-module +Breaks: libsoapysdr0.7 Description: software defined radio interface library SoapySDR is a library providing a common interface to SDR (software defined radio) hardware. Support for different hardware is added through
Bug#1036759: unblock: heat-cfntools/1.4.2-3
Control: tags -1 + moreinfo Hi Thomas On Thu, 25 May 2023 at 16:12, Thomas Goirand wrote: > unblock heat-cfntools/1.4.2-3 Debdiff looks good to me, but did you forget to upload? Regards Graham
Bug#1036791: gah
control: severity -1 normal # how would you think this is a serious bug in src:debian-securtiy-support causing it's autoremoval??? # cheers! thanks -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ "A fundamentalist gender binary was a key feature of Nazi racial politics and genocide. (...) It must be said that the reality of transgender identity cannot be challenged. Transgender people have existed throughout history." https://www.lemkininstitute.com/statements-new-page/statement-on-the-genocidal-nature-of-the-gender-critical-movement%E2%80%99s-ideology-and-practice signature.asc Description: PGP signature
Bug#1036535: unblock: altos/1.9.16-2
Control: tags -1 + moreinfo Hi Bdale On Mon, 22 May 2023 at 07:48, Bdale Garbee wrote: > [ Risks ] > The > change for the -2 upload was a one-line change of the delivery path for a > rarely-used systemd unit file in the packaging scripts (that is not enabled > by default). If this was an upload of 1.9.15-2 with only that change, altos would already have been unblocked. > [ Checklist ] > [ ] attach debdiff against the package in testing You didn't attach a debdiff, but I generated one in order to review the changes between 1.9.15-1 in testing and 1.9.16-2 in unstable. As far as I could see, the only change according to the upstream release notes was: * Add TeleGPS v3.0 support However, the debdiff showed a lot more, including the addition of several fonts. Diffstat showed: 159 files changed, 824544 insertions(+), 3993 deletions(-) > [ Other info ] > I am both an upstream and Debian package maintainer of altos. As upstream, please comment on risks of the other changes between 1.9.15 and 1.9.16. If you think it will help, please attach a filtered debdiff, e.g. excluding the font additions. Regards Graham
Bug#1036863: ITP: perlnavigator -- language server (LSP) for Perl
Package: wnpp Severity: wishlist Owner: Jonas Smedegaard X-Debbugs-Cc: debian-de...@lists.debian.org, Debian Javascript Maintainers , Debian Perl Group -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: perlnavigator Version : 0.5.5 Upstream Contact: bscan * URL : https://github.com/bscan/PerlNavigator * License : Expat Programming Lang: JavaScript, Perl Description : language server (LSP) for Perl Perl Navigator Language Server provides syntax checking, autocompletion, perlcritic, code navigation and hover for Perl. . Implemented as a Language Server in NodeJS using the Microsoft LSP libraries along with Perl doing the syntax checking and parsing. This package will be maintained collaboratively in the JavaScript team (since build framework is NodeJS), but with conventional "node-" prefix only in provided virtual package name as it is mainly an application. Cc'ing Perl team since its use relates there. It will be maintained at Salsa, here: https://salsa.debian.org/js-team/perlnavigator -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmRy+yAACgkQLHwxRsGg ASGsmhAAiDJ/2pYjjJhsUPly4nl3vracp7pIECwiq+mhVoHqbjyQc54BFm+kSznn ijDmdbpYWcSMkW5esQkAwNj6c6DFLQqDgVcDSHSPr6NJrh0yLMSBg5uveXsO11Aj a3N/uHt6Iq9m1yppS2B/yqffWfqFCn6CAWHV7Kfb+LIDniczExA0Kq5Gpk+v+/Y+ /gYj+qP0Y6dLrRt/DGVbH2dPuWiQb89EBShha3VZHE106REr4Xin5sqm0LRWvk3O TcDg/3bq1xkYcyMX3pi/mXiue1ewF2Udi3sKlHbH3NWwMF8S0TAzaNlF6ZhmKJlJ w+nRXGp83EqOrrsWRxhDh7pfWE2+y0p6PM+03Iq8eH9JDFRx8+dgUoOG6fUF6un1 Oa+i6uqCt15HHkENlf/iH8ChsIQxgaUM664AGe2MyqhTLIkaYX3VJd8WaptZ+x1h eODF4VZaS/27V4gaBMKiHnr+ugEVXQWQsxv6QmzmxedNAXdY6aeqEDFkL0PhBdL8 Fn4C3kG+I2mPnxa/GhFu/D1i/k1Xw+HLc+sDu02zBYzvxKOn3HddUvyr5UFjqN8s 7r6nPYGSbpAJs5dqYZvWPCUhqsrFmi3BGkVa6ZoFjrBln6VBWguhrGFWBmw+uZL8 hBbPgci53rA3jEgdZ8Pj/RgpExHCCBivKeYp1/sl0XrClKcQGJU= =hcck -END PGP SIGNATURE-
Bug#1036530: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of system)
Hi Mario Nick Hastings reported in Debian in https://bugs.debian.org/1036530 lockups from his system after updating from a 6.0 based version to 6.1.y. #regzbot ^introduced 24867516f06d he bisected the issue and tracked it down to: On Sun, May 28, 2023 at 10:14:51AM +0900, Nick Hastings wrote: > Control: tags -1 - moreinfo > > Hi, > > I repeated the git bisect, and the bad commit seems to be: > > (git)-[v6.1-rc1~206^2~4^5~3|bisect] % git bisect bad > 24867516f06dabedef3be7eea0ef0846b91538bc is the first bad commit > commit 24867516f06dabedef3be7eea0ef0846b91538bc > Author: Mario Limonciello > Date: Tue Aug 23 13:51:31 2022 -0500 > > ACPI: OSI: Remove Linux-Dell-Video _OSI string > > This string was introduced because drivers for NVIDIA hardware > had bugs supporting RTD3 in the past. > > Before proprietary NVIDIA driver started to support RTD3, Ubuntu had > had a mechanism for switching PRIME on and off, though it had required > to logout/login to make the library switch happen. > > When the PRIME had been off, the mechanism had unloaded the NVIDIA > driver and put the device into D3cold, but the GPU had never come back > to D0 again which is why ODMs used the _OSI to expose an old _DSM > method to switch the power on/off. > > That has been fixed by commit 5775b843a619 ("PCI: Restore config space > on runtime resume despite being unbound"). so vendors shouldn't be > using this string to modify ASL any more. > > Reviewed-by: Lyude Paul > Signed-off-by: Mario Limonciello > Signed-off-by: Rafael J. Wysocki > > drivers/acpi/osi.c | 9 - > 1 file changed, 9 deletions(-) > > This machine is a Dell with an nvidia chip so it looks like this really > could be the commit that that is causing the problems. The description > of the commit also seems (to my untrained eye) to be consistent with the > error reported on the console when the lockup occurs: > > [ 58.729863] ACPI Error: Aborting method \_SB.PCI0.PGON due to previous > error (AE_AML_LOOP_TIMEOUT) (20220331/psparse-529) > [ 58.729904] ACPI Error: Aborting method \_SB.PCI0.PEG0.PG00._ON due to > previous error (AE_AML_LOOP_TIMEOUT) (20220331/psparse-529) > [ 60.083261] vfio-pci :01:00.0 Unable to change power state from D3cold > to D0, device inaccessible > > Hopefully this is enough information for experts to resolve this. Does this ring some bell for you? Do you need any further information from Nick? Regards, Salvatore
Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
tags -1 + moreinfo Hi Yadd On Wed, 3 May 2023 at 04:51, Yadd wrote: > here is the current debdiff (without the big removal of useless > discoveryjs-json-ext/benchmarks) I removed the moreinfo tag before realizing this is exactly the same as the first debdiff. You seem to have missed this comment: On Wed, 15 Mar 2023 at 22:15, Paul Gevers wrote: > This doesn't look like a targeted fix, but rather seems to include much > more. > > How about reverting and providing a fix only for that CVE please? Regards Graham
Bug#1035056: [pre-approval] plasma-desktop 5.27.X
Control: tags -1 confirmed moreinfo Hi all, [For those following at home, I had multiple live discussions with Aurélien at the Debian Reunion Hamburg.] On 27-05-2023 22:44, Aurélien COUDERC wrote: I don’t have particular bugs in mind, I think the selection that upstream makes of bugs that deserve a fix in their stable 5.27 branch makes sense for us to follow. Ok, it's terribly late but let's go for this then. You'll need to help a bit more though. You want the full set to migrate together, so please check the status of the upload you did yesterday and let me know when everything is ready. That means that no package should be blocked on anything except age and the freeze. Piuparts and autopkgtest runs must have finished and when finished neither must block migration. Did you mention you have a web page for that already, can you share the link? Also please prepare the correct set of hints, they need to be in the form of: unblock package-name/version-in-unstable Paul OpenPGP_signature Description: OpenPGP digital signature