Bug#990486: mtools 4.0.33-1+really4.0.32-1: Internal error, size too big

[Trent W. Buck]

Silvio,

Thanks, changing "mcopy -b" to "mcopy" fixed things for me.

For the record, I attach the full scripts;
Debian 12 (4.0.33-1+really4.0.32-1) fails with -b;
Debian 11 (mtools=4.0.26-1) works with -b.
#!/usr/bin/python3
import argparse
import pathlib
import subprocess
import tempfile

__author__ = "Trent W. Buck"
__copyright__ = "Copyright © 2020 Trent W. Buck"
__license__ = "expat"

__doc__ = """ build the simplest Debian Live image that can boot

This uses mmdebstrap to do the heavy lifting;
it can run entirely without root privileges.
It emits a USB key disk image that contains a bootable EFI ESP,
which in turn includes a bootloader (refind), kernel, ramdisk, and filesystem.squashfs.

NOTE: this is the simplest config possible.
  It lacks CRITICAL SECURITY AND DATA LOSS packages, such as amd64-microcode and smartd.
"""

parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument('output_file', nargs='?', default=pathlib.Path('filesystem.img'), type=pathlib.Path)
parser.add_argument('--boot-test', action='store_true')
args = parser.parse_args()


filesystem_img_size = '256M'# big enough to include filesystem.squashfs + about 64M of bootloader, kernel, and ramdisk.
esp_offset = 1024 * 1024# 1MiB
esp_label = 'UEFI-ESP'  # max 8 bytes for FAT32
live_media_path = 'debian-live'

with tempfile.TemporaryDirectory(prefix='debian-live-bullseye-amd64-minimal.') as td:
td = pathlib.Path(td)
subprocess.check_call(
['mmdebstrap',
 '--mode=unshare',
 '--variant=apt',
 '--aptopt=Acquire::http::Proxy "http://localhost:3142;',
 '--aptopt=Acquire::https::Proxy "DIRECT"',
 '--dpkgopt=force-unsafe-io',
 '--include=linux-image-amd64 init initramfs-tools live-boot netbase',
 '--include=dbus',  # https://bugs.debian.org/814758
 '--include=live-config iproute2 keyboard-configuration locales sudo user-setup',
 '--include=ifupdown isc-dhcp-client',  # live-config doesn't support systemd-networkd yet.

 # Do the **BARE MINIMUM** to make a USB key that can boot on X86_64 UEFI.
 # We use mtools so we do not ever need root privileges.
 # We can't use mkfs.vfat, as that needs kpartx or losetup (i.e. root).
 # We can't use mkfs.udf, as that needs mount (i.e. root).
 # We can't use "refind-install --usedefault" as that runs mount(8) (i.e. root).
 # We don't use genisoimage because
 # 1) ISO9660 must die;
 # 2) incomplete UDF 1.5+ support;
 # 3) resulting filesystem can't be tweaked after flashing (e.g. debian-live/site.dir/etc/systemd/network/up.network).
 #
 # We use refind because 1) I hate grub; and 2) I like refind.
 # If you want aarch64 or ia32 you need to install their BOOTxxx.EFI files.
 # If you want kernel+initrd on something other than FAT, you need refind/drivers_xxx/xxx_xxx.EFI.
 #
 # FIXME: with qemu in UEFI mode (OVMF), I get dumped into startup.nsh (UEFI REPL).
 #From there, I can manually type in "FS0:\EFI\BOOT\BOOTX64.EFI" to start refind, tho.
 #So WTF is its problem?  Does it not support fallback bootloader?
 '--include=refind parted mtools',
 '--essential-hook=echo refind refind/install_to_esp boolean false | chroot $1 debconf-set-selections',
 '--customize-hook=echo refind refind/install_to_esp boolean true  | chroot $1 debconf-set-selections',
 '--customize-hook=chroot $1 mkdir -p /boot/USB /boot/EFI/BOOT',
 '--customize-hook=chroot $1 cp /usr/share/refind/refind/refind_x64.efi /boot/EFI/BOOT/BOOTX64.EFI',
 f'--customize-hook=chroot $1 truncate --size={filesystem_img_size} /boot/USB/filesystem.img',
 f'--customize-hook=chroot $1 parted --script --align=optimal /boot/USB/filesystem.img  mklabel gpt  mkpart {esp_label} {esp_offset}b 100%  set 1 esp on',
 f'--customize-hook=chroot $1 mformat -i /boot/USB/filesystem.img@@{esp_offset} -F -v {esp_label}',
 f'--customize-hook=chroot $1 mmd -i /boot/USB/filesystem.img@@{esp_offset} ::{live_media_path}',
 f"""--customize-hook=echo '"Boot with default options" "boot=live live-media-path={live_media_path}"' >$1/boot/refind_linux.conf""",
 # NOTE: find sidesteps the "glob expands before chroot applies" problem.
 f"""--customize-hook=chroot $1 find -O3 /boot/ -xdev -mindepth 1 -maxdepth 1 -regextype posix-egrep -iregex '.*/(EFI|refind_linux.conf|vmlinuz.*|initrd.img.*)' -exec mcopy -vsbpm -i /boot/USB/filesystem.img@@{esp_offset} {{}} :: ';'""",
 # FIXME: copy-out doesn't handle sparseness, so is REALLY slow (about 50 seconds).
 # Therefore instead leave it in the squashfs, and extract it later.
 #  f'--customize-hook=copy-out /boot/USB/filesystem.img /tmp/',
 #  f'--customize-hook=chroot $1 rm /boot/USB/filesystem.img',

 'bullseye',
 td / 

Bug#1037190: closed by Debian FTP Masters (reply to Martin-Éric Racine ) (Bug#1037190: fixed in dhcpcd 10.0.1-1)

[Martin-Éric Racine]

On Thu, Jul 13, 2023 at 8:01 AM Martin-Éric Racine
 wrote:
>
> On Thu, Jul 13, 2023 at 3:21 AM Andreas Beckmann  wrote:
> >
> > On 11/07/2023 07.05, Martin-Éric Racine wrote:
> > >> This is what I would push to stable-proposed-updates (see attachment).
> > >> Would this do the trick? If yes, I can upload to Mentors. If not,
> > >> please explain.
> > >
> > > Package waiting on Mentors.
> >
> > Looks good. Minor nitpicks:
> > - in d/changelog: use "bookworm" instead of "stable-proposed-updates"
> > - close the bug #1037190
> >
> > Can you put the commits in a new debian/bookworm branch on salsa,
> > starting from tag debian/9.4.1-24?
> >
> > I'll sponsor that upload for you.
>
> E: dhcpcd5 changes: bad-distribution-in-changes-file bookworm
>
> Re-uploaded to Mentors.

Scratch that. Mentors doesn'r know about any release newer than
Bullseye and rejected the upload. Debdiff attached.

Martin-Éric

PS: I don't know how to fork a branch on Git. My Git skills are minimal.
diff -Nru dhcpcd5-9.4.1/debian/changelog dhcpcd5-9.4.1/debian/changelog
--- dhcpcd5-9.4.1/debian/changelog  2023-05-29 10:45:31.0 +0300
+++ dhcpcd5-9.4.1/debian/changelog  2023-07-13 07:56:52.0 +0300
@@ -1,6 +1,16 @@
+dhcpcd5 (9.4.1-24+deb12u1) bookworm; urgency=medium
+
+  * Backported Wheezy upgrade mitigation from unstable (Closes: #1037190).
++ Include /usr/share/dpkg/pkg-info.mk needed for target version mingling.
++ Add epoch to bin:dhcpcd via override_dh_gencontrol.
+  Wheezy had (1:3.2.3-11+deb7u1) so reintroduce the epoch for one target.
++ Add dhcpcd.preinst by Andreas Beckmann to clean up upgrade leftovers.
+
+ -- Martin-Éric Racine   Thu, 13 Jul 2023 07:56:52 
+0300
+
 dhcpcd5 (9.4.1-24) unstable; urgency=medium
 
-  * Upload to unstable
+  * Upload to unstable.
 
  -- Martin-Éric Racine   Mon, 29 May 2023 15:45:31 
+0800
 
diff -Nru dhcpcd5-9.4.1/debian/copyright dhcpcd5-9.4.1/debian/copyright
--- dhcpcd5-9.4.1/debian/copyright  2023-05-24 16:29:33.0 +0300
+++ dhcpcd5-9.4.1/debian/copyright  2023-07-09 22:09:15.0 +0300
@@ -4,7 +4,7 @@
 Upstream-Contact: Roy Marples 
 
 Files: *
-Copyright: 2006-2018  Roy Marples 
+Copyright: 2006-2023  Roy Marples 
1999, 2016 The NetBSD Foundation, Inc.
2005 Colin Percival
2005 The DragonFly Project.  All rights reserved.
@@ -68,6 +68,7 @@
2015 Daniel Echeverry 
2018 Scott Leggett 
2022-2023 Martin-Éric Racine 
+   2023 Andreas Beckmann 
 License: BSD-2
 
 Files: debian/hooks/*
diff -Nru dhcpcd5-9.4.1/debian/dhcpcd.preinst 
dhcpcd5-9.4.1/debian/dhcpcd.preinst
--- dhcpcd5-9.4.1/debian/dhcpcd.preinst 1970-01-01 02:00:00.0 +0200
+++ dhcpcd5-9.4.1/debian/dhcpcd.preinst 2023-07-09 22:07:22.0 +0300
@@ -0,0 +1,14 @@
+#!/bin/sh
+# As per Debian bug #1037190.
+# Copyright 2023 Andreas Beckmann 
+set -e
+if dpkg --compare-versions "$2" lt-nl "1:9.4.1-24+deb12u1~" ; then
+  # Cleanup leftovers from dhcpcd 1:3.* in Wheezy.
+  # Can be removed after Trixie is released.
+  update-alternatives --remove dhcpcd /sbin/dhcpcd3
+  if [ -d /etc/dhcpc ]; then
+test ! -h /etc/dhcpc/resolv.conf || rm -fv /etc/dhcpc/resolv.conf
+rmdir --ignore-fail-on-non-empty /etc/dhcpc
+  fi
+fi
+#DEBHELPER#
diff -Nru dhcpcd5-9.4.1/debian/rules dhcpcd5-9.4.1/debian/rules
--- dhcpcd5-9.4.1/debian/rules  2023-05-24 16:29:33.0 +0300
+++ dhcpcd5-9.4.1/debian/rules  2023-07-09 22:14:37.0 +0300
@@ -1,4 +1,5 @@
 #!/usr/bin/make -f
+include /usr/share/dpkg/pkg-info.mk
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
@@ -12,8 +13,12 @@
--libexecdir=/usr/lib/dhcpcd \
--rundir=/run/dhcpcd
 
-# avoid starting the unconfigured service as it may break connectivity
+# Wheezy had (1:3.2.3-11+deb7u1) so reintroduce the epoch for one target.
+override_dh_gencontrol:
+   dh_gencontrol --package=dhcpcd -- -v1:$(DEB_VERSION_UPSTREAM_REVISION)
+   dh_gencontrol --remaining-packages
 
+# Avoid starting the unconfigured service as it may break connectivity.
 override_dh_installinit:
dh_installinit --name=dhcpcd --no-start
 

Bug#1040957: xine-lib-1.2: FTBFS on hurd-i386

[Pino Toscano]

Source: xine-lib-1.2
Version: 1.2.13+hg20230710-1
Severity: important
Tags: patch
User: debian-h...@lists.debian.org
Usertags: hurd
Control: found -1 1.2.12-1

Hi,

xine-lib-1.2 currently FTBFSes on hurd-i386 [1].

The problem is that the VAAPI support is not available on hurd-i386,
and libxine2-x unconditionally installs files that are built for that.
The attached patch fixes the issue, by limiting the VAAPI plugins that
were not already limited on some architectures (e.g. the wayland one)
as !hurd-any, like the libva-dev build dependency.

As I was tweaking/fixing the packaging for hurd-i386, I included also
few more Hurd-related changes:
- enable the smb plugin also on the Hurd, as samba is now built there
- change the exclusion architecture pattern for the vcdo plugin to
  !hurd-any, as it applies to any Hurd architecture and not only to
  hurd-i386

[1] 
https://buildd.debian.org/status/fetch.php?pkg=xine-lib-1.2=hurd-i386=1.2.13%2Bhg20230710-1=1689013434=0

Thanks,
-- 
Pino
--- a/debian/control
+++ b/debian/control
@@ -30,7 +30,7 @@ Build-Depends: debhelper-compat (= 13),
  libpulse-dev,
  librsvg2-bin,
  libsdl1.2-compat-dev,
- libsmbclient-dev [!hurd-i386],
+ libsmbclient-dev,
  libspeex-dev,
  libtheora-dev,
  libv4l-dev [linux-any],
--- a/debian/libxine2-misc-plugins.install
+++ b/debian/libxine2-misc-plugins.install
@@ -9,11 +9,11 @@ debian/tmp/usr/lib/*/xine/plugins/*/xine
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_network.so
 [linux-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_pvr.so
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_rtp.so
-[!hurd-i386] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_smb.so
+debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_smb.so
 #[linux-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_v4l.so
 [linux-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_v4l2.so
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_vcd.so
-[!hurd-i386] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_vcdo.so
+[!hurd-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_inp_vcdo.so
 
 # audio output plugins
 [linux-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_ao_out_alsa.so
--- a/debian/libxine2-x.install
+++ b/debian/libxine2-x.install
@@ -5,7 +5,7 @@ debian/tmp/usr/lib/*/xine/plugins/*/xine
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_out_opengl.so
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_out_opengl2.so
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_out_sdl.so
-[linux-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_out_vaapi.so
+[!hurd-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_out_vaapi.so
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_out_xcbshm.so
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_out_xcbxv.so
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_out_xdirectfb.so
@@ -17,7 +17,7 @@ debian/tmp/usr/lib/*/xine/plugins/*/xine
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_gl_egl_x11.so
 debian/tmp/usr/lib/*/xine/plugins/*/xineplug_vo_gl_glx.so
 [linux-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_hw_frame_vaapi.so
-debian/tmp/usr/lib/*/xine/plugins/*/xineplug_va_display_drm.so
-debian/tmp/usr/lib/*/xine/plugins/*/xineplug_va_display_glx.so
+[!hurd-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_va_display_drm.so
+[!hurd-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_va_display_glx.so
 [linux-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_va_display_wl.so
-debian/tmp/usr/lib/*/xine/plugins/*/xineplug_va_display_x11.so
+[!hurd-any] debian/tmp/usr/lib/*/xine/plugins/*/xineplug_va_display_x11.so

Bug#1037190: closed by Debian FTP Masters (reply to Martin-Éric Racine ) (Bug#1037190: fixed in dhcpcd 10.0.1-1)

[Martin-Éric Racine]

On Thu, Jul 13, 2023 at 3:21 AM Andreas Beckmann  wrote:
>
> On 11/07/2023 07.05, Martin-Éric Racine wrote:
> >> This is what I would push to stable-proposed-updates (see attachment).
> >> Would this do the trick? If yes, I can upload to Mentors. If not,
> >> please explain.
> >
> > Package waiting on Mentors.
>
> Looks good. Minor nitpicks:
> - in d/changelog: use "bookworm" instead of "stable-proposed-updates"
> - close the bug #1037190
>
> Can you put the commits in a new debian/bookworm branch on salsa,
> starting from tag debian/9.4.1-24?
>
> I'll sponsor that upload for you.

E: dhcpcd5 changes: bad-distribution-in-changes-file bookworm

Re-uploaded to Menotors.

Martin-Éric

Bug#1036904: bookworm-pu: package libreoffice/4:7.4.7-1

[Rene Engelhard]

Hi,

Am 12.07.23 um 23:01 schrieb Jonathan Wiltshire:

Control: tag -1 confirmed
[...]
The version is fine. It may or may not make it into 12.1 depending on build
times; we'll do our best.


Uploaded, thanks.


Regards,


Rene

Bug#1040955: linux-image-6.1.0-10-amd64 | drm/i915 Intel GFX Driver crashes kernel

[Salvatore Bonaccorso]

Control: tags -1 + moreinfo

Hi Victor,

On Thu, Jul 13, 2023 at 12:54:01AM -0300, Victor A. Bettachini wrote:
> Package: src:linux
> Version: 6.1.37-1
> Severity: important
> X-Debbugs-Cc: vict...@gmx.net
> 
> Dear Maintainer,
> 
> I'd like to report this behaviour present when booting to
> linux-image-6.1.0-10-amd64 but not but not when doing that to its
> predecesor, linux-image-6.1.0-9-amd64.
> 
> Justa few seconds after graphic loging (Xorg session) the computer freezes
> not even allowing to jump to any tty with ctrl-alt-F# key combination.
> 
> I'm attaching an excerpt of the output journalctl, the trace stating the
> problem itself: i915_6.1.0-10_journalctl.txt

Would it be possible that you verify if the issue is as well rpesent
in current unstable (6.3.11-1) and experimental (6.4.1-1~exp1)?

Additionally is it possible to you to bisect the changes between
6.1.27-1 and 6.1.37-1 with upstream version to identify the culprit?

Regards,
Salvatore

Bug#1040956: systemd: Internal USB devices disconnected when `udevadm settle` run in early boot

[Undef]

Package: systemd
Version: 253.5-1
Severity: important
X-Debbugs-Cc: debian@undef.tools

Dear Maintainer,

On upgrade to systemd 253.5-1 the USB modem on my Librem5 stopped
working. This also occurs on 252.11-1 (testing) but not on 252.6-1
(stable) or 253-3 (previously available in unstable.

This only seems to happen in a very specific configuration:
  * Librem5
  * Booting from eMMC
  * Using full disk encryption
  * Using an on-screen keyboard such as osk-sdl to unlock the device.

Digging into the issue, it seems I can trigger it by adding an initramfs
script which will run `udevadm settle` in the initramfs. This itself
doesn't remove the USB device, but later in the boot the device will
disappear.

The following logs are found in dmesg:
```
[   28.890890] usbcore: registered new interface driver option
[   28.890948] usbserial: USB Serial support registered for GSM modem (1-port)
[   28.960264] input: Librem 5 Headphones as 
/devices/platform/sound/sound/card0/input5
[   29.080045] option 1-1.2:1.0: GSM modem (1-port) converter detected
[   29.080766] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB0
[   29.091094] input: Librem 5 Headset Mic as 
/devices/platform/sound/sound/card0/input6
[   29.092893] imx-hdmi sound-hdmi: snd_soc_register_card failed (-517)
[   29.107724] option 1-1.2:1.1: GSM modem (1-port) converter detected
[   29.277461] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB1
[   29.292653] option 1-1.2:1.2: GSM modem (1-port) converter detected
[   29.326085] imx-hdmi sound-hdmi: snd_soc_register_card failed (-517)
[   29.427883] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB2
[   29.457265] option 1-1.2:1.3: GSM modem (1-port) converter detected
[...]
[   31.474866] usb 1-1.2: USB disconnect, device number 4
[   31.475478] option1 ttyUSB0: GSM modem (1-port) converter now disconnected 
from ttyUSB0
[   31.475542] option 1-1.2:1.0: device disconnected
[   31.482999] option1 ttyUSB1: GSM modem (1-port) converter now disconnected 
from ttyUSB1
[   31.483071] option 1-1.2:1.1: device disconnected
[   31.507980] option1 ttyUSB2: GSM modem (1-port) converter now disconnected 
from ttyUSB2
[   31.508439] option 1-1.2:1.2: device disconnected
[   31.552074] option1 ttyUSB3: GSM modem (1-port) converter now disconnected 
from ttyUSB3
[   31.552146] option 1-1.2:1.3: device disconnected
[   31.552425] qmi_wwan 1-1.2:1.4 wwan0: unregister 'qmi_wwan' 
usb-xhci-hcd.4.auto-1.2, WWAN/QMI device
```
If `udevadm settle` or the on-screen disk encryption keyboard is not run
in the initramfs the issue does not occur.

Rolling back to systemd 252-3 or 252.6-1 works around the issue. I
originally saw the issue on 252.11-1 but didn't report it as upgrading
to systemd from unstable (253-3) fixed the issue.

Additionally, using a keyfile such that running `udevadm settle` or
equivalent is not required works around the issue (though makes disk
encryption slightly pointless).


-- Package-specific info:

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: arm64 (aarch64)

Kernel: Linux 6.1-librem5 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CRAP
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl12.3.1-3
ii  libaudit1  1:3.0.9-1
ii  libblkid1  2.38.1-5+b1
ii  libc6  2.37-5
ii  libcap21:2.66-4
ii  libcryptsetup122:2.6.1-4
ii  libfdisk1  2.38.1-5+b1
ii  libgcrypt201.10.2-2
ii  libkmod2   30+20230519-1
ii  liblz4-1   1.9.4-1
ii  liblzma5   5.4.1-0.2
ii  libmount1  2.38.1-5+b1
ii  libp11-kit00.24.1-2
ii  libseccomp22.5.4-1+b3
ii  libselinux13.4-1+b6
ii  libssl33.0.9-1
ii  libsystemd-shared  253.5-1
ii  libsystemd0253.5-1
ii  libzstd1   1.5.5+dfsg2-1
ii  mount  2.38.1-5+b1
ii  systemd-dev253.5-1

Versions of packages systemd recommends:
ii  chrony [time-daemon]4.3-4
ii  dbus [default-dbus-system-bus]  1.14.8-1
ii  dbus-broker [dbus-system-bus]   33-1

Versions of packages systemd suggests:
ii  libfido2-11.13.0-1
ii  libqrencode4  4.1.1-1
pn  libtss2-esys-3.0.2-0  
pn  libtss2-mu0   
pn  libtss2-rc0   
ii  polkitd   122-4
pn  systemd-boot  
pn  systemd-container 
pn  systemd-homed 
ii  systemd-resolved  253.5-1
pn  systemd-userdbd   

Versions of packages systemd is related to:
ii  dbus-user-session  1.14.8-1
pn  dracut 
ii  initramfs-tools0.142
ii  libnss-systemd 253.5-1
ii  libpam-systemd 253.5-1
ii  udev   253.5-1

-- no debconf information

Bug#1040955: linux-image-6.1.0-10-amd64 | drm/i915 Intel GFX Driver crashes kernel

[Victor A. Bettachini]

Package: src:linux
Version: 6.1.37-1
Severity: important
X-Debbugs-Cc: vict...@gmx.net

Dear Maintainer,

I'd like to report this behaviour present when booting to
linux-image-6.1.0-10-amd64 but not but not when doing that to its
predecesor, linux-image-6.1.0-9-amd64.

Justa few seconds after graphic loging (Xorg session) the computer freezes
not even allowing to jump to any tty with ctrl-alt-F# key combination.

I'm attaching an excerpt of the output journalctl, the trace stating the
problem itself: i915_6.1.0-10_journalctl.txt

Kind regards,
Víctor Bettachini
Jul 11 04:05:16 atun kernel: [ cut here ]
Jul 11 04:05:16 atun kernel: i915 :00:02.0: drm_WARN_ON((val & (1 << 30)) 
== 0)
Jul 11 04:05:16 atun kernel: WARNING: CPU: 3 PID: 747 at 
drivers/gpu/drm/i915/display/intel_cdclk.c:887 skl_get_cdclk+0x280/0x2b0 [i915]
Jul 11 04:05:16 atun kernel: Modules linked in: ccm snd_seq_dummy snd_hrtimer 
snd_seq snd_seq_device snd_hda_codec_hdmi qrtr bnep binfmt_misc nls_ascii 
nls_cp437 vfat fat snd_sof_pci_intel_skl snd_sof_intel_hda_common 
soundwire_intel soundwire_generic_allocation soundwire_cadence 
snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_ctl_led 
x86_pkg_temp_thermal intel_powerclamp coretemp snd_sof dell_rbtn btusb 
snd_sof_utils btrtl kvm_intel btbcm soundwire_bus btintel btmtk 
snd_hda_codec_realtek snd_soc_skl kvm snd_soc_hdac_hda snd_hda_codec_generic 
dell_laptop snd_hda_ext_core intel_rapl_msr ledtrig_audio snd_soc_sst_ipc 
bluetooth mei_wdt mei_hdcp snd_soc_sst_dsp snd_soc_acpi_intel_match 
snd_soc_acpi snd_soc_core irqbypass snd_compress iwlmvm ghash_clmulni_intel 
jitterentropy_rng dell_smm_hwmon snd_hda_intel mac80211 uvcvideo 
snd_intel_dspcfg sha512_ssse3 snd_intel_sdw_acpi snd_hda_codec 
videobuf2_vmalloc aesni_intel videobuf2_memops libarc4 sha512_generic 
videobuf2_v4l2 crypto_simd cryptd
Jul 11 04:05:16 atun kernel:  videobuf2_common ctr dell_wmi snd_hda_core 
iwlwifi videodev snd_hwdep drbg mc rapl ansi_cprng snd_pcm iTCO_wdt 
intel_cstate intel_pmc_bxt snd_timer iTCO_vendor_support dell_smbios dcdbas 
processor_thermal_device_pci_legacy ecdh_generic intel_wmi_thunderbolt 
intel_uncore watchdog cfg80211 ecc dell_wmi_descriptor ee1004 wmi_bmof pcspkr 
processor_thermal_device snd processor_thermal_rfim mei_me 
processor_thermal_mbox processor_thermal_rapl soundcore rfkill 
intel_rapl_common mei intel_xhci_usb_role_switch roles intel_soc_dts_iosf 
intel_pch_thermal int3400_thermal intel_pmc_core int3403_thermal 
acpi_thermal_rel int340x_thermal_zone intel_hid sparse_keymap ac acpi_pad 
joydev serio_raw evdev sg msr parport_pc ppdev lp parport fuse loop efi_pstore 
configfs efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 
crc32c_generic dm_mod sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif 
crct10dif_generic i915 ahci xhci_pci libahci hid_alps hid_generic xhci_hcd 
drm_buddy libata
Jul 11 04:05:16 atun kernel:  i2c_algo_bit drm_display_helper cec 
rtsx_pci_sdmmc usbcore scsi_mod rc_core ttm crct10dif_pclmul crct10dif_common 
e1000e mmc_core drm_kms_helper i2c_hid_acpi i2c_i801 ptp i2c_hid crc32_pclmul 
drm crc32c_intel i2c_smbus scsi_common pps_core rtsx_pci intel_lpss_pci 
usb_common video battery hid intel_lpss_acpi intel_lpss wmi idma64 button
Jul 11 04:05:16 atun kernel: CPU: 3 PID: 747 Comm: Xorg Not tainted 
6.1.0-10-amd64 #1  Debian 6.1.37-1
Jul 11 04:05:16 atun kernel: Hardware name: Dell Inc. Latitude 7480/00F6D3, 
BIOS 1.31.0 03/28/2023
Jul 11 04:05:16 atun kernel: RIP: 0010:skl_get_cdclk+0x280/0x2b0 [i915]
Jul 11 04:05:16 atun kernel: Code: 8b 7d 08 4c 8b 6f 50 4d 85 ed 74 36 e8 b9 d6 
81 d0 48 c7 c1 d8 d0 bd c0 4c 89 ea 48 c7 c7 77 29 c0 c0 48 89 c6 e8 20 bd 1d 
d0 <0f> 0b 8b 53 04 e9 1d fe ff ff ba 5b b5 04 00 31 c0 89 13 e9 2b ff
Jul 11 04:05:16 atun kernel: RSP: 0018:b38881323890 EFLAGS: 00010282
Jul 11 04:05:16 atun kernel: RAX:  RBX: b388813238bc RCX: 

Jul 11 04:05:16 atun kernel: RDX: 0002 RSI: 91f4105e RDI: 

Jul 11 04:05:16 atun kernel: RBP: 8e9341e08000 R08:  R09: 
b38881323700
Jul 11 04:05:16 atun kernel: R10: 0003 R11: 926d43a8 R12: 
8e9341e09c20
Jul 11 04:05:16 atun kernel: R13: 8e92c14c9e80 R14: b38881323dc8 R15: 

Jul 11 04:05:16 atun kernel: FS:  7f791f209a80() 
GS:8e963158() knlGS:
Jul 11 04:05:16 atun kernel: CS:  0010 DS:  ES:  CR0: 80050033
Jul 11 04:05:16 atun kernel: CR2: 7f479ae8a0c0 CR3: 000103ee8001 CR4: 
003706e0
Jul 11 04:05:16 atun kernel: DR0:  DR1:  DR2: 

Jul 11 04:05:16 atun kernel: DR3:  DR6: fffe0ff0 DR7: 
0400
Jul 11 04:05:16 atun kernel: Call Trace:
Jul 11 04:05:16 atun kernel:  
Jul 11 04:05:16 atun kernel:  ? __warn+0x7d/0xc0
Jul 11 04:05:16 atun kernel:  ? skl_get_cdclk+0x280/0x2b0 [i915]
Jul 11 

Bug#1040934: bookworm-pu

[Michael Tokarev]

13.07.2023 03:12, Márk Csaba wrote:


Did I miss something?


If you're asking where's the fix for this issue in bookworm-pu (please
correct me if I guessed your question wrong), - it is not there yet. I
prepared an update for the next bookworm point release and asked the
release team if it is okay with them to include it. See
https://bugs.debian.org/1040875 .  If the release team ACKs it, I'll
upload it and it will be available.  If not, well, we'll see.

/mjt

Bug#1040954: inspircd: PID and Logging have broken permissions

[Victor Coss]

Package: inspircd
Version: 3.15.0-1
Severity: normal

Dear Maintainer,

The systemd service file starts InspIRCd with the --nopid flag, however the 
module sslrehashsignal requires there to be a PID. Please remove this argument 
from the ExecStart line. I have edited the inspircd.service file temporarily 
using  systemctl edit --full inspircd.service
However I believe due to the AppArmor profile that is shipped, the PID cannot 
write. You should allow the PID to be at /var/run/inspircd/inspircd.pid which 
is what I have configured as the location in my InspIRCd configuration file.
I however get the following error and InspIRCd fails to start: 

Failed to write PID-file '/var/run/inspircd/inspircd.pid', exiting. 

The permissions are as follows,

root@radium:~# ls -lah /var/run/inspircd/
total 0
drwxr-xr-x  2 irc  irc   40 Jul 12 15:21 .
drwxr-xr-x 20 root root 600 Jul 12 15:49 ..

That appears to be correct? However I do a dmesg and see that inspircd is being 
blocked under audit, I suppose this is from AppArmor?
[611682.465180] audit: type=1400 audit(1689212777.973:26): apparmor="DENIED" 
operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7703 
comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[612769.233201] audit: type=1400 audit(1689213864.742:27): apparmor="DENIED" 
operation="mknod" profile="/usr/sbin/inspircd" 
name="/run/inspircd/inspircd.pid" pid=7968 comm="inspircd" requested_mask="c" 
denied_mask="c" fsuid=39 ouid=39
[612769.478807] audit: type=1400 audit(1689213864.986:28): apparmor="DENIED" 
operation="mknod" profile="/usr/sbin/inspircd" 
name="/run/inspircd/inspircd.pid" pid=7969 comm="inspircd" requested_mask="c" 
denied_mask="c" fsuid=39 ouid=39
[612769.730910] audit: type=1400 audit(1689213865.238:29): apparmor="DENIED" 
operation="mknod" profile="/usr/sbin/inspircd" 
name="/run/inspircd/inspircd.pid" pid=7971 comm="inspircd" requested_mask="c" 
denied_mask="c" fsuid=39 ouid=39
[612769.990731] audit: type=1400 audit(1689213865.498:30): apparmor="DENIED" 
operation="mknod" profile="/usr/sbin/inspircd" 
name="/run/inspircd/inspircd.pid" pid=7973 comm="inspircd" requested_mask="c" 
denied_mask="c" fsuid=39 ouid=39
[612770.231224] audit: type=1400 audit(1689213865.738:31): apparmor="DENIED" 
operation="mknod" profile="/usr/sbin/inspircd" 
name="/run/inspircd/inspircd.pid" pid=7974 comm="inspircd" requested_mask="c" 
denied_mask="c" fsuid=39 ouid=39

Also logging is broken too. The default log file location of 
/var/log/inspircd.log doesn't write. The file exists however when I cat the 
file out, it remains empty. I have inspircd configured to log to that file as 
well.
In dmesg you can see the log file is being blocked.

[53.814582] audit: type=1400 audit(1689201089.349:15): apparmor="DENIED" 
operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" 
pid=7525 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39
[601900.436898] inspircd[7525]: segfault at 7f865dc02060 ip 7f865dc02060 sp 
7ffe3832d388 error 14 in m_filter.so[7f865de0c000+7000] likely on CPU 2 
(core 0, socket 0)
[601900.436959] audit: type=1400 audit(1689202995.964:16): apparmor="DENIED" 
operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7525 
comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[601949.800182] audit: type=1400 audit(1689203045.328:17): apparmor="DENIED" 
operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" 
pid=7586 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39
[605077.481347] inspircd[7586]: segfault at 7fb4b546d060 ip 7fb4b546d060 sp 
7ffd3d7c7768 error 14 in m_filter.so[7fb4b5677000+7000] likely on CPU 1 
(core 1, socket 0)
[605077.481416] audit: type=1400 audit(1689206173.006:18): apparmor="DENIED" 
operation="mknod" profile="/usr/sbin/inspircd" name="/core" pid=7586 
comm="inspircd" requested_mask="c" denied_mask="c" fsuid=39 ouid=39
[605212.549953] audit: type=1400 audit(1689206308.073:19): apparmor="DENIED" 
operation="open" profile="/usr/sbin/inspircd" name="/var/log/inspircd.log" 
pid=7637 comm="inspircd" requested_mask="ac" denied_mask="ac" fsuid=39 ouid=39

The permissions for the log file are as follows:

root@radium:~# ls -lah /var/log/inspircd.log
-rw-r- 1 irc adm 0 Jul 12 15:21 /var/log/inspircd.log
root@radium:~# cat /var/log/inspircd.log
root@radium:~#

As you can see the log file remains empty. However if I use journalctl -u 
inspircd.service I can see the log messages from inspircd.
In my inspircd config file I have a  so it 
should be writing there and appears to be attempting to according to dmesg.

Also there is a new upstream version of InspIRCd, 3.16.1 which quite a few bug 
fixes. Can you please package it?

Kindest Regards,
Victor Coss


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 

Bug#1040926: debian-reference: wrong option for tar

[肖盛文]

Control: tags -1 pending

Thanks for your report.

It's a typo, I fixed it in salsa:

https://salsa.debian.org/debian/debian-reference/-/commit/87410b43b0cd105dbe31e1c1af5f46ae8953f4b0

在 2023/7/12 20:49, sorre5+bljqqazxp6sek@cs.email 写道:

Package: debian-reference
Severity: normal

Dear Maintainer,

Section "10.1.3. Idioms for the archive" contains this command:

`find ./source -xdev -print0 | tar -cvJf archive.tar.xz --null -F -`

The last flag `-F -` should instead be `-T -`

Please fix.



--
肖盛文 xiao sheng wen
https://www.atzlinux.com 《铜豌豆 Linux》基于 Debian 的 Linux 中文 桌面 操作系统
Debian QA page: https://qa.debian.org/developer.php?login=atzlinux%40sina.com
Debian salsa: https://salsa.debian.org/atzlinux-guest
GnuPG Public Key: 0x00186602339240CB



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1024134: rust-chrono-humanize: please upgrade to v0.2.1 (or newer)

[Peter Green]

tags 1024134 +pending
thanks


Please upgrade to newer upstream release v0.2.1 (or newer), needed by
projects I am preparing for Debian.


noctis has prepared an update for rust-chrono-humanize and I have prepared
one for it's reverse dependency rust-lsd, however I think it is prudent to
wait until rust-lsd 0.23.1-5 is in testing before uploading them.

Bug#1040953: bookworm-pu: package sra-sdk/3.0.3+dfsg-6~deb12u1

[Aaron M. Ucko]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sra-...@packages.debian.org
Control: affects -1 + src:sra-sdk

[ Reason ]
Per #1039621, the new libngs-jni package accidentally wound up with
bad content (unexpanded variables in the key symlink's source *and*
target) that rendered it useless.

[ Impact ]
This package's reverse dependencies, from libngs-java on up, will be
broken unless libncbi-ngs-dev happens to be installed.

[ Tests ]
Various affected packages have autopkgtests, but they evidently missed
the relevant bug, having presumably wound up running with
libncbi-ngs-dev additionally installed.  (The tests did catch the
need for architecture restrictions that made it into bookworm, FWIW.)

[ Risks ]
Minimal -- trivial fix, working in testing and unstable with no
further changes from stable.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [v] I reviewed all changes and I approve them
  [v] attach debdiff against the package in (old)stable
  [v] the issue is verified as fixed in unstable

[ Changes ]
Tweak debian/rules to make the necessary substitutions in
libngs-java.links.in.

[ Other info ]
In reviewing the debdiff, I see that one of my teammates pushed a
debian/salsa-ci.yml update without a corresponding changelog note that
consequently slipped into -6 undocumented; what should I do about it
at this point?

I've held off on cleaning up a long-dangling symlink in a different
binary package (sra-toolkit, #1040391) but can readily throw that in
if you'd like.
diff -Nru sra-sdk-3.0.3+dfsg/debian/.gitignore 
sra-sdk-3.0.3+dfsg/debian/.gitignore
--- sra-sdk-3.0.3+dfsg/debian/.gitignore2023-02-24 05:52:27.0 
-0500
+++ sra-sdk-3.0.3+dfsg/debian/.gitignore1969-12-31 19:00:00.0 
-0500
@@ -1,16 +0,0 @@
-*.debhelper
-*.substvars
-.debhelper
-.javahelper_clean
-debhelper-build-stamp
-files
-lib*-dev
-lib*[0-9]
-libngs-java
-libngs-java-doc
-libngs-java-doc.doc-base.javadoc
-libngs-jni
-libngs-jni.links
-python3-ngs
-sra-toolkit
-tmp
diff -Nru sra-sdk-3.0.3+dfsg/debian/changelog 
sra-sdk-3.0.3+dfsg/debian/changelog
--- sra-sdk-3.0.3+dfsg/debian/changelog 2023-02-24 05:52:27.0 -0500
+++ sra-sdk-3.0.3+dfsg/debian/changelog 2023-07-12 22:20:14.0 -0400
@@ -1,3 +1,16 @@
+sra-sdk (3.0.3+dfsg-6~deb12u1) bookworm; urgency=medium
+
+  * Reupload to bookworm (stable).  (Closes: #10n).
+
+ -- Aaron M. Ucko   Wed, 12 Jul 2023 22:20:14 -0400
+
+sra-sdk (3.0.3+dfsg-6) unstable; urgency=high
+
+  * debian/rules: Expand $(DEB_HOST_MULTIARCH) in libngs-java.links.in.
+(Closes: #1039621.)
+
+ -- Aaron M. Ucko   Tue, 27 Jun 2023 22:14:41 -0400
+
 sra-sdk (3.0.3+dfsg-5) unstable; urgency=medium
 
   * Limit libngs-java to those architectures where libs are available
diff -Nru sra-sdk-3.0.3+dfsg/debian/rules sra-sdk-3.0.3+dfsg/debian/rules
--- sra-sdk-3.0.3+dfsg/debian/rules 2023-02-24 05:52:27.0 -0500
+++ sra-sdk-3.0.3+dfsg/debian/rules 2023-07-12 22:19:10.0 -0400
@@ -152,7 +152,10 @@
 execute_before_dh_link:
# Putting the upstream version number (without the dfsg part) at the 
end of
# symlink source in the -jni package.
-   sed 's/\(#STRIPPED_UPSTREAM_VERSION#\)/\1$(DEB_VERSION_UPSTREAM)/; 
s/#STRIPPED_UPSTREAM_VERSION#\(.*\)+dfsg[0-9]*/\1/' debian/libngs-jni.links.in 
> debian/libngs-jni.links
+   sed -e 's/\(#STRIPPED_UPSTREAM_VERSION#\)/\1$(DEB_VERSION_UPSTREAM)/' \
+   -e 's/#STRIPPED_UPSTREAM_VERSION#\(.*\)+dfsg[0-9]*/\1/' \
+   -e 's/\$$[({]DEB_HOST_MULTIARCH[)}]/$(DEB_HOST_MULTIARCH)/g' \
+   debian/libngs-jni.links.in > debian/libngs-jni.links
 
 # require network, not automatically run
 # use it when the pom file must be re-downloaded from maven repo
diff -Nru sra-sdk-3.0.3+dfsg/debian/salsa-ci.yml 
sra-sdk-3.0.3+dfsg/debian/salsa-ci.yml
--- sra-sdk-3.0.3+dfsg/debian/salsa-ci.yml  2023-02-24 05:52:27.0 
-0500
+++ sra-sdk-3.0.3+dfsg/debian/salsa-ci.yml  2023-07-12 22:19:10.0 
-0400
@@ -2,3 +2,7 @@
 include:
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
   - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+# Does not build on i386
+  SALSA_CI_DISABLE_BUILD_PACKAGE_I386: 1

Bug#1040952: quodlibet: Sometimes does not start on clicking play button

[mike]

Package: quodlibet
Version: 4.5.0-2
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***

Following pause of playback (e.g. of .flac track) play sometimes does not 
start, or is delayed by several seconds, after pressing play button (even 
though button icon changes from "play" to "pause").

I notice this particularly after requesting "Stop after this song".

Pressing forward and back button seems to clear the problem.

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages quodlibet depends on:
ii  exfalso  4.5.0-2
ii  gir1.2-gst-plugins-base-1.0  1.22.0-3+deb12u1
ii  gir1.2-gstreamer-1.0 1.22.0-2
ii  gir1.2-keybinder-3.0 0.3.2-1.1
ii  gstreamer1.0-alsa1.22.0-3+deb12u1
ii  gstreamer1.0-plugins-base1.22.0-3+deb12u1
ii  gstreamer1.0-plugins-good1.22.0-5+deb12u1
ii  gstreamer1.0-plugins-ugly1.22.0-2
ii  python3  3.11.2-1+b1

Versions of packages quodlibet recommends:
ii  gir1.2-gtksource-3.0 3.24.11-2+b1
ii  gir1.2-webkit2-4.0   2.40.3-2~deb12u1
ii  python3-dbus 1.3.2-4+b1
ii  python3-pyinotify0.9.6-2
ii  xfce4-notifyd [notification-daemon]  0.7.3-1

Versions of packages quodlibet suggests:
ii  gstreamer1.0-plugins-bad  1.22.0-4+deb12u1

-- no debconf information

Bug#1031183: grub-installer: postinst fails if efivarfs cannot be mounted

[Arnaud Rebillout]

On 12/07/2023 21:57, Roland Clobus wrote:


This looks to be very similar that I reported in the first part of 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039710

On BIOS-boots the EFI /sys mount is not present.


I've read #1039710, I can confirm about the syslog issue, 
/var/log/syslog has just one line in it.


Regarding GRUB failing to install, I forgot to mention how it actually 
looks like: a error screen, red, stating "Failed to mount /target/proc". 
The message is pretty misleading though, it's hardcoded in the template, 
and it can show up in various situations: when mkdir fails, or when 
mount fails, and for either /proc, /sys or /sys/firmware/efi/efivars...


Cheers,

--
Arnaud Rebillout / OffSec / Kali Linux Developer

Bug#1040265: fixing CVE-2023-36813 in kanboard/bookworm

[Joe Nahmias]

Please see attached proposed debdiff for fixing CVE-2023-36813 in bookworm.

--Joe
diff -Nru kanboard-1.2.26+ds/debian/changelog kanboard-1.2.26+ds/debian/changelog
--- kanboard-1.2.26+ds/debian/changelog	2023-06-15 23:02:33.0 -0400
+++ kanboard-1.2.26+ds/debian/changelog	2023-07-12 20:13:20.0 -0400
@@ -1,3 +1,13 @@
+kanboard (1.2.26+ds-2+deb12u2) bookworm; urgency=high
+
+  * backport fix for CVE-2023-36813: Multiple Authenticated SQL Injections
+https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
+Fix picked from kanboard v1.2.31
+https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad
+(Closes: #1040265)
+
+ -- Joseph Nahmias   Wed, 12 Jul 2023 20:13:20 -0400
+
 kanboard (1.2.26+ds-2+deb12u1) bookworm; urgency=high
 
   * Cherry-pick security fixes from kanboard_1.2.26+ds-[34] for bookworm.
diff -Nru kanboard-1.2.26+ds/debian/patches/CVE-2023-36813.patch kanboard-1.2.26+ds/debian/patches/CVE-2023-36813.patch
--- kanboard-1.2.26+ds/debian/patches/CVE-2023-36813.patch	1969-12-31 19:00:00.0 -0500
+++ kanboard-1.2.26+ds/debian/patches/CVE-2023-36813.patch	2023-07-12 19:58:45.0 -0400
@@ -0,0 +1,34 @@
+From 25b93343baeaf8ad018dcd87b094e47a5c6a3e0a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= 
+Date: Fri, 30 Jun 2023 21:08:11 -0700
+Subject: [PATCH] Avoid potential SQL injections without breaking compatibility
+ with plugins
+
+---
+ libs/picodb/lib/PicoDb/Database.php | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libs/picodb/lib/PicoDb/Database.php b/libs/picodb/lib/PicoDb/Database.php
+index 22c9d2fb61..df017ed82b 100644
+--- a/libs/picodb/lib/PicoDb/Database.php
 b/libs/picodb/lib/PicoDb/Database.php
+@@ -5,6 +5,7 @@
+ use Closure;
+ use PDOException;
+ use LogicException;
++use PicoDb\SQLException;
+ use PicoDb\Driver\Mssql;
+ use PicoDb\Driver\Sqlite;
+ use PicoDb\Driver\Mysql;
+@@ -215,6 +216,11 @@ public function escapeIdentifier($value, $table = '')
+ return $value;
+ }
+ 
++// Avoid potential SQL injection
++if (preg_match('/^[a-z0-9_]+$/', $value) === 0) {
++throw new SQLException('Invalid identifier: '.$value);
++}
++
+ if (! empty($table)) {
+ return $this->driver->escape($table).'.'.$this->driver->escape($value);
+ }
diff -Nru kanboard-1.2.26+ds/debian/patches/series kanboard-1.2.26+ds/debian/patches/series
--- kanboard-1.2.26+ds/debian/patches/series	2023-06-15 23:01:14.0 -0400
+++ kanboard-1.2.26+ds/debian/patches/series	2023-07-12 19:59:09.0 -0400
@@ -10,3 +10,4 @@
 CVE-2023-33956.patch
 CVE-2023-33970.patch
 CVE-2023-33968.patch
+CVE-2023-36813.patch

Bug#1032192: In-A-Dyn request

[Benda Xu]

Hi Hans,

Hans-Joachim Hoetger  writes:

> i'm using In-A-Dyn to write only my IPv6 address to SpDyn. The address
> is provided via DHCP by my Router (FritzBox). Unfortunately dhcp with
> ipv4 is much faster than dhcp with ipv6. The interface has its v4
> address about 20s earlier than its v6 address. As dirty hack, i added
> a 'sleep 30' to 'checkip-command' in /etc/inadyn.conf
>
> --> checkip-command = "/usr/bin/sleep 30; /bin/ip address show wlp2s0
> | grep inet6 | egrep -v 'mngtmpaddr|temporary' | grep 'scope global' |
> awk -F '[ ]+|/' '{print $3}'"
>
> Then i found an option 'startup-delay' in the man pages, but could not figure 
> out, how to set this in inadyn.conf. Thats why i asked on the project 
> homepage:
> --> https://github.com/troglobit/inadyn/issues/428
>
> Joachim Wiberg pointed out, that he ships a inadyn.service file, that
> parses /etc/default/inadyn for environment variables $INADYN_OPTS and
> $INADYN_ARGS. The contents is then passed to inadyn. Can we have this
> in debian bookworm, too?

Thanks for reporting.  I am forwarding your request to bug 1032192.

Yours,
Benda


signature.asc
Description: PGP signature

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24+deb12u1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: martin-eric.rac...@iki.fi
Control: affects -1 + src:dhcpcd5

[ Reason ]
The dhcpcd binary package last existed in wheezy with an epoch of 1: and
got reintroduced in bookworm without epoch.
Add back the epoch to have only increasing version numbers in the
archive. At the same time clean up leftovers from the wheezy package.

[ Impact ]
incomplete upgrade if dhcpcd/wheezy is still installed

[ Tests ]
local piuparts upgrade tests

[ Risks ]
low, there are no versioned dependencies within the package that could
be invalidated by adding the epoch

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]
+  * Backported Wheezy upgrade mitigation from unstable (see #1037190):
++ Include /usr/share/dpkg/pkg-info.mk needed for target version mingling.
++ Add epoch to bin:dhcpcd via override_dh_gencontrol.
+  Wheezy had (1:3.2.3-11+deb7u1) so reintroduce the epoch for one target.
++ Add dhcpcd.preinst by Andreas Beckmann to cleanup upgrade leftovers.

[ Other info ]


Andreas
diff -Nru dhcpcd5-9.4.1/debian/changelog dhcpcd5-9.4.1/debian/changelog
--- dhcpcd5-9.4.1/debian/changelog  2023-05-29 10:45:31.0 +0300
+++ dhcpcd5-9.4.1/debian/changelog  2023-07-09 22:22:47.0 +0300
@@ -1,6 +1,16 @@
+dhcpcd5 (9.4.1-24+deb12u1) stable-proposed-updates; urgency=medium
+
+  * Backported Wheezy upgrade mitigation from unstable (see #1037190):
++ Include /usr/share/dpkg/pkg-info.mk needed for target version mingling.
++ Add epoch to bin:dhcpcd via override_dh_gencontrol.
+  Wheezy had (1:3.2.3-11+deb7u1) so reintroduce the epoch for one target.
++ Add dhcpcd.preinst by Andreas Beckmann to cleanup upgrade leftovers.
+
+ -- Martin-Éric Racine   Sun, 09 Jul 2023 22:22:47 
+0300
+
 dhcpcd5 (9.4.1-24) unstable; urgency=medium
 
-  * Upload to unstable
+  * Upload to unstable.
 
  -- Martin-Éric Racine   Mon, 29 May 2023 15:45:31 
+0800
 
diff -Nru dhcpcd5-9.4.1/debian/copyright dhcpcd5-9.4.1/debian/copyright
--- dhcpcd5-9.4.1/debian/copyright  2023-05-24 16:29:33.0 +0300
+++ dhcpcd5-9.4.1/debian/copyright  2023-07-09 22:09:15.0 +0300
@@ -4,7 +4,7 @@
 Upstream-Contact: Roy Marples 
 
 Files: *
-Copyright: 2006-2018  Roy Marples 
+Copyright: 2006-2023  Roy Marples 
1999, 2016 The NetBSD Foundation, Inc.
2005 Colin Percival
2005 The DragonFly Project.  All rights reserved.
@@ -68,6 +68,7 @@
2015 Daniel Echeverry 
2018 Scott Leggett 
2022-2023 Martin-Éric Racine 
+   2023 Andreas Beckmann 
 License: BSD-2
 
 Files: debian/hooks/*
diff -Nru dhcpcd5-9.4.1/debian/dhcpcd.preinst 
dhcpcd5-9.4.1/debian/dhcpcd.preinst
--- dhcpcd5-9.4.1/debian/dhcpcd.preinst 1970-01-01 02:00:00.0 +0200
+++ dhcpcd5-9.4.1/debian/dhcpcd.preinst 2023-07-09 22:07:22.0 +0300
@@ -0,0 +1,14 @@
+#!/bin/sh
+# As per Debian bug #1037190.
+# Copyright 2023 Andreas Beckmann 
+set -e
+if dpkg --compare-versions "$2" lt-nl "1:9.4.1-24+deb12u1~" ; then
+  # Cleanup leftovers from dhcpcd 1:3.* in Wheezy.
+  # Can be removed after Trixie is released.
+  update-alternatives --remove dhcpcd /sbin/dhcpcd3
+  if [ -d /etc/dhcpc ]; then
+test ! -h /etc/dhcpc/resolv.conf || rm -fv /etc/dhcpc/resolv.conf
+rmdir --ignore-fail-on-non-empty /etc/dhcpc
+  fi
+fi
+#DEBHELPER#
diff -Nru dhcpcd5-9.4.1/debian/rules dhcpcd5-9.4.1/debian/rules
--- dhcpcd5-9.4.1/debian/rules  2023-05-24 16:29:33.0 +0300
+++ dhcpcd5-9.4.1/debian/rules  2023-07-09 22:14:37.0 +0300
@@ -1,4 +1,5 @@
 #!/usr/bin/make -f
+include /usr/share/dpkg/pkg-info.mk
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
@@ -12,8 +13,12 @@
--libexecdir=/usr/lib/dhcpcd \
--rundir=/run/dhcpcd
 
-# avoid starting the unconfigured service as it may break connectivity
+# Wheezy had (1:3.2.3-11+deb7u1) so reintroduce the epoch for one target.
+override_dh_gencontrol:
+   dh_gencontrol --package=dhcpcd -- -v1:$(DEB_VERSION_UPSTREAM_REVISION)
+   dh_gencontrol --remaining-packages
 
+# Avoid starting the unconfigured service as it may break connectivity.
 override_dh_installinit:
dh_installinit --name=dhcpcd --no-start
 

Bug#1040934: bookworm-pu

[Márk Csaba]

So "-pu" is the "proposed updates" . I learn every day something.

 

Regarding the proposed updates:

*   I found it in the upgrade manual
 : 
4.2.9. The proposed-updates section
If you have listed the proposed-updates section in your APT source-list
files, you should remove it before attempting to upgrade your system. This
is a precaution to reduce the likelihood of conflicts.
*   I checked one another manual which led me to this link:
https://release.debian.org/proposed-updates/stable.html
qemu is not listed there.
*   changed the apt source line to "bookworm-proposed-updates main
contrib non-free non-free-firmware", ran "apt update", then "apt-cache
madison qemu-system-x86". Got this:
qemu-system-x86 | 1:7.2+dfsg-7 | http://ftp.hu.debian.org/debian stable/main
amd64 Packages
qemu-system-x86 | 1:7.2+dfsg-7 | http://ftp.br.debian.org/debian stable/main
amd64 Packages
qemu-system-x86 | 1:7.2+dfsg-7~bpo11+1 | http://ftp.debian.org/debian
bullseye-backports/main amd64 Packages
qemu-system-x86 | 1:5.2+dfsg-11+deb11u2 | http://ftp.hu.debian.org/debian
bullseye/main amd64 Packages
qemu-system-x86 | 1:5.2+dfsg-11+deb11u2 |
https://deb.debian.org/debian-security bullseye-security/main amd64 Packages
qemu-system-x86 | 1:5.2+dfsg-11+deb11u2 | http://deb.debian.org/debian
bullseye/main amd64 Packages
qemu-system-x86 | 1:5.2+dfsg-9~bpo10+1 | http://ftp.debian.org/debian
buster-backports/main amd64 Packages

 

Did I miss something?

 

 

Bug#1037190: closed by Debian FTP Masters (reply to Martin-Éric Racine ) (Bug#1037190: fixed in dhcpcd 10.0.1-1)

[Andreas Beckmann]

On 11/07/2023 07.05, Martin-Éric Racine wrote:

This is what I would push to stable-proposed-updates (see attachment).
Would this do the trick? If yes, I can upload to Mentors. If not,
please explain.


Package waiting on Mentors.


Looks good. Minor nitpicks:
- in d/changelog: use "bookworm" instead of "stable-proposed-updates"
- close the bug #1037190

Can you put the commits in a new debian/bookworm branch on salsa, 
starting from tag debian/9.4.1-24?


I'll sponsor that upload for you.

Andreas

Bug#1040934: Missing USB and other support in qemu

[Gwyll Gwyllin]

Hi,

 

"You didn't mention what's up with "other support in qemu", though."

 

Sorry. Here   I read this:

"Please don't report multiple unrelated bugs - especially ones in different
packages - in a single bug report."

 

I don't know if those are related, but:

in a domU config file I can't use:

*   device_model
*   device_model_override

or the domU will not start.

 

"This is #1037341, fixed in sid and in bookworm-pu."
 
I upgraded from bullseye . probably to bookworm.
12.0 is bookworm, right?
 
Gwyll

Bug#1040782:

[Tangent128]

Seeing the same thing with a Wacom One tablet- selecting a color from
the palette with the stylus immediately crashes GIMP.

```
GNU Image Manipulation Program version 2.10.34
git-describe: GIMP_2_10_34
Build: unknown rev 0 for linux
# C compiler #
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/12/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian
12.2.0-14' --with-bugurl=file:///usr/share/doc/gcc-12/README.Bugs
--enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2
--prefix=/usr --with-gcc-major-version-only --program-suffix=-12
--program-prefix=x86_64-linux-gnu- --enable-shared
--enable-linker-build-id --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --libdir=/usr/lib
--enable-nls --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new
--enable-gnu-unique-object --disable-vtable-verify --enable-plugin
--enable-default-pie --with-system-zlib
--enable-libphobos-checking=release --with-target-system-zlib=auto
--enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet
--with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-12-bTRWOB/gcc-12-12.2.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-12-bTRWOB/gcc-12-12.2.0/debian/tmp-gcn/usr
--enable-offload-defaulted --without-cuda-driver
--enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.2.0 (Debian 12.2.0-14)

# Libraries #
using babl version 0.1.106 (compiled against version 0.1.98)
using GEGL version 0.4.44 (compiled against version 0.4.42)
using GLib version 2.74.6 (compiled against version 2.74.5)
using GdkPixbuf version 2.42.10 (compiled against version 2.42.10)
using GTK+ version 2.24.33 (compiled against version 2.24.33)
using Pango version 1.50.14 (compiled against version 1.50.12)
using Fontconfig version 2.14.1 (compiled against version 2.14.1)
using Cairo version 1.16.0 (compiled against version 1.16.0)

```
> fatal error: Aborted

Stack trace:
```

# Stack traces obtained from PID 5310 - Thread 5310 #

[New LWP 5312]
[New LWP 5313]
[New LWP 5314]
[New LWP 5315]
[New LWP 5316]
[New LWP 5317]
[New LWP 5318]
[New LWP 5319]
[New LWP 5320]
[New LWP 5321]
[New LWP 5322]
[New LWP 5323]
[New LWP 5324]
[New LWP 5325]
[New LWP 5326]
[New LWP 5330]
[New LWP 5331]
[New LWP 5335]
[New LWP 5339]
[New LWP 5771]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x7fcd20464a6c in read () from /lib/x86_64-linux-gnu/libc.so.6
  Id   Target Id Frame
* 1Thread 0x7fcd1f77b300 (LWP 5310) "gimp-2.10"
0x7fcd20464a6c in read () from /lib/x86_64-linux-gnu/libc.so.6
  2Thread 0x7fcd1ef5a6c0 (LWP 5312) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  3Thread 0x7fcd1e7596c0 (LWP 5313) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  4Thread 0x7fcd1df586c0 (LWP 5314) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  5Thread 0x7fcd1d7576c0 (LWP 5315) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  6Thread 0x7fcd1cf566c0 (LWP 5316) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  7Thread 0x7fcd06c0 (LWP 5317) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  8Thread 0x7fcd0f7fe6c0 (LWP 5318) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  9Thread 0x7fcd0effd6c0 (LWP 5319) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  10   Thread 0x7fcd0e7fc6c0 (LWP 5320) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  11   Thread 0x7fcd0dffb6c0 (LWP 5321) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  12   Thread 0x7fcd0d7fa6c0 (LWP 5322) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  13   Thread 0x7fcd0cff96c0 (LWP 5323) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  14   Thread 0x7fccebfff6c0 (LWP 5324) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  15   Thread 0x7fcceb7fe6c0 (LWP 5325) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  16   Thread 0x7fcceaffd6c0 (LWP 5326) "worker"
0x7fcd2046deb9 in syscall () from /lib/x86_64-linux-gnu/libc.so.6
  17   Thread 0x7fccea5be6c0 (LWP 5330) "gmain"
0x7fcd204689ef in poll () from /lib/x86_64-linux-gnu/libc.so.6
  18   Thread 

Bug#1032409:

[Nilson Silva]

Hi Chris Lamb!
I just applied the correct fixes
Thanks!

...

Nilson F. Silva

Bug#1037100: cpp-httplib: CVE-2023-26130

[Andrea Pappacoda]

Il giorno mer 12 lug 2023 alle 14:19:34 +02:00:00, Bastian Germann 
 ha scritto:
When you fix the unstable version via a patch and later upgrade to a 
new upstream version there is almost no additional work. So please go 
that route.


Yeah but this time I had already upgraded to a new upstream version 
(for experimental and now unstable), so it was easier for me to just 
create a new debian/bookworm git branch and backport the fix there.


Your new version still has an experimental 0.12 in the changelog that 
was never uploaded.


I'd prefer not to remove the experimental 0.12 from the changelog, 
since I have already uploaded everything to git and mentors. It's also 
something that actually happened, but I simply didn't find a sponsor in 
time and a new unstable release was prepared before uploading the 
experimental one. Unless I really _must_ remove the experimental entry 
from the changelog and git history I'd prefer to keep everything as is; 
it just looks like wasted effort to me, and I'd like to spend my time 
packaging a new yuzu version instead :)


I've uploaded the bookworm-security branch on Git, see 
. 
I'm unable to upload it to mentors because bookworm-security hasn't 
been added to the site yet.


I think that everything is ok, but Lintian is giving me this error:

   E: cpp-httplib changes: bad-distribution-in-changes-file 
bookworm-security

   N:
   N: You've specified an unknown target distribution for your upload 
in the
   N: debian/changelog file. It is possible that you are uploading for 
a
   N: different distribution than the one Lintian is checking for. In 
that case,

   N: passing --profile $VENDOR may fix this warning.
   N:
   N: Note that the distributions non-free and contrib are no longer 
valid.
   N: You'll have to use distribution unstable and Section: 
non-free/xxx or

   N: Section: contrib/xxx instead.
   N:
   N: Please refer to Distribution (Section 5.6.14) in the Debian 
Policy Manual

   N: for details.
   N:
   N: Visibility: error
   N: Show-Always: no
   N: Check: fields/distribution

If you think that this is a false positive, I can continue with the 
process.


Thanks :D

Bug#940095: debianutils: triggers error in update-mime at config time

[Bastian Germann]

Control: tags -1 unreproducible

Please provide more info. I cannot reproduce this.

Bug#1040950: bullseye-pu: package autofs/5.1.7-1+deb11u1

[Mike Gabriel]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: aut...@packages.debian.org
Control: affects -1 + src:autofs

Two issues have recently been addressed in autofs uploads to unstable.

[ Reason ]

Fixed issues:

  * Don't let NFSv4-only mounts use rpcbind portmapper service.
  * Fix missing unlock in sasl_do_kinit_ext_cc().

[ Impact ]
Fix autofs hanging for LDAP+Kerberos setups. Avoid communication to
rpcbind for NFSv4-only mounts.


[ Tests ]
Manually, on production site, by bug submitters.

[ Risks ]
Regressions in autofs.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
++ Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4-
+  only mounts use rpcbind portmapper service. (Closes: #1034261).
++ Add fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch. Fix missing unlock
+  in sasl_do_kinit_ext_cc(). (Closes: #1039967).


[ Other info ]
Salvatore Bonnacorso (@carnil) will likely follow up this pu with another
pu. Not sure if he gets around to it before the deadline for the next
11.x point release.
diff -Nru autofs-5.1.7/debian/changelog autofs-5.1.7/debian/changelog
--- autofs-5.1.7/debian/changelog   2021-02-04 13:36:20.0 +0100
+++ autofs-5.1.7/debian/changelog   2023-07-10 19:01:17.0 +0200
@@ -1,3 +1,13 @@
+autofs (5.1.7-1+deb11u1) bullseye; urgency=medium
+
+  * debian/patches:
++ Add fix-nfs4-only-mounts-should-not-use-rpcbind.patch. Don't let NFSv4-
+  only mounts use rpcbind portmapper service. (Closes: #1034261).
++ Add fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch. Fix missing unlock
+  in sasl_do_kinit_ext_cc(). (Closes: #1039967).
+
+ -- Mike Gabriel   Mon, 10 Jul 2023 19:01:17 +0200
+
 autofs (5.1.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru 
autofs-5.1.7/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch 
autofs-5.1.7/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
--- 
autofs-5.1.7/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
1970-01-01 01:00:00.0 +0100
+++ 
autofs-5.1.7/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
2023-07-05 12:14:29.0 +0200
@@ -0,0 +1,45 @@
+From b2571ed0df973a6dc6a8e661874655fa7cecdc37 Mon Sep 17 00:00:00 2001
+From: James Dingwall 
+Date: Wed, 20 Jul 2022 13:22:38 +0800
+Subject: autofs-5.1.8 - fix missing unlock in sasl_do_kinit_ext_cc()
+
+There is a missing mutex unlock in function sasl_do_kinit_ext_cc(),
+fix it.
+
+Signed-off-by: James Dingwall 
+Signed-off-by: Ian Kent 
+---
+# CHANGELOG| 1 +
+ modules/cyrus-sasl.c | 4 
+ 2 files changed, 5 insertions(+)
+
+#diff --git a/CHANGELOG b/CHANGELOG
+#index 1f7c93a..e0b285d 100644
+#--- a/CHANGELOG
+#+++ b/CHANGELOG
+#@@ -27,6 +27,7 @@
+# - add autofs_strerror_r() helper for musl.
+# - update configure.
+# - handle innetgr() not present in musl.
+#+- fix missing unlock in sasl_do_kinit_ext_cc().
+# 
+# 19/10/2021 autofs-5.1.8
+# - add xdr_exports().
+diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
+index ae046e0..738e363 100644
+--- a/modules/cyrus-sasl.c
 b/modules/cyrus-sasl.c
+@@ -721,6 +721,10 @@ sasl_do_kinit_ext_cc(unsigned logopt, struct 
lookup_context *ctxt)
+ 
+   debug(logopt, "Kerberos authentication was successful!");
+ 
++  status = pthread_mutex_unlock(_mutex);
++  if (status)
++  fatal(status);
++
+   return 0;
+ 
+ out_cleanup_def_princ:
+-- 
+cgit 
+
diff -Nru 
autofs-5.1.7/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch 
autofs-5.1.7/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch
--- 
autofs-5.1.7/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch   
1970-01-01 01:00:00.0 +0100
+++ 
autofs-5.1.7/debian/patches/fix-nfs4-only-mounts-should-not-use-rpcbind.patch   
2023-07-05 12:14:29.0 +0200
@@ -0,0 +1,97 @@
+From 80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc Mon Sep 17 00:00:00 2001
+From: Ian Kent 
+Date: Sun, 31 Oct 2021 07:36:16 +0800
+Subject: autofs-5.1.8 - fix nfsv4 only mounts should not use rpcbind
+
+Commit 606795ecfaa1 ("autofs-5.1.7 - also require TCP_REQUESTED when
+setting NFS port" together with commit 26fb6b5408be) caused NFSv4 only
+mounts to also use rpcbind to probe availability which breaks the
+requirememt that this type of mount not use rpcbind at all.
+
+Fix this by treating fstype=nfs4 mounts as a special case which doesn't
+use rpcbind.
+
+Signed-off-by: Ian Kent 
+---
+# CHANGELOG|  1 +
+ include/replicated.h |  2 ++
+ modules/mount_nfs.c  | 13 +++--
+ modules/replicated.c |  4 ++--
+ 4 files changed, 12 insertions(+), 8 deletions(-)
+
+#diff --git a/CHANGELOG 

Bug#1038699: closed by Patrick Franz ()

[Lisandro Damian Nicanor Perez Meyer]

On miércoles, 12 de julio de 2023 19:15:20 -03 Lisandro Damian Nicanor Perez 
Meyer wrote:
> On miércoles, 21 de junio de 2023 05:51:37 -03 Oswald Buddenhagen wrote:
> > huh?
> > 
> > if the declaration of the private dependency is just missing in that qtc
> > plugin , then fair enough.
> 
> You need the QML private headers for that part since ages.
> 
> > but that doesn't explain the total garbage
> > error message which suggests some kind of internal error (it sort of
> > suggests that an incomplete package is installed like in the other bug i
> > reported, except that it's just not there).
> 
> Exactly, it suggests you are missing the private headers. Whoever coded that
> made them a dependency. The fact that we split them and do not install them
> by default makes the code show that error message.

Or maybe you where suggesting that the error message is not as helpful as a 
more direct one. If that's the case... I don't think any of us will put time 
on that. If you want I can reopen the bug and mark it as wishlist. But you 
know the upstream procedure better than I, and maybe you can sen a patch to 
upstream!


signature.asc
Description: This is a digitally signed message part.

Bug#698052: libsdl1.2-dev: static linking not supported

[Simon McVittie]

Control: retitle -1 libsdl1.2-dev: static linking not supported
Control: severity -1 wishlist
Control: notforwarded -1
Control: tags -1 = wontfix

On Sun, 13 Jan 2013 at 16:01:52 +0100, Schrober wrote:
> Compiling a program statically with `sdl-config --static-libs ...` will 
> result 
> in missing symbols

libsdl1.2-dev is now provided by sdl12-compat, which doesn't ship a static
library, so this is not going to be fixable.

It wouldn't make much sense to link programs to sdl12-compat statically,
because sdl12-compat works by dlopen()ing SDL2, so there is dynamic
linking happening there whether you want it to or not.

In newer programs that have been ported to SDL2, linking to a static
SDL2 with CMake is possible (and there's an automated test for it), but
fully-static linking is impossible because some of SDL2's dependencies
(notably libasound) do not provide a static library at all.

smcv

Bug#1040644: [INTL:ro] Translation-revision of "apt" to Romanian

[Remus-Gabriel Chelu]

Hello David,


  first of all, I must admit that in the translation process, I peek at
the translations made by the other Latin teams (I studied also French
in the school, and I have lived in Spain for 20 years), so at least
in part , the reported errors/"sins", are due to this.


În miercuri 12 iulie 2023 14:41:44 (+02:00), David Kalnischkies a scris:

> Hi,
>
> On Sat, Jul 08, 2023 at 01:04:28PM +, Remus-Gabriel Chelu wrote:
> > Please find attached the Romanian translation of the «apt» file.
>
> Thanks for the update!
>
> I have questions/comments through about the top of the file,
> here the diff with inline comments:
>
> | -# translation of ro.po to Romanian
> | -#
> | +# translation of APT message to Romanian
> | +# Mesajele în limba română pentru pachetul APT.
> | +# Advanced Package Transfer - APT message translation catalog
>
> While they seem borderline pointless as what else should they be,
> at least the third one is extremely misleading… APT doesn't stand
> for "Advanced Package Transfer"… it is somewhat questionable if it
> stands for anything at all even if various sources on the internet
> have their own ideas what it stands for…
>

  "Sinning" because of the French/Spanish team, but... a search for
"Advanced Package Transfer" or "APT message translation catalog" in the
"po/" directory will yield more surprises.


>
> | +# Copyright © 2002-2023 Free Software Foundation, Inc.
>
> Are you, like, sure?
>

  Same as above, "sinning" because of the Spanish team, but... a search for
"Free Software Foundation, Inc" in the "po/" directory,
will "sing, bingo!" more than once.


> | # Licensing is complex as the msgid come from several files, please see
> | # the individual files for licensing information.
> | -#
> | -# This file originally stated:
>
> Please keep this line as it explains the following line claiming
> that the file is under public domain – which in its entirety is
> questionable as the code the messages are extracted from is not,
> so at the very least the English messages are not beside that
> public domain is a complicated concept around the world.
>
>
  Same as in the two cases above.


> | # This file is put in the public domain.
> | #
> | # Sorin Batariuc , 2004, 2005, 2006.
> | # Eddy Petrișor , 2008.
> | +# Remus-Gabriel Chelu , 2023.
> | +#
> | +# Cronologia traducerii fișierului „apt”:
> | +# Traducerea inițială, făcută de SB, pentru versiunea apt ???, 2004.
> | +# Actualizare a traducerii pentru versiunea ???, făcută de SB 2005.
> | +# Actualizare a traducerii pentru versiunea ???, făcută de SB 2006.
> | +# Actualizare a traducerii pentru versiunea 1.0.5, făcută de EP noi-2008.
> | +# Actualizare a traducerii pentru versiunea 2.7.1, făcută de R-GC, 
> iul-2023.
> | +# Actualizare a traducerii pentru versiunea Y, făcută de X, Z(luna-anul).
>
> I don't speak Romanian so I don't know, but it looks to me like you are
> trying to record here who translated which version and when. You can
> reasonably easy figure this out with the right 'git' commands as that is
> what version control systems are built for, so I am not sure its a good
> idea to keep a manual list (which someone will forget to update at some
> point for sure) for questionable benefit?
>
>
  Yes, you are right; it deals with a chronology of the translation of
"apt" messages into Romanian, recording the author, the version of "apt"
and the month-year when the translation was made.
  I come from the translation project (GNU) ,
and here it is quite normal for the software parts of the project to be
updated between 3-4 times a year; the timeline above is meant to show
this continuity over time.
  Regarding using the git commands, you have to admit that the "curious"
would have to do a «git clone» first, before they can use the git search/show
commands, which I think is too much of a "disturbance" for the ultimate
goal of satisfying this curiosity.
  Also, I don't think many in the yard the "antelope/penguin" know much
about 'git' commands other than "git clone/git pull/git commit/git push".


> Btw, the answer for the first ??? is 0.5.24. See
> https://bugs.debian.org/281458.

  Thanks, for the point/tip, I will apply it.


> | "Language-Team: Romanian \n"
>

  I don't know/understand what you meant here.


> You seem (very) active on the list and not too many others around from
> a casual look, so that seems fine, but in an ideal world you would post
> a review request there first.
>
>
  Yes it is; I stopped publishing translations for review on the team page,
after noticing that "long" translations do not generate interest for review
due to their size.
  I usually post on the team page the link to the page where the translation
appears, so that possible interested parties are aware of its existence.


  Returning to the "sins" header, here I present a possible "salvation" of it:
-
# Translation of apt messages to Romanian.
# Mesajele în limba română pentru pachetul „apt”.

Bug#1040949: bookworm-pu: package gosa/2.8~git20230203.10abe45+dfsg-1+deb12u1

[Mike Gabriel]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: g...@packages.debian.org
Control: affects -1 + src:gosa

GOsa²'s PHP 8.2 support was rather poor at the release time of Debian 12.
This update will amend various issues found while testing GOsa² with
Debian Edu.

[ Reason ]
Various issues could be resolved:

  * deprecation warnings
  * missing smarty template file
  * broken debug support

[ Impact ]
Only GOsa² users will be affected by this upload.

[ Tests ]
Manual tests on Debian Edu TJENER system.

[ Risks ]
Introduction of regressions in GOsa² in Debian 12.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  [ Mike Gabriel ]
+  * debian/patches:
++ Add 1003_php-deprecations.patch. Silence various PHP 8.2 deprecation
+  warnings. (Closes: #1038682).
+
+  [ Daniel Teichmann ]
+  * debian/patches:
++ Add 1004_missing_templates.patch. (Closes: #1039697)
++ Update 1002_php82-allow-dynamic-properties.patch: Tolerate dyn. prop. for
+  ALL PHP classes. (Closes: #1039894)
++ Add 1005_preg_replace_deprecation.patch.
++ Add 1006_fix-overflow-debug-print_a-func.patch. (Closes: #1040839)


[ Other info ]
This might not be the last pu of GOsa² to bookworm. But various noises
should be reduced after this update has landed. We also work with
upstream on amending the patched issues there.
diff -Nru gosa-2.8~git20230203.10abe45+dfsg/debian/changelog 
gosa-2.8~git20230203.10abe45+dfsg/debian/changelog
--- gosa-2.8~git20230203.10abe45+dfsg/debian/changelog  2023-02-06 
20:43:44.0 +0100
+++ gosa-2.8~git20230203.10abe45+dfsg/debian/changelog  2023-07-12 
23:12:05.0 +0200
@@ -1,3 +1,20 @@
+gosa (2.8~git20230203.10abe45+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  [ Mike Gabriel ]
+  * debian/patches:
++ Add 1003_php-deprecations.patch. Silence various PHP 8.2 deprecation
+  warnings. (Closes: #1038682).
+
+  [ Daniel Teichmann ]
+  * debian/patches:
++ Add 1004_missing_templates.patch. (Closes: #1039697)
++ Update 1002_php82-allow-dynamic-properties.patch: Tolerate dyn. prop. for
+  ALL PHP classes. (Closes: #1039894)
++ Add 1005_preg_replace_deprecation.patch.
++ Add 1006_fix-overflow-debug-print_a-func.patch. (Closes: #1040839)
+
+ -- Mike Gabriel   Wed, 12 Jul 2023 23:12:05 +0200
+
 gosa (2.8~git20230203.10abe45+dfsg-1) unstable; urgency=medium
 
   * New upstream Git snapshot.
diff -Nru 
gosa-2.8~git20230203.10abe45+dfsg/debian/patches/1002_php82-allow-dynamic-properties.patch
 
gosa-2.8~git20230203.10abe45+dfsg/debian/patches/1002_php82-allow-dynamic-properties.patch
--- 
gosa-2.8~git20230203.10abe45+dfsg/debian/patches/1002_php82-allow-dynamic-properties.patch
  2023-01-21 20:42:25.0 +0100
+++ 
gosa-2.8~git20230203.10abe45+dfsg/debian/patches/1002_php82-allow-dynamic-properties.patch
  2023-07-12 23:10:08.0 +0200
@@ -1,6 +1,200 @@
-Description: Tolerate dynamic properties in managepws class, deprecated in PHP 
8.2
-Author: Mike Gabriel 
-
+Description: Tolerate dynamic properties in all classes, deprecated in PHP 8.2
+Author: Daniel Teichmann 
+ 
+--- a/include/class_CopyPasteHandler.inc
 b/include/class_CopyPasteHandler.inc
+@@ -22,6 +22,7 @@
+ 
+ define("LDAP_DUMP_PATH","/var/cache/gosa/tmp");
+ 
++#[\AllowDynamicProperties]
+ class CopyPasteHandler {
+ 
+   var $config;
+--- a/include/class_GOsaRegistration.inc
 b/include/class_GOsaRegistration.inc
+@@ -1,5 +1,6 @@
+ "
+ 
+ 
++#[\AllowDynamicProperties]
+ class writeexcel_formula {
+ 
+ 
###
+--- a/include/utils/excel/class.writeexcel_olewriter.inc.php
 b/include/utils/excel/class.writeexcel_olewriter.inc.php
+@@ -24,6 +24,7 @@
+  * Spreadsheet::WriteExcel was written by John McNamara, jmcnam...@cpan.org
+  */
+ 
++#[\AllowDynamicProperties]
+ class writeexcel_olewriter {
+ var $_OLEfilename;
+ var $_OLEtmpfilename; /* ABR */
+--- a/include/utils/excel/class.writeexcel_workbook.inc.php
 b/include/utils/excel/class.writeexcel_workbook.inc.php
+@@ -29,6 +29,7 @@
+ require_once "class.writeexcel_formula.inc.php";
+ require_once "class.writeexcel_olewriter.inc.php";
+ 
++#[\AllowDynamicProperties]
+ class writeexcel_workbook extends writeexcel_biffwriter {
+ 
+ var $_filename;
+--- a/include/utils/excel/class.writeexcel_worksheet.inc.php
 b/include/utils/excel/class.writeexcel_worksheet.inc.php
+@@ -26,6 +26,7 @@
+ 
+ require_once "class.writeexcel_biffwriter.inc.php";
+ 
++#[\AllowDynamicProperties]
+ class writeexcel_worksheet extends writeexcel_biffwriter {
+ 
+ var $_name;
+--- a/plugins/addons/dyngroup/class_DynamicLdapGroup.inc
 b/plugins/addons/dyngroup/class_DynamicLdapGroup.inc
+@@ -25,6 +25,7 

Bug#1038798: locales: transition from /etc/default/locale to /etc/locale.conf

[Aurelien Jarno]

Hi,

On 2023-07-08 14:14, snv5gh+elqseqrl4eotk@cs.email wrote:
> Package: locales
> Version: 2.36-9
> Followup-For: Bug #1038798
> 
> Dear Maintainer,
> 
> transition from /etc/default/locale to /etc/locale.conf is a good idea.
> 
> My debian systems have the /etc/default/locale -> /etc/locale.conf symlink 
> already added manually for compatibility reasons. Will the proposed change 
> break anything on upgrade from bookworm to trixie if the symlink already 
> exists?

Yes, this is the final state after the conversion, so this is definitely
something supported.

Regards
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://aurel32.net

Bug#1038699: closed by Patrick Franz ()

[Lisandro Damian Nicanor Perez Meyer]

On miércoles, 21 de junio de 2023 05:51:37 -03 Oswald Buddenhagen wrote:
> huh?
> 
> if the declaration of the private dependency is just missing in that qtc
> plugin , then fair enough.

You need the QML private headers for that part since ages.

> but that doesn't explain the total garbage
> error message which suggests some kind of internal error (it sort of
> suggests that an incomplete package is installed like in the other bug i
> reported, except that it's just not there).

Exactly, it suggests you are missing the private headers. Whoever coded that 
made them a dependency. The fact that we split them and do not install them by 
default makes the code show that error message.

> please investigate whether this is a result of splitting, and forward
> the bug to upstream with your findings.

No need to, the answer will be "install the private headers".


signature.asc
Description: This is a digitally signed message part.

Bug#1040948: xscreensaver-command --suspend doesn't suspend, instead it activates

[Oleg Broytman]

Package: xscreensaver
Version: 6.06+dfsg1-3
Severity: normal

Dear Maintainer,

   For a few years I was using xscreensaver-command --suspend to quickly
blank and turn off the screen. Recently I upgraded to Debian 12 and the
command stopped working. Instead of blanking it runs a random hack as if
I run xscreensaver-command --activate.
   I don't know if it's a bug in upsteam or Debian.

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages xscreensaver depends on:
ii  init-system-helpers1.65.2
ii  libatk1.0-02.46.0-5
ii  libc6  2.36-9
ii  libcrypt1  1:4.4.33-2
ii  libelogind0 [libsystemd0]  246.10-1debian1
ii  libglib2.0-0   2.74.6-2
ii  libgtk-3-0 3.24.37-2
ii  libpam0g   1.5.2-6
ii  libx11-6   2:1.8.4-2+deb12u1
ii  libxext6   2:1.3.4-1+b1
ii  libxft22.3.6-1
ii  libxi6 2:1.8-1+b1
ii  libxinerama1   2:1.1.4-3
ii  libxml22.9.14+dfsg-1.2
ii  libxrandr2 2:1.5.2-2+b1
ii  libxt6 1:1.2.1-1.1
ii  libxxf86vm11:1.1.4-1+b2
ii  xscreensaver-data  6.06+dfsg1-3

Versions of packages xscreensaver recommends:
ii  fonts-urw-base35  20200910-7
ii  libjpeg-turbo-progs   1:2.1.5-2
ii  perl  5.36.0-7
ii  wamerican [wordlist]  2020.12.07-2
ii  xfonts-100dpi 1:1.0.5

Versions of packages xscreensaver suggests:
ii  chromium [www-browser]   114.0.5735.198-1~deb12u1
ii  elinks [www-browser] 0.13.2-1+b4
pn  fortune  
pn  gdm3 | kdm-gdmcompat 
ii  links2 [www-browser] 2.28-1+b2
pn  qcam | streamer  
ii  xdaliclock   2.46-1
ii  xfishtank2.5-1+b1
ii  xscreensaver-data-extra  6.06+dfsg1-3
ii  xscreensaver-gl  6.06+dfsg1-3
ii  xscreensaver-gl-extra6.06+dfsg1-3

-- debconf-show failed

Bug#1039574: asc: FTBFS with libsdl1.2-compat-dev: pointless accessor for struct private_hwdata

[Simon McVittie]

On Tue, 27 Jun 2023 at 11:50:53 +0100, Simon McVittie wrote:
> I reported this to https://github.com/libsdl-org/sdl12-compat/issues/299
> but it's not clear to me whether it *should* be worked around in
> sdl12-compat. If it isn't, then this bug is likely to become RC when
> we are ready to make src:sdl12-compat take over libsdl1.2-dev.

SDL upstream thought the workaround was worth having, so this has been
worked around in sdl12-compat and will not be RC. (But please consider
the patch anyway, I think it's the right thing to do in asc.)

smcv

Bug#703012: debianutils: ischroot can no longer detect vservers

[Bastian Germann]

Control: tags -1 wontfix moreinfo - patch

I do not see VxID on my systems. I guess there are changes in the kernel 
that made it disappear. If you still want to get an equivalent change in 
please post a patch that applies for current unstable kernel.

Bug#1040947: perl: readline fails to detect updated file

[Eric Wong]

Package: perl
Version: 5.36.0-7
Severity: normal
Tags: upstream

Dear Maintainer,

The `readline' op (`') no longer detects updates to file
which is being written to in Perl 5.36.0 after updating to bookworm.

The attached script worked fine with Perl 5.32.1 in oldstable,
both scripts show the size changing with the `-s FH' op.
Same behavior on both amd64 and i386.


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: i386 (i686)

Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages perl depends on:
ii  dpkg   1.21.22
ii  libperl5.365.36.0-7
ii  perl-base  5.36.0-7
ii  perl-modules-5.36  5.36.0-7

Versions of packages perl recommends:
ii  netbase  6.4

Versions of packages perl suggests:
pn  libtap-harness-archive-perl 
pn  libterm-readline-gnu-perl | libterm-readline-perl-perl  
ii  make4.3-4.1
ii  perl-doc5.36.0-7

-- no debconf information
#!/usr/bin/perl -w
use v5.12;
use autodie;
use File::Temp;
use IO::Handle;
use Data::Dumper;
my $tmp = File::Temp->newdir('test-', TMPDIR => 1);
my $dst = "$tmp/log";
open my $wr, '>>', $dst;
open my $rd, '<', $dst;
say "# writing to $dst";
for my $n (1..5) {
sleep 1;
my @x = readline $rd;
say "# size ".(-s $rd), ' ', Dumper(\@x);
syswrite $wr, "$n\n";
}

Bug#922674: debian-policy: make symlink requirements consistent

[sothrt+f20muazw5tue8]

Package: debian-policy
Followup-For: Bug #922674

Dear Maintainer,

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039979 has come up as 
something to consider regarding this related change in debian policy.

In that context, I'd advocate for permitting '..' in symlinks, even if only as 
an exception for those specific paths to enable safer working with chroots.

Bug#1036904: bookworm-pu: package libreoffice/4:7.4.7-1

[Jonathan Wiltshire]

Control: tag -1 confirmed

Hi,

On Mon, May 29, 2023 at 09:11:14AM +0200, Rene Engelhard wrote:
> [ Reason ]
> Update to "current" version. (Latest version of stable branch)
> 
> Same reasoning as of #1035056.
> 
> This updates LibreOffice to the last version in the (dead, EOL is June 12) 
> 7.4.x line[1]
> to fix a sh*load of bugs. List of bugs fixed: See [2]

Given the comprehensive test suite and upstream's track record of limiting
stable branches to bug fixes only, I have reviewed debian/* but not the
entire diff. Please go ahead with uploading it.

> [ Changes ]
> 1.  upstream update 7.4.5 -> 7.4.7. The two patches removed are security
> fixes which were already in 7.4.6 and 7.4.7 and now of course removed.
> No need to mention that in the changelog, it's implied by "New upstream
> release" that patches upstream are dropped.

Actually it's really helpful to have the dropped patches listed, if
feasible. That allows a review to check that the intended patches, and only
those, have been dropped.

> [ Other info ]
> I can back out the fix for 3. The other two are simply not discussable
> given #1035056.

You can leave 3 in. I'm disappointed by your reluctance to even engage in
discussing the other two but also understand that bug has been the source
of some frustration for you.

> I know this is completely bending the rules, but so is #1035056, too
> If you wish I can make this also -0deb12u1, but as there will be no
> 7.4.7-1 probably thia is not exactly needed.
 
The version is fine. It may or may not make it into 12.1 depending on build
times; we'll do our best.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1040739: desktop-base 12.0.6+nmu1~deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040739 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: desktop-base
Version: 12.0.6+nmu1~deb12u1

Explanation: remove emerald alternatives on package uninstallation

Bug#1040678: bookworm-pu: package node-dottie/2.0.2-4+deb12u1

[Jonathan Wiltshire]

Hi,

Given the package is blocked from migration to testing at the moment, and
probably won't migrate before we start preparing for 12.1, I've held this
upload back. It'll likely be part of 12.2 instead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1040827: RM: firefox [mipsel] -- RoQA; severely outdated, depends on transitional libgdk-pixbuf2.0-0

[Simon McVittie]

On Tue, 11 Jul 2023 at 09:26:04 -0400, Jeffrey Walton wrote:
> On Tue, Jul 11, 2023 at 5:09 AM Simon McVittie  wrote:
> > firefox:mipsel still exists in the archive, but is severely outdated and
> > likely to have a very large number of security vulnerabilities.
> 
> Is there an upgrade path for users on mipsel? Do they have a graphical
> web browser they can install, even if it is not Firefox or Chrome?

Please note that this is firefox (the short-term-support browser that is
considered unsuitable for stable releases and only exists in unstable),
not firefox-esr (the longer-term-support browser that exists in testing
and stable). firefox-esr already disappeared from mipsel before bookworm,
and is out of date on the mips* architecture family in bullseye-security
and buster-security, but that's out of scope for this request.

But, yes, there is an upgrade path. GNOME Web (epiphany-browser) is
a fully-featured WebKit-based browser and apparently exists on mipsel
(although probably nobody has ever tried it on that architecture, so it's
anyone's guess whether it works). More minimal browsers like netsurf-gtk
also exist, and are probably more viable on 32-bit mips hardware than
any of the major browser engines would be.

smcv

Bug#1040946: Please update to latest upstream release (v7.0.5)

[Nicholas D Steeves]

Control: block -1 by 1036461

Hi Roman,

Roman Lebedev  writes:

> Package: easyeffects
> Version: 7.0.1-1
> Severity: normal
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Dear maintainer,
>
> now that a new stable version of debian has been released,
> and the freeze is over, please consider updating the package
> to the newest upstream release (v7.0.5 as of this time)

Updating the package in sid/unstable to make a backport to
bookworm/stable impossible.  In the other bug you wrote the following
about EasyEffects 7.0.1:

> there is one change that brings *high UX improvements* [emphasis mine]
> for doing live audio post-processing: "exposing support for the "the
> Min and Max sidechain modes"

and I support your case that those "high UX improvements" are worthwhile
to backport.  Thus, this bug is blocked by the other one, and #1036461
will be resolved when the bookworm-backports suite opens.

The exception would be if changes in EasyEffects were reverted in the
7.0.2 release, or later, that now makes 7.0.5 backportable (ie Can it
build with the version of packages in Debian 12/bookworm?).  Do you know
if that's the case?

Regards,
Nicholas


signature.asc
Description: PGP signature

Bug#1040945: tiff: CVE-2023-3618

[GCS]

Hi Salvatore,

On Wed, Jul 12, 2023 at 9:39 PM Salvatore Bonaccorso  wrote:
> Source: tiff
> Version: 4.5.1-1
> CVE-2023-3618[0]:
> | A flaw was found in libtiff. A specially crafted tiff file can lead
> | to a segmentation fault due to a buffer overflow in the Fax3Encode
> | function in libtiff/tif_fax3.c, resulting in a denial of service.
[...]
> Please adjust the affected versions in the BTS as needed.
 Done my quick testing. My experience is the following.
1) libtiff6 and libtiff-tools are both 4.5.1-1 (ie, Trixie): the tool
reports several warnings, exists with 1 (non-zero) but doesn't
segfault. Even tried with valgrind, still no segfault.
2) libtiff6 is 4.5.1-1 backported to Bookworm and libtiff-tools are
not, ie it's 4.5.0-6 : the tool reports the same warnings like above,
but this time it _does_ segfault.
3) If libtiff-tools also updated to 4.5.1-1 on Bookworm: it's like the
first case, several warnings, non-zero exit code without a segfault.

In short, it seems:
- it's a non-dsa as only a crash in a CLI tool (which has end of life now),
- doesn't affect the library,
- while 4.5.0-6 (and in fact, at least from 4.5.0-1) is vulnerable,
4.5.1-1 fixed this issue.

But you may find it otherwise, I do not alter this report in the BTS.

Regards,
Laszlo/GCS

Bug#1040799: libnginx-mod-http-modsecurity 1.0.3-1+b2 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040799 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: libnginx-mod-http-modsecurity
Version: 1.0.3-1+b2

Explanation: binary rebuild with pcre2

Bug#1040791: schleuder-cli 0.1.0-4+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040791 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: schleuder-cli
Version: 0.1.0-4+deb12u1

Explanation: security fix (value escaping)

Bug#1040765: nvidia-modprobe 535.54.03-1~deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040765 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-modprobe
Version: 535.54.03-1~deb12u1

Explanation: new upstream bugfix release

Bug#1040683: node-webpack 5.75.0+dfsg+~cs17.16.14-1+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040683 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: node-webpack
Version: 5.75.0+dfsg+~cs17.16.14-1+deb12u1

Explanation: security fix (cross-realm objects) [CVE-2023-28154]

Bug#1040714: dhcpcd: Missing epoch from souce package version

[Boyuan Yang]

Hi,

在 2023-07-11星期二的 21:54 +0200，Salvatore Bonaccorso写道：
> Hi,
> 
> On Tue, Jul 11, 2023 at 10:37:44PM +0300, Martin-Éric Racine wrote:
> > On Tue, Jul 11, 2023 at 10:05 PM Salvatore Bonaccorso  
> > wrote:
> > > On Tue, Jul 11, 2023 at 06:30:38PM +0300, Martin-Éric Racine wrote:
> > > > Reintroducing the epoch produces the following Lintian ERROR:
> > > > 
> > > > E: dhcpcd source:
> > > > epoch-changed-but-upstream-version-did-not-go-backwards 10.0.1-2 ->
> > > > 1:10.0.1-3 [debian/changelog:1]
> > > 
> > > The lintian tag in it's intention is clear. But I believe in this case
> > > it reports in error. Because the history of the dhcpcd source package
> > > is as follows, cutting of some irrelevant inbetween steps:
> > > 
> > > 0.4-1 -> 1.3.8-0.1 -> 1:0.70-5 (epoch introduced here), then moved
> > > upwards -> 1:3.2.3-11 / 1:3.2.3-11+deb7u1 which was the last version
> > > available for a while.
> > > 
> > > But then we dropped to 10.0.1-1 (which already missed the epoch).
> > > 
> > > Now the lintian just only checks 10.0.1-2 -> 1:10.0.1-3 and thinks to
> > > report that the epoch addition is an error, but it would not if all
> > > the 10.0.1-1, 10.0.1-2 versions already had the epoch still.
> > > 
> > > Does this make sense?
> > 
> > Makes sense to me.
> > 
> > Uploaded to Mentors. Please note that Mentors forces me to 'debuild
> > -sa' because it cannot find the 'orig' on its repository even though
> > it's already in unstable.
> 
> Thanks! Boyuan (CC'ed), can you take it from there and would you be
> willing to sponsor Martin-Éric's work as you did for the previous two
> uploads?

Thanks. Reviewed and uploaded.

Best,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#1040563: node-tough-cookie 4.0.0-2+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040563 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: node-tough-cookie
Version: 4.0.0-2+deb12u1

Explanation: security fix (prototype pollution) [CVE-2023-26136]

Bug#1026881: x2go works on debian 12 release

[Mike Gabriel]

Control: close -1

Hi

On  Fr 30 Jun 2023 06:50:40 CEST, Peter Barth wrote:


apparently, X2go works on the release version of debian 12.
I've tested with the desktop environment MATE.

glx keeps to be broken, (glxinfo, ... private request) but that seems
to be a known issue on almost all platforms (fedora, ubuntu).

imho, the bug report can be closed.


Yes, this issue was fixed via marco 1.26.1-2 (MATE's window manager).

Closing...
Mike


--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgp_XuUWwpdER.pgp
Description: Digitale PGP-Signatur

Bug#1040946: Please update to latest upstream release (v7.0.5)

[Roman Lebedev]

Package: easyeffects
Version: 7.0.1-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear maintainer,

now that a new stable version of debian has been released,
and the freeze is over, please consider updating the package
to the newest upstream release (v7.0.5 as of this time)

Roman

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-2-amd64 (SMP w/32 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages easyeffects depends on:
ii  calf-plugins 0.90.3-4
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  libadwaita-1-0   1.2.4-1
ii  libbs2b0 3.1.0+dfsg-7
ii  libc62.37-5
ii  libcairo21.16.0-7
ii  libebur128-1 1.2.6-1+b1
ii  libfftw3-double3 3.3.10-1
ii  libfftw3-single3 3.3.10-1
ii  libfmt9  9.1.0+ds1-2
ii  libgcc-s113.1.0-7
ii  libglib2.0-0 2.74.6-2
ii  libgsl27 2.7.1+dfsg-5
ii  libgtk-4-1   4.8.3+ds-2
ii  liblilv-0-0  0.24.14-1
ii  libpango-1.0-0   1.50.14+ds-1
ii  libpipewire-0.3-00.3.73-1
ii  librubberband2   1:3.2.1-dmo1
ii  libsamplerate0   0.2.2-3
ii  libsigc++-3.0-0  3.4.0-7
ii  libsndfile1  1.2.0-1
ii  libspeexdsp1 1.2.1-1
ii  libstdc++6   13.1.0-7
ii  libtbb12 2021.8.0-2
ii  libzita-convolver4   4.0.3-2

Versions of packages easyeffects recommends:
ii  lsp-plugins  1.2.5-7
ii  lsp-plugins-lv2  1.2.5-7

easyeffects suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE+UikBxeiu50LOdFYgbqkFMWfZdAFAmSvBeAACgkQgbqkFMWf
ZdAqoRAAw6o3wqB/ZPcq9w8n0gVU9TfQ5ruFb2EK39lWlezBFJK/e869TulJxNWV
2LkoLulzNL6VAI4wEUf68N7aJnig5yz0lX6BSYkWpgUdoCQEB7PTVYF2LfqHBZ1S
NoGLfBVk0DdgQbvm7HXvw1PBO6Pd9c5krxoakjzRO4HXKBJFuy1BagWC3im88S8m
4JDeNPbWq/BWfbkIMFMt73Dc6kqYGYkfqZiXxtCQE1PAdG9CgGAtV1HVYzG0lp3/
oEn2DIf1Js5ERHd8gzLB09B1YdvogmHLlDhHAb3/9Xvp475iR6/7pHUJ4pRfR/Z8
+Lnnid+2ct84LuyWLQnqWLxKPFcvebqvDFc8EuI/gwse8Wf8CATSGOZBYTOSUh3u
7f6EcFPJLLAep8LIkMa7zPuNX0vuf7Ze2IE3oN5c2bZAjghvz638UIm/ue/q1RKZ
3OctFif27Ph7lX5TZocPWHGOR7gbGeIrtVUA8h+gUYj1z0jzJzQj/ewGJcpVVAM1
AkHz5y61brFmJrIieY1+0kzKZVJm6Lft2f3GZSGaJuCGj+G3IFaRLuS+PF0KlAqL
ComrcpIY+5aH6tdsACHh5DIFKo2xG1V1K+h+wpdVe3veoezELKJGx9by/zD20tpy
DNg6B4G8PZIF9+P+tPuV3Ej6ROPwO/QHHltXLMja1Aexfh2FsQo=
=HxVi
-END PGP SIGNATURE-

Bug#1022957: golang-github-blynn-nex: diff for NMU version 0.0.0+git.2021.03.30.1a3320dab9-2.1

[Shengjing Zhu]

On Thu, Jul 13, 2023 at 2:00 AM Boyuan Yang  wrote:
>
> Control: tags 1022957 + patch
> Control: tags 1022957 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for golang-github-blynn-nex (versioned as 
> 0.0.0+git.2021.03.30.1a3320dab9-2.1) and
> uploaded it to DELAYED/14. Please feel free to tell me if I
> should delay it longer.
>
> Regards.
>
> diff -Nru 
> golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/changelog 
> golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/changelog
> --- golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/changelog  
>   2022-11-01 08:33:32.0 -0400
> +++ golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/changelog  
>   2023-07-12 13:51:55.0 -0400
> @@ -1,3 +1,11 @@
> +golang-github-blynn-nex (0.0.0+git.2021.03.30.1a3320dab9-2.1) unstable; 
> urgency=medium
> +
> +  * Non-maintainer upload.
> +  * debian/control: Mark package nex to conflict with package nvi
> +due to file conflict of /usr/bin/nex. (Closes: #1022957)
> +
> + -- Boyuan Yang   Wed, 12 Jul 2023 13:51:55 -0400
> +
>  golang-github-blynn-nex (0.0.0+git.2021.03.30.1a3320dab9-2) unstable; 
> urgency=medium
>
>* Re-upload source-only.
> diff -Nru 
> golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/control 
> golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/control
> --- golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/control
>   2022-11-01 08:33:32.0 -0400
> +++ golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/control
>   2023-07-12 13:51:40.0 -0400
> @@ -20,6 +20,8 @@
>   ${shlibs:Depends},
>  Suggests:
>   graphviz,
> +Conflicts:
> + nvi,
>  Description: lexer similar to Lex/Flex - cli
>   Nex is a lexer similar to Lex/Flex that:
>* generates Go code instead of C code

This is not right as per debian policy 10.1.

"Two different packages must not install programs with different
functionality but with the same filenames".

Please cancel the NMU.

-- 
Shengjing Zhu

Bug#1040945: tiff: CVE-2023-3618

[Salvatore Bonaccorso]

Source: tiff
Version: 4.5.1-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/libtiff/libtiff/-/issues/529
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for tiff.

CVE-2023-3618[0]:
| A flaw was found in libtiff. A specially crafted tiff file can lead
| to a segmentation fault due to a buffer overflow in the Fax3Encode
| function in libtiff/tif_fax3.c, resulting in a denial of service.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3618
https://www.cve.org/CVERecord?id=CVE-2023-3618
[1] https://gitlab.com/libtiff/libtiff/-/issues/529

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1033406: licensecheck: scan-copyrights fails to create copyright file for texlive-extra

[Walter Lozano]

On Thu, 18 May 2023 15:24:03 +0530 Vignesh Raman 
 wrote:

On Wed, 03 May 2023 18:45:07 +0200 Dominique Dumont  wrote:
 >
 > This problem concerns a zone that I've rewritten these past months to 
ease its

 > maintenance.
 >
 > Running the new scan-copyright on texlive proves to be quite 
challenging from

 > a performance point of view, so please be patient.
 >

Sure. Thank you for the update


I think this issue is fixed by

https://salsa.debian.org/perl-team/modules/packages/libconfig-model-dpkg-perl/-/merge_requests/6

Regards,

Walter

--
Walter Lozano
Collabora Ltd.

Bug#1040912: lightdm-gtk-greeter: greeter always uses Gnome (Standard) as default Xsession

[Yves-Alexis Perez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

control: reassign -1 arctica-greeter


On Wed, 2023-07-12 at 20:49 +0200, Dieter Scheinkönig wrote:
> find attached my .xsession-errors.
>  
>  My issue,  regarding the login screen (See login-shot.png). I have to
> change/select  _always_ from "Gnome (Standard)" to "Default Xsession" in
> order start my XFCE-session.
>  It changes always after login off from my session.    In the past (Debian
> 11), the selection, which session would be used stayed as selected before
> login. 
>  
>  Sorry, if I confused you.
>  
Yes indeed, this is very confusing. Sorry I misunderstood from the start. And
in the end, yes it looks like a bug in the greeter, so I'm reassigning there.

Sorry for the lengthy process.

Regards,
- -- 
Yves-Alexis
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmSu/nQACgkQ3rYcyPpX
RFsWAQgA7dYT7OU7iqAheGHflI/l4awdYJ8zgavpEXEZmViX0kgDNsE0NX1cjfuf
UkgvKxKfeCZDeocRMBYiH5Y+y0s5aOWDL03xiEkWraTWb8N0FIYhIU7d3UGBaDn3
xtcW4It6LWmvBoQaeiTTy6glbKBiehusLd9+jQV0pzidU4iWmjqLYX+h8s3RAY0p
0hWqPcITUgaN2aUWO6Lskc0kIxGijuxpk17rOYG6i6rMgD+b02xbtW+RdhLmy2Zi
NYuYSKR/kgin0gIW8vzTG3UZ/QbJX/fl5ixrqi+41+r9uSb0g9MD1QUTcSGCVDHp
OHWsR1lVG6kllmEzlTuHpEw4BX9CFw==
=7rLP
-END PGP SIGNATURE-

Bug#1034565: fixed in 0.23

[Pirate Praveen]

Control: fixed -1 0.23.1-3

Bug#1040944: ITP: cdogs-sdl -- classic overhead run-and-gun game

[Reiner Herrmann]

Package: wnpp
Severity: wishlist
Owner: Reiner Herrmann 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: cdogs-sdl
  Version : 1.4.2
  Upstream Contact: Cong Xu 
* URL : https://cxong.github.io/cdogs-sdl/
* License : GPL-2+/BSD-2-Clause (code), CC0-1.0/CC-BY-{3,4}.0 (data)
  Programming Lang: C
  Description : classic overhead run-and-gun game

> C-Dogs SDL is an overhead shoot-em-up which lets players work alone and
> cooperatively during missions or fight against each other in the
> "dogfight" deathmatch mode.
> 
> Customize your player, choose from many weapons, and blast, slide and
> slash your way through over 100 user-created campaigns.

I intend to maintain it in the Games team.

Bug#1040001: Role of tibble? (Was: Bug#1040001: Seeking advise how to proceed with the transition / move R stack to testing)

[Dirk Eddelbuettel]

Hi Paul,

On 12 July 2023 at 19:47, Paul Gevers wrote:
| On 12-07-2023 16:02, Dirk Eddelbuettel wrote:
| > I can add the Breaks as a 'best of the worse alternative'. And, I presume, I
| > can remove the existing four-year breaks? [1]
| 
| Yes, you only need to carry the Breaks until in the next release. So 
| every Breaks that's present in the r-base package in bookworm can be 
| removed from the r-base package in unstable.

Good point and much less ugly then :)

Dirk

-- 
dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#1040716: libc6: crashes with SIGBUS in rrd_write

[Aurelien Jarno]

control: reassign -1 librrd8
control: retitle -1 librrd8: crashes with SIGBUS in rrd_write

Hi,

On 2023-07-11 15:53, Tim McConnell wrote:
> 
> 
> On Tue, 2023-07-11 at 22:34 +0200, Aurelien Jarno wrote:
> > Hi,
> > 
> > On 2023-07-11 15:28, Tim McConnell wrote:
> > > 
> > > 
> > > On Tue, 2023-07-11 at 21:11 +0200, Aurelien Jarno wrote:
> > > > Hi,
> > > > 
> > > > On 2023-07-11 11:21, Tim McConnell wrote:
> > > > > 
> > > > > 
> > > > > On Mon, 2023-07-10 at 23:17 +0200, Aurelien Jarno wrote:
> > > > > > You might want
> > > > > > to upgrade to version 2.37-5 to check if it solves your issue
> > > > > Okay that's done and it's still doing it. The entry from
> > > > > Journalctl
> > > > > shows module libudev1 if that's of any use. 
> > > > >  
> > > > > Started systemd-coredump@1785-616863-0.service - Process Core
> > > > > Dump
> > > > > (PID
> > > > > 616863/UID 0).
> > > > > Jul 11 10:52:06 DebianTim systemd-coredump[616865]: Process
> > > > > 616847
> > > > > (collectd) of user 0 dumped core.
> > > > >     
> > > > >     Module
> > > > > libudev.so.1
> > > > > from deb systemd-252.11-1.amd64
> > > > >     Stack trace
> > > > > of
> > > > > thread 616848:
> > > > >     #0 
> > > > > 0x7fce1335e9f2 __memmove_ssse3 (libc.so.6 + 0x16d9f2)
> > > > >     #1 
> > > > > 0x7fce131156d9 rrd_write (librrd.so.8 + 0x346d9)
> > > > >     #2 
> > > > > 0x7fce13120acd n/a (librrd.so.8 + 0x3facd)
> > > > >     #3 
> > > > > 0x7fce13122962 n/a (librrd.so.8 + 0x41962)
> > > > >     #4 
> > > > > 0x7fce1317c370 n/a (rrdtool.so + 0x3370)
> > > > >     #5 
> > > > > 0x7fce132793ec start_thread (libc.so.6 + 0x883ec)
> > > > >     #6 
> > > > > 0x7fce132f9a1c __clone3 (libc.so.6 + 0x108a1c)
> > > > >     
> > > > 
> > > > Thanks for the details. This shows that the binary crashing
> > > > regularly
> > > > is
> > > > collectd. This is very unlikely that the issue is linked to the
> > > > locales,
> > > > and your test is confirming that.
> > > > 
> > > > It's also not clear that it's a glibc issue, it's more likely an
> > > > issue
> > > > in collectd or librrd8. It appears that systemd-coredump saved a
> > > > coredump when the process crashed. You should be able do use
> > > > "coredumpctl" to get the list of cores. You can select one
> > > > coredump
> > > > and
> > > > examine it with gdb using "coredumpctl debug ". Then when
> > > > under
> > > > gdb
> > > > you should be able to run "thread apply all bt" to get the
> > > > backtrace.
> > > > That should allows to better understand the issue.
> > > > 
> > > > Regards
> > > > Aurelien
> > > > 
> > > I'm unsure how helpful this is ( I am not a programmer) but: 
> > > thread apply all bt
> > 
> > Thanks, that's already much more useful. However I forgot to tell you
> > to
> > install the libc6-dbg package before getting the backtrace, sorry
> > about
> > that. Could you please install it and follow the same procedure
> > again?
> > 
> > Thanks
> > Aurelien
> > 
> It's already there, any others? 

I was expecting to see the arguments of the glibc functions, but anyway
I have been able to understand the code path.

collectd uses the librrd8 library to handle data, which at some point
calls the glibc memmove function. The crashes (SIGBUS) happens in the
memmove function when trying to destination buffer:

| .p2align 4,, 4
| L(copy_0_15):
| cmpl$4, %edx
| jb  L(copy_0_3)
| cmpl$8, %edx
| jb  L(copy_4_7)
| movq0(%rsi), %rcx
| movq-8(%rsi, %rdx), %rsi
 =>   movq%rcx, 0(%rdi)
| movq%rsi, -8(%rdi, %rdx)
| ret

memmove is called in
the rrd_write function, and more precisely in the memmove call:

| ssize_t rrd_write(
| rrd_file_t *rrd_file,
| const void *buf,
| size_t count)
| {

[...]

| #ifdef HAVE_MMAP
| size_told_size = rrd_file->file_len;
| 
| if (count == 0)
| return 0;
| if (buf == NULL)
| return -1;  /* EINVAL */
| 
| if ((rrd_file->pos + count) > old_size) {
| rrd_set_error
| ("attempting to write beyond end of file (%ld + %ld > %ld)",
|  rrd_file->pos, count, old_size);
| return -1;
| }
| /* can't use memcpy since the areas overlap when tuning */
=>memmove(rrd_simple_file->file_start + rrd_file->pos, buf, count);
| rrd_file->pos += count;
| return count;   /* mimic write() semantics */

librrd8 uses 

Bug#1040943: systemd-logind: 'HandlePowerKey=ignore' works in logind.conf, not in logind.conf.d/custom.conf

[Diederik de Haas]

Package: systemd
Version: 253.5-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I'm working on a Debian system/image for Pine64's PineTab2 (tablet) and
by default when I (short) press the power button, the device powers off.
Right now I'm not using any DE, so it's a CLI only system.

When I created /etc/systemd/logind.conf.d/custom.conf with
HandlePowerKey=ignore

Nothing changed after restarting systemd-logind.service or rebooting,
IOW the system shut down.
Confusingly `sudo systemd-analyze cat-config systemd/logind.conf` *did*
show the setting, making me think it was configured correctly.

The PineTab2 is shipped with an ArchLinuxARM system and when I logged
in to a VT, pressing the power button shut the system down.
But when I set `HandlePowerKey=ignore` in /etc/systemd/logind.conf,
pressing the power key got ignored.

I then renamed `custom.conf` to `custom.conf.disabled` on my Debian
system and made the change directly in /etc/systemd/logind.conf and
then it worked!
When I did the reverse on the ALARM system, so it was only configured in
logind.conf.d/custom.conf, then the tablet turned off.

So on both Debian and ALARM, when specifying `HandlePowerKey=ignore` in
/etc/systemd/logind.conf.d/custom.conf, the setting does NOT work and
the tablet powers down when pressing the power button.
But on both systems the setting does work when set in
/etc/systemd/logind.conf and pressing the power button gets ignored.

While I'm reporting it against the version in Unstable, there's a rather
high chance the issue also occurs on Testing/Trixie and probably even on
Bookworm (which my Debian system started out with).
But I only tried editing logind.conf directly after I had upgraded the
system first to Trixie and then to Sid.

Note: This bug report is NOT send from the (arm64) PineTab2 but my
normal (amd64) PC, but I don't think that matters. If it does/would, I
could start over again on the PT2, but hopefully that isn't needed.

Cheers,
  Diederik

- -- Package-specific info:

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-2-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl12.3.1-3
ii  libaudit1  1:3.1.1-1
ii  libblkid1  2.38.1-6
ii  libc6  2.37-5
ii  libcap21:2.66-4
ii  libcryptsetup122:2.6.1-4
ii  libfdisk1  2.38.1-6
ii  libgcrypt201.10.2-2
ii  libkmod2   30+20230519-1
ii  liblz4-1   1.9.4-1
ii  liblzma5   5.4.1-0.2
ii  libmount1  2.38.1-6
ii  libp11-kit00.25.0-3
ii  libseccomp22.5.4-1+b3
ii  libselinux13.5-1
ii  libssl33.0.9-1
ii  libsystemd-shared  253.5-1
ii  libsystemd0253.5-1
ii  libzstd1   1.5.5+dfsg2-1
ii  mount  2.38.1-6
ii  systemd-dev253.5-1

Versions of packages systemd recommends:
ii  dbus [default-dbus-system-bus]  1.14.8-2
ii  ntpsec [time-daemon]1.2.2+dfsg1-1

Versions of packages systemd suggests:
ii  libfido2-11.13.0-1
ii  libqrencode4  4.1.1-1
ii  libtss2-esys-3.0.2-0  4.0.1-1
ii  libtss2-mu0   4.0.1-1
pn  libtss2-rc0   
ii  policykit-1   122-4
ii  polkitd   122-4
pn  systemd-boot  
ii  systemd-container 253.5-1
pn  systemd-homed 
pn  systemd-resolved  
pn  systemd-userdbd   

Versions of packages systemd is related to:
ii  dbus-user-session  1.14.8-2
pn  dracut 
ii  initramfs-tools0.142
pn  libnss-systemd 
ii  libpam-systemd 253.5-1
ii  udev   253.5-1

- -- no debconf information

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZK7zTgAKCRDXblvOeH7b
bumiAQCc5FQ2l+byOotVjv8D39wyrZNou/UPy9/owCWHlDWnogD/WHZUgkfj6zuQ
IurqY7ZxS5y1T5lmu4ofBcbqNupkJgI=
=pptn
-END PGP SIGNATURE-

Bug#1040942: rosbash: Most binary tools (roscd, rosd, rosls, ....) are unavailable in this package

[Dima Kogan]

Package: rosbash
Version: 1.15.8-5
Severity: normal
X-Debbugs-Cc: none, Dima Kogan 

Hello. I'm using the package from bookworm. rosbash 

The "rosbash" package should provide several commandline tools,
documented here:

  http://wiki.ros.org/rosbash

But only "rosrun" is provided in the package.

This is because most of the tools are not binaries, but are shell
functions. These are supposed to be defined in
/usr/share/rosbash/rosbash, but our rosbash package does not ship this
file. This file exists in the package sources in tools/rosbash/rosbash,
but it is not installed anywhere. This is the bug.

Our package does reference the tools (we include all the tab
completions). And the package scripts ask for it:

  dima@fatty:$ source /usr/share/rosbash/catkin_env_hook/15.rosbash.bash

  bash: /usr/share/rosbash/rosbash: No such file or directory

So if we install that file, that would probably fix this bug.

Thanks

Bug#1040929: gcc-13-cross-ports: please add arm64 to HOST_ARCHS_

[Matthias Klose]

On 12.07.23 16:12, Emanuele Rocca wrote:

Source: gcc-13-cross-ports
Version: 6
Severity: wishlist

Hi,

On amd64 hosts all ports are supported (ie: the binary package
gcc-13-alpha-linux-gnu and similar are available). That is not the case
for arm64 hosts. Please add arm64 to HOST_ARCHS_ in d/rules.


how will you care about build time regressions?  The change is not difficult, 
however I'd like to see some commitment how to deal with these issues.


Matthias

Bug#1040941: android-platform-tools: libandroidfw.so.0: undefined symbol: _Z18ExtractEntryToFileP10ZipArchiveP8ZipEntryi

[Chris Lamb]

Package: android-platform-tools
Version: 33.0.3-1
Severity: important

Hi,

I originally checked about this issue here:

https://bugs.debian.org/1024902#34

... but for completeness sake, in a sid-only chroot I am getting
the following in diffoscope:

$ aapt2 dump resources tests/data/resources1.arsc
aapt2: symbol lookup error: 
/usr/lib/x86_64-linux-gnu/android/libandroidfw.so.0: undefined symbol: 
_Z18ExtractEntryToFileP10ZipArchiveP8ZipEntryi

This is currently affecting diffoscope (see #1040916).


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#1024902: android-platform-tools: missing version prefix in shlibs dependencies

[Thomas Uhle]

On Wed, 12 Jul 2023, Chris Lamb wrote:


Hi all,

> dh_makeshlibs automatically generates the shlibs files for the libraries
> in android-platform-tools during the build process.  By default it does
> not include any prefix in the versions.  So '29.0.6' is used instead of
> '1:29.0.6' which leads to […]

Could this be related to what I'm seeing in diffoscope? Specifically,
I am getting:

$ aapt2 dump resources tests/data/resources1.arsc
aapt2: symbol lookup error: 
/usr/lib/x86_64-linux-gnu/android/libandroidfw.so.0: undefined symbol: 
_Z18ExtractEntryToFileP10ZipArchiveP8ZipEntryi


Hello Chris,

hard to say.  There seems to be an issue with libandroidfw.so.0 not 
properly linking to libziparchive.so.0 for sure.  On the other hand, 
android-libandroidfw has this dependency: android-libziparchive (>= 1:29). 
That seems to be sufficient.




Very happy to file this as a different bug. (I suspect it might be,
as I've upgraded all packages in this chroot, so it's unlikely to be
a 'missing' upgrade due to incomplete dependencies.)


I also think that this is probably a different bug.


Best regards,

Thomas Uhle

Bug#1040803: Please update dependency on libblockdev-mdraid2

[Michael Biebl]

Hi Martin

Am 11.07.23 um 06:51 schrieb Martin Pitt:

Control: forwarded -1 https://github.com/cockpit-project/cockpit/pull/19092
Control: tag -1 pending

Hello Michael,

Michael Biebl [2023-07-10 22:37 +0200]:

the latest update of libblockdev from version 2.28 to 3.0 has seen some
major changes, among them an SONAME bump.

Please test cockpit(-storaged) against the new libblockdev and update
the libblockdev-mdraid2 dependency to libblockdev-mdraid3.


Thanks for the heads-up! I'll fix this for this Wednesday's release, see PR
above.


Small update:
I noticed that you dropped the explicit libblockdev-mdraid dependency, 
now that udisks2 depends on it [1]


Given https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040908 though, 
I've decided to demote mdadm to a Suggests for libblockdev-mdraid.
This means, that libblockdev-mdraid can be non-functional, if mdadm is 
missing.
So this is just a heads-up in case you want to add an explicit 
dependency to cockpit-storage.


Regards,
Michael

[1] 
https://salsa.debian.org/utopia-team/cockpit/-/commit/3e123050dc6ce0408148759d2ba27cb7eb6c1426


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1022957: golang-github-blynn-nex: diff for NMU version 0.0.0+git.2021.03.30.1a3320dab9-2.1

[Boyuan Yang]

Control: tags 1022957 + patch
Control: tags 1022957 + pending

Dear maintainer,

I've prepared an NMU for golang-github-blynn-nex (versioned as 
0.0.0+git.2021.03.30.1a3320dab9-2.1) and
uploaded it to DELAYED/14. Please feel free to tell me if I
should delay it longer.

Regards.

diff -Nru 
golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/changelog 
golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/changelog
--- golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/changelog
2022-11-01 08:33:32.0 -0400
+++ golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/changelog
2023-07-12 13:51:55.0 -0400
@@ -1,3 +1,11 @@
+golang-github-blynn-nex (0.0.0+git.2021.03.30.1a3320dab9-2.1) unstable; 
urgency=medium
+
+  * Non-maintainer upload.
+  * debian/control: Mark package nex to conflict with package nvi
+due to file conflict of /usr/bin/nex. (Closes: #1022957)
+
+ -- Boyuan Yang   Wed, 12 Jul 2023 13:51:55 -0400
+
 golang-github-blynn-nex (0.0.0+git.2021.03.30.1a3320dab9-2) unstable; 
urgency=medium
 
   * Re-upload source-only.
diff -Nru 
golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/control 
golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/control
--- golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/control  
2022-11-01 08:33:32.0 -0400
+++ golang-github-blynn-nex-0.0.0+git.2021.03.30.1a3320dab9/debian/control  
2023-07-12 13:51:40.0 -0400
@@ -20,6 +20,8 @@
  ${shlibs:Depends},
 Suggests:
  graphviz,
+Conflicts:
+ nvi,
 Description: lexer similar to Lex/Flex - cli
  Nex is a lexer similar to Lex/Flex that:
   * generates Go code instead of C code


signature.asc
Description: This is a digitally signed message part

Bug#1040837: [Pkg-rust-maintainers] Bug#1040837: rust-log: breaks API without coordination

[Fabian Grünbichler]

On Tue, Jul 11, 2023 at 01:47:53PM +0200, Jonas Smedegaard wrote:
> Source: rust-log
> Version: 0.4.19-2
> Severity: serious
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> rust-log 0.4.19-2 apparently removed upstream feature kv_unstable
> (according to inspection of source of that packaging release -
> related changelog entry does not mention that feature).
> 
> This change to upstream API was done without coordination with
> reverse dependencies, and breaks at least librust-async-std-dev
> and its 17 reverse dependencies.
> 
> Yes, I am aware that changelog entry indicates this being a temporary
> change, pending packages lingering in NEW queue.  Please don't release
> breaking changes without prior coordination with reverse dependencies
> (e.g. the changes that cause bug#1040702), and in cases that is not
> possible (e.g. when accidentally ending at bug#1040702) then please
> notify reverse dependencies e.g. using a bugreport with tag "affects".

This was by mistake, and not on purpose.

The feature in question is probably not a good candidate for packaging
though, given the lack of stability guarantees provided by upstream[0]:

> This module is unstable and breaking changes may be made at any time.
> See the tracking issue for more details.

The referenced tracking issue can be found here[1].

While the required crates (multiple ones from sval-rs/value-bag) are
being packaged (mostly done, pending a re-upload to NEW and review
there), I wonder whether enabling the feature was not a
mistake/premature in the first place.

I did a quick test with ratt with the attached diff applied, and except
for rust-sequoia-net (which fails for other reasons which are already
fixed in experimental and just need a re-upload of the version there to
unstable), building at least worked fine. I am not too familiar with
either async-std, nor the kv feature of log to say whether this approach
would be feasible - I'd be happy to hear your thoughts though! IMHO
keeping this unstable aspect out of the archive for the time being would
save us all from periodic breakage, with log itself (without the KV
feature) being rather widely used.

In a slightly related note, there will be two upcoming transitions that
will affect (rust) packages of yours (bindgen to 0.65, and toml to 0.7)
as part of updating rust-cargo to 0.70. Would you appreciate bugs with
patches filed before the transition starts, or do you want to handle
those on your own? You can find some details in the (WIP) tracking
issue[2]. bindgen should be pretty straight-forward, for toml we will
likely opt for a period of semver-suffixing since the versions do have
breaking changes where breakage is not detected at compile time.

0: https://docs.rs/log/latest/log/kv/index.html
1: https://github.com/rust-lang/log/issues/328
2: https://salsa.debian.org/rust-team/debcargo-conf/-/issues/48
diff --git a/rust-async-std-1.12.0/debian/changelog 
b/rust-async-std-1.12.0-patched/debian/changelog
index dfa43a8..5d6258f 100644
--- a/rust-async-std-1.12.0/debian/changelog
+++ b/rust-async-std-1.12.0-patched/debian/changelog
@@ -1,3 +1,9 @@
+rust-async-std (1.12.0-12.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+ -- Fabian Grünbichler   Wed, 12 Jul 2023 13:43:22 
+0200
+
 rust-async-std (1.12.0-12) unstable; urgency=medium
 
   * tighten autopkgtests
diff --git a/rust-async-std-1.12.0/debian/control 
b/rust-async-std-1.12.0-patched/debian/control
index 767ca01..84a3e66 100644
--- a/rust-async-std-1.12.0/debian/control
+++ b/rust-async-std-1.12.0-patched/debian/control
@@ -12,15 +12,12 @@ Build-Depends:
  librust-async-lock-2+default-dev ,
  librust-async-process-1+default-dev ,
  librust-crossbeam-utils-0.8+default-dev ,
- librust-femme-2+default-dev ,
  librust-futures-0.3+default-dev ,
  librust-futures-core-0.3+alloc-dev ,
  librust-futures-core-0.3+std-dev ,
  librust-futures-io-0.3+default-dev ,
  librust-futures-lite-1+default-dev ,
- librust-kv-log-macro-1+default-dev ,
  librust-log-0.4+default-dev ,
- librust-log-0.4+kv-unstable-dev ,
  librust-memchr-2+default-dev ,
  librust-once-cell-1+default-dev ,
  librust-pin-project-lite-0.2+default-dev ,
@@ -53,9 +50,7 @@ Depends:
  librust-futures-core-0.3+alloc-dev,
  librust-futures-io-0.3+default-dev,
  librust-futures-lite-1+default-dev,
- librust-kv-log-macro-1+default-dev,
  librust-log-0.4+default-dev,
- librust-log-0.4+kv-unstable-dev,
  librust-memchr-2+default-dev,
  librust-once-cell-1+default-dev,
  librust-pin-project-lite-0.2+default-dev,
diff --git 
a/rust-async-std-1.12.0-patched/debian/patches/disable-unstable-log-kv.diff 
b/rust-async-std-1.12.0-patched/debian/patches/disable-unstable-log-kv.diff
new file mode 100644
index 000..33b5de9
--- /dev/null
+++ b/rust-async-std-1.12.0-patched/debian/patches/disable-unstable-log-kv.diff
@@ -0,0 +1,77 @@
+Index: rust-async-std-1.12.0/Cargo.toml
+===
+--- 

Bug#1040924: clevis-udisks2: Depends on NBS libblockdev-crypto2

[Jeremy Bícha]

On Wed, Jul 12, 2023 at 1:16 PM Christoph Biedl
 wrote:
>
> Control: tags 1040924 moreinfo
>
> Jeremy Bícha wrote...
>
> > clevis-udisks2 depends on libblockdev-crypto2 which is no longer built
> > by libblockdev in Unstable. Please update the manual dependency to
> > libblockdev-crypto3
>
> I fail to understand what is happening here. Is this supposed to be a
> transition? Then it didn't quite follow the procedure as outlined in
> https://wiki.debian.org/Teams/ReleaseTeam/Transitions

Yes, it's a transition. Sorry that it didn't follow the recommended procedure.

Thank you,
Jeremy Bícha

Bug#1040001: Role of tibble? (Was: Bug#1040001: Seeking advise how to proceed with the transition / move R stack to testing)

[Paul Gevers]

Hi,

On 12-07-2023 16:02, Dirk Eddelbuettel wrote:

I can add the Breaks as a 'best of the worse alternative'. And, I presume, I
can remove the existing four-year breaks? [1]


Yes, you only need to carry the Breaks until in the next release. So 
every Breaks that's present in the r-base package in bookworm can be 
removed from the r-base package in unstable.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1040917: Acknowledgement (xss-lock: Crashes after unlock)

[Nikolaus Rath]

It seems that running xss-lock as `xss-lock --session=${XDG_SESSION_ID}` works 
around this problem.

Bug#1037185: bpftrace: Fix FTBFS on armhf

[Danilo Egea Gondolfo]

On 07/06/2023 22:09, Vincent Bernat wrote:


On 2023-06-07 12:07, Danilo Egea Gondolfo wrote:


* What led up to the situation?

The build is failing on armhf because cmake is not detecting the 
architecture correctly as we cross compile on arm64.


Also, after fixing the cmake part, the build will fail in 
src/triggers.h due to the attribute used when it build on arm 32-bit. 
It might be a bug on gcc but I'm not sure (clang++ doesn't throw the 
same error).


Shouldn't all this be fixed upstream?
Both problems were fixed upstream 
https://github.com/iovisor/bpftrace/issues/2654

Bug#1024902: android-platform-tools: missing version prefix in shlibs dependencies

[Chris Lamb]

Hi all,

> dh_makeshlibs automatically generates the shlibs files for the libraries 
> in android-platform-tools during the build process.  By default it does 
> not include any prefix in the versions.  So '29.0.6' is used instead of 
> '1:29.0.6' which leads to […]

Could this be related to what I'm seeing in diffoscope? Specifically,
I am getting:

$ aapt2 dump resources tests/data/resources1.arsc
aapt2: symbol lookup error: 
/usr/lib/x86_64-linux-gnu/android/libandroidfw.so.0: undefined symbol: 
_Z18ExtractEntryToFileP10ZipArchiveP8ZipEntryi
 
Very happy to file this as a different bug. (I suspect it might be,
as I've upgraded all packages in this chroot, so it's unlikely to be
a 'missing' upgrade due to incomplete dependencies.)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1040916: diffoscope: FTBFS with new android-platform-tools (33.0.3-1)

[Chris Lamb]

Danilo Egea Gondolfo wrote:

> Some tests from tests/comparators are failing due to differences in the 
> expected result.

I think this is actually a bug elsewhere:

$ aapt2 dump resources tests/data/resources1.arsc
aapt2: symbol lookup error: 
/usr/lib/x86_64-linux-gnu/android/libandroidfw.so.0: undefined symbol: 
_Z18ExtractEntryToFileP10ZipArchiveP8ZipEntryi

This looks awfully familiar to this bug filed against dexdump:

  https://bugs.debian.org/1028243

… and may be related to (or even "be") this bug in android-platform-tools:

  https://bugs.debian.org/1024902

I'll followup to the second bug presently.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1038506: libmlt7: Contains a plugin for an obsolete version of SDL

[Simon McVittie]

Control: reopen -1
Control: block -1 by 1040155

On Sun, 02 Jul 2023 at 16:23:53 +0200, Patrick Matthäi wrote:
> Am 18.06.2023 um 18:42 schrieb Simon McVittie:
> > libmlt7 appears to contain plugins for both SDL 1.2 and SDL 2, and as a
> > result, it depends on both libsdl1.2debian and libsdl2-2.0-0.
> > SDL 1.2 is unmaintained upstream and we should be trying to move away
> > from it.
> > 
> > Various Debian packages depend on mlt:
> > 
> > - flowblade
>
> Flowblade itself still uses SDL 1.2:
> https://sourceforge.net/p/mlt/mailman/message/37862164/

sdl12-compat is still the SDL 1.2 API, which has been deprecated for
many years, so I'm reopening this bug. It should stay open as long as
mlt has a (build-)dependency on the SDL 1.2 APIs.

I'm also marking this as blocked by flowblade being ported.  Please add
a similar blocked relationship if you find any other packages that use
mlt and SDL 1.2.

sdl12-compat has now taken over the libsdl1.2-dev package name from
the older libsdl1.2 in unstable. Please revert the build-dependency to
libsdl1.2-dev in a future upload of mlt, so that libsdl1.2-compat-dev
can be removed after Debian 13 is released without causing disruption
for this package.

smcv

Bug#1040924: clevis-udisks2: Depends on NBS libblockdev-crypto2

[Christoph Biedl]

Control: tags 1040924 moreinfo

Jeremy Bícha wrote...

> clevis-udisks2 depends on libblockdev-crypto2 which is no longer built
> by libblockdev in Unstable. Please update the manual dependency to
> libblockdev-crypto3

I fail to understand what is happening here. Is this supposed to be a
transition? Then it didn't quite follow the procedure as outlined in
https://wiki.debian.org/Teams/ReleaseTeam/Transitions

Christoph


signature.asc
Description: PGP signature

Bug#1040908: [Pkg-utopia-maintainers] Bug#1040908: Bug#1040908: Please don't depend on mdadm

[Michael Biebl]

Am 12.07.23 um 18:11 schrieb Josh Triplett:

My understanding was that that error happens *unconditionally* whether
there's a RAID device on the system or not, and that that bug is fixed
by depending on libblockdev-mdraid3 (which seems fine). But if I'm
understanding the upstream issue correctly, libblockdev-mdraid3 doesn't
actually need the mdadm binary *unless* the user's system actually has a
RAID device on it, in which case they would more likely want to have
mdadm installed. So, I *think* removing the Depends on mdadm would mean
that the only users getting an error message are those who have a RAID
device and *don't* have mdadm installed, which seems like exactly the
set of users who *should* get an error message.


I was pondering the question myself and came to a similiar conclusion.
A user with RAID devices most likely has mdadm installed anyway, so 
demoting it to Suggests seems ok, as we wouldn't generate error messages 
for users without RAID devices.



Michael



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1040940: rmlint-gui fails to start: SyntaxError: source code cannot contain null bytes

[Julian Gilbey]

Package: rmlint-gui
Version: 2.9.0-2.4
Severity: grave

euler:~ $ rmlint --gui
  File "/tmp/.shredder-bootstrap.py.KFWS71", line 23

SyntaxError: source code cannot contain null bytes


The generated temporary source file has a null byte at the end of the
file.  This is quite possibly already fixed upstream.

Bug#1040939: bookworm-pu: package rmlint/2.9.0-2.3+deb12u1

[Julian Gilbey]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: rml...@packages.debian.org
Control: affects -1 + src:rmlint

[ Reason ]
This bug has been present for a long time but only just stumbled
upon.  rmlint-gui installs a Python package with an invalid version
number, causing other packages to mysteriously break when rmlint-gui
is installed.  Only spyder has been reported to be affected so far,
but I expect others to be equally impacted.

[ Impact ]
Some other unrelated packages will continue to break in strange ways.
It may well also cause headaches to maintainers of those packages.

[ Tests ]
No tests cover the affected code, unfortunately, to the best of my
knowledge.  However, the package rmlint-gui doesn't work anyway (I
had never used it, but just tried and it crashed immediately with a
SyntaxError).  Nevertheless, its mere presence on a Debian system will
cause the above error.  Upstream is now showing signs of life again,
though the package does not currently have an active Debian
maintainer, so it may be dropped from testing soon; I'll file an RC
bug against the current version in a moment.

[ Risks ]
I cannot see any risks to fixing one bug in a piece of broken
software.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Apply an upstream patch to fix the Python version number.

[ Other info ]
This is an NMU because the maintainer is MIA.
diff -Nru rmlint-2.9.0/debian/changelog rmlint-2.9.0/debian/changelog
--- rmlint-2.9.0/debian/changelog   2021-04-15 22:03:37.0 +0100
+++ rmlint-2.9.0/debian/changelog   2023-07-12 16:18:40.0 +0100
@@ -1,3 +1,11 @@
+rmlint (2.9.0-2.3+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix error in other packages caused by invalid python package version
+number (cherry-picking upstream patch; closes: #1040179)
+
+ -- Julian Gilbey   Wed, 12 Jul 2023 16:18:40 +0100
+
 rmlint (2.9.0-2.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru rmlint-2.9.0/debian/patches/python-version-number.patch 
rmlint-2.9.0/debian/patches/python-version-number.patch
--- rmlint-2.9.0/debian/patches/python-version-number.patch 1970-01-01 
01:00:00.0 +0100
+++ rmlint-2.9.0/debian/patches/python-version-number.patch 2023-07-12 
16:18:40.0 +0100
@@ -0,0 +1,17 @@
+From: Cebtenzzre
+Subject: gui: use PEP 440-compliant version number
+Origin: upstream, 
https://github.com/sahib/rmlint/commit/b5a6d9b359b1fc1ea75bdb6c1ae6cbdc0a304ecf
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040179
+
+--- a/gui/setup.py
 b/gui/setup.py
+@@ -14,7 +14,8 @@
+ with open('../.version', 'r') as handle:
+ version_string = handle.read()
+ 
+-return version_string.strip()
++version_numbers, _ = version_string.split(' ', 1)
++return version_numbers
+ 
+ 
+ def get_prefix():
diff -Nru rmlint-2.9.0/debian/patches/series rmlint-2.9.0/debian/patches/series
--- rmlint-2.9.0/debian/patches/series  2021-04-15 22:03:37.0 +0100
+++ rmlint-2.9.0/debian/patches/series  2023-07-12 16:18:40.0 +0100
@@ -8,3 +8,4 @@
 glib-2_62.patch
 0001-fix-link-error-on-compilers-with-fno-common-enabled.patch
 0010-apply-upstream-fix-for-data-loss-bug.patch
+python-version-number.patch

Bug#1038096: libxine2-x: Depends on SDL 1.2

[Simon McVittie]

Control: reopen -1

On Thu, 15 Jun 2023 at 14:15:10 +0100, Simon McVittie wrote:
> If it is not possible to port to SDL 2, please test the package with
> libsdl1.2-compat-shim (preferably version 1.2.64 or later), and leave
> this bug open to track the package as still using SDL 1.2 APIs.

sdl12-compat is still the SDL 1.2 API, which has been deprecated for
many years, so I'm reopening this. It should stay open as long as
xine-lib-1.2 has a (build-)dependency on the SDL 1.2 APIs.

The two possible ways to close this bug are:

* xine-lib-1.2 switches to the SDL 2 API (natively, without going via
  sdl12-compat), like wolf4sdl recently did

* xine-lib-1.2 disables/removes its use of SDL, like vlc recently did

This bug is not release-critical, and if you are unable to do either of
those, then the bug can stay open. I am not intending to remove
sdl12-compat until a lot more packages have moved to SDL 2.

> It is *not* necessary to change dependencies from libsdl1.2debian to
> libsdl1.2-compat-shim, or from libsdl1.2-dev to libsdl1.2-compat-dev.
> My intention is to make a future version of sdl12-compat take over
> the old package names, to minimize the changes that are required in
> dependent packages.

This has now been done in unstable. Please revert the build-dependency
to libsdl1.2-dev in a future upload, so that libsdl1.2-compat-dev can
be removed after Debian 13 is released without causing disruption for
this package.

smcv

Bug#1040938: bookworm-pu: package nvidia-graphics-drivers-tesla/525.125.06-1~deb12u1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
Let's update nvidia-graphics-drivers-tesla in bookworm to a new
upstream release fixing some CVEs.

[ Impact ]
A proprietary graphics driver with more CVEs open.

[ Tests ]
Only module building has been tested. Anything else would require
certain hardware and driver usage.

[ Risks ]
Low. Upgrading to a new nvidia driver release in stable is an
established procedure.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  (excluding the blobs)
  [*] attach debdiff against the package in (old)stable
  (excluding the blobs)
  [*] the issue is verified as fixed in unstable

[ Changes ]
This is a rebuild of src:nvidia-graphics-drivers-tesla/sid with no further
changes. It is more or less identical to src:nvidia-graphics-drivers in
sid and bookworm(-pu).

[ Other info ]
The package is already uploaded.

Andreas

Bug#1040524: libboost1.74-dev: g++-12 fails to compile interval.hpp on ppc64el: error: narrowing conversion

[Gianfranco Costamagna]

control: tags -1 patch fixed-upstream
control: forwarded -1 https://github.com/boostorg/interval/pull/30

Looks like upstream has a pull request fixing this issue.

G.

On Fri, 07 Jul 2023 11:25:45 +0200 Andreas Beckmann  wrote:

Package: libboost1.74-dev
Version: 1.74.0+ds1-21.1
Severity: serious

This is a regression from g++-11:

$ echo '#include ' | g++-11 -x c++ -c -
$ echo '#include ' | g++-12 -x c++ -c -
In file included from /usr/include/boost/numeric/interval/hw_rounding.hpp:28,
 from /usr/include/boost/numeric/interval.hpp:18,
 from :1:
/usr/include/boost/numeric/interval/detail/ppc_rounding_control.hpp:31:56: 
error: narrowing conversion of '1892273895866370' from 'long long unsigned 
int' to 'boost::long_long_type' {aka 'long long int'} [-Wnarrowing]
   31 | static const rounding_mode_struct mode_upward  = { 
0xFFF80002LL };
  |
^~~~
/usr/include/boost/numeric/interval/detail/ppc_rounding_control.hpp:32:56: 
error: narrowing conversion of '1892273895866371' from 'long long unsigned 
int' to 'boost::long_long_type' {aka 'long long int'} [-Wnarrowing]
   32 | static const rounding_mode_struct mode_downward= { 
0xFFF80003LL };
  |
^~~~
/usr/include/boost/numeric/interval/detail/ppc_rounding_control.hpp:33:56: 
error: narrowing conversion of '1892273895866368' from 'long long unsigned 
int' to 'boost::long_long_type' {aka 'long long int'} [-Wnarrowing]
   33 | static const rounding_mode_struct mode_to_nearest  = { 
0xFFF8LL };
  |
^~~~
/usr/include/boost/numeric/interval/detail/ppc_rounding_control.hpp:34:56: 
error: narrowing conversion of '1892273895866369' from 'long long unsigned 
int' to 'boost::long_long_type' {aka 'long long int'} [-Wnarrowing]
   34 | static const rounding_mode_struct mode_toward_zero = { 
0xFFF80001LL };
  |
^~~~

The same behavior is observable with libboost1.81-dev.


Andreas




OpenPGP_signature
Description: OpenPGP digital signature

Bug#1040908: [Pkg-utopia-maintainers] Bug#1040908: Please don't depend on mdadm

[Josh Triplett]

On Wed, 12 Jul 2023 13:14:47 +0200 Michael Biebl  wrote:
> Am 12.07.23 um 11:14 schrieb Josh Triplett:
> > Package: libblockdev-mdraid3
> > Version: 3.0.1-1
> > Severity: normal
> > X-Debbugs-Cc: j...@joshtriplett.org
> > 
> > Current udisks2 has a dependency on libblockdev-mdraid3, and
> > libblockdev-mdraid3 has a dependency on mdadm. This effectively makes
> > mdadm required on desktop systems.
> > 
> > As I understand it from
> > https://github.com/storaged-project/udisks/issues/1142 , udisks2 needs
> > to depend on libblockdev-mdraid3. (And that much isn't necessarily an
> > issue, it's just a library.)
> > 
> > Would it be possible for libblockdev-mdraid3 to avoid pulling in mdadm,
> 
> By avoid, I assume you mean not even demoting it to Recommends would be 
> an option for you, but drop the dependency completely (or make it a 
> Suggests)

I was hoping for a Suggests, yes. Using Recommends would still leave
this as an issue for most desktop systems, and would contribute to the
reasons why some people disable Recommends by default and just
selectively install Recommends when installing packages.

> > so that systems not using RAID don't have to have mdadm and its
> > associated configuration and boot-time logic installed?
> 
> And then I'll get bug reports like
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989493

My understanding was that that error happens *unconditionally* whether
there's a RAID device on the system or not, and that that bug is fixed
by depending on libblockdev-mdraid3 (which seems fine). But if I'm
understanding the upstream issue correctly, libblockdev-mdraid3 doesn't
actually need the mdadm binary *unless* the user's system actually has a
RAID device on it, in which case they would more likely want to have
mdadm installed. So, I *think* removing the Depends on mdadm would mean
that the only users getting an error message are those who have a RAID
device and *don't* have mdadm installed, which seems like exactly the
set of users who *should* get an error message.

- Josh Triplett

Bug#1040912: lightdm-gtk-greeter: greeter always uses Gnome (Standard) as default Xsession

[Yves-Alexis Perez]

On Wed, Jul 12, 2023 at 03:30:06PM +, Dieter Scheinkönig wrote:
> Hi Yves-Alexis,
> 
> I do not have a .xsession or .Xsession in my home directory.

Ok

> So, I’m using the default. I’m not in front of my computer right now, so I 
> would send it later from /etc/X11.

Please especially send the .xsession-errors log (check for personal
information first though). /etc/X11/Xsession sources various files from
/etc/X11/Xsession.d and the session selection (if not selected in the
greeter)  should be done from
/etc/X11/Xsession.d/50x11-common_determine-startup
> 
> As mentioned, the difference between using the login between Debian 11 and 12 
> is, before the selection of respective xsession (xfce, kde, gnome) did stay 
> after restart. Now it’s not the case anymore.

Sorry but it's not at all clear what you mean here: are you using the
*default* session, or are you choosing a session in the greeter and it's
not actually selected? In the lightdm log you sent, you were using the
default session.
> 
> I’m happy to do the necessary configuration, however I do not know where to 
> search for. A “find” in /etc did not give me any result.
> 
> In case it would be a bug, you would transfer to the artic maintainer?

I don't think so, again it doesn't look like a but in the greeter.

Regards,
-- 
Yves-Alexis Perez

Bug#1040935: Please provide a version-less package for libboost-json1.81-dev

[Gianfranco Costamagna]

control: close -1
On Wed, 12 Jul 2023 17:22:28 +0200 Mathieu Malaterre  wrote:

Source: boost1.81
Version: 1.81.0-5.2

As per title. For example I can Depends: on
libboost-program-options-dev and have a nice transition. I cannot do
the equivalent with libboost-json1.81-dev

Thanks !


This is done in boost-defaults, not boost1.81, and this is currently only in 
experimental due to the transition not started yet

Package: libboost-json-dev
Homepage: https://www.boost.org/doc/libs/release/libs/json/
Architecture: any
Multi-Arch: same
Section: libdevel
Depends: ${misc:Depends}, libboost-json1.81-dev
Description: C++ containers and algorithms that implement JSON (default version)
 This library focuses on a common and popular use-case: parsing
 and serializing to and from a container called value which holds
 JSON types.
 .
 Any value which you build can be serialized and then deserialized,
 guaranteeing that the result will be equal to the original value.
 Whatever JSON output you produce with this library will be readable
 by most common JSON implementations in any language.
 .
 This package is a dependency package, which depends on Debian's default
 Boost version (currently 1.81).

G.

Bug#1040937: libdune-ocaml-dev: Missing libdune-ocaml-dev-* Provides

[Adrian Bunk]

Package: libdune-ocaml-dev
Version: 3.9.0-2
Severity: serious
Control: affects -1 libutop-ocaml-dev

The following packages have unmet dependencies:
 libutop-ocaml-dev : Depends: libdune-ocaml-dev-v9190 but it is not installable

libdune-ocaml-dev does not have any libdune-ocaml-dev-* Provides.

Looking at the dependencies of libdune-ocaml-dev, the loss of
the libcsexp-ocaml-dev-* dependency (that is present in bookworm)
might also be a bug.

Bug#1040912: lightdm-gtk-greeter: greeter always uses Gnome (Standard) as default Xsession

[Dieter Scheinkönig]

Hi Yves-Alexis,

I do not have a .xsession or .Xsession in my home directory.
So, I’m using the default. I’m not in front of my computer right now, so I 
would send it later from /etc/X11.

As mentioned, the difference between using the login between Debian 11 and 12 
is, before the selection of respective xsession (xfce, kde, gnome) did stay 
after restart. Now it’s not the case anymore.

I’m happy to do the necessary configuration, however I do not know where to 
search for. A “find” in /etc did not give me any result.

In case it would be a bug, you would transfer to the artic maintainer?

Thanks a lot
Dieter




— 
tel:+49 (1515) 37 97 811
mailto:die...@scheinkoenig.com


> Am 12.07.2023 um 15:11 schrieb Yves-Alexis Perez :
> 
> Yves-Alexis Pere

Bug#1040934: Missing USB and other support in qemu

[Michael Tokarev]

Control: forcemerge -1 1037341

12.07.2023 17:53, Gwyll Gwyllin wrote:

Package: qemu-system-x86
Version: 1:7.2+dfsg-7

# /usr/sbin/xl usbdev-attach vm_bim hostbus=${BUS} hostaddr=${DEV}
libxl: error: libxl_qmp.c:1837:qmp_ev_parse_error_messages: Domain 
19:'usb-host' is not a valid device model name
libxl: error: libxl_device.c:1468:device_addrm_aocomplete: unable to add device
libxl_device_usbdev_add failed.


This is #1037341, fixed in sid and in bookworm-pu.

You didn't mention what's up with "other support in qemu", though.

/mjt

Bug#1040936: openscap-utils: oscap-docker fails due to missing dependency on python3-openscap

[Craig Andrews]

Package: openscap-utils
Version: 1.3.8+dfsg-1
Severity: normal

Dear Maintainer,

oscap-docker doesn't working due to a missing dependency on
python3-openscap as seen below:

$ oscap-docker 
Traceback (most recent call last):
  File "/usr/bin/oscap-docker", line 24, in 
from oscap_docker_python.oscap_docker_util import OscapDockerScan
ModuleNotFoundError: No module named 'oscap_docker_python'

After running:
apt-get install -y python3-openscap
then trying again, another missing dependency is revealed, this time on
python3-docker:

$ oscap-docker 
Traceback (most recent call last):
  File "/usr/bin/oscap-docker", line 24, in 
from oscap_docker_python.oscap_docker_util import OscapDockerScan
  File 
"/usr/lib/python3/dist-packages/oscap_docker_python/oscap_docker_util.py", line 
30, in 
import docker
ModuleNotFoundError: No module named 'docker'

Therefore, I believe the solution to this bug to have two parts:
1. For openscap-utils, add a dependency on python3-openscap
2. For python3-openscap, add a dependency on python3-docker

Thank you!

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.12-200.fc38.x86_64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages openscap-utils depends on:
ii  openscap-scanner  1.3.8+dfsg-1
ii  python3   3.11.4-5
ii  rpm   4.18.0+dfsg-1+b1

openscap-utils recommends no packages.

Versions of packages openscap-utils suggests:
pn  openscap-doc  

-- no debconf information

Bug#1040935: Please provide a version-less package for libboost-json1.81-dev

[Mathieu Malaterre]

Source: boost1.81
Version: 1.81.0-5.2

As per title. For example I can Depends: on
libboost-program-options-dev and have a nice transition. I cannot do
the equivalent with libboost-json1.81-dev

Thanks !

Bug#1022171: argyll: Please enable riscv64 build

[Bo YU]

Source: argyll
Version: 2.3.1+repack-1.1
Followup-For: Bug #1022171

Dear Maintainer,

I have updated the 0001_jam.patch which based on Graham Inggs's patch
and I can confirm the package can be built with it.

Please consider to apply it if you upload it next time or I can try to
NMU it some days later?:)

Thanks.


-- 
Regards,
--
  Bo YU

diff -Nru argyll-2.3.1+repack/debian/changelog 
argyll-2.3.1+repack/debian/changelog
--- argyll-2.3.1+repack/debian/changelog2022-09-04 14:04:18.0 
+0800
+++ argyll-2.3.1+repack/debian/changelog2023-07-12 22:35:14.0 
+0800
@@ -1,3 +1,10 @@
+argyll (2.3.1+repack-1.2) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Update 0001_jam.patch to support riscv64 (Closes: #1022171)
+
+ -- Bo YU   Wed, 12 Jul 2023 22:35:14 +0800
+
 argyll (2.3.1+repack-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru argyll-2.3.1+repack/debian/patches/0001_jam.patch 
argyll-2.3.1+repack/debian/patches/0001_jam.patch
--- argyll-2.3.1+repack/debian/patches/0001_jam.patch   2022-09-04 
14:04:18.0 +0800
+++ argyll-2.3.1+repack/debian/patches/0001_jam.patch   2023-07-12 
21:57:37.0 +0800
@@ -6,8 +6,7 @@
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 --- a/Jambase
 +++ b/Jambase
-@@ -980,9 +980,9 @@
-   }
+@@ -981,7 +981,7 @@
  
# UNIX defaults
  
@@ -16,9 +15,7 @@
CCOPTFLAG   ?= -O2 ;
CCDEBUGFLAG ?= -g ; 
CCPROFFLAG  ?= ;
-   CCSHOBJFLAG ?= -fPIC ;  # Position 
independent is better for ShLibrary
-@@ -990,9 +990,9 @@
-   CHMOD   ?= chmod ;
+@@ -991,7 +991,7 @@
CHGRP   ?= chgrp ;
CHOWN   ?= chown ;
LEX ?= lex ;
@@ -27,9 +24,7 @@
LINKOPTFLAG ?= -O ; # Affects 
creating .so's
LINKSTRIPFLAG   ?= -s ;
LINKDEBUGFLAG   ?= ;
-   LINKPROFFLAG?= ;
-@@ -1089,9 +1089,9 @@
-   RM  ?= rm -f ;
+@@ -1090,7 +1090,7 @@
RMDIR   ?= $(RM) ;
RSH ?= rsh ;
SED ?= sed ;
@@ -38,11 +33,9 @@
SHELLMODE   ?= 755 ;
SLASH   ?= / ;
STDHDRS ?= /usr/include ;
-   SUFEXE  ?= "" ;
 --- a/Jamtop
 +++ b/Jamtop
-@@ -18,8 +18,9 @@
- 
+@@ -19,6 +19,7 @@
  # Keep this DESTDIR anchored to Jamtop. PREFIX is used literally
  ANCHORED_PATH_VARS = DESTDIR ;
  
@@ -50,9 +43,7 @@
  
  # Should we also allow CFLAGS, CXXFLAGS, CPPFLAGS & LDFLAGS env. variables
  # to have effect ?
- 
-@@ -154,19 +155,84 @@
-   subd = $(3) ;
+@@ -155,17 +156,85 @@
}
  
if ! $(BUILTIN_$(UCASE)) && $(UNIX) {
@@ -87,6 +78,7 @@
 +  || [ GLOB /usr/include/powerpc-linux-gnuspe$(subd) : $(lcase).h 
$(lcase)lib.h ]
 +  || [ GLOB /usr/include/powerpc64-linux-gnu$(subd) : $(lcase).h 
$(lcase)lib.h ]
 +  || [ GLOB /usr/include/powerpc64le-linux-gnu$(subd) : 
$(lcase).h $(lcase)lib.h ]
++  || [ GLOB /usr/include/riscv64-linux-gnu$(subd) : $(lcase).h 
$(lcase)lib.h ]
 +  || [ GLOB /usr/include/s390x-linux-gnu$(subd) : $(lcase).h 
$(lcase)lib.h ]
 +  || [ GLOB /usr/include/sh4-linux-gnu$(subd) : $(lcase).h 
$(lcase)lib.h ]
 +  || [ GLOB /usr/include/sparc-linux-gnu$(subd) : $(lcase).h 
$(lcase)lib.h ]
@@ -133,6 +125,8 @@
 +  || [ GLOB /usr/lib/powerpc64-linux-gnu : lib$(lcase).a ]
 +  || [ GLOB /usr/lib/powerpc64le-linux-gnu : 
lib$(lcase).so ]
 +  || [ GLOB /usr/lib/powerpc64le-linux-gnu : 
lib$(lcase).a ]
++  || [ GLOB /usr/lib/riscv64-linux-gnu : lib$(lcase).so ]
++  || [ GLOB /usr/lib/riscv64-linux-gnu : lib$(lcase).a ]
 +  || [ GLOB /usr/lib/s390x-linux-gnu : lib$(lcase).so ]
 +  || [ GLOB /usr/lib/s390x-linux-gnu : lib$(lcase).a ]
 +  || [ GLOB /usr/lib/sh4-linux-gnu : lib$(lcase).so ]
@@ -146,4 +140,3 @@
echo "Using system $(UCASE) library" ;
$(UCASE)LIB = ;
$(UCASE)INC = ;
-   LINKFLAGS += $(LINKFLAG)$(lcase) ;


signature.asc
Description: PGP signature

Bug#1031183: grub-installer: postinst fails if efivarfs cannot be mounted

[Roland Clobus]

Control: affects 1039710 grub-installer

Hello Arnaud,

This looks to be very similar that I reported in the first part of 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039710

On BIOS-boots the EFI /sys mount is not present.

With kind regards,
Roland Clobus

On 12/07/2023 16:30, Arnaud Rebillout wrote:
The postinst still fails at this point. The error can be reproduced from 
the console:


   mkdir -p /target/sys/firmware/efi/efivars
   mkdir: can't create directory '/target/sys/firmware/efi': Operation 
not permitted


I suppose the mkdir call must also be allowed to fail when fstype is 
efivarfs (following the same logic that is already used for mount).


Do you want me to submit a patch?

NB: the issue only affects a BIOS VM. If I boot a UEFI VM, everything 
works fine.




OpenPGP_signature
Description: OpenPGP digital signature

Bug#1029095: libselinux: claim /run/setrans directory

[Christian Göttsche]

On Mon, 10 Jul 2023 at 12:14, Laurent Bigonville  wrote:
>
> I'm wondering if that couldn't be done directly by the systemd package
> instead of the libselinux1, that might avoid us the need to introduce a
> new libselinux-common package or headache in the (unlikely?) case there
> a soname change to the libselinux library.
>

That seems sensible, since most of the tmpfiles.d snippets today are
provided by pkg:systemd already.
Are you referring with the soname change to co-installations issues
(another example would be libselinux1:amd64 vs libselinux1:i386)?
That would also be solved by shipping via pkg:systemd.

The only already existing alternative that came to my mind is
selinux-basics (which is however not installed by default and not a
dependency of any package).

> Note that we might need to remove the RuntimeDirectory=setrans option in
> the mcstrans.service to avoid conflict (but that might be for the next
> debian release)
>

I do not thinks RuntimeDirectory= conflicts with the tmpfiles.d entry,
especially since mcstrans uses RuntimeDirectoryPreserve=true since
3.5[1].
But probably the systemd maintainers will know for sure.

> If that's OK for you I'll coordinate with the debian systemd maintainer
>

ACK

> Kind regards,
>
> Laurent
>

[1]: 
https://github.com/SELinuxProject/selinux/commit/4622ac0064f63fef0821fe0b0aaa52054e8c5ed3

Bug#1040934: Missing USB and other support in qemu

[Gwyll Gwyllin]

Package: qemu-system-x86

Version: 1:7.2+dfsg-7

 

# /usr/sbin/xl usbdev-attach vm_bim hostbus=${BUS} hostaddr=${DEV}

libxl: error: libxl_qmp.c:1837:qmp_ev_parse_error_messages: Domain
19:'usb-host' is not a valid device model name

libxl: error: libxl_device.c:1468:device_addrm_aocomplete: unable to add
device

libxl_device_usbdev_add failed.

 

The error occurs when trying to attach a physical USB device to a domU.

Upgraded from bullseye and started the existing XEN domU. The domU worked
fine with bullseye, the USB passthrough also.

 

The steps with running domU:

*   # /usr/sbin/xl usbctrl-attach vm1 version=1
*   # /usr/sbin/xl usbdev-attach vm1 hostbus=${BUS} hostaddr=${DEV}

 

The expected behavior is working USB passthrough.

The package might compiled with incomplete parameters . --enable-libusb
seems missing.

 

uname -a

Linux xen 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.37-1 (2023-07-03)
x86_64 GNU/Linux

 

Dependencies:

ii  ipxe-qemu 1.0.0+git-20190125.36a4c85-5.1 all  PXE
boot firmware - ROM images for qemu

ii  libaio1:amd64 0.3.113-4  amd64Linux
kernel AIO access library - shared library

ii  libbpf1:amd64 1:1.1.0-1  amd64eBPF
helper library (shared library)

ii  libc6:amd64   2.36-9 amd64GNU C
Library: Shared libraries

ii  libcapstone4:amd644.0.2-5amd64
lightweight multi-architecture disassembly framework - library

ii  libfdt1:amd64 1.6.1-4+b1 amd64Flat
Device Trees manipulation library

ii  libfuse3-3:amd64  3.14.0-4   amd64
Filesystem in Userspace (library) (3.x version)

ii  libgcc-s1:amd64   12.2.0-14  amd64GCC
support library

ii  libglib2.0-0:amd642.74.6-2   amd64GLib
library of C routines

ii  libgmp10:amd642:6.2.1+dfsg1-1.1  amd64
Multiprecision arithmetic library

ii  libgnutls30:amd64 3.7.9-2amd64GNU
TLS library - main runtime library

ii  libhogweed6:amd64 3.8.1-2amd64low
level cryptographic library (public-key cryptos)

ii  libibverbs1:amd64 44.0-2 amd64
Library for direct userspace use of RDMA (InfiniBand/iWARP)

ii  libjpeg62-turbo:amd64 1:2.1.5-2  amd64
libjpeg-turbo JPEG runtime library

ii  libnettle8:amd64  3.8.1-2amd64low
level cryptographic library (symmetric and one-way cryptos)

ii  libnuma1:amd642.0.16-1   amd64
Libraries for controlling NUMA policy

ii  libpixman-1-0:amd64   0.42.2-1   amd64
pixel-manipulation library for X and cairo

ii  libpmem1:amd641.12.1-2   amd64
Persistent Memory low level support library, v1 runtime

ii  libpng16-16:amd64 1.6.39-2   amd64PNG
library - runtime (version 1.6)

ii  librdmacm1:amd64  44.0-2 amd64
Library for managing RDMA connections

ii  libsasl2-2:amd64  2.1.28+dfsg-10 amd64Cyrus
SASL - authentication abstraction library

ii  libseccomp2:amd64 2.5.4-1+b3 amd64high
level interface to Linux seccomp filter

ii  libslirp0:amd64   4.7.0-1amd64
General purpose TCP-IP emulator library

ii  libudev1:amd64252.6-1amd64
libudev shared library

ii  liburing2:amd64   2.3-3  amd64Linux
kernel io_uring access library - shared library

ii  libvdeplug2:amd64 4.0.1-4amd64
Virtual Distributed Ethernet - Plug library

ii  libzstd1:amd641.5.4+dfsg2-5  amd64fast
lossless compression algorithm

ii  qemu-system-common1:7.2+dfsg-7   amd64QEMU
full system emulation binaries (common files)

ii  qemu-system-data  1:7.2+dfsg-7   all  QEMU
full system emulation (data files)

ii  seabios   1.16.2-1   all  Legacy
BIOS implementation

ii  zlib1g:amd64  1:1.2.13.dfsg-1amd64
compression library - runtime

 

Reverting to qemu-system-x86=1:5.2+dfsg-11+deb11u2 solves the problem
temporary.

 

Regards,

Gwyll

 

 

Bug#1040933: TracError: InvalidVersion: Invalid version: '3.5.0-git20211031.e6458ec-1-b1'

[Christian T. Steigies]

Package: trac
Version: 1.5.4-1
Severity: normal

Dear Maintainer,
I have upgraded a server to bookworm.  On this server trac has been running
fine since before buster with the package installed from unstable.
After upgrading to bookworm the trac webpage reported:

Internal Server Error
TracError: InvalidVersion: Invalid version: '3.5.0-git20211031.e6458ec-1-b1'

This "Invalid version" seems to be from libapache2-mod-python, so I rebuilt
this package after changing the version to a purely numeric version number 
(3.5.0.1-1).
While rebuilding libapache2-mod-python, I saw this message during configure:
checking for --with-python... /usr/bin/python3
checking Python version...   File "", line 1
import sys; print({}.{}.format(*sys.version_info))
 ^
SyntaxError: invalid syntax

The package builds fine (but can not be built twice from the same source
dir), however, and after installing version 3.5.0.1-1, trac is working fine
again.  While there seems to be a problem with libapache2-mod-python, I
don't think that the version number is invalid, the changelog says: "New
upstream git snapshot, upstream no longer cuts releases", so the version
check somewhere in trac should be adjusted.

Thanks for maintaining trac, I can't wait to see version 1.6 ;-)
Christian


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'proposed-updates'), (300, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=en_US (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages trac depends on:
ii  libjs-excanvas   0.r4~git20090427.000-4
ii  libjs-jquery 3.6.1+dfsg+~3.5.14-1
ii  libjs-jquery-timepicker  1.6.3-4
ii  libjs-jquery-ui  1.13.2+dfsg-1
ii  python3  3.11.2-1+b1
ii  python3-jinja2   3.1.2-1
ii  python3-pkg-resources66.1.1-1
ii  python3-setuptools   66.1.1-1

Versions of packages trac recommends:
ii  apache2 [httpd] 2.4.57-2
ii  python3-babel   2.10.3-1
ii  python3-docutils0.19+dfsg-6
ii  python3-pygments2.14.0+dfsg-1
ii  python3-subversion  1.14.2-4+b2
ii  python3-tz  2022.7.1-4

Versions of packages trac suggests:
pn  libapache2-mod-wsgi
pn  python3-psycopg2   
pn  python3-textile
pn  trac-accountmanager
pn  trac-authopenid
pn  trac-bitten
pn  trac-bzr   
pn  trac-customfieldadmin  
pn  trac-email2trac
pn  trac-graphviz  
pn  trac-ja-resource   
pn  trac-mastertickets 
pn  trac-mercurial 
pn  trac-spamfilter
pn  trac-wikiprint 
pn  trac-wikirename
pn  trac-wysiwyg   
pn  trac-xmlrpc

-- no debconf information

Bug#1040932: bookworm-pu: package nvidia-graphics-drivers/525.125.06-1~deb12u1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
Let's update nvidia-graphics-drivers in bookworm to a new
upstream release fixing some CVEs.

[ Impact ]
A proprietary graphics driver with more CVEs open.

[ Tests ]
Only module building has been tested. Anything else would require
certain hardware and driver usage.

[ Risks ]
Low. Upgrading to a new nvidia driver release in stable is an
established procedure.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  (excluding the blobs)
  [x] attach debdiff against the package in (old)stable
  (excluding the blobs)
  [x] the issue is verified as fixed in unstable

[ Changes ]
This is a rebuild of src:nvidia-graphics-drivers/sid with no further
changes.

[ Other info ]
The package is already uploaded.

Andreas
diff --git a/debian/README.source b/debian/README.source
index 05196920..4c3ae0a0 100644
--- a/debian/README.source
+++ b/debian/README.source
@@ -33,8 +33,9 @@ Upstream support timeframes
 Tesla 460 (PB)  01/2022 EoL
 Tesla 470 (LTSB)07/2024
 Tesla 510 (PB)  01/2023 EoL
-Tesla 515 (PB)  05/2023
+Tesla 515 (PB)  05/2023 EoL
 Tesla 525 (PB)  12/2023
+Tesla 535 (LTSB)06/2026
 
 
 The branch structure in the GIT repository
@@ -67,20 +68,15 @@ The branch structure in the GIT repository
 460-tesla   EoL   (bullseye)  470-tesla, tesla-460/main
 tesla-460/main  EoL   (bullseye),(sid)tesla-470/main, 
tesla-460/transition-470
 tesla-460/transition-470  bullseye,sid
-470   bullseye510, 470-tesla
-470-tesla (bullseye)  510-tesla, tesla-470/main
-tesla-470/mainbullseye,bookworm,sid tesla-510/main
-510 EoL   (bookworm),sid  515, 510-tesla
-510-tesla   EoL   (bookworm)  515-tesla, tesla-510/main
-tesla-510/main  EoL   (bookworm),(sid)tesla/510, 
tesla-510/transition
-tesla-510/transition  sid
-tesla/510   EoL   (bookworm),sid  tesla/515
-515   (bookworm),sid  525, 515-tesla
-515-tesla (bookworm)  525-tesla, tesla/515
-tesla/515 (bookworm),sid  tesla/525
-525   (bookworm),sid  YYY, 525-tesla
-525-tesla (bookworm)  ZZZ-tesla, tesla/525
-tesla/525 (bookworm),sid  tesla/ZZZ
+470   bullseye525, 470-tesla
+470-tesla (bullseye)  525-tesla, tesla-470/main
+tesla-470/mainbullseye,bookworm,sid tesla/525
+525   bookworm,sid535, 525-tesla
+525-tesla (bookworm)  535-tesla, tesla/525
+tesla/525 bookworm,sidtesla/535
+535   bookworm,sidYYY, 535-tesla
+535-tesla (bookworm)  ZZZ-tesla, tesla/535
+tesla/535 bookworm,sidtesla/ZZZ
 main  sid YYY
 tesla/mainsid
 YYY   experimentalZZZ, (main)
diff --git a/debian/changelog b/debian/changelog
index dd18087f..edd3661c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,48 @@
+nvidia-graphics-drivers (525.125.06-1~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm.
+
+ -- Andreas Beckmann   Wed, 12 Jul 2023 16:16:16 +0200
+
+nvidia-graphics-drivers (525.125.06-1) unstable; urgency=medium
+
+  * New upstream production branch release 525.125.06 (2023-05-09).
+* Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
+  https://nvidia.custhelp.com/app/answers/detail/a_id/5468
+- Fixed a bug which prevented running a Wayland compositor in headless
+  mode on GPUs without display hardware.
+
+  [ Andreas Beckmann ]
+  * Update nv-readme.ids.
+
+ -- Andreas Beckmann   Wed, 12 Jul 2023 09:52:32 +0200
+
+nvidia-graphics-drivers (525.116.04-1) unstable; urgency=medium
+
+  * New upstream production branch release 525.116.04 (2023-05-09).
+  * New upstream production branch release 525.116.03 (2023-04-25).
+- Fixed a regression in Luxmark performance between 525.89.02 and
+  525.105.17.
+- Fixed a bug that could cause an unexpected
+  VK_ERROR_NATIVE_WINDOW_IN_USE_KHR error in certain circumstances when
+  recreating Vulkan surfaces.
+- Fixed a regression that caused brightness control to not vary
+  smoothly across the range of values.
+* Improved compatibility with recent Linux kernels.
+
+  [ Andreas Beckmann ]
+  * Refresh patches.
+  * Update nv-readme.ids.
+
+ -- Andreas Beckmann   Wed, 28 Jun 2023 01:19:51 +0200
+
+nvidia-graphics-drivers (525.105.17-2) unstable; 

Bug#1031183: grub-installer: postinst fails if efivarfs cannot be mounted

[Arnaud Rebillout]

Hello,

I'm testing a Kali Linux mini.iso, in a BIOS virtual machine. Kali uses 
the grub-installer package from Debian, no change and it's up-to-date.


The postinst still fails at this point. The error can be reproduced from 
the console:


  mkdir -p /target/sys/firmware/efi/efivars
  mkdir: can't create directory '/target/sys/firmware/efi': Operation 
not permitted


I suppose the mkdir call must also be allowed to fail when fstype is 
efivarfs (following the same logic that is already used for mount).


Do you want me to submit a patch?

NB: the issue only affects a BIOS VM. If I boot a UEFI VM, everything 
works fine.


Thanks

--
Arnaud Rebillout / OffSec / Kali Linux Developer

Bug#1036641: closed by Debian FTP Masters (reply to Matthias Klose ) (Bug#1036641: fixed in gcc-12 12.3.0-3)

[Andreas Beckmann]

Please try to get this fixed in bookworm, too.

Thanks

Andreas

Bug#1040931: neochat: Encryption is not working with neochat

[Enrique]

Package: neochat
Version: 23.01.0-1
Severity: important
X-Debbugs-Cc: cqu...@arcor.de

Dear Maintainer,

It seems that neochat is not working with E2EE encrypted chats. There is a
message at the typing prompt which reads:

"This room is encrypted. Build libQuotient with encryption enabled to send
encrypted messages".

It would be great of neochat adds support for that.

Thank you!


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable'), (100, 
'bookworm-fasttrack'), (100, 'bookworm-backports-staging')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages neochat depends on:
ii  kio 5.103.0-1
ii  libc6   2.36-9
ii  libcmark0.30.2  0.30.2-6
ii  libkf5configcore5   5.103.0-2
ii  libkf5configgui55.103.0-2
ii  libkf5configwidgets55.103.0-1
ii  libkf5coreaddons5   5.103.0-1
ii  libkf5dbusaddons5   5.103.0-1
ii  libkf5i18n5 5.103.0-1
ii  libkf5itemmodels5   5.103.0-1
ii  libkf5kiocore5  5.103.0-1
ii  libkf5kiogui5   5.103.0-1
ii  libkf5kiowidgets5   5.103.0-1
ii  libkf5notifications55.103.0-1
ii  libkf5sonnetcore5   5.103.0-1
ii  libkf5windowsystem5 5.103.0-1
ii  libqt5core5a5.15.8+dfsg-11
ii  libqt5dbus5 5.15.8+dfsg-11
ii  libqt5gui5  5.15.8+dfsg-11
ii  libqt5keychain1 0.13.2-5
ii  libqt5multimedia5   5.15.8-2
ii  libqt5network5  5.15.8+dfsg-11
ii  libqt5qml5  5.15.8+dfsg-3
ii  libqt5quick55.15.8+dfsg-3
ii  libqt5quickcontrols2-5  5.15.8+dfsg-2
ii  libqt5widgets5  5.15.8+dfsg-11
ii  libquotient0.6  0.6.11-1+b1
ii  libstdc++6  12.2.0-14
ii  qml-module-org-kde-kirigami-addons-labs-mobileform  0.7.0-2
ii  qml-module-org-kde-kirigami25.103.0-1
ii  qml-module-org-kde-kitemmodels  5.103.0-1
ii  qml-module-org-kde-kquickimageeditor0.2.0-4
ii  qml-module-org-kde-notifications5.103.0-1
ii  qml-module-org-kde-purpose  5.103.0-1
ii  qml-module-org-kde-qqc2desktopstyle 5.103.0-1
ii  qml-module-org-kde-sonnet   5.103.0-1
ii  qml-module-org-kde-syntaxhighlighting   5.103.0-3
ii  qml-module-qt-labs-platform 5.15.8+dfsg-2
ii  qml-module-qt-labs-qmlmodels5.15.8+dfsg-3
ii  qml-module-qtmultimedia 5.15.8-2
ii  qml-module-qtqml5.15.8+dfsg-3
ii  qml-module-qtqml-models25.15.8+dfsg-3
ii  qml-module-qtquick-controls25.15.8+dfsg-2
ii  qml-module-qtquick-layouts  5.15.8+dfsg-3
ii  qml-module-qtquick-particles2   5.15.8+dfsg-3
ii  qml-module-qtquick-window2  5.15.8+dfsg-3
ii  qml-module-qtquick2 5.15.8+dfsg-3

neochat recommends no packages.

neochat suggests no packages.

-- no debconf information

Bug#1040930: bullseye-pu: package ca-certificates-java/20190909+deb11u1

[Andreas Beckmann]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Matthias Klose 

[ Reason ]
The bullseye-security upload of openjdk-17 broke the very fragile
assumption in ca-certificates-java that a jre can be used even
before it was configured for the first time.
As a result new installations of openjdk-17-jre-headless from
bullseye-security (or -pu) (and its circular dependency
ca-certificates-java from bookworm) will fail, #1039472, (but
upgrades seem to work fine, since the jre has been configured at
least once in the past).

[ Impact ]
openjdk will fail on new installations after the next point release

[ Tests ]
local piuparts tests of bullseye with the fixed package installed,
buster->bullseye with the fixed package in the upgrade path and
bullseye->bookworm starting from the fixed package.
All installation/upgrades work fine.

[ Risks ]
The hack may break with the next openjdk-17 upload to oldstable, but
there is no alternative solution as trigger support is not yet prepared
in bullseye.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
In case ca-certificates-java wants to run with a not-yet-configured-once
jre, try to temporarily place a java.security file to make the java
command runnable again.

[ Other info ]
The patch is a backported variant of the HACK that temporarily appeared
in sid (ca-certificates-java 20230620).


Andreas
>From f020db198e9e96dbc9ddaf4b3dbe3d9247b85ae5 Mon Sep 17 00:00:00 2001
From: Matthias Klose 
Date: Tue, 20 Jun 2023 06:13:02 +0200
Subject: [PATCH]   [ Vladimir Petko ]   * d/ca-certificates-java.postinst:
 Work-around not yet configured jre.

(cherry picked from commit 561054ed46afe59b5996974e168418362c872d20)
---
 debian/changelog | 8 
 debian/postinst  | 7 +++
 2 files changed, 15 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index e35274e..a49805a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ca-certificates-java (20190909+deb11u1) bullseye; urgency=medium
+
+  [ Vladimir Petko ]
+  * d/ca-certificates-java.postinst: Work-around not yet configured jre.
+(Closes: #1039472)
+
+ -- Andreas Beckmann   Tue, 27 Jun 2023 01:12:19 +0200
+
 ca-certificates-java (20190909) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/postinst b/debian/postinst
index 555f87b..7d68036 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -50,6 +50,13 @@ setup_path()
 if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
 export JAVA_HOME=/usr/lib/jvm/$jvm
 PATH=$JAVA_HOME/bin:$PATH
+   # copy java.security to allow import to function
+   security_conf=/etc/${jvm%-${arch}}/security
+   if [ -f ${security_conf}/java.security.dpkg-new ] \
+   && [ ! -f ${security_conf}/java.security ]; then
+   cp -v ${security_conf}/java.security.dpkg-new \
+   ${security_conf}/java.security
+   fi
 break
 fi
 done
-- 
2.20.1

Bug#1040929: gcc-13-cross-ports: please add arm64 to HOST_ARCHS_

[Emanuele Rocca]

Source: gcc-13-cross-ports
Version: 6
Severity: wishlist

Hi,

On amd64 hosts all ports are supported (ie: the binary package
gcc-13-alpha-linux-gnu and similar are available). That is not the case
for arm64 hosts. Please add arm64 to HOST_ARCHS_ in d/rules.

Thanks,
  Emanuele