Bug#1054461: krb5: annotate test dependencies
Source: krb5 Version: 1.20.1-4 Severity: important Tags: patch User: helm...@debian.org Usertags: rebootstrap User: debian-cr...@lists.debian.org Usertags: cross-satisfiability Thanks for adding build-time testing to krb5! Unfortunately, this happens to break cross build support and therefore architecture bootstrap for all architectures. While the use of dh_auto_test readily enables support for DEB_BUILD_OPTIONS=nocheck and thus the test suite can be disabled, its associated dependencies are presently unconditional. I'm attaching a patch that adds the relevant build profiles and verified that enabling it does not change output artifacts (using reproducible builds). Please consider applying it. Helmut diff --minimal -Nru krb5-1.20.1/debian/changelog krb5-1.20.1/debian/changelog --- krb5-1.20.1/debian/changelog2023-09-11 19:06:57.0 +0200 +++ krb5-1.20.1/debian/changelog2023-10-24 07:17:27.0 +0200 @@ -1,3 +1,10 @@ +krb5 (1.20.1-4.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Annotate test dependencies . (Closes: #-1) + + -- Helmut Grohne Tue, 24 Oct 2023 07:17:27 +0200 + krb5 (1.20.1-4) unstable; urgency=low [ Steve Langasek ] diff --minimal -Nru krb5-1.20.1/debian/control krb5-1.20.1/debian/control --- krb5-1.20.1/debian/control 2023-09-11 19:06:57.0 +0200 +++ krb5-1.20.1/debian/control 2023-10-24 07:17:26.0 +0200 @@ -19,7 +19,7 @@ python3-lxml, python3-sphinx, tex-gyre -Build-Depends-Arch: keyutils, libcmocka-dev, python3-kdcproxy, python3-pyrad +Build-Depends-Arch: keyutils , libcmocka-dev , python3-kdcproxy , python3-pyrad Standards-Version: 4.6.2 Maintainer: Sam Hartman Uploaders: Russ Allbery , Benjamin Kaduk
Bug#1054460: Podman 4.7.1 file overlap with podman-compose
Package: podman Version: 4.7.1+ds4-2 Severity: normal Hi, it seems the latest podman in experimental has file overlap with podman-compose, specificaly podman-compose.1.gz. dpkg: error processing archive /var/cache/apt/archives/podman_4.7.1+ds4-3_amd64.deb (--unpack): trying to overwrite '/usr/share/man/man1/podman-compose.1.gz', which is also in package podman-compose 1.0.6-1 Regards Petr -- System Information: Debian Release: trixie/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'oldstable-security'), (500, 'testing'), (500, 'stable'), (99, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-3-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: default Versions of packages podman depends on: ii conmon 2.1.6+ds1-1 ii crun 1.9-1+b1 ii golang-github-containers-common 0.56.0+ds1-2 ii libc62.38-3 ii libdevmapper1.02.1 2:1.02.185-2 ii libgpgme11 1.18.0-3+b1 ii libseccomp2 2.5.4-1+b3 ii libsqlite3-0 3.43.2-1 ii libsubid41:4.13+dfsg1-3 ii runc 1.1.5+ds1-2 Versions of packages podman recommends: ii buildah1.32.0+ds1-1 ii dbus-user-session 1.14.10-1 ii slirp4netns1.2.1-1 ii tini 0.19.0-1 ii uidmap 1:4.13+dfsg1-3 Versions of packages podman suggests: pn containers-storage ii docker-compose 1.29.2-6 ii fuse-overlayfs 1.10-1 ii iptables1.8.9-2 -- Configuration Files: /etc/cni/net.d/87-podman-bridge.conflist [Errno 13] Permission denied: '/etc/cni/net.d/87-podman-bridge.conflist' -- no debconf information
Bug#1054436: wand: update required for imagemagick 6.9.12.98
On 23.10.2023 21:09, Sebastian Ramacher wrote: > Source: wand > Version: 0.6.11-2 > Severity: serious > Tags: ftbfs > Justification: fails to build from source > X-Debbugs-Cc: sramac...@debian.org > > imagemagick is currently performing a transition of its shared > libraries. wand hard-codes these shared libraries and needs to be > updated for the new SONAMEs. > As it happens, wand ftbfs with the latest version of imagemagick as well. It turns out that the latest version of imagemagick introduced a bug, that makes the test-suite for wand fail. I will report the bug towards imagemagick within the day. Regards, -- Håvard
Bug#1054459: debian-installer: Debian 12.2 amd64 netinst failes to find a kernel image for a Dell 7812
Package: debian-installer Version: debian installer found on amd64 12.2 netinst.iso Severity: important Dear Maintainer, I have several systems and have experienced this difficulty only with the Dell 7812 with an Xeon E5 CPU. The debian 12.2.0 amd64 netinst.iso boots normally and seems to start normally. When it gets to finding a kernel to install, it complains that it cannot find a suitable kernel. I had the same results with debian 12.2 adm64 dvd-1.iso and dlbd-1.iso When I booted the debian 12.2 amd64 live.iso system, its installer ran OK. I am running on the system installed from the live installer right now. This is what made the lspci. I also successfully managed to perform a dist-upgrade from an install of debian 11.6. -- System Information: Debian Release: 12.2 Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-13-amd64 (SMP w/56 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled 00:00.0 Host bridge: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D DMI2 (rev 01) 00:01.0 PCI bridge: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 1 (rev 01) 00:01.1 PCI bridge: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 1 (rev 01) 00:02.0 PCI bridge: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 2 (rev 01) 00:03.0 PCI bridge: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 3 (rev 01) 00:03.1 PCI bridge: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 3 (rev 01) 00:03.2 PCI bridge: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 3 (rev 01) 00:03.3 PCI bridge: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 3 (rev 01) 00:05.0 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D Map/VTd_Misc/System Management (rev 01) 00:05.1 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D IIO Hot Plug (rev 01) 00:05.2 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D IIO RAS/Control Status/Global Errors (rev 01) 00:05.4 PIC: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D I/O APIC (rev 01) 00:11.0 Unassigned class [ff00]: Intel Corporation C610/X99 series chipset SPSR (rev 05) 00:11.4 SATA controller: Intel Corporation C610/X99 series chipset sSATA Controller [AHCI mode] (rev 05) 00:14.0 USB controller: Intel Corporation C610/X99 series chipset USB xHCI Host Controller (rev 05) 00:16.0 Communication controller: Intel Corporation C610/X99 series chipset MEI Controller #1 (rev 05) 00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-LM (rev 05) 00:1a.0 USB controller: Intel Corporation C610/X99 series chipset USB Enhanced Host Controller #2 (rev 05) 00:1b.0 Audio device: Intel Corporation C610/X99 series chipset HD Audio Controller (rev 05) 00:1c.0 PCI bridge: Intel Corporation C610/X99 series chipset PCI Express Root Port #1 (rev d5) 00:1c.1 PCI bridge: Intel Corporation C610/X99 series chipset PCI Express Root Port #2 (rev d5) 00:1d.0 USB controller: Intel Corporation C610/X99 series chipset USB Enhanced Host Controller #1 (rev 05) 00:1f.0 ISA bridge: Intel Corporation C610/X99 series chipset LPC Controller (rev 05) 00:1f.2 RAID bus controller: Intel Corporation C600/X79 series chipset SATA RAID Controller (rev 05) 00:1f.3 SMBus: Intel Corporation C610/X99 series chipset SMBus Controller (rev 05) 03:00.0 VGA compatible controller: NVIDIA Corporation GK104GL [Quadro K5000] (rev a1) 03:00.1 Audio device: NVIDIA Corporation GK104 HDMI Audio Controller (rev a1) 09:00.0 PCI bridge: Texas Instruments XIO2001 PCI Express-to-PCI Bridge df:08.0 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D QPI Link 0 (rev 01) df:08.2 Performance counters: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D QPI Link 0 (rev 01) df:08.3 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D QPI Link 0 (rev 01) df:09.0 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D QPI Link 1 (rev 01) df:09.2 Performance counters: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D QPI Link 1 (rev 01) df:09.3 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D QPI Link 1 (rev 01) df:0b.0 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D R3 QPI Link 0/1 (rev 01) df:0b.1 Performance counters: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D R3 QPI Link 0/1 (rev 01) df:0b.2 Performance counters: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D R3 QPI Link 0/1 (rev 01) df:0b.3 System peripheral: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D R3 QPI Link Debug
Bug#1052327: libdbd-odbc-perl: Test failure in t/rt_57957.t
Control: tags -1 + fixed-upstream On Tue, 2023-10-10 at 12:48 +0800, Paul Wise wrote: > The fix is to increment both pointers at once. > > *p++ = *q++; > > This fixes the libdbd-odbc-perl test failures too. > > I have sent the attached patch to upstream. Upstream released this fix in version 0.1. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#1054434: [Pkg-javascript-devel] Bug#1054434: Bug#1054434: node-redux: website is build with Docusaurus not packaged for debian
On 10/24/23 06:25, Yadd wrote: Control: tags -1 + moreinfo On 10/23/23 23:07, Bastien Roucariès wrote: Source: node-redux Version: 4.2.1-1 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory You should repack or package docusaurus and rebuild Bastien Hello, directory docs contains only .md files, totally readable. What is the serious bug here ? Also website/ directory, no unreadable file, no serialized files,... Do we have to consider html files as no source because they were written with a non free tool ?
Bug#1054434: [Pkg-javascript-devel] Bug#1054434: node-redux: website is build with Docusaurus not packaged for debian
Control: tags -1 + moreinfo On 10/23/23 23:07, Bastien Roucariès wrote: Source: node-redux Version: 4.2.1-1 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory You should repack or package docusaurus and rebuild Bastien Hello, directory docs contains only .md files, totally readable. What is the serious bug here ?
Bug#1054458: ITP: mhz -- CPU frequency measurement utility
Package: wnpp Severity: wishlist Owner: Benjamin Drung X-Debbugs-Cc: debian-de...@lists.debian.org, bdr...@debian.org * Package name: mhz Version : 0.0+git20230617 Upstream Contact: Willy Tarreau * URL : https://github.com/wtarreau/mhz * License : MIT Programming Lang: C Description : CPU frequency measurement utility This tool measures real CPU clockspeeds. This is helpful on platforms where cpufreq support is not available (yet) or where the clockspeed values returned by the kernel cannot be relied. This applies to platforms where vendors are cheating, where weird clockspeed capping occurs for unknown reasons or where actual clockspeeds are set via jumpers while the clockspeeds available to the kernel are derived from device-tree (DT) entries. I'll maintain this small tool on my own. It is useful for testing ARM boards. -- Benjamin Drung Debian & Ubuntu Developer
Bug#1042866: Frequent segmentation faults
Hello, thank you for reporting this. I can reproduce the crash with both the current package and the last commit on the project git. Hopefully I'll fix this soon and will report here when merged with the main branch. Christophe
Bug#1054457: Remove HSIEH-* licenses from copyright file in Debian Perl packages
Package: perl-base Version: 5.36.0-9 Description: The Perl project has removed the superfast hash algorithm that was licensed under Paul Hsieh licenses back in 2016, starting with the Perl v5.25.8 release. This can be verified here starting on line 292 : https://github.com/Perl/perl5/commit/236a70292a4ef354958701000e8897894141eb26#diff-1df6111f72905bc0931765fbcf59be7a35f30d96a502ee0c4c7a3c24b57ae5baL292 This means that the `copyright` file used for the Debian packaging of Perl is outdated and the HSIEH-DERIVATIVE and HSIEH-BSD licenses should be removed from its contents. Impact: This situation has several implications, like existing automated OSS license compliance tools, such as `tern`, reporting inaccurately that the HSIEH licenses apply to recent Perl packages on Debian and Debian-based systems. How to fix: Remove the HSIEH-DERIVATIVE and HSIEH-BSD licenses sections from the `copyright` file used in the Debian packaging of Perl.
Bug#1054306: Please install helper binaries into /usr/libexec
Hi Michael, > For consistencies sake, please consider applying the attached patch, > which moves the helper binaries to /usr/libexec. There was a new upstream version, so I updated to the newest version and incorporated the patch. If I do an update from a previously installed version using the following command: sudo debi -u network-manager-l2tp_1.20.10-1_amd64.changes I get the following error when trying to establish a L2TP VPN connection: ... starting: failure to start VPN service: Failed to execute child process "/usr/lib/NetworkManager/nm-l2tp-service" (No such file or directory) It looks like /usr/lib/NetworkManager/VPN/nm-l2tp-service.name which has the following line is not getting replaced in an upgrade: program=/usr/lib/NetworkManager/nm-l2tp-service There is no issue when I remove the old network-manager-l2tp packages and do a clean install. I haven't looked into it further yet. Cheers, Doug
Bug#1042111: chromium: Web Environment Integrity
Thanks for working on this! I noticed that this patch is not listed in the copyright file, it would be great if someone could include the header from the ungoogled-chromium repository.
Bug#1051901: 1.2.10 breaks ability to play audio using i386 binaries on amd64 host
> I'd go so far to think that this is not constrained to i386 binaries on > amd64 hosts. `aplay /dev/zero` segfaults on a plain i386 host with asound > 1.2.10. Downgrading to 1.2.9 helps. Is this the same as https://github.com/alsa-project/alsa-lib/issues/352 ? Stefan
Bug#1037409: golang-golang-x-exp ftbfs with gccgo-go (both gccgo-12 and gccgo-13)
Control: severity -1 important On Mon, 12 Jun 2023 18:23:39 +0530 Pirate Praveen wrote: > Package: src:golang-golang-x-exp > Version: 0.0~git20221028.83b7d23-2 > Severity: serious > > Building with golang-any changed to gccgo-go to force gccgo on amd64, > build fails with error. Full build log attached. Either this should be > fixed or dependency should be updated to golang-go instead of golang-any. > > golang.org/x/exp/maps > # golang.org/x/exp/maps > src/golang.org/x/exp/maps/maps.go:10:10: error: expected ‘(’ > 10 | func Keys[M ~map[K]V, K comparable, V any](m M) []K { >| ^ Seems like gccgo is not able to recognize tilde -- could that be an issue at the toolchain level itself? I'm also reducing the severity to important since this does build in principle. Perhaps the B-D should be changed to golang-go explicitly. Best, Nilesh signature.asc Description: PGP signature
Bug#1051418: Info received (obs-studio: clicking on an xcomposite window source makes obs segfault)
Sending in plain text so it is readable: I'm seeing the same bug in the latest Debian testing updated this morning. Specifically, if I have the following github page open in my browser clicking the xcomposite window source cases a seg fault as reported. https://github.com/pjreddie/darknet/issues/553 This results in a window name of "Error on make: 'cuda_runtime.h: No such file or directory' · Issue #553 · pjreddie/darknet - Brave" In xcompcap_props(), the name_lower variable has zero values in the struct which is then pushed to window_strings.array. I can't currently step into dstr_to_lower(). The following shows the array entry in window_strings.array: $18 = { name_lower = {array = 0x0, len = 0, capacity = 0}, name = { array = 0x570b88e0 "Error on make: 'cuda_runtime.h: No such file or directory' · Issue #553 · pjreddie/darknet - Brave", len = 100, capacity = 101 }, desc = { array = 0x55c24560 "54525967\r\nError on make: 'cuda_runtime.h: No such file or directory' · Issue #553 · pjreddie/darknet - Brave\r\nbrave-browser", len = 125, capacity = 126 } } The following is the gdb backtrace with frame 11 being the frame where the above was observed. (gdb) bt #0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:283 #1 0x73e5de65 in msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc448, n=n@entry=3) at ./stdlib/msort.c:123 #2 0x73e5ddb1 in msort_with_tmp (n=3, b=0x7fffc448, p=0x7fffc510) at ./stdlib/msort.c:44 #3 msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc430, n=n@entry=6) at ./stdlib/msort.c:53 #4 0x73e5dd94 in msort_with_tmp (n=6, b=0x7fffc430, p=0x7fffc510) at ./stdlib/msort.c:44 #5 msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc430, n=n@entry=12) at ./stdlib/msort.c:52 #6 0x73e5ddb1 in msort_with_tmp (n=12, b=0x7fffc430, p=0x7fffc510) at ./stdlib/msort.c:44 #7 msort_with_tmp (p=p@entry=0x7fffc510, b=0x7fffc3d8, n=n@entry=23) at ./stdlib/msort.c:53 #8 0x73e5e23b in msort_with_tmp (n=23, b=, p=0x7fffc510) at ./stdlib/msort.c:44 #9 __GI___qsort_r (b=b@entry=0x570e2320, n=n@entry=23, s=s@entry=72, cmp=cmp@entry=0x7fffe1fdaac0 , arg=arg@entry=0x0) at ./stdlib/msort.c:253 #10 0x73e5e3c8 in __GI_qsort (b=b@entry=0x570e2320, n=n@entry=23, s=s@entry=72, cmp=cmp@entry=0x7fffe1fdaac0 ) at ./stdlib/msort.c:307 #11 0x7fffe1fdbcb5 in xcompcap_props (unused=) at ./plugins/linux-capture/xcomposite-input.c:750 #12 0x765629f6 in obs_source_properties () at /lib/x86_64-linux-gnu/libobs.so.0 #13 0x5564c3d5 in SourceToolbar::SourceToolbar(QWidget*, OBSSafeRef) (source=..., parent=0x55ea89a0, this=0x56074fd0) at ./libobs/obs.hpp:103 #14 ComboSelectToolbar::ComboSelectToolbar(QWidget*, OBSSafeRef) (this=this@entry=0x56074fd0, parent=parent@entry=0x55ea89a0, source=...) at ./UI/context-bar-controls.cpp:116 #15 0x5564c562 in WindowCaptureToolbar::WindowCaptureToolbar(QWidget*, OBSSafeRef) (this=this@entry=0x56074fd0, parent=0x55ea89a0, source=...) at ./UI/context-bar-controls.cpp:245 #16 0x556f90f5 in OBSBasic::UpdateContextBar(bool) (this=0x55cf9d60, force=) at ./UI/window-basic-main.cpp:3373 #17 0x7456e590 in QObject::event(QEvent*) () at /lib/x86_64-linux-gnu/libQt6Core.so.6 #18 0x753828be in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /lib/x86_64-linux-gnu/libQt6Widgets.so.6 #19 0x74532a48 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /lib/x86_64-linux-gnu/libQt6Core.so.6 #20 0x74532c27 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /lib/x86_64-linux-gnu/libQt6Core.so.6 #21 0x747198e3 in () at /lib/x86_64-linux-gnu/libQt6Core.so.6 #22 0x7312b1b4 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #23 0x7312e2d7 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #24 0x7312e8f0 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #25 0x7471768c in QEventDispatcherGlib::processEvents(QFlags) () at /lib/x86_64-linux-gnu/libQt6Core.so.6 #26 0x7453c8ea in QEventLoop::exec(QFlags) () at /lib/x86_64-linux-gnu/libQt6Core.so.6 #27 0x74535846 in QCoreApplication::exec() () at /lib/x86_64-linux-gnu/libQt6Core.so.6 #28 0x555f134f in run_program (argv=0x7fffd8c8, argc=, logFile=...) at ./UI/obs-app.cpp:2524 #29 main(int, char**) (argc=, argv=0x7fffd8c8) at ./UI/obs-app.cpp:3435
Bug#1054456: ITP: python3-thumbor-plugins-gifv -- Thumbor optimizer to add support to Gifv(mp4)
Package: thumbor-plugins-gifv Severity: wishlist Owner: Raphael Rossi * Package name : python3-thumbor-plugins-gifv Version : 0.1.2-1 Upstream Author : Globo * URL : https://github.com/thumbor/thumbor-plugins * License : MIT Programming Lang: Python3 Description : Thumbor optimizer to add support to Gifv(mp4) This package is part of the thumbor-plugins repository. For more information, visit: https://github.com/thumbor/thumbor-plugins
Bug#1054455: bullseye-pu: package weborf/0.17-3
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: web...@packages.debian.org, tipos...@tiscali.it Control: affects -1 + src:weborf I have found a denial of service in all versions of weborf. It is tracked in #1054417 and solved in 1.0 upstream. https://github.com/ltworf/weborf/pull/88 The issue is fixed in unstable but remains in stable and oldstable. [ Reason ] The bug has been there undetected for years. The fix is minimal. [ Impact ] The denial of service and extremely unlikely but theoretically possible remote execution issue will remain. The issue exists only if the process has CGI enabled (not the default). [ Tests ] There are no automated tests covering the issue. [ Risks ] The patch is just 3 lines. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] A patch to remove a memory allocation and copy, where I forgot a +1 in the copy. The resulting code just reuses the same buffer instead of copying, which was not needed to begin with. [ Other info ] Tracked in CVE-2023-46586 diff -Nru weborf-0.17/debian/changelog weborf-0.17/debian/changelog --- weborf-0.17/debian/changelog2020-12-31 15:13:19.0 +0100 +++ weborf-0.17/debian/changelog2023-10-23 18:40:22.0 +0200 @@ -1,3 +1,9 @@ +weborf (0.17-4) bullseye; urgency=medium + + * Backport patch from upstream to fix denial of service (Closes: 1054417) + + -- Salvo 'LtWorf' Tomaselli Mon, 23 Oct 2023 18:40:22 +0200 + weborf (0.17-3) unstable; urgency=medium * Disable most of the test suite (flaky on debian builders) diff -Nru weborf-0.17/debian/patches/cgi_buffer_fix.patch weborf-0.17/debian/patches/cgi_buffer_fix.patch --- weborf-0.17/debian/patches/cgi_buffer_fix.patch 1970-01-01 01:00:00.0 +0100 +++ weborf-0.17/debian/patches/cgi_buffer_fix.patch 2023-10-23 18:40:22.0 +0200 @@ -0,0 +1,25 @@ +Description: Fix incorrect memory operation + The original code failed to take into account the space needed for the + null terminator. + . + The patch just avoids the copy altogether, because it was not needed. +Author: Salvo "LtWorf" Tomaselli +Origin: upstream +Bug: +Bug-Debian: https://bugs.debian.org/1054417 +Forwarded: not-needed +Applied-Upstream: 1.0 +Last-Update: 2023-10-23 + +--- weborf-0.19.orig/cgi.c weborf-0.19/cgi.c +@@ -228,8 +228,7 @@ static inline void cgi_execute_child(con + environ = NULL; //Clear env vars + + if (strlen(executor) == 0) { +-executor = malloc(connection_prop->strfile_len + 1); +-strncpy(executor, connection_prop->strfile, connection_prop->strfile_len); ++executor = connection_prop->strfile; + } + + cgi_set_http_env_vars(connection_prop->http_param); diff -Nru weborf-0.17/debian/patches/series weborf-0.17/debian/patches/series --- weborf-0.17/debian/patches/series 2020-12-31 15:13:19.0 +0100 +++ weborf-0.17/debian/patches/series 2023-10-23 18:40:22.0 +0200 @@ -1,2 +1,3 @@ 0001-sleep_in_http 002-disable_tests +cgi_buffer_fix.patch
Bug#1054454: openstack-pkg-tools: Should-Start services are only added to AFTER= and should be added to WANTS= as well.
Thanks to Mauricio Faria de Oliveira for reporting this. On Mon, Oct 23, 2023 at 5:06 PM Corey Bryant wrote: > Package: openstack-pkg-tools > Version: 125 > Severity: normal > Tags: patch > User: ubuntu-de...@lists.ubuntu.com > Usertags: origin-ubuntu ubuntu-patch > > Dear Maintainer, > > This adds Should-Start services to WANTS=. They're currently only added to > AFTER=. > > Thanks for considering the patch. > > > -- System Information: > Debian Release: bookworm/sid > APT prefers jammy-updates > APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, > 'jammy'), (100, 'jammy-backports') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 6.2.0-34-generic (SMP w/16 CPU threads; PREEMPT) > Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_DIE, TAINT_WARN, > TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE > not set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled >
Bug#1054454: openstack-pkg-tools: Should-Start services are only added to AFTER= and should be added to WANTS= as well.
Package: openstack-pkg-tools Version: 125 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu ubuntu-patch Dear Maintainer, This adds Should-Start services to WANTS=. They're currently only added to AFTER=. Thanks for considering the patch. -- System Information: Debian Release: bookworm/sid APT prefers jammy-updates APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.2.0-34-generic (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_DIE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru openstack-pkg-tools-125/init-template/pkgos-gen-systemd-unit openstack-pkg-tools-126/init-template/pkgos-gen-systemd-unit --- openstack-pkg-tools-125/init-template/pkgos-gen-systemd-unit 2023-08-25 04:22:20.0 -0400 +++ openstack-pkg-tools-126/init-template/pkgos-gen-systemd-unit 2023-10-23 16:59:58.0 -0400 @@ -50,6 +50,7 @@ if [ -n "${SHOULD_START}" ] ; then for i in ${SHOULD_START} ; do AFTER="${AFTER}${i}.service " + WANTS="${WANTS}${i}.service " done fi
Bug#1054453: yuzu: FTBFS: Could not find a configuration file for package "Catch2" that is compatible
Source: yuzu Version: 0-1335+ds-1.2 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: sramac...@debian.org https://buildd.debian.org/status/fetch.php?pkg=yuzu=amd64=0-1335%2Bds-1.2%2Bb1=1698042683=0 -- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libcrypto.so (found version "3.0.11") -- Found httplib: /usr/include (found suitable version "0.14.0", minimum required is "0.11") CMake Error at CMakeLists.txt:248 (find_package): Could not find a configuration file for package "Catch2" that is compatible with requested version "2.13". The following configuration files were considered but not accepted: /usr/lib/cmake/Catch2/Catch2Config.cmake, version: 3.4.0 /lib/cmake/Catch2/Catch2Config.cmake, version: 3.4.0 -- Configuring incomplete, errors occurred! Cheers -- Sebastian Ramacher
Bug#1054452: postgresql-common: obsolete-conffile /etc/apt/apt.conf.d/01autoremove-postgresql
Package: postgresql-common Version: 225+deb11u1 Severity: normal User: debian...@lists.debian.org Usertags: adequate obsolete-conffile X-Debbugs-Cc: t...@mirbsd.de After upgrading… Unpacking postgresql-common (225+deb11u1) over (225) ... … adequate reports: postgresql-common: obsolete-conffile /etc/apt/apt.conf.d/01autoremove-postgresql The file however begins with: // NO NOT EDIT! // File maintained by /usr/share/postgresql-common/pg_updateaptconfig. My suspiction here is that the file once was a conffile but is now generated by that script, but the conffile removal was not correctly done. It’d probably be best to remove the conffile and name the file that the script generates differently, so that problem cannot occur. -- System Information: Debian Release: 11.8 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable-proposed-updates'), (500, 'oldoldstable-updates'), (500, 'oldoldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-26-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages postgresql-common depends on: ii adduser 3.118+deb11u1 ii debconf [debconf-2.0] 1.5.77 ii lsb-base 11.1.0 ii perl 5.32.1-4+deb11u2 ii postgresql-client-common 225+deb11u1 ii ssl-cert 1.1.0+nmu1 ii ucf 3.0043 Versions of packages postgresql-common recommends: ii e2fsprogs 1.46.2-2 ii logrotate 3.18.0-2+deb11u2 Versions of packages postgresql-common suggests: ii libjson-perl 4.03000-1 -- Configuration Files: /etc/apt/apt.conf.d/01autoremove-postgresql changed: // NO NOT EDIT! // File maintained by /usr/share/postgresql-common/pg_updateaptconfig. // // Mark all PostgreSQL packages as NeverAutoRemove for which PostgreSQL // clusters exist. This is especially important when the "postgresql" meta // package changes its dependencies to a new version, which might otherwise // trigger the old postgresql-NN package to be automatically removed, rendering // the old database cluster inaccessible. APT { NeverAutoRemove { "^postgresql.*-13"; }; }; /etc/sysctl.d/30-postgresql-shm.conf changed: kernel.shmmax=268435456 -- debconf information: postgresql-common/ssl: true * postgresql-common/obsolete-major: postgresql-common/catversion-bump:
Bug#1054451: src:r-cran-stanheaders: fails to migrate to testing for too long: triggers autopkgtest failures
Source: r-cran-stanheaders Version: 2.21.0-7-2 Severity: serious Control: close -1 2.26.28-1 Tags: sid trixie User: release.debian@packages.debian.org Usertags: out-of-sync Control: affects -1 src:r-cran-rstanarm Control: affects -1 src:r-cran-prophet Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 30 days as having a Release Critical bug in testing [1]. Your package src:r-cran-stanheaders has been trying to migrate for 31 days [2]. Hence, I am filing this bug. The version in unstable triggers autopkgtest failures in other packages. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and trixie, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html [2] https://qa.debian.org/excuses.php?package=r-cran-stanheaders OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1054450: src:rust-rustls-webpki: fails to migrate to testing for too long: autopkgtest regression
Source: rust-rustls-webpki Version: 0.101.4-5 Severity: serious Control: close -1 0.101.6-1 Tags: sid trixie User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 30 days as having a Release Critical bug in testing [1]. Your package src:rust-rustls-webpki has been trying to migrate for 31 days [2]. Hence, I am filing this bug. The version in unstable doesn't pass its own autopkgtest. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and trixie, so it doesn't affect (old-)stable. If you believe your package is unable to migrate to testing due to issues beyond your control, don't hesitate to contact the Release Team. Paul [1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html [2] https://qa.debian.org/excuses.php?package=rust-rustls-webpki OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1054446: bookworm-pu: package wolfssl/5.5.4-2+deb12u1
On Mon, Oct 23, 2023 at 10:12:27PM +0200, Bastian Germann wrote: > Am 23.10.23 um 22:02 schrieb Salvatore Bonaccorso: > > > diff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog > > > --- wolfssl-5.5.4/debian/changelog2023-02-06 14:41:53.0 > > > + > > > +++ wolfssl-5.5.4/debian/changelog2023-10-23 17:46:16.0 > > > + > > > @@ -1,3 +1,10 @@ > > > +wolfssl (5.5.4-2+deb12u1) bookworm; urgency=medium > > > + > > > + * Stable update to address the following vulnerabilities: > > > +- Fix CVE-2023-3724. > > > > Should the changelog entry close as well #1041699? > > I do not mind adding the bug reference but usually, the Security Team's bugs > say that one should not close them but rather edit their fixed values. > And the bug is already closed. I am including the debdiff with the bug > reference and let you choose. I do not read that :), and you can close a bug with multiple versions in the Debian BTS. But anyway, both versions are ok, and I have anyway not a authoritative guidance on the bookworm-pu bug, as not member of the release team. Regards, Salvatore
Bug#1053353: dacite: please make the build reproducible
On Mon, Oct 02, 2023 at 02:29:34PM +0200, Chris Lamb wrote: > Whilst working on the Reproducible Builds effort [0], we noticed that > dacite could not be built reproducibly. > > This is because it shipped a bunch of nondeterminstic ~temporary build > files in the binary package, such as benchmarks (in addition to > benchmark.json) and test caches. > > Patch attached that removes them in a way paralleling the existing > removal method in debian/rules. > > [0] https://reproducible-builds.org/ > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk >`- > --- a/debian/rules2023-10-02 14:23:18.762168493 +0200 > --- b/debian/rules2023-10-02 14:27:11.902512609 +0200 > @@ -7,3 +7,5 @@ > override_dh_auto_install: > dh_auto_install > rm debian/python3-dacite/usr/lib/python3*/dist-packages/benchmark.json > + rm -rf debian/python3-dacite/usr/lib/python3*/dist-packages/.benchmarks > + rm -rf > debian/python3-dacite/usr/lib/python3*/dist-packages/.pytest_cache Hi, thanks for the patch, but it seems like the normal build does not contain these files, for example: File list of package python3-dacite in sid of architecture all /usr/lib/python3/dist-packages/dacite-1.8.1.egg-info/PKG-INFO /usr/lib/python3/dist-packages/dacite-1.8.1.egg-info/dependency_links.txt /usr/lib/python3/dist-packages/dacite-1.8.1.egg-info/requires.txt /usr/lib/python3/dist-packages/dacite-1.8.1.egg-info/top_level.txt /usr/lib/python3/dist-packages/dacite/__init__.py /usr/lib/python3/dist-packages/dacite/cache.py /usr/lib/python3/dist-packages/dacite/config.py /usr/lib/python3/dist-packages/dacite/core.py /usr/lib/python3/dist-packages/dacite/data.py /usr/lib/python3/dist-packages/dacite/dataclasses.py /usr/lib/python3/dist-packages/dacite/exceptions.py /usr/lib/python3/dist-packages/dacite/frozen_dict.py /usr/lib/python3/dist-packages/dacite/py.typed /usr/lib/python3/dist-packages/dacite/types.py /usr/share/doc/python3-dacite/README.md.gz /usr/share/doc/python3-dacite/changelog.Debian.gz /usr/share/doc/python3-dacite/changelog.gz /usr/share/doc/python3-dacite/copyright Not sure why whould reproducible build have these files included? -- Valentin
Bug#1054449: pesign: Missing Pre-Depends on passwd
Package: pesign Version: 0.112-6 Severity: serious Tags: patch Dear maintainer: When installing this package on a minimal chroot, this is what happens: Preparing to unpack .../26-pesign_0.112-6_amd64.deb ... /var/lib/dpkg/tmp.ci/preinst: 19: groupadd: not found dpkg: error processing archive /tmp/apt-dpkg-install-4UpEBk/26-pesign_0.112-6_amd64.deb (--unpack): new pesign package pre-installation script subprocess returned error exit status 127 This is because the package should have a Pre-Depends on "passwd", which is not essential. Trivial patch attached. Thanks.--- a/debian/control +++ b/debian/control @@ -13,6 +13,7 @@ Package: pesign Architecture: amd64 i386 armhf arm64 armel Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, libnss3-tools, coolkey, opensc +Pre-Depends: passwd Description: Signing utility for UEFI binaries This package contains the pesign utility for signing UEFI binaries (PE-COFF format) as well as other associated tools. It is meant to follow the PE and
Bug#1054323: fixed in r-cran-tmb 1.9.6-2
Hi Andreas, On Sun, 22 Oct 2023 13:07:16 + Debian FTP Masters wrote: r-cran-tmb (1.9.6-2) unstable; urgency=medium . * Rebuild agains rmatrix 1.6-1.1-1 Closes: #1054323 Thanks for fixing the issue. However, it seems incomplete. If I understand the situation correctly, r-cran-tmb needs a strict *versioned* dependency on rmatrix that matches the build. Given that this is Debian, isn't it better to patch that check out of r-cran-tmb than to rebuild and update the version in d/control? The autopkgtest scheduled for the migration of r-cran-tmb shows that the *versioned* dependency is really appropriate as r-cran-tmb otherwise seems to fail. Remember that for migration testing, we test in testing with the smallest set from unstable as allowed by the (test) dependencies. Paul https://qa.debian.org/excuses.php?package=r-cran-tmb OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1054448: gnunet: Missing Depends on passwd
Package: gnunet Version: 0.20.0-2 Severity: serious Tags: patch Dear maintainer: When installing this package on a minimal chroot, this is what happens: Creating new GNUnet group gnunet:/var/lib/dpkg/info/gnunet.postinst: 30: groupadd: not found dpkg: error processing package gnunet (--configure): installed gnunet package post-installation script subprocess returned error exit status 127 This is because the package should have a Depends on "passwd", which is not essential. Trivial patch attached. Thanks.--- a/debian/control +++ b/debian/control @@ -49,6 +49,7 @@ Depends: libgnunet0.20 (= ${binary:Version}), lsb-base, netbase, + passwd, ${misc:Depends}, ${shlibs:Depends}, Recommends:
Bug#1054447: RFP: soft-serve -- mighty, self-hostable Git server for the command line
Package: wnpp Severity: wishlist X-Debbugs-Cc: debian...@lists.debian.org * Package name: soft-serve Version : 0.6.2 Upstream Contact: https://github.com/charmbracelet * URL : https://github.com/charmbracelet/soft-serve * License : MIT Programming Lang: Golang Description : mighty, self-hostable Git server for the command line A tasty, self-hostable Git server for the command line. Features: * Easy to navigate TUI available over SSH * Clone repos over SSH, HTTP, or Git protocol * Git LFS support with both HTTP and SSH backends * Manage repos with SSH * Create repos on demand with SSH or git push * Browse repos, files and commits with SSH-accessible UI * Print files over SSH with or without syntax highlighting and line numbers * Easy access control * SSH authentication using public keys * Allow/disallow anonymous access * Add collaborators with SSH public keys * Repos can be public or private * User access tokens
Bug#1054446: bookworm-pu: package wolfssl/5.5.4-2+deb12u1
Am 23.10.23 um 22:02 schrieb Salvatore Bonaccorso: diff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog --- wolfssl-5.5.4/debian/changelog 2023-02-06 14:41:53.0 + +++ wolfssl-5.5.4/debian/changelog 2023-10-23 17:46:16.0 + @@ -1,3 +1,10 @@ +wolfssl (5.5.4-2+deb12u1) bookworm; urgency=medium + + * Stable update to address the following vulnerabilities: +- Fix CVE-2023-3724. Should the changelog entry close as well #1041699? I do not mind adding the bug reference but usually, the Security Team's bugs say that one should not close them but rather edit their fixed values. And the bug is already closed. I am including the debdiff with the bug reference and let you choose.diff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog --- wolfssl-5.5.4/debian/changelog 2023-02-06 14:41:53.0 + +++ wolfssl-5.5.4/debian/changelog 2023-10-23 17:46:16.0 + @@ -1,3 +1,10 @@ +wolfssl (5.5.4-2+deb12u1) bookworm; urgency=medium + + * Stable update to address the following vulnerabilities: +- Fix CVE-2023-3724. (see #1041699) + + -- Bastian Germann Mon, 23 Oct 2023 17:46:16 + + wolfssl (5.5.4-2) unstable; urgency=medium * Clarify in README.Debian and in the package descriptions that wolfssl is diff -Nru wolfssl-5.5.4/debian/patches/cve-2023-3724.patch wolfssl-5.5.4/debian/patches/cve-2023-3724.patch --- wolfssl-5.5.4/debian/patches/cve-2023-3724.patch1970-01-01 00:00:00.0 + +++ wolfssl-5.5.4/debian/patches/cve-2023-3724.patch2023-10-23 17:46:16.0 + @@ -0,0 +1,47 @@ +Origin: backport, 00f1eddee429ff51390b20caadd2eb6afe51e1aa +From: Jacob Barthelmeh +Date: Mon, 15 May 2023 15:49:44 -0700 +Subject: add tls extension sanity check + +--- + src/tls.c | 3 +++ + src/tls13.c | 10 ++ + 2 files changed, 13 insertions(+) + +diff --git a/src/tls.c b/src/tls.c +index bced9f9b13f..9bbabfb14e2 100644 +--- a/src/tls.c b/src/tls.c +@@ -8475,6 +8475,9 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, + if (!WOLFSSL_NAMED_GROUP_IS_PQC(group)) + #endif + ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL); ++ ++if (ret == 0) ++ssl->session->namedGroup = ssl->namedGroup = group; + } + else { + /* Not a message type that is allowed to have this extension. */ +diff --git a/src/tls13.c b/src/tls13.c +index e5360790b3b..0f1bbc1aad1 100644 +--- a/src/tls13.c b/src/tls13.c +@@ -5236,8 +5236,18 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + } + #endif + ++/* sanity check on PSK / KSE */ ++if ( ++#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) ++ssl->options.pskNegotiated == 0 && ++#endif ++ssl->session->namedGroup == 0) { ++return EXT_MISSING; ++} ++ + ssl->keys.encryptionOn = 1; + ssl->options.serverState = SERVER_HELLO_COMPLETE; ++ + } + else { + ssl->options.tls1_3 = 1; diff -Nru wolfssl-5.5.4/debian/patches/series wolfssl-5.5.4/debian/patches/series --- wolfssl-5.5.4/debian/patches/series 2022-11-07 17:38:12.0 + +++ wolfssl-5.5.4/debian/patches/series 2023-10-23 17:46:16.0 + @@ -4,3 +4,4 @@ fix-hurd-i386-flags.patch disable-crl-monitor.patch disable-jobserver.patch +cve-2023-3724.patch
Bug#1054446: bookworm-pu: package wolfssl/5.5.4-2+deb12u1
Hi Bastian, On Mon, Oct 23, 2023 at 09:48:45PM +0200, Bastian Germann wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-CC: sirkilam...@msn.com > > Hi, > > I am including a fix for wolfssl's CVE-2023-3724. > The vulnerability is tracked by the Security Team in #1041699 and is fixed in > unstable. > Aside from the changelog, this is exactly the same debdiff as provided by > 5.5.4-2.1. > The new patch is taken from upstream as suggested by Jacob Barthelmeh. > > Thanks, > Bastian > diff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog > --- wolfssl-5.5.4/debian/changelog2023-02-06 14:41:53.0 + > +++ wolfssl-5.5.4/debian/changelog2023-10-23 17:46:16.0 + > @@ -1,3 +1,10 @@ > +wolfssl (5.5.4-2+deb12u1) bookworm; urgency=medium > + > + * Stable update to address the following vulnerabilities: > +- Fix CVE-2023-3724. Should the changelog entry close as well #1041699? Regards, Salvatore
Bug#1054376: liborcus: FTBFS on hppa - segmentation fault in orcus-test-xml-mapped
Hi, Am 23.10.23 um 00:10 schrieb John David Anglin: The build fails on real hppa hardware (i.e., not qemu): [...] Exactly the same binary runs successfully under qemu. Maybe there is a timing issue in the orcus::file_content::~file_content destructor? That is something for you as hppa porter (or upstream) to answer. Regards, Rene
Bug#1054415: cockpit-ws: remotectl command missing?
Wim Bertels [2023-10-23 16:06 +]: > if the manpages are generated correctly: > https://manpages.debian.org/unstable/cockpit-ws/remotectl.8.en.html > remotectl is present in unstable and testing as well? No, it's not any more in testing and unstable: https://packages.debian.org/trixie/amd64/cockpit-ws/filelist it seems manpages.d.o didn't remove the dropped manpage. > https://manpages.debian.org/bullseye/cockpit-ws/remotectl.8.en.html It *is* still present in stable (aka bullseye): https://packages.debian.org/bullseye/amd64/cockpit-ws/filelist , i.e. that link is correct/current. Martin
Bug#1054446: bookworm-pu: package wolfssl/5.5.4-2+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-CC: sirkilam...@msn.com Hi, I am including a fix for wolfssl's CVE-2023-3724. The vulnerability is tracked by the Security Team in #1041699 and is fixed in unstable. Aside from the changelog, this is exactly the same debdiff as provided by 5.5.4-2.1. The new patch is taken from upstream as suggested by Jacob Barthelmeh. Thanks, Bastiandiff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog --- wolfssl-5.5.4/debian/changelog 2023-02-06 14:41:53.0 + +++ wolfssl-5.5.4/debian/changelog 2023-10-23 17:46:16.0 + @@ -1,3 +1,10 @@ +wolfssl (5.5.4-2+deb12u1) bookworm; urgency=medium + + * Stable update to address the following vulnerabilities: +- Fix CVE-2023-3724. + + -- Bastian Germann Mon, 23 Oct 2023 17:46:16 + + wolfssl (5.5.4-2) unstable; urgency=medium * Clarify in README.Debian and in the package descriptions that wolfssl is diff -Nru wolfssl-5.5.4/debian/patches/cve-2023-3724.patch wolfssl-5.5.4/debian/patches/cve-2023-3724.patch --- wolfssl-5.5.4/debian/patches/cve-2023-3724.patch1970-01-01 00:00:00.0 + +++ wolfssl-5.5.4/debian/patches/cve-2023-3724.patch2023-10-23 17:46:16.0 + @@ -0,0 +1,47 @@ +Origin: backport, 00f1eddee429ff51390b20caadd2eb6afe51e1aa +From: Jacob Barthelmeh +Date: Mon, 15 May 2023 15:49:44 -0700 +Subject: add tls extension sanity check + +--- + src/tls.c | 3 +++ + src/tls13.c | 10 ++ + 2 files changed, 13 insertions(+) + +diff --git a/src/tls.c b/src/tls.c +index bced9f9b13f..9bbabfb14e2 100644 +--- a/src/tls.c b/src/tls.c +@@ -8475,6 +8475,9 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, + if (!WOLFSSL_NAMED_GROUP_IS_PQC(group)) + #endif + ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL); ++ ++if (ret == 0) ++ssl->session->namedGroup = ssl->namedGroup = group; + } + else { + /* Not a message type that is allowed to have this extension. */ +diff --git a/src/tls13.c b/src/tls13.c +index e5360790b3b..0f1bbc1aad1 100644 +--- a/src/tls13.c b/src/tls13.c +@@ -5236,8 +5236,18 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + } + #endif + ++/* sanity check on PSK / KSE */ ++if ( ++#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) ++ssl->options.pskNegotiated == 0 && ++#endif ++ssl->session->namedGroup == 0) { ++return EXT_MISSING; ++} ++ + ssl->keys.encryptionOn = 1; + ssl->options.serverState = SERVER_HELLO_COMPLETE; ++ + } + else { + ssl->options.tls1_3 = 1; diff -Nru wolfssl-5.5.4/debian/patches/series wolfssl-5.5.4/debian/patches/series --- wolfssl-5.5.4/debian/patches/series 2022-11-07 17:38:12.0 + +++ wolfssl-5.5.4/debian/patches/series 2023-10-23 17:46:16.0 + @@ -4,3 +4,4 @@ fix-hurd-i386-flags.patch disable-crl-monitor.patch disable-jobserver.patch +cve-2023-3724.patch
Bug#1054423: RFS: python-art/6.1-1 [ITP] -- ASCII art
Hi Andrey, Thanks for the info, didn't know artemis have same binary file name. You are right, it may not be a good idea to have /usr/bin/art. I believe this python library is most useful as depend for other packages rather than just creating text art at the terminal. I have excluded /usr/bin/art to avoid any confusions. Thank you, Yogeswaran.
Bug#1054442: forgot debdiff
And of course I forgot the debdiff, sorry! diff -Nru hash-slinger-3.1/debian/changelog hash-slinger-3.1/debian/changelog --- hash-slinger-3.1/debian/changelog 2022-02-10 01:03:46.0 -0500 +++ hash-slinger-3.1/debian/changelog 2023-10-05 10:37:58.0 -0400 @@ -1,3 +1,10 @@ +hash-slinger (3.1-1.1+deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * Bug fix: "tlsa can produce invalid records" (Closes: #1053483) + + -- Antoine Beaupré Thu, 05 Oct 2023 10:37:58 -0400 + hash-slinger (3.1-1.1) unstable; urgency=low * Non-maintainer upload. diff -Nru hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch --- hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch 1969-12-31 19:00:00.0 -0500 +++ hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch 2023-10-05 10:36:07.0 -0400 @@ -0,0 +1,34 @@ +From e3bec6e2a6b1bda7c52b4c585474fd7cc23ab643 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Charaoui?= +Date: Wed, 4 Oct 2023 22:05:26 -0400 +Subject: [PATCH] fix generic TLSA record generation +Applied-Upstream: https://github.com/letoams/hash-slinger/commit/0bb0dba91c51d367d9a37297f13e07f33c01bfdc + +It seems like the calculation for the TLSA record never really worked, +as we're doing float division here on the `len()` field. In our case, +that field returned `35.0` which is not valid in our environment. + +Doing an integer division gives the correct result in most cases, I +believe. + +Closes: #45 +--- + tlsa | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tlsa b/tlsa +index cea7230..ec97150 100755 +--- a/tlsa b/tlsa +@@ -513,7 +513,7 @@ class TLSARecord: + def getRecord(self, generic=False): + """Returns the RR string of this TLSARecord, either in rfc (default) or generic format""" + if generic: +- return '%s IN TYPE52 \# %s %s%s%s%s' % (self.name, (len(self.cert)/2)+3 , self._toHex(self.usage), self._toHex(self.selector), self._toHex(self.mtype), self.cert) ++ return '%s IN TYPE52 \# %s %s%s%s%s' % (self.name, (len(self.cert)//2)+3 , self._toHex(self.usage), self._toHex(self.selector), self._toHex(self.mtype), self.cert) + return '%s IN TLSA %s %s %s %s' % (self.name, self.usage, self.selector, self.mtype, self.cert) + + def _toHex(self, val): +-- +2.39.2 + diff -Nru hash-slinger-3.1/debian/patches/series hash-slinger-3.1/debian/patches/series --- hash-slinger-3.1/debian/patches/series 2021-02-14 11:40:02.0 -0500 +++ hash-slinger-3.1/debian/patches/series 2023-10-05 10:36:07.0 -0400 @@ -1 +1,2 @@ 0001-Debian-default-root.key-resides-in-usr-share-dns-roo.patch +0001-fix-generic-TLSA-record-generation.patch
Bug#1054445: softhsm2-common: Missing Depends on passwd
Package: softhsm2-common Version: 2.6.1-2.1 Severity: serious Tags: patch Dear maintainer: When installing this package on a minimal chroot, this is what happens: Setting up softhsm2-common (2.6.1-2.1) ... /var/lib/dpkg/info/softhsm2-common.postinst: 17: groupadd: not found This is because softhsm2-common should have a Depends on "passwd", which is not essential. Trivial patch attached. Thanks.--- a/debian/control +++ b/debian/control @@ -17,7 +17,8 @@ Vcs-Git: https://salsa.debian.org/debian/softhsm2.git Package: softhsm2-common Architecture: any -Depends: ucf, +Depends: passwd, + ucf, ${misc:Depends}, ${shlibs:Depends} Conflicts: softhsm-common (<< 2.0)
Bug#1054444: golang-github-facebook-ent: website is build with Docusaurus not packaged for debian
Source: golang-github-facebook-ent Version: 0.5.4-3 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory https://sources.debian.org/src/golang-github-facebook-ent/0.5.4-3/doc/website/ You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054443: node-graphql: website is build with Docusaurus not packaged for debian
Source: node-graphql Version: 16.8.1-1 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory https://sources.debian.org/src/node-graphql/16.8.1-1/website/src/pages/index.jsx/?hl=2#L2 You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054442: bookworm-pu: package hash-slinger/3.1-1.1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: hash-slin...@packages.debian.org, ond...@debian.org, team+...@tracker.debian.org Control: affects -1 + src:hash-slinger [ Reason ] When upgrading our Puppet server to bullseye, our DNS server couldn't generate TLSA rules anymore because it was relying on a unpackaged program. We eventually migrated to hash-slinger but in doing so noticed it was generating broken TLSA records. This has been reported as #1053483 against unstable, where it was fixed and migrated to testing without known ill effects. [ Impact ] TLSA records cannot be generated. [ Tests ] Reproducer: tlsa --create --usage=3 --selector=1 --mtype=1 --certificate example.com.crt --port 443 example.com --output=generic Expected: _443._tcp.cdn-fastly-backend.torproject.org. IN TYPE52 \# 35 030101e86cb4aa5bec41b44c5e78c0b3b05992ab276d540376aca18eb494d8e229cd4c Actual: _443._tcp.cdn-fastly-backend.torproject.org. IN TYPE52 \# 35.0 030101e86cb4aa5bec41b44c5e78c0b3b05992ab276d540376aca18eb494d8e229cd4c Notice the float ("35.0") which should obviously be an integer. This chokes the DNS server completely. [ Risks ] Code is a relatively trivial Python 3 tweak, minimal risk. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] This consists of a single, one-line patch, which has been submitted and accepted upstream: https://github.com/letoams/hash-slinger/pull/46 [ Other info ] This is the second NMU on this package. I have tried to work on the Git repository as well, but it's seriously lagging behind the versions even in stable, so I haven't been able to do this. I understand the maintainer is looking for help for the package but I unfortunately cannot offer much help but patching this very issue for now...
Bug#1054440: reassign
control: reassign -1 ts-node signature.asc Description: This is a digitally signed message part.
Bug#1054441: node-ts-jest: website is build with Docusaurus not packaged for debian
Source: node-ts-jest Version: 29.1.1+~cs0.2.6-2 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory https://sources.debian.org/data/main/n/node-ts-jest/29.1.1%2B~cs0.2.6-2/website/ You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054440: ts-node: website is build with Docusaurus not packaged for debian
Source: ts-nod Version: 10.9.1+~cs8.8.29-1 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory https://sources.debian.org/src/ts-node/10.9.1%252B~cs8.8.29-1/website/ You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054439: node-rjsf: website is build with Docusaurus not packaged for debian
Source: node-rjsf Version: 5.6.2+~5.0.1-1 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory https://sources.debian.org/src/node-rjsf/5.6.2+~5.0.1-1/packages/docs/docusaurus.config.js/?hl=54#L54 You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054438: golang-entgo-ent: website is build with Docusaurus not packaged for debian
Source: golang-entgo-ent Version: 0.11.3-4 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory https://sources.debian.org/data/main/g/golang-entgo-ent/0.11.3-4/doc/website You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054437: golang-ariga-atlas: website is build with Docusaurus not packaged for debian
Source: golang-ariga-atlas Version: 0.7.2-2 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory https://sources.debian.org/src/golang-ariga-atlas/0.7.2-2/doc/website/ You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054436: wand: update required for imagemagick 6.9.12.98
Source: wand Version: 0.6.11-2 Severity: serious Tags: ftbfs Justification: fails to build from source X-Debbugs-Cc: sramac...@debian.org imagemagick is currently performing a transition of its shared libraries. wand hard-codes these shared libraries and needs to be updated for the new SONAMEs. Cheers -- Sebastian Ramacher
Bug#1040005: ITP:magpie - window manager for the budgie desktop
Hi Simon Yes, ftp master had concerns over the copyright file in the package. I have revised this a while back and uploaded to mentors. Unfortunately my current magpie mentor hasn't had time to rereview the copyright changes and thus re-sponsor the package. I am ever hopeful with finding some help here. https://mentors.debian.net/package/magpie/ Thanks David On Mon, 23 Oct 2023, 20:00 Simon McVittie, wrote: > On Fri, 30 Jun 2023 at 21:59:48 +0100, David Mohammed wrote: > > Package name : magpie > ... > > Magpie is a soft-fork of GNOME mutter v43.x tailored for the > requirements > > of the budgie-desktop. > > I saw that this was in the NEW queue for a while, but then disappeared. > Did the ftp team have concerns about it? > > Because budgie-desktop-environment currently depends on libmutter 43/44, > and future versions want to move to libmagpie rather than mutter 45, > getting this package into unstable is a blocker for being able to > finish getting GNOME 45 into unstable. > > smcv >
Bug#1054435: node-react-redux: website is build with Docusaurus not packaged for debian
Source: node-react-redux Version: 8.1.2+dfsg1+~cs1.2.3-1 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054434: node-redux: website is build with Docusaurus not packaged for debian
Source: node-redux Version: 4.2.1-1 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054433: node-puppeteer: website is build with Docusaurus not packaged for debian
Source: fasttext Version: 0.9.2+ds-5 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See website directory You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054432: node-puppeteer: website is build with Docusaurus not packaged for debian
Source: node-katex Version: 0.16.4+~cs6.1.0-1 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See: https://sources.debian.org/src/node-katex/0.16.4+~cs6.1.0-1/website/ You should repack or package docusaurus and rebuild Bastien signature.asc Description: This is a digitally signed message part.
Bug#1054421: bookworm-pu: package weborf/0.19
Hi, On Mon, Oct 23, 2023 at 07:07:44PM +0200, Salvo "LtWorf" Tomaselli wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: web...@packages.debian.org, tipos...@tiscali.it > Control: affects -1 + src:weborf > > I have found a denial of service in all versions of weborf. > > It is tracked in #1054417 and solved in 1.0 upstream. > https://github.com/ltworf/weborf/pull/88 > > The issue is fixed in unstable but remains in stable and oldstable. > > [ Reason ] > The bug has been there undetected for years. The fix is minimal. > > [ Impact ] > The denial of service and extremely unlikely but theoretically possible > remote execution issue will remain. > > The issue exists only if the process has CGI enabled (not the default). > > [ Tests ] > > There are no automated tests covering the issue. > > [ Risks ] > > The patch is just 3 lines. > > [ Checklist ] > [*] *all* changes are documented in the d/changelog > [*] I reviewed all changes and I approve them > [*] attach debdiff against the package in (old)stable > [*] the issue is verified as fixed in unstable > > [ Changes ] > > A patch to remove a memory allocation and copy, where I forgot a +1 in the > copy. > > The resulting code just reuses the same buffer instead of copying, which was > not > needed to begin with. > > [ Other info ] > > Tracked in CVE-2023-46586 > diff -Nru weborf-0.19/debian/changelog weborf-0.19/debian/changelog > --- weborf-0.19/debian/changelog 2022-10-15 12:57:06.0 +0200 > +++ weborf-0.19/debian/changelog 2023-10-23 18:38:21.0 +0200 > @@ -1,3 +1,9 @@ > +weborf (0.19-3) bookworm; urgency=medium > + > + * Backport patch from upstream to fix denial of service (Closes: 1054417) > + > + -- Salvo 'LtWorf' Tomaselli Mon, 23 Oct 2023 > 18:38:21 +0200 The version works because 0.19-3 was never landing in the archive. Normally you would use a +debXuY suffix, in the above case +deb12u1. But I assume SRM will still ack the fix as it is (other package do as well not follow this as strict rule, e.g. src:linux but because its following the stable series). Regards, Salvatore
Bug#1040005: ITP:magpie - window manager for the budgie desktop
On Fri, 30 Jun 2023 at 21:59:48 +0100, David Mohammed wrote: > Package name : magpie ... > Magpie is a soft-fork of GNOME mutter v43.x tailored for the requirements > of the budgie-desktop. I saw that this was in the NEW queue for a while, but then disappeared. Did the ftp team have concerns about it? Because budgie-desktop-environment currently depends on libmutter 43/44, and future versions want to move to libmagpie rather than mutter 45, getting this package into unstable is a blocker for being able to finish getting GNOME 45 into unstable. smcv
Bug#1054431: node-puppeteer: website is build with Docusaurus not packaged for debian
Source: node-puppeteer Version: 13.4.1+dfsg-2 Severity: serious Tags: ftbfs Justification: FTBFS Control: block -1 by 1054426 Dear Maintainer, The documentation is build with docusaurus. See: https://sources.debian.org/src/node-puppeteer/13.4.1+dfsg-2/website/ You should repack or package docusaurus and rebuild Bastien -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel Kernel: Linux 6.5.0-2-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#1054430: xskat Version mismatch bug irc play
package: xskat version: 4.0.8 During play over irc channel /go or /go2 command causes following error: Version mismatch : X S K A T 4.0 The problem is relatively easy to solve by changing source file: text.c line 31 from: #define VERSION " X S K A T 4.0 " to #define VERSION "4.0" I m using debian bookworm system info uname -a Linux u4 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64 GNU/Linux -- Adam Kuboń
Bug#1051418: obs-studio: clicking on an xcomposite window source makes obs segfault
I'm seeing the same bug in the latest Debian testing updated this morning. Specifically, if I have the following github page open in my browser clicking the xcomposite window source cases a seg fault as reported. https://github.com/pjreddie/darknet/issues/553 This results in a window name of "Error on make: 'cuda_runtime.h: No such file or directory' · Issue #553 · pjreddie/darknet - Brave"and the name_lower variable appears to have zero values in the struct which is then pushed to window_strings.array. I can't currently step into dstr_to_lower(). $18 = {name_lower = {array = 0x0, len = 0, capacity = 0}, name = {array = 0x570b88e0 "Error on make: 'cuda_runtime.h: No such file or directory' · Issue #553 · pjreddie/darknet - Brave", len = 100, capacity = 101}, desc = { array = 0x55c24560 "54525967\r\nError on make: 'cuda_runtime.h: No such file or directory' · Issue #553 · pjreddie/darknet - Brave\r\nbrave-browser", len = 125, capacity = 126}} The following is the gdb backtrace: (gdb) bt #0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:283 #1 0x73e5de65 in msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc448, n=n@entry=3) at ./stdlib/msort.c:123 #2 0x73e5ddb1 in msort_with_tmp (n=3, b=0x7fffc448, p=0x7fffc510) at ./stdlib/msort.c:44 #3 msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc430, n=n@entry=6) at ./stdlib/msort.c:53 #4 0x73e5dd94 in msort_with_tmp (n=6, b=0x7fffc430, p=0x7fffc510) at ./stdlib/msort.c:44 #5 msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc430, n=n@entry=12) at ./stdlib/msort.c:52 #6 0x73e5ddb1 in msort_with_tmp (n=12, b=0x7fffc430, p=0x7fffc510) at ./stdlib/msort.c:44 #7 msort_with_tmp (p=p@entry=0x7fffc510, b=0x7fffc3d8, n=n@entry=23) at ./stdlib/msort.c:53#8 0x73e5e23b in msort_with_tmp (n=23, b=, p=0x7fffc510) at ./stdlib/msort.c:44 #9 __GI___qsort_r (b=b@entry=0x570e2320, n=n@entry=23, s=s@entry=72, cmp=cmp@entry=0x7fffe1fdaac0 , arg=arg@entry=0x0) at ./stdlib/msort.c:253 #10 0x73e5e3c8 in __GI_qsort (b=b@entry=0x570e2320, n=n@entry=23, s=s@entry=72, cmp=cmp@entry=0x7fffe1fdaac0 ) at ./stdlib/msort.c:307#11 0x7fffe1fdbcb5 in xcompcap_props (unused=) at ./plugins/linux-capture/xcomposite-input.c:750#12 0x765629f6 in obs_source_properties () at /lib/x86_64-linux-gnu/libobs.so.0#13 0x5564c3d5 in SourceToolbar::SourceToolbar(QWidget*, OBSSafeRef) (source=..., parent=0x55ea89a0, this=0x56074fd0) at ./libobs/obs.hpp:103#14 ComboSelectToolbar::ComboSelectToolbar(QWidget*, OBSSafeRef) (this=this@entry=0x56074fd0, parent=parent@entry=0x55ea89a0, source=...) at ./UI/context-bar-controls.cpp:116#15 0x5564c562 in WindowCaptureToolbar::WindowCaptureToolbar(QWidget*, OBSSafeRef) (this=this@entry=0x56074fd0, parent=0x55ea89a0, source=...) at ./UI/context-bar-controls.cpp:245#16 0x556f90f5 in OBSBasic::UpdateContextBar(bool) (this=0x55cf9d60, force=) at
Bug#1054429: fastdds: CVE-2023-42459
Source: fastdds X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for fastdds. CVE-2023-42459[0]: | Fast DDS is a C++ implementation of the DDS (Data Distribution | Service) standard of the OMG (Object Management Group). In affected | versions specific DATA submessages can be sent to a discovery | locator which may trigger a free error. This can remotely crash any | Fast-DDS process. The call to free() could potentially leave the | pointer in the attackers control which could lead to a double free. | This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, | and 2.6.7. Users are advised to upgrade. There are no known | workarounds for this vulnerability. https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm https://github.com/eProsima/Fast-DDS/issues/3207 https://github.com/eProsima/Fast-DDS/pull/3824 https://github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42459 https://www.cve.org/CVERecord?id=CVE-2023-42459 Please adjust the affected versions in the BTS as needed.
Bug#1054428: pdm: CVE-2023-45805
Source: pdm X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for pdm. CVE-2023-45805[0]: | pdm is a Python package and dependency manager supporting the latest | PEP standards. It's possible to craft a malicious `pdm.lock` file | that could allow e.g. an insider or a malicious open source project | to appear to depend on a trusted PyPI project, but actually install | another project. A project `foo` can be targeted by creating the | project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. | PyPI will see this as project `foo-2` version `2`, while PDM will | see this as project `foo` version `2-2`. The version must only be | `parseable as a version` and the filename must be a prefix of the | project name, but it's not verified to match the version being | installed. Version `2-2` is also not a valid normalized version per | PEP 440. Matching the project name exactly (not just prefix) would | fix the issue. When installing dependencies with PDM, what's | actually installed could differ from what's listed in | `pyproject.toml` (including arbitrary code execution on install). It | could also be used for downgrade attacks by only changing the | version. This issue has been addressed in commit `6853e2642df` which | is included in release version `2.9.4`. Users are advised to | upgrade. There are no known workarounds for this vulnerability. https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-45805 https://www.cve.org/CVERecord?id=CVE-2023-45805 Please adjust the affected versions in the BTS as needed.
Bug#1054427: trafficserver: CVE-2023-41752 CVE-2023-39456 CVE-2023-44487
Source: trafficserver X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for trafficserver. CVE-2023-41752[0]: | Exposure of Sensitive Information to an Unauthorized Actor | vulnerability in Apache Traffic Server.This issue affects Apache | Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. | Users are recommended to upgrade to version 8.1.9 or 9.2.3, which | fixes the issue. https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0 (8.1.x) https://github.com/apache/trafficserver/commit/de7c8a78edd5b75e311561dfaa133e9d71ea8a5e (9.2.x) CVE-2023-39456[1]: | Improper Input Validation vulnerability in Apache Traffic Server | with malformed HTTP/2 frames.This issue affects Apache Traffic | Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade | to version 9.2.3, which fixes the issue. https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://github.com/apache/trafficserver/commit/4ca137b59bc6aaa25f8b14db2bdd2e72c43502e5 (9.2.x) CVE-2023-44487[2]: | The HTTP/2 protocol allows a denial of service (server resource | consumption) because request cancellation can reset many streams | quickly, as exploited in the wild in August through October 2023. https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.3-rc0) https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620 (8.1.x) For oldstable-security let's move to 8.1.8 and for stable-security to 9.2.3? If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-41752 https://www.cve.org/CVERecord?id=CVE-2023-41752 [1] https://security-tracker.debian.org/tracker/CVE-2023-39456 https://www.cve.org/CVERecord?id=CVE-2023-39456 [2] https://security-tracker.debian.org/tracker/CVE-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 Please adjust the affected versions in the BTS as needed.
Bug#1054426: RFP: docusaurus -- Docusaurus is a project for building, deploying, and maintaining open source project websites easily
Package: wnpp Severity: wishlist * Package name: docusaurus Version : 1 Upstream Contact: Facebook, Inc. and its affiliates. (Facebook, Inc. and its affiliates.) * URL : https://github.com/facebook/docusaurus * License : expat Programming Lang: javascript Description : Docusaurus is a project for building, deploying, and maintaining open source project websites easily Docusaurus is a project for building, deploying, and maintaining open source project websites easily. Docusaurus is built in a way so that it can get running in as little time as possible. We've built Docusaurus to handle the website build process so you can focus on your project. Docusaurus ships with localization support via CrowdIn. Empower and grow your international community by translating your documentation. While Docusaurus ships with the key pages and sections you need to get started, including a home page, a docs section, a blog, and additional support pages, it is also customizable as well to ensure you have a site that is uniquely yours. This is needed for: node-puppeteer ts-node thunderbird netdata golang-github-facebook-ent golang-entgo-ent node-ts-jest firefox-esr mkdocs-material firefox fasttext node-react-redux gitlab node-redux node-rjsf node-jest node-webassemblyjs golang-ariga-atlas node-graphql node-katex gitaly
Bug#1054423: RFS: python-art/6.1-1 [ITP] -- ASCII art
This ships a file named /usr/bin/art. I'm not sure if it's a good idea by itself, but also the artemis package also ships a file with this name (which I'm also not sure is a good idea) and so you should follow the first paragraph of https://www.debian.org/doc/debian-policy/ch-files.html#binaries
Bug#1025789: bullseye-pu: wolfssl/4.6.0+p1-0+deb11u1_4.6.0+p1-0+deb11u2.debdiff
Please find a version with an additional fix for CVE-2023-3724 attached.diff -Nru wolfssl-4.6.0+p1/debian/changelog wolfssl-4.6.0+p1/debian/changelog --- wolfssl-4.6.0+p1/debian/changelog 2022-03-17 21:47:46.0 + +++ wolfssl-4.6.0+p1/debian/changelog 2023-07-22 16:08:27.0 + @@ -1,3 +1,14 @@ +wolfssl (4.6.0+p1-0+deb11u2) bullseye; urgency=medium + + * Stable update for the following vulnerabilities. The patches were +provided by upstream. +- PR 5498: CVE-2022-42961 +- PR 5588: CVE-2022-39173 +- PR 5682: CVE-2022-42905 +- PR 6412: CVE-2023-3724 + + -- Jacob Barthelmeh Sat, 22 Jul 2023 10:08:27 -0600 + wolfssl (4.6.0+p1-0+deb11u1) bullseye; urgency=medium * Stable update to address the following vulnerabilities. The updated diff -Nru wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch --- wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch 1970-01-01 00:00:00.0 + +++ wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch 2023-07-22 16:08:27.0 + @@ -0,0 +1,160 @@ +Description: PR 5498: CVE-2022-42961 + Check ECC signature in TLS + . + Verifying gnerated ECC signature in TLS handshake code to mitigate when + an attacker can gain knowledge of the private key through fault + injection in the signing process. + Requires WOLFSSL_CHECK_SIG_FAULTS to be defined. +Author: Jacob Barthelmeh +Origin: backport, commit:2571f65e85509a22ca2fea9cdee5828b6202b878 +Forwarded: not-needed +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: wolfssl-4.6.0+p1-backup/src/internal.c +=== +--- wolfssl-4.6.0+p1-backup.orig/src/internal.c wolfssl-4.6.0+p1-backup/src/internal.c +@@ -37,6 +37,10 @@ + * Default wolfSSL behavior is to require validation of all presented peer + * certificates. This also allows loading intermediate CA's as trusted + * and ignoring no signer failures for CA's up the chain to root. ++ * WOLFSSL_CHECK_SIG_FAULTS ++ * Verifies the ECC signature after signing in case of faults in the ++ * calculation of the signature. Useful when signature fault injection is a ++ * possible attack. + */ + + +@@ -24886,23 +24890,46 @@ int SendCertificateVerify(WOLFSSL* ssl) + args->verify = >output[args->idx]; + + switch (ssl->hsType) { +-#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) +-#ifdef HAVE_ECC ++#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) ++#ifdef HAVE_ECC + case DYNAMIC_TYPE_ECC: +-#endif +-#ifdef HAVE_ED25519 ++#ifdef WOLFSSL_CHECK_SIG_FAULTS ++{ ++ecc_key* key = (ecc_key*)ssl->hsKey; ++ ++ret = EccVerify(ssl, ++ssl->buffers.sig.buffer, ssl->buffers.sig.length, ++ssl->buffers.digest.buffer, ssl->buffers.digest.length, ++key, ++#ifdef HAVE_PK_CALLBACKS ++ssl->buffers.key ++#else ++NULL ++#endif ++); ++if (ret != 0) { ++WOLFSSL_MSG("Failed to verify ECC signature"); ++goto exit_scv; ++} ++} ++#if defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) ++FALL_THROUGH; ++#endif ++#endif /* WOLFSSL_CHECK_SIG_FAULTS */ ++#endif /* HAVE_ECC */ ++#ifdef HAVE_ED25519 + case DYNAMIC_TYPE_ED25519: +-#endif +-#ifdef HAVE_ED448 ++#endif ++#ifdef HAVE_ED448 + case DYNAMIC_TYPE_ED448: +-#endif ++#endif + args->length = (word16)ssl->buffers.sig.length; + /* prepend hdr */ + c16toa(args->length, args->verify + args->extraSz); + XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER, + ssl->buffers.sig.buffer, ssl->buffers.sig.length); + break; +-#endif ++#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */ + #ifndef NO_RSA + case DYNAMIC_TYPE_RSA: + { +@@ -26936,6 +26963,33 @@ static int DoSessionTicket(WOLFSSL* ssl, + } + #endif + case ecc_dsa_sa_algo: ++#ifdef WOLFSSL_CHECK_SIG_FAULTS ++{ ++ecc_key* key = (ecc_key*)ssl->hsKey; ++ ++ret =
Bug#1041699: wolfssl: CVE-2023-3724
On Sat, 22 Jul 2023 16:25:36 + "Jacob .." wrote:> Started the process of adding a patch to wolfssl_4.6.0+p1-0+deb11u1.1.dsc. Based on the same upstream commit, I am uploading an unstable fix as NMU so I can forward your upload to proposed-updates.diff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog --- wolfssl-5.5.4/debian/changelog 2023-02-06 14:41:53.0 + +++ wolfssl-5.5.4/debian/changelog 2023-10-23 17:46:16.0 + @@ -1,3 +1,10 @@ +wolfssl (5.5.4-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2023-3724. (see #1041699) + + -- Bastian Germann Mon, 23 Oct 2023 17:46:16 + + wolfssl (5.5.4-2) unstable; urgency=medium * Clarify in README.Debian and in the package descriptions that wolfssl is diff -Nru wolfssl-5.5.4/debian/patches/cve-2023-3724.patch wolfssl-5.5.4/debian/patches/cve-2023-3724.patch --- wolfssl-5.5.4/debian/patches/cve-2023-3724.patch1970-01-01 00:00:00.0 + +++ wolfssl-5.5.4/debian/patches/cve-2023-3724.patch2023-10-23 17:46:16.0 + @@ -0,0 +1,47 @@ +Origin: backport, 00f1eddee429ff51390b20caadd2eb6afe51e1aa +From: Jacob Barthelmeh +Date: Mon, 15 May 2023 15:49:44 -0700 +Subject: add tls extension sanity check + +--- + src/tls.c | 3 +++ + src/tls13.c | 10 ++ + 2 files changed, 13 insertions(+) + +diff --git a/src/tls.c b/src/tls.c +index bced9f9b13f..9bbabfb14e2 100644 +--- a/src/tls.c b/src/tls.c +@@ -8475,6 +8475,9 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, + if (!WOLFSSL_NAMED_GROUP_IS_PQC(group)) + #endif + ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL); ++ ++if (ret == 0) ++ssl->session->namedGroup = ssl->namedGroup = group; + } + else { + /* Not a message type that is allowed to have this extension. */ +diff --git a/src/tls13.c b/src/tls13.c +index e5360790b3b..0f1bbc1aad1 100644 +--- a/src/tls13.c b/src/tls13.c +@@ -5236,8 +5236,18 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + } + #endif + ++/* sanity check on PSK / KSE */ ++if ( ++#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) ++ssl->options.pskNegotiated == 0 && ++#endif ++ssl->session->namedGroup == 0) { ++return EXT_MISSING; ++} ++ + ssl->keys.encryptionOn = 1; + ssl->options.serverState = SERVER_HELLO_COMPLETE; ++ + } + else { + ssl->options.tls1_3 = 1; diff -Nru wolfssl-5.5.4/debian/patches/series wolfssl-5.5.4/debian/patches/series --- wolfssl-5.5.4/debian/patches/series 2022-11-07 17:38:12.0 + +++ wolfssl-5.5.4/debian/patches/series 2023-10-23 17:46:16.0 + @@ -4,3 +4,4 @@ fix-hurd-i386-flags.patch disable-crl-monitor.patch disable-jobserver.patch +cve-2023-3724.patch
Bug#1052017: Bug#1054416: ITP: errands -- simple tasks app for GNOME
Hi, On Mon, Oct 23, 2023 at 1:30 PM Jeremy Bícha wrote: > > Control: tags -1 +pending > > On Mon, Oct 23, 2023 at 12:19 PM Leandro Cunha > wrote: > > I was initially working on ITP for this package and if it's not a > > problem for you, can you include me as one of the uploders for your > > package? > > So the two of us closed this bug together. > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052017 > > Yes, that's done now. I'm sorry I didn't see your ITP bug sooner. I've > already uploaded Errands to the Debian NEW queue. > > Thank you, > Jeremy Bícha I was waiting to appear in the queue, the package is already shown in the NEW queue and my name will appear in the next update. I usually consult wnpp.debian.net for WNPP bugs. Thank you for including me in the list of uploaders for this package and it is an honor to contribute to the GNOME maintainer team. https://ftp-master.debian.org/new/errands_45.0.4-1.html -- Cheers, Leandro Cunha -BEGIN PGP PUBLIC KEY BLOCK- mQINBF/gQ8gBEADHVKgoWsUWNGVvR6sMhBPUdBUEH+QALpr1QYXhetBfRwaY0HWN pKgejHdxKO8H+kIhRMoh89CCKg3hAJ9LmOOTXkX7U5/Cya/zRMKk5zBD3rKIaugh 0XYT15Nz1jwL7TIDG25yPSloDtVgVXTep0ZzKsNYJjb4OAqa88cvUEJEhhqrldlR gpNbkixEh5ituO8pMShEBWqLs3yt4Hr1VFWnTIm4dl/JLBHpexzubDOw/mKCTpNd A1JGHTvce1wtJ2fMzCVzhEjd5pyjLZV/o8hVw2/ON/yXvpJuz0lV/hiW0M+cDcas sKftErtsZpRy3wwXdkBcJt6soYuqfCHwgMfL2iC6mPviE8xWAHMOmhdC3wDskZpb RcLfH5IMYajJAGRO/GCMcKKbq7WkEOeloivtg64xBlYuJf9aOcHKP/8R3EObiNp7 ubQAJtV3pEGD4mx1mhutFxDHB+CfnxE3dWvxZSV9y1n4UOzkDJ3kDx5Ee0MbRvJD w6aXKc6dhYREgh7hLDcMFz+3LcBiZDLxI3g+SHe3Bl61vdsnPno+0HhCzvB+fL4S eoy7Myfiunz9BrB2HPN+wNCT0YgV+Kv8QoDGzBwos5H1vUJSY4t59w6xoXAYUsAm hjAM8s+rUtG40mcUWePd8kZtgE9IV1eQ+Qt8/SNpSdRnUunmIGl3JjHvEwARAQAB tClMZWFuZHJvIEN1bmhhIDxsZWFuZHJvY3VuaGEwMTZAZ21haWwuY29tPokCTgQT AQoAOBYhBLT5oBCvKN3HzFEPK8LZ4zKUW9A8BQJf4EPIAhsDBQsJCAcCBhUKCQgL AgQWAgMBAh4BAheAAAoJEMLZ4zKUW9A8FjAQAKWYqiLpLUD+DLB+NSy3DI3rf9z3 k0vE7TLaEjdEM5CQWN+j4vBqMnAckdcARvSWPndTjp8K+mtFF4PyfhNbS64z/a7L F3DdhmX73n7LKFG8Ow9NZwcrkmPwH5WcP7mXTh6R+6/+OSL/K85NB8MLlxQTJOni julVax9JEZjwBaP2HLCu53Zq9gZcvJlXoAoTHyTxKdp8Mh8V+Qit26E78o9c6SQD Dq9eyMRG8hYCRfreDjKceRkYHjECySlk+VoI1ssVs07Dqvxg6qSyP4RnW+1+W74C s0yIyuC/eRJpMAf1PBQEOOrVcTfRfpN+go955t21yIAvT58vqotTM5eaqXYIQn/y sC4lThZai/ZBZHxl5Mbv42WkkYdjisLQOCALIMBpj5nq4oh2C+kvMupcuBKfERgV dguU51MzfQktKb6d5y777zYnDaFMQDD2IfiD/C7ln5A9LP/L54ixlA3uRmWx/yAx /m+Zusws98j4Eq/jw5T54XW655m6lMCTE9WXLJkgxrRcEonHSllbgRSsToEmWq0Z doxcnpagHdcGQzW+cu2VOGi1da73ZFmrn+ptJgc8cW2suO06IeArOi0TzIg7e65j Xp2DbJCpFrfzEuBb1u71WvB8V2MkAfJZx/uZJPCA936B4HT8YGPEMzlQRIHI2Y9C +DloyzlBLTS1EMKuuQINBF/gQ8gBEAC47o9u1Wm9jZ6RC+lfxEDEvVS7MmI5VzSy q04rFttWwbKix13pc65aDlk47LxWrb84N3Gnf1E/OTsLTXqC7u5JZ7YJkC6CsPbo D1sQkfCiJCFCTgf7dydEVt8ujS/Uu1kz86ufdRwaMRcvBZAORGdB58LEsLB65WN4 hLRYF7xvcxu6t7FGrIYereaxUAWLA2B/ZnCEdOY94w7s0uaPjHdf4lfHebuZ7T08 iG5ACDvKBjgaFArGfdNYWchXJgbOEg14bGj40/8LuBKQMZASiFSqLPZxoporK9FY xBw+D080dUWWD5g868TZ3pkM3DXO9bdq22IBKqKOep8CnuKgoDpUvA8dTEY/UDCn sdOlBUK/Y9zTGVmD/90cO/xkvkV78suqiBnwBSddPzVS0EuiWwrLGu8gaY4EyM/X 7khlbTcMgh4njzUCAE6Tq+TbXSxn86wuOybVY5Y+I99LNdsocI5SIn2nDh2IOi00 4dE/iwO2MatWIOLFBC7pw8Xv4UHZY+WIf3Y/6XjExpllhUkeB6BwZpTr1SXk+cug q5Dj5i4aGn2LrvQJ57terqUWYyDUBFgXTc4SPOzT5og8CavBgHfrQoFwSnRZ2oyX xtZhEDI5Pk2j1qTbOhXZ29po4rPNWHMq2HQgM0I+BqQndsoVdkPOFzS2wKkdXjCz bNYcyanusQARAQABiQI2BBgBCgAgFiEEtPmgEK8o3cfMUQ8rwtnjMpRb0DwFAl/g Q8gCGwwACgkQwtnjMpRb0Dzh6g//ZjXaWSzKmG5ZS6XJa/ZOokkE2hFOFusWX8Qa hEwLAnTFEy02dLfV54rKwmu2jHPDKLhE+iYtusvytueZAzVRyQahv0RE4BH8Emqw gQdBwyJ/L+QhUp/lMdJ6Hh/2ZSZmzU29U24vnY+U+haoB1fLnA3lXgOP59kMLGud lERR2Vluuc7TcpzvcaRWgrQRU2vSrrBBEp6y07iVKbRM/9yhE/aHJahLbhKh2Dk9 WJvHPnhYJY5yU+Y5vTl3BiW5+EuzMBdPUawOWKhqCq9dswn0GL1g/vlt/bdU/6DO jECQ6fssTAtDjRClXySsS3X0mh8y8qlGvMPB4anfvOy4+4nUV6IESdJftKn2SMGd CA3MaQ+S7frWn5v7GIWSC9vumCsiu1JTOugLmbVmu5m5nFsyllavm/k9LtOtswuF fHM/SlXLFuGBWU6XceqaM2dpP8i5jGz0vIGMhqoFNgXWGO1NhwR1rmeU1CMpnM5e Wue4h/+mJiuEzuZcmzOcwq3HGMUXO0jZDgLEmlnenO9czhrLuGZaMXGdwnIk0G3O +SqH36v7blnDh96RXpgaa+ifTHd0qKeoVXVwSq/9jNtHSQrI+NJcTpMhu73xtxhX UFPr/31+IFLWepC5GDwdu/gQm5E6ntGyxE2p2v76pcjz7SGdXjPFZjqekBveEJuW fNdY6Ns= =rdCA -END PGP PUBLIC KEY BLOCK-
Bug#1033791: Bug#1054401: bookworm-pu: package nagios-plugins-contrib/42.20230308+deb12u1
hi, On Mon, Oct 23, 2023 at 01:19:25PM +0200, Jan Wagner wrote: > [ Reason ] > As reported in #1033791, check_running_kernel fails to find version on > bookworm/(arm64|armhf). > > [ Impact ] > check_running_kernel doesn't work on arm64 and armhf as expected, this is a > regression. > > [ Tests ] > The patch was verified to work in #1033791 I've rebuild the package on arm64 and can confirm /usr/lib/nagios/plugins/check_running_kernel now works on those arm64 systems where the version currently in bookworm does not work. \o/ & thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Everyone is entitled to their own opinion, but not their own facts. signature.asc Description: PGP signature
Bug#1053548: check-patroni: does not work well with current Patroni
Hi Michael, First of all thanks a lot for your bug report! Le Fri, Oct 06, 2023 at 09:11:32AM +0200, Michael Banck a écrit : > Package: check-patroni > Version: 1.0.0-1 > Severity: normal > Tags: patch > > Hi, > > since version 3.0.4, Patroni displays "streaming" as state if a node is > actually replicating from its leader. This is taken into account by > check-patroni 1.0.0 (see https://github.com/dalibo/check_patroni/pull/30). […] I was hoping to answer to your message sooner, and dig deeper into your advises, but couldn’t find the time yet, and I’m afraid I won’t have much time until at least a few weeks. So please consider this message as an apology and an acknowledgement of the various issues and fixes you pointed. > Actually, I did not realize you had uploaded check-patroni and > independently packaged it for the pkg-postgres team here: > https://salsa.debian.org/postgresql/check-patroni Ha, I quickly prepared this package during DebConf and didn’t try to reach out to the Python or PostgreSQL teams, so thanks for the heads up. FWIW, I’d be happy to move the packaging under the PostgreSQL team umbrella if it makes sense. Regards, taffit signature.asc Description: PGP signature
Bug#1054424: mirror submission for mirror.marwan.ma
Package: mirrors Severity: wishlist User: mirr...@packages.debian.org Usertags: mirror-submission Submission-Type: new Site: mirror.marwan.ma Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 mips mips64el mipsel powerpc ppc64el riscv64 s390x Archive-http: /debian/ Archive-rsync: debian/ Maintainer: MARWAN NOC Country: MA Morocco Location: Rabat Sponsor: MARWAN https://marwan.ma Comment: We also provide debian-cd and debian-archive mirrors, will add in a new form. Trace Url: http://mirror.marwan.ma/debian/project/trace/ Trace Url: http://mirror.marwan.ma/debian/project/trace/ftp-master.debian.org Trace Url: http://mirror.marwan.ma/debian/project/trace/mirror.marwan.ma
Bug#1054423: RFS: python-art/6.1-1 [ITP] -- ASCII art
Package: sponsorship-requests Severity: wishlist X-Debbugs-Cc: kd8...@gmail.com Dear mentors, I am looking for a sponsor for my package "python-art": * Package name : python-art Version : 6.1-1 Upstream contact : Sepand Haghighi * URL : https://github.com/sepandhaghighi/art * License : MIT * Vcs : https://salsa.debian.org/NGC2023/python-art Section : python The source builds the following binary packages: python3-art - ASCII art To access further information about this package, please visit the following URL: https://mentors.debian.net/package/python-art/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/p/python-art/python-art_6.1-1.dsc Changes for the initial release: python-art (6.1-1) unstable; urgency=medium . * Initial release. Closes: #1054418 Regards, -- Yogeswaran Umasankar
Bug#1054422: RFS: pointback/0.2-5 [RC] [Team] -- restore window points when returning to buffers
Package: sponsorship-requests Severity: important X-Debbugs-CC: debian-emac...@lists.debian.org Dear mentors, I am looking for a sponsor for my package "pointback": * Package name : pointback Version : 0.2-5 Upstream contact : Markus Triska * URL : https://www.metalevel.at/pointback/ * License : GPL-3+ * Vcs : https://salsa.debian.org/emacsen-team/pointback Section : lisp The source builds the following binary packages: elpa-pointback - restore window points when returning to buffers To access further information about this package, please visit the following URL: https://mentors.debian.net/package/pointback/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/p/pointback/pointback_0.2-5.dsc Changes since the last upload: pointback (0.2-5) unstable; urgency=medium . * Team upload. . [ Nicholas D Steeves ] * Drop emacs24 and emacs25 from Enhances (packages do not exist in bullseye). . [ Debian Janitor ] * Bump debhelper from old 10 to 13. * Set debhelper-compat version in Build-Depends. . [ Xiyue Deng ] * Add patch migrate-from-removed-assoc-el.patch to migrate from obsoleted functions in assoc.el which has been removed since Emacs 29.1 (Closes: #1042900). * Drop Built-Using which should not be used for an "arch: all" package. * Update Standards-Version to 4.6.2. No change needed. * Drop emacs version in Recommends which is from oldoldstable. * Add d/watch with comments of no real upstream version control. * Update d/copyright year and add Upstream-Contact. Regards, -- Xiyue Deng
Bug#1054421: bookworm-pu: package weborf/0.19
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: web...@packages.debian.org, tipos...@tiscali.it Control: affects -1 + src:weborf I have found a denial of service in all versions of weborf. It is tracked in #1054417 and solved in 1.0 upstream. https://github.com/ltworf/weborf/pull/88 The issue is fixed in unstable but remains in stable and oldstable. [ Reason ] The bug has been there undetected for years. The fix is minimal. [ Impact ] The denial of service and extremely unlikely but theoretically possible remote execution issue will remain. The issue exists only if the process has CGI enabled (not the default). [ Tests ] There are no automated tests covering the issue. [ Risks ] The patch is just 3 lines. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] A patch to remove a memory allocation and copy, where I forgot a +1 in the copy. The resulting code just reuses the same buffer instead of copying, which was not needed to begin with. [ Other info ] Tracked in CVE-2023-46586 diff -Nru weborf-0.19/debian/changelog weborf-0.19/debian/changelog --- weborf-0.19/debian/changelog2022-10-15 12:57:06.0 +0200 +++ weborf-0.19/debian/changelog2023-10-23 18:38:21.0 +0200 @@ -1,3 +1,9 @@ +weborf (0.19-3) bookworm; urgency=medium + + * Backport patch from upstream to fix denial of service (Closes: 1054417) + + -- Salvo 'LtWorf' Tomaselli Mon, 23 Oct 2023 18:38:21 +0200 + weborf (0.19-2.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru weborf-0.19/debian/patches/cgi_buffer_fix.patch weborf-0.19/debian/patches/cgi_buffer_fix.patch --- weborf-0.19/debian/patches/cgi_buffer_fix.patch 1970-01-01 01:00:00.0 +0100 +++ weborf-0.19/debian/patches/cgi_buffer_fix.patch 2023-10-23 18:38:15.0 +0200 @@ -0,0 +1,25 @@ +Description: Fix incorrect memory operation + The original code failed to take into account the space needed for the + null terminator. + . + The patch just avoids the copy altogether, because it was not needed. +Author: Salvo "LtWorf" Tomaselli +Origin: upstream +Bug: +Bug-Debian: https://bugs.debian.org/1054417 +Forwarded: not-needed +Applied-Upstream: 1.0 +Last-Update: 2023-10-23 + +--- weborf-0.19.orig/cgi.c weborf-0.19/cgi.c +@@ -228,8 +228,7 @@ static inline void cgi_execute_child(con + environ = NULL; //Clear env vars + + if (strlen(executor) == 0) { +-executor = malloc(connection_prop->strfile_len + 1); +-strncpy(executor, connection_prop->strfile, connection_prop->strfile_len); ++executor = connection_prop->strfile; + } + + cgi_set_http_env_vars(connection_prop->http_param); diff -Nru weborf-0.19/debian/patches/series weborf-0.19/debian/patches/series --- weborf-0.19/debian/patches/series 2022-03-15 09:08:11.0 +0100 +++ weborf-0.19/debian/patches/series 2023-10-23 18:29:47.0 +0200 @@ -0,0 +1 @@ +cgi_buffer_fix.patch
Bug#1054420: RFS: js2-mode/0.0~git20230628.79bc78d-1 [RC] [Team] -- Emacs mode for editing Javascript programs
Package: sponsorship-requests Severity: important X-Debbugs-CC: debian-emac...@lists.debian.org Dear mentors, I am looking for a sponsor for my package "js2-mode": * Package name : js2-mode Version : 0.0~git20230628.79bc78d-1 Upstream contact : Dmitry Gutov * URL : https://github.com/mooz/js2-mode * License : GPL-3+ * Vcs : https://salsa.debian.org/emacsen-team/js2-mode Section : editors The source builds the following binary packages: elpa-js2-mode - Emacs mode for editing Javascript programs js2-mode - Emacs mode for editing Javascript programs (dummy package) To access further information about this package, please visit the following URL: https://mentors.debian.net/package/js2-mode/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/j/js2-mode/js2-mode_0.0~git20230628.79bc78d-1.dsc Changes since the last upload: js2-mode (0.0~git20230628.79bc78d-1) unstable; urgency=medium . * Team upload. . [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable): + elpa-js2-mode: Drop versioned constraint on emacsen-common (>= 2.0.8) in Depends. + elpa-js2-mode: Drop conflict with removed package js2-mode (<< 0~20150909-1) in Breaks. . [ Xiyue Deng ] * Update to new upstream version 0.0~git20230628.79bc78d (Closes: #1052865). * Update d/watch to track savannah's canonical js2-mode branch. * Update Standards-Version to 4.6.2. No change needed. * Update debhelper-compat to 13. * Simplify handling in d/rules. * Fix non-canonical URL for Vcs-Browser and drop trailing whitespace. * Use secure protocol in URL and add Upstream-Contact in d/copyright. * Update year and contributor in d/copyright. * Add d/upstream/metadata. Regards, -- Xiyue Deng
Bug#1054419: RFS: go-mode.el/3:1.6.0+git202300823.8dce1e3-1 [RC] [Team] -- Emacs mode for editing Go code
Package: sponsorship-requests Severity: important X-Debbugs-CC: debian-emac...@lists.debian.org Dear mentors, I am looking for a sponsor for my package "go-mode.el": * Package name : go-mode.el Version : 3:1.6.0+git202300823.8dce1e3-1 Upstream contact : Dominik Honnef * URL : https://github.com/dominikh/go-mode.el * License : BSD-3-clasue * Vcs : https://salsa.debian.org/emacsen-team/go-mode.el Section : lisp The source builds the following binary packages: elpa-go-mode - Emacs mode for editing Go code To access further information about this package, please visit the following URL: https://mentors.debian.net/package/go-mode.el/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/g/go-mode.el/go-mode.el_1.6.0+git202300823.8dce1e3-1.dsc Changes since the last upload: go-mode.el (3:1.6.0+git202300823.8dce1e3-1) unstable; urgency=medium . * Team upload. * Sync to latest upstream head (8dce1e3). * Apply patch to drop duplicated test (Closes: #1052922). * Drop Built-Using which should not be used on an "arch:all" package. * Add DEP5 headers for fix-test-path.patch. * Update year and add Upstream-Contact in d/copyright. * Use git mode and fix lintian warnings in d/watch. Regards, -- Xiyue Deng
Bug#970059: ITP: rust-gstreamer-play -- gstreamer's Rust bindings
Control: tags -1 + pending Control: retitle -1 ITP: rust-gstreamer-play -- gstreamer's Rust bindings Control: block 993852 by -1 I am retitling this to reflect the current status. Upstream has deprecated rust-gstreamer-player and instead distributes rust-gstreamer-play. Our initial list of apps using rust-gstreamer-player were already ported to use the new Rust library instead. Therefore, we have uploaded rust-gstreamer-play to the Debian NEW queue and we will not upload rust-gstreamer-player. Thank you, Jeremy Bícha
Bug#1054418: ITP: python-art -- ASCII art
Package: wnpp Severity: wishlist Owner: Yogeswaran Umasankar X-Debbugs-Cc: debian-de...@lists.debian.org, kd8...@gmail.com * Package name: python-art Version : 6.1-1 Upstream Contact: Sepand Haghighi * URL : https://github.com/sepandhaghighi/art * License : MIT Programming Lang: Python Description : ASCII art ASCII art is also known as "computer text art". It involves the smart placement of typed special characters or letters to make a visual shape that is spread over multiple lines of text. This library is useful for MATLAB users, and depend for modeling and simluation softwares. Thank you, Yogeswaran.
Bug#1054417: cve number
Tracked in CVE-2023-46586
Bug#1052017: Bug#1054416: ITP: errands -- simple tasks app for GNOME
Control: tags -1 +pending On Mon, Oct 23, 2023 at 12:19 PM Leandro Cunha wrote: > I was initially working on ITP for this package and if it's not a > problem for you, can you include me as one of the uploders for your > package? > So the two of us closed this bug together. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052017 Yes, that's done now. I'm sorry I didn't see your ITP bug sooner. I've already uploaded Errands to the Debian NEW queue. Thank you, Jeremy Bícha
Bug#1025420: exim4: ${run}expansion fail Bug stiill open [TT#2568022]
Hi Andreas, I installed the package https://people.debian.org/~ametzler/tmp/exim4-daemon-heavy_4.96-15+deb12u2+almostu3_amd64.deb The binary /usr/sbin/exim4 inside is from Sept 3rd: -rwsr-xr-x 1 root root 1575384 2023-09-03 13:34 /usr/sbin/exim4 That binary does not fix the problem of quote with space included: # /usr/sbin/exim4 -be '${run{/usr/bin/echo ${quote:hello world}}}' Failed: Expansion of "${quote:hello" from command "/usr/bin/echo ${quote:hello world}" in ${run} expansion failed: missing } at end of string Am 23.10.23 um 18:06 schrieb Andreas Metzler: I have uploaded pre built binaries to https://people.debian.org/~ametzler/tmp/ Best regards Kevin Ivory (SerNet Support) -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: 0551-37-0, mailto:kont...@sernet.de Gesch.F.: Dr. Johannes Loxen and Reinhild Jung AG Göttingen: HR-B 2816 - http://www.sernet.de Datenschutz: https://www.sernet.de/datenschutz
Bug#1054417: weborf: Denial of service when executing cgi executables
Package: weborf Version: 0.20 Severity: grave Tags: patch upstream security X-Debbugs-Cc: tipos...@tiscali.it Dear Maintainer, there is an error in the code to execute cgi. Best -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-2-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages weborf depends on: ii libc6 2.37-12 ii libmagic1 1:5.45-2 ii libssl33.0.11-1 weborf recommends no packages. Versions of packages weborf suggests: pn php-cgi -- no debconf information commit 49824204add55aab0568d90a6b1e7c822d32120d Author: Salvo 'LtWorf' Tomaselli Date: Wed Oct 11 23:48:19 2023 +0200 Solve issue with unterminated buffer diff --git a/cgi.c b/cgi.c index 08d664d..f8276b1 100644 --- a/cgi.c +++ b/cgi.c @@ -233,8 +233,7 @@ static inline void cgi_execute_child(connection_t* connection_prop,string_t* pos environ = NULL; //Clear env vars if (strlen(executor) == 0) { -executor = malloc(connection_prop->strfile_len + 1); -strncpy(executor, connection_prop->strfile, connection_prop->strfile_len); +executor = connection_prop->strfile; } cgi_set_http_env_vars(connection_prop->http_param);
Bug#1054416: ITP: errands -- simple tasks app for GNOME
Hi, On Mon, Oct 23, 2023 at 12:55 PM Jeremy Bícha wrote: > > Package: wnpp > Severity: wishlist > X-Debbugs-CC: debian-de...@lists.debian.org, debian-gtk-gn...@lists.debian.org > Owner: jeremy.bi...@canonical.com > > Package Name: errands > Version: 45.0.4 > Upstream Author: Vlad Krupinskii > License: Expat > Programming Lang: Python > > Description: Simple tasks app for GNOME > Errands is a todo app for those who prefer simplicity. > It can optionally sync with a CalDAV or NextCloud server. > . > Errands is a GNOME Circle app. > > Other Info > -- > This package will be maintained by the Debian GNOME team. Packaging is at > https://salsa.debian.org/gnome-team/errands > > Thanks, > Jeremy Bícha > I was initially working on ITP for this package and if it's not a problem for you, can you include me as one of the uploders for your package? So the two of us closed this bug together. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052017 -- Cheers, Leandro Cunha -BEGIN PGP PUBLIC KEY BLOCK- mQINBF/gQ8gBEADHVKgoWsUWNGVvR6sMhBPUdBUEH+QALpr1QYXhetBfRwaY0HWN pKgejHdxKO8H+kIhRMoh89CCKg3hAJ9LmOOTXkX7U5/Cya/zRMKk5zBD3rKIaugh 0XYT15Nz1jwL7TIDG25yPSloDtVgVXTep0ZzKsNYJjb4OAqa88cvUEJEhhqrldlR gpNbkixEh5ituO8pMShEBWqLs3yt4Hr1VFWnTIm4dl/JLBHpexzubDOw/mKCTpNd A1JGHTvce1wtJ2fMzCVzhEjd5pyjLZV/o8hVw2/ON/yXvpJuz0lV/hiW0M+cDcas sKftErtsZpRy3wwXdkBcJt6soYuqfCHwgMfL2iC6mPviE8xWAHMOmhdC3wDskZpb RcLfH5IMYajJAGRO/GCMcKKbq7WkEOeloivtg64xBlYuJf9aOcHKP/8R3EObiNp7 ubQAJtV3pEGD4mx1mhutFxDHB+CfnxE3dWvxZSV9y1n4UOzkDJ3kDx5Ee0MbRvJD w6aXKc6dhYREgh7hLDcMFz+3LcBiZDLxI3g+SHe3Bl61vdsnPno+0HhCzvB+fL4S eoy7Myfiunz9BrB2HPN+wNCT0YgV+Kv8QoDGzBwos5H1vUJSY4t59w6xoXAYUsAm hjAM8s+rUtG40mcUWePd8kZtgE9IV1eQ+Qt8/SNpSdRnUunmIGl3JjHvEwARAQAB tClMZWFuZHJvIEN1bmhhIDxsZWFuZHJvY3VuaGEwMTZAZ21haWwuY29tPokCTgQT AQoAOBYhBLT5oBCvKN3HzFEPK8LZ4zKUW9A8BQJf4EPIAhsDBQsJCAcCBhUKCQgL AgQWAgMBAh4BAheAAAoJEMLZ4zKUW9A8FjAQAKWYqiLpLUD+DLB+NSy3DI3rf9z3 k0vE7TLaEjdEM5CQWN+j4vBqMnAckdcARvSWPndTjp8K+mtFF4PyfhNbS64z/a7L F3DdhmX73n7LKFG8Ow9NZwcrkmPwH5WcP7mXTh6R+6/+OSL/K85NB8MLlxQTJOni julVax9JEZjwBaP2HLCu53Zq9gZcvJlXoAoTHyTxKdp8Mh8V+Qit26E78o9c6SQD Dq9eyMRG8hYCRfreDjKceRkYHjECySlk+VoI1ssVs07Dqvxg6qSyP4RnW+1+W74C s0yIyuC/eRJpMAf1PBQEOOrVcTfRfpN+go955t21yIAvT58vqotTM5eaqXYIQn/y sC4lThZai/ZBZHxl5Mbv42WkkYdjisLQOCALIMBpj5nq4oh2C+kvMupcuBKfERgV dguU51MzfQktKb6d5y777zYnDaFMQDD2IfiD/C7ln5A9LP/L54ixlA3uRmWx/yAx /m+Zusws98j4Eq/jw5T54XW655m6lMCTE9WXLJkgxrRcEonHSllbgRSsToEmWq0Z doxcnpagHdcGQzW+cu2VOGi1da73ZFmrn+ptJgc8cW2suO06IeArOi0TzIg7e65j Xp2DbJCpFrfzEuBb1u71WvB8V2MkAfJZx/uZJPCA936B4HT8YGPEMzlQRIHI2Y9C +DloyzlBLTS1EMKuuQINBF/gQ8gBEAC47o9u1Wm9jZ6RC+lfxEDEvVS7MmI5VzSy q04rFttWwbKix13pc65aDlk47LxWrb84N3Gnf1E/OTsLTXqC7u5JZ7YJkC6CsPbo D1sQkfCiJCFCTgf7dydEVt8ujS/Uu1kz86ufdRwaMRcvBZAORGdB58LEsLB65WN4 hLRYF7xvcxu6t7FGrIYereaxUAWLA2B/ZnCEdOY94w7s0uaPjHdf4lfHebuZ7T08 iG5ACDvKBjgaFArGfdNYWchXJgbOEg14bGj40/8LuBKQMZASiFSqLPZxoporK9FY xBw+D080dUWWD5g868TZ3pkM3DXO9bdq22IBKqKOep8CnuKgoDpUvA8dTEY/UDCn sdOlBUK/Y9zTGVmD/90cO/xkvkV78suqiBnwBSddPzVS0EuiWwrLGu8gaY4EyM/X 7khlbTcMgh4njzUCAE6Tq+TbXSxn86wuOybVY5Y+I99LNdsocI5SIn2nDh2IOi00 4dE/iwO2MatWIOLFBC7pw8Xv4UHZY+WIf3Y/6XjExpllhUkeB6BwZpTr1SXk+cug q5Dj5i4aGn2LrvQJ57terqUWYyDUBFgXTc4SPOzT5og8CavBgHfrQoFwSnRZ2oyX xtZhEDI5Pk2j1qTbOhXZ29po4rPNWHMq2HQgM0I+BqQndsoVdkPOFzS2wKkdXjCz bNYcyanusQARAQABiQI2BBgBCgAgFiEEtPmgEK8o3cfMUQ8rwtnjMpRb0DwFAl/g Q8gCGwwACgkQwtnjMpRb0Dzh6g//ZjXaWSzKmG5ZS6XJa/ZOokkE2hFOFusWX8Qa hEwLAnTFEy02dLfV54rKwmu2jHPDKLhE+iYtusvytueZAzVRyQahv0RE4BH8Emqw gQdBwyJ/L+QhUp/lMdJ6Hh/2ZSZmzU29U24vnY+U+haoB1fLnA3lXgOP59kMLGud lERR2Vluuc7TcpzvcaRWgrQRU2vSrrBBEp6y07iVKbRM/9yhE/aHJahLbhKh2Dk9 WJvHPnhYJY5yU+Y5vTl3BiW5+EuzMBdPUawOWKhqCq9dswn0GL1g/vlt/bdU/6DO jECQ6fssTAtDjRClXySsS3X0mh8y8qlGvMPB4anfvOy4+4nUV6IESdJftKn2SMGd CA3MaQ+S7frWn5v7GIWSC9vumCsiu1JTOugLmbVmu5m5nFsyllavm/k9LtOtswuF fHM/SlXLFuGBWU6XceqaM2dpP8i5jGz0vIGMhqoFNgXWGO1NhwR1rmeU1CMpnM5e Wue4h/+mJiuEzuZcmzOcwq3HGMUXO0jZDgLEmlnenO9czhrLuGZaMXGdwnIk0G3O +SqH36v7blnDh96RXpgaa+ifTHd0qKeoVXVwSq/9jNtHSQrI+NJcTpMhu73xtxhX UFPr/31+IFLWepC5GDwdu/gQm5E6ntGyxE2p2v76pcjz7SGdXjPFZjqekBveEJuW fNdY6Ns= =rdCA -END PGP PUBLIC KEY BLOCK-
Bug#1054415: cockpit-ws: remotectl command missing?
Martin Pitt schreef op ma 23-10-2023 om 17:36 [+0200]: > > This is intended, see > https://cockpit-project.org/blog/cockpit-252.html > Hello Martin, as a follow-up to that link if the manpages are generated correctly: https://manpages.debian.org/unstable/cockpit-ws/remotectl.8.en.html https://manpages.debian.org/bullseye/cockpit-ws/remotectl.8.en.html remotectl is present in unstable and testing as well? mvg, Wim
Bug#1054394: Postinst installs unsigned (unbootable) efi on secure boot systems
Am 23.10.23 um 11:32 schrieb sympathischerwal: Package: systemd-boot Version: 252.12-1~deb12u1 When updating systemd-boot on a system with secure-boot enabled, the postinst calls `bootctl update --graceful` which installs an unsigned efi. This will overwrite an existing efi with correct signature and cause the system to not boot anymore, because of a security violation. The postinst should either read a config file, so users can disable this behavior or only update the efi when it has the correct signature. Introducing a config variable for this is something I'm not keen on. Not running an update of the EFI binaries is problematic as well. Is there a programmatic, defined way to find out if the sd-boot efi binaries have been signed? If so, we could at least add a warning to postinst if we detect such a situation. Aside from the dpkg/apt hook I mentioned earlier, what you might do is to dpkg-divert bootctl and replace it with a wrapper script that does the update + signing for your setup. Regards, Michael OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1025420: exim4: ${run}expansion fail Bug stiill open [TT#2568022]
On 2023-10-23 SerNet Support Kevin Ivory wrote: > Hello Andreas, > thanks for the info. > I am not familiar with the Repository format at > https://salsa.debian.org/exim-team/exim4/-/tree/12_bookworm?ref_type=heads > Is there a binary or a package that I can test or do > I have to patch and compile? [...] Hello, It is a webpage. ;-) Standard gitlab-ish GIT WWW frontend, pointed at the correct branch. I have uploaded pre built binaries to https://people.debian.org/~ametzler/tmp/ TIA, cu Andreas
Bug#1054416: ITP: errands -- simple tasks app for GNOME
Package: wnpp Severity: wishlist X-Debbugs-CC: debian-de...@lists.debian.org, debian-gtk-gn...@lists.debian.org Owner: jeremy.bi...@canonical.com Package Name: errands Version: 45.0.4 Upstream Author: Vlad Krupinskii License: Expat Programming Lang: Python Description: Simple tasks app for GNOME Errands is a todo app for those who prefer simplicity. It can optionally sync with a CalDAV or NextCloud server. . Errands is a GNOME Circle app. Other Info -- This package will be maintained by the Debian GNOME team. Packaging is at https://salsa.debian.org/gnome-team/errands Thanks, Jeremy Bícha
Bug#967779: tome: depends on deprecated GTK 2
The build dependency can just be dropped, which results in the gtk frontend not being built.
Bug#1054415: cockpit-ws: remotectl command missing?
Martin Pitt schreef op ma 23-10-2023 om 17:36 [+0200]: > > Control: tag -1 wontfix > > > This is intended, see > https://cockpit-project.org/blog/cockpit-252.html > > Out of interest, why do you need it? Hello Martin, i was setting up the https://elephant-shed.io/ , which has this dependency in one of the scripts of the elehant-shed- cockpit package mvg, Wim > If you want to set up a key for cockpit-ws > in advance, there are usually better tools (ansible, linux-system- > roles, > LetsEncrypt, etc.), and in the worst case you can still call > /usr/lib/cockpit/cockpit-certificate-ensure . > > Martin
Bug#1054147: libgraphics-magick-perl: Cannot find fonts after gsfonts transition
Package: libgraphicsmagick-q16-3 Version: 1.4+really1.3.42-1 Followup-For: Bug #1054147 X-Debbugs-Cc: emacksno...@gmail.com Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** To fix this problem one has to fix the paths in /usr/lib/GraphicsMagick-1.3.42/config/type-ghostscript.mgk file To workaround this issue, install the fonts that comes with ghostscript-fonts- std-8.11.tar.gz in the paths that you see in above `.mgk` file. I have installed ii graphicsmagick-imagemagick-compat 1.4+really1.3.42-1 all image processing tools providing ImageMagick interface Run the following command convert -size 1366x720 -background cornsilk -fill blue -pointsize 12 -font FreeMono -gravity center label:'Some Random Screenshot' screenshot.png You will see the following error convert: Unable to get type metrics (Some Random Screenshot). Run the following command ~$ gm convert -list font Path: /usr/lib/GraphicsMagick-1.3.42/config/type-ghostscript.mgk Name Family Style Stretch Weight AvantGarde-Book AvantGarde normal normal400 AvantGarde-BookOblique AvantGarde oblique normal400 AvantGarde-Demi AvantGarde normal normal600 AvantGarde-DemiOblique AvantGarde oblique normal600 Run the following command ~$ cat /usr/lib/GraphicsMagick-1.3.42/config/type-ghostscript.mgk | grep fonts | head Mapping for URW Standard postscript fonts (cyrillicized) Download from https://src.fedoraproject.org/repo/pkgs/urw-fonts/ (https://src.fedoraproject.org/repo/pkgs/urw-fonts/urw- fonts-2.0.tar.bz2/c5cc8237e4289fc6ebeaa296174fa504/urw-fonts-2.0.tar.bz2) NetBSD's pkgsrc (http://pkgsrc.se/fonts/urw-fonts) calls these "urw- fonts-2.0nb1". metrics="/usr/share/fonts/type1/gsfonts/a010013l.afm" glyphs="/usr/share/fonts/type1/gsfonts/a010013l.pfb" metrics="/usr/share/fonts/type1/gsfonts/a010033l.afm" glyphs="/usr/share/fonts/type1/gsfonts/a010033l.pfb" metrics="/usr/share/fonts/type1/gsfonts/a010015l.afm" glyphs="/usr/share/fonts/type1/gsfonts/a010015l.pfb" Note that the fonts is coming from /usr/share/fonts/type1/gsfonts/ List the contents gsfonts package ~$ dpkg -L gsfonts /. /usr /usr/share /usr/share/doc /usr/share/doc/gsfonts /usr/share/doc/gsfonts/NEWS.Debian.gz /usr/share/doc/gsfonts/changelog.Debian.gz /usr/share/doc/gsfonts/copyright transitional dummy package (gsfonts -> fonts-urw-base35) Now check the contents of the package fonts-urw-base35 ~$ dpkg -L fonts-urw-base35 | grep 'afm\|pfb' | head /usr/share/fonts/X11/Type1/C059-BdIta.pfb /usr/share/fonts/X11/Type1/C059-Bold.pfb /usr/share/fonts/X11/Type1/C059-Italic.pfb /usr/share/fonts/X11/Type1/C059-Roman.pfb /usr/share/fonts/X11/Type1/D05L.pfb There are afm and pfb files here. In order to fix this, the paths to font metrics etc has to be fixed in file /usr/lib/GraphicsMagick-1.3.42/config/type-ghostscript.mgk ~$ dpkg -S /usr/lib/GraphicsMagick-1.3.42/config/type-ghostscript.mgk libgraphicsmagick-q16-3: /usr/lib/GraphicsMagick-1.3.42/config/type- ghostscript.mgk To workaround this bug, I installed the fonts manually in /usr/share/fonts/type1/gsfonts/ ~$ ls /usr/share/fonts/type1/gsfonts/ a010013l.afm a010035l.pfb b018032l.pfm c059036l.afm n019003l.pfb n019024l.pfm n021003l.afm n021024l.pfb p052003l.afm s05l.afm a010013l.pfb a010035l.pfm b018035l.afm c059036l.pfb n019003l.pfm n019043l.afm n021003l.pfb n021024l.pfm p052003l.pfb s05l.pfb a010013l.pfm b018012l.afm b018035l.pfb ChangeLog n019004l.afm n019043l.pfb n021003l.pfm n022003l.afm p052004l.afm TODO a010015l.afm b018012l.pfb b018035l.pfm COPYING n019004l.pfb n019044l.afm n021004l.afm n022003l.pfb p052004l.pfb z003034l.afm a010015l.pfb b018012l.pfm c059013l.afm d05l.afm n019004l.pfm n019044l.pfb n021004l.pfb n022004l.afm p052023l.afm z003034l.pfb a010015l.pfm b018015l.afm c059013l.pfb d05l.pfb n019023l.afm n019063l.afm n021004l.pfm n022004l.pfb p052023l.pfb z003034l.pfm a010033l.afm b018015l.pfb c059016l.afm fonts n019023l.pfb n019063l.pfb n021023l.afm n022023l.afm p052024l.afm a010033l.pfb b018015l.pfm c059016l.pfb fonts.dir n019023l.pfm n019064l.afm n021023l.pfb n022023l.pfb p052024l.pfb a010033l.pfm b018032l.afm c059033l.afm fonts.scale n019024l.afm n019064l.pfb n021023l.pfm n022024l.afm README a010035l.afm b018032l.pfb c059033l.pfb n019003l.afm n019024l.pfb n019064l.pfm n021024l.afm n022024l.pfb README.tweaks I used the following instructions [[https://www.linuxfromscratch.org/blfs/view/svn/pst/gs.html][ghostscript-10.02.0]] If you have downloaded the fonts, unpack them to =/usr/share/ghostscript= and ensure the ownership of the files are
Bug#1054415: cockpit-ws: remotectl command missing?
Control: tag -1 wontfix Hello Wim, wim [2023-10-23 17:16 +0200]: > it seems the remotectl command is missing (from bookworm and > bookworm-backports)? > (as it was included in bullseye, and is included in testing) This is intended, see https://cockpit-project.org/blog/cockpit-252.html Out of interest, why do you need it? If you want to set up a key for cockpit-ws in advance, there are usually better tools (ansible, linux-system-roles, LetsEncrypt, etc.), and in the worst case you can still call /usr/lib/cockpit/cockpit-certificate-ensure . Martin
Bug#886792: wrong results
When search for You have searched for packages that names contain linux-image in suite(s) stable, section(s) main, and all architectures. https://packages.debian.org/search?keywords=linux-image=names=1=stable=main I get Your keyword was too generic. Please consider using a longer keyword or more keywords. When I click on " results have not been displayed due to the search..." I also see packages from oldoldstable. So it's not possible to just get the list of package names from stable -- regards Thomas
Bug#1037192: sd: version is lower than in squeeze
A contributor suggested that 1.0 release should be on hold until some new features get stabilized https://github.com/chmln/sd/issues/203#issuecomment-1775390770 This might mean that the 1.0 release might take many more months.
Bug#1042576: example-script error
On 23.10.23 16:14, Matthias Geiger wrote: Hi Pelle, I can't reproduce this error on my swayfx machine. I have |exec_always swaync |in my swayfx config and running |notify-send "hello world" |works just fine. That is with sway-nc 0.9.0-1 and swayfx 0.3.2. I'll retest with the latest sway; just to make sure. tested with the latest sway, can't reproduce. best, -- Matthias Geiger Debian Maintainer "Freiheit ist immer Freiheit des anders Denkenden" -- Rosa Luxemburg OpenPGP_0x18BD106B3B6C5475.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1054415: cockpit-ws: remotectl command missing?
Package: cockpit-ws Version: 301-1~bpo12+1 Severity: normal X-Debbugs-Cc: wim.bert...@ucll.be Hello, it seems the remotectl command is missing (from bookworm and bookworm-backports)? (as it was included in bullseye, and is included in testing) hth, Wim -- System Information: Debian Release: 12.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-13-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cockpit-ws depends on: ii adduser 3.134 ii glib-networking 2.74.0-4 ii libc6 2.36-9+deb12u3 ii libcrypt1 1:4.4.33-2 ii libglib2.0-02.74.6-2 ii libgnutls30 3.7.9-2 ii libgssapi-krb5-21.20.1-2+deb12u1 ii libjson-glib-1.0-0 1.6.6-1 ii libpam0g1.5.2-6+deb12u1 ii libsystemd0 252.17-1~deb12u1 ii openssl 3.0.11-1~deb12u1 ii systemd 252.17-1~deb12u1 cockpit-ws recommends no packages. Versions of packages cockpit-ws suggests: ii python33.11.2-1+b1 pn sssd-dbus -- no debconf information
Bug#1025420: exim4: ${run}expansion fail Bug stiill open [TT#2568022]
Hello Andreas, thanks for the info. I am not familiar with the Repository format at https://salsa.debian.org/exim-team/exim4/-/tree/12_bookworm?ref_type=heads Is there a binary or a package that I can test or do I have to patch and compile? Am 23.10.23 um 14:29 schrieb Andreas Metzler: On 2023-10-18 SerNet Support Kevin Ivory wrote: Hello Andreas, I just realized Debian Bug #1025420 is closed even though we are still running into it in exim 4.96-15+deb12u2 Please try: # /usr/sbin/exim4 -be '${run{/usr/bin/echo ${quote:hello world}}}' Failed: Expansion of "${quote:hello" from command "/usr/bin/echo ${quote:hello world}" in ${run} expansion failed: missing } at end of string The bug is only fixed for exactly the version in the bug report, variables with no space included. We need to use ${quote:$h_subject:} where the subject often includes spaces. Hello, Yes, I now that. I had a stable update pending for the latest point release but I pulled it because there needed to be DSA for CVE-2023-42114, CVE-2023-42115, CVE-2023-42116 at basically the same time. I would appreciate if you could check whether https://salsa.debian.org/exim-team/exim4/-/tree/12_bookworm?ref_type=heads works for you. cu Andreas Best regards Kevin Ivory (SerNet Support) -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: 0551-37-0, mailto:kont...@sernet.de Gesch.F.: Dr. Johannes Loxen and Reinhild Jung AG Göttingen: HR-B 2816 - http://www.sernet.de Datenschutz: https://www.sernet.de/datenschutz
Bug#717778: checkinstall: mkdir -p fails (fstrans broken again?)
It’s maintained, however the upstream no longer exists so I need to vet any patches myself. I will take a look at the provided patch and get it uploaded! Stephen On Oct 20, 2023 at 8:56:31 AM, Siddh Raman Pant wrote: > Is the package no longer maintained? If it is, it should be removed from > the repo. > > It is 2023, and checkinstall is still broken. > > Thanks, > Siddh > > On Sat, 02 Jul 2022 02:18:35 + Geoffrey Hausheer < > debianbug...@pblue.org> wrote: > > Package: checkinstall > > Version: 1.6.2+git20170426.d24a630-2 > > Followup-For: Bug #717778 > > X-Debbugs-Cc: debianbug...@pblue.org > > > It appears that the root of this issue may be in instw_setpathrel > > Specifically, the 'stat' command that is used to get the length of a > symlink should > > be 'lstat' instead. > > > Here is a 1 line-patch that addressed the issue for me: > > > --- a/installwatch/installwatch.c > > +++ b/installwatch/installwatch.c > > @@ -1691,7 +1691,7 @@ > > if ( dirfd == AT_FDCWD ) return instw_setpath(instw, relpath); > > > > snprintf(proc_path, PROC_PATH_LEN, "/proc/self/fd/%d", dirfd); > > - if(true_stat(proc_path, ) == -1) > > + if(true_lstat(proc_path, ) == -1) > > goto out; > > if(!(newpath = malloc(s.st_size+strlen(relpath)+2))) > > goto out; > > > > > -- System Information: > > Debian Release: 11.3 > > APT prefers stable-updates > > APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, > 'stable') > > Architecture: amd64 (x86_64) > > > Kernel: Linux 5.10.67-zfs (SMP w/4 CPU threads) > > Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, > TAINT_UNSIGNED_MODULE > > Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set > > Shell: /bin/sh linked to /bin/dash > > Init: unable to detect > > > Versions of packages checkinstall depends on: > > ii dpkg-dev1.20.10 > > ii file1:5.39-3 > > ii libc6 2.31-13+deb11u3 > > ii sensible-utils 0.0.14 > > > Versions of packages checkinstall recommends: > > ii make 4.3-4.1 > > > Versions of packages checkinstall suggests: > > ii gettext 0.21-4 > > > -- Configuration Files: > > /etc/checkinstallrc changed [not included] > > > -- no debconf information > > > >
Bug#1054414: RFP: graphmonkey -- GTK#-based graphing calculator
Package: wnpp Version: 2.0; reported 2023-10-23 Severity: wishlist * Package name: graphmonkey Version : 2.0 Upstream Author : Lounis Bellabes * URL : https://github.com/lounisB/graphMonkey * License : GPL Description : GTK#-based graphing calculator This package has been removed from Debian because of using GTK#2 Now GraphMonkey 2.0 use Gtk#3 The source code is available here: https://github.com/lounisB/graphMonkey Is it possible to reintroduce the package? It can be done with a minimum effort: - update the version to 2.0 - update upstream repository : https://github.com/lounisB/graphMonkey - change dependency to libgtk3.0-cil Thank you
Bug#1054412: reassign 1054412 cross-toolchain-base-ports
-- Alex Bennée Emulation and Virtualisation Tech Lead @ Linaro
Bug#1054413: ITP: flake8-spellcheck -- flake8 plugin that spellchecks parts of your Python code
Package: wnpp Severity: wishlist Owner: Guilherme Puida Moreira X-Debbugs-Cc: debian-de...@lists.debian.org, guilhe...@puida.xyz * Package name: flake8-spellcheck Version : 0.28.0 Upstream Contact: Michael Aquilina * URL : https://github.com/MichaelAquilina/flake8-spellcheck * License : Expat Programming Lang: Python Description : flake8 plugin that spellchecks parts of your Python code A flake8 plugin that spellchecks variables, functions, classes and other bits of your Python code. Spelling is assumed to be in en_US. This is a new dependency of image-finder [1] as per MR !121 [2]. I plan to maintain this package under the Python Team umbrella. [1]: https://salsa.debian.org/cloud-team/image-finder [2]: https://salsa.debian.org/cloud-team/image-finder/-/merge_requests/121
Bug#1052191: unicode-data: Please update for the new 15.1 release
Hi Alastair On Mon, 23 Oct 2023 at 10:34, Alastair McKinstry wrote: > Apologies for not treating this properly as a transition. Changes have > been limited to adding new symbols to the set, I had not thought that > this would break dependencies. It seems that every new unicode-data upstream version breaks the builds of several reverse-build-dependencies, and these need to be updated. For the full list of possibly affected packages, see the output of: $ reverse-depends -r testing src:unicode-data -a source In future, please upload new upstream versions of unicode-data to experimental first. For this transition, FTBFS bugs should have already been filed as part of Lucas Nussbaum's regular test rebuilds, but do follow up in those bugs to make sure they are being worked on. In particular, key packages, like wine and utf8proc (there may be more) need to be fixed. Regards Graham
Bug#1020460: some people ....
Some people have no clue what software maintenance means. How pathetic. This thing has not been "improved", it has been fundamentally broken in 2.46. So, just took the 2.44 soruces from bullseye, compiled with a simlpe "make x" and put the binary into /usr/local/bin and archived the soruces on my side. Problem fixed. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform.,Email: a...@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier
Bug#1054412: cross-toolchain-base-ports: Stable update request to include latest glibc
Package: libc6.1-dev-alpha-cross Severity: serious X-Debbugs-Cc: none Dear Maintainer, The current alpha cross toolchain can't build working static binaries due to missing the fix for bug #1028200. This is fixed in the latest bookworm glibc but this isn't included in cross-toolchain-base-ports-62. See also: https://lists.debian.org/debian-alpha/2023/10/msg5.html -- System Information: Debian Release: 12.2 APT prefers stable APT policy: (900, 'stable'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug') Architecture: amd64 (x86_64) Foreign Architectures: arm64, armhf, i386 Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- Alex Bennée Virtualisation Tech Lead @ Linaro