date:20231101

Bug#1023601: libgpgme-dev: removal of gpgme-config breaks the build of software relying on it

2023-11-01 Thread Andreas Metzler

On 2023-11-01 Vincent Lefevre  wrote:
> On 2023-11-01 18:39:24 +0100, Andreas Metzler wrote:
> > I am closing this since afaict this is a solved issue and I do not see
> > any TODOs on the gpgme side.
> > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gpgme-config-transition;users=pkg-gnupg-ma...@lists.alioth.debian.org
> > has shrunk to 4 open bugs, three of them with patches (undead packages?)
> > and I am going to close the fourth one myself since it seems to have
> > been fixed upstream and has been fixed in Debian by a uploading this
> > version.

> Yes, this was at least fixed in Mutt. I'm not aware of any new issue
> in other software, and as there were no new comments since last year,
> I assume that this has been fixed everywhere (or no-one cares).

Thank god I can provide the more like explanation that the gnupg
maintainer team held their promise and diagnosed, tracked, provided
patches for and if necessary NMUed the affected packages. 

cu Andreas

Bug#1055116: rust-rustls, please prepare update for new ring.

2023-11-01 Thread Jonas Smedegaard

Control: block -1 by 1055202

Quoting Jonas Smedegaard (2023-11-01 11:55:39)
> Quoting Jonas Smedegaard (2023-11-01 01:51:39)
> > Quoting Peter Green (2023-10-31 19:33:29)
> > > Package: rust-rustls
> > > 
> > > After a long wait, ring released version 0.17 which is far more portable 
> > > than
> > > previous versions. The lack of portability of ring has been a thorn in the
> > > side of the rust team for some time so we would really like to upgrade.
> > > 
> > > The good news is that rustls has updated to the new version of ring 
> > > *without*
> > > bumping semver. So hopefully this transition can be kept relatively small.
> > > 
> > > I've uploaded the new version of ring to experimental, could you prepare 
> > > new
> > > versions of the rustls packages to work with it.
> > 
> > That's wonderful news.
> > 
> > I am happy to update rust-rustls, as soon as possible.  Seems to only
> > blocker is an transitive dependency on rust-rcgen needing an update as
> > well: See bug#1055132.

The package rust-sct needs relinking as well.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1055203: git-cola: files in /usr/local/share/{applications,doc,git-cola,locale,metainfo}/

2023-11-01 Thread Paul Wise

Package: git-cola
Version: 3.12.0-3
Severity: serious
Justification: Policy 9.1.2

According to the FHS and Debian Policy 9.1.2, packages must not put
files in the /usr/local/ directory, but git-cola 3.12.0-3 does that:

   
https://www.debian.org/doc/debian-policy/ch-opersys.html#site-specific-programs

I note that lintian does produce errors for this situation:

   https://udd.debian.org/lintian/?packages=git-cola

Here is the full list of files in the /usr/local/ directory:

   $ dpkg -L git-cola  | grep /usr/local/
   /usr/local/share
   /usr/local/share/applications
   /usr/local/share/applications/git-cola-folder-handler.desktop
   /usr/local/share/applications/git-cola.desktop
   /usr/local/share/applications/git-dag.desktop
   /usr/local/share/doc
   /usr/local/share/doc/git-cola
   /usr/local/share/doc/git-cola/git-cola.rst
   /usr/local/share/doc/git-cola/git-dag.rst
   /usr/local/share/doc/git-cola/hotkeys.html
   /usr/local/share/doc/git-cola/hotkeys_de.html
   /usr/local/share/doc/git-cola/hotkeys_zh_CN.html
   /usr/local/share/doc/git-cola/hotkeys_zh_TW.html
   /usr/local/share/doc/git-cola/index.rst
   /usr/local/share/doc/git-cola/relnotes.rst
   /usr/local/share/doc/git-cola/thanks.rst
   /usr/local/share/git-cola
   /usr/local/share/git-cola/bin
   /usr/local/share/git-cola/bin/ssh-askpass
   /usr/local/share/git-cola/bin/ssh-askpass-darwin
   /usr/local/share/git-cola/icons
   /usr/local/share/git-cola/icons/a-z-order.svg
   /usr/local/share/git-cola/icons/arrow-down.svg
   /usr/local/share/git-cola/icons/arrow-up.svg
   /usr/local/share/git-cola/icons/check.svg
   /usr/local/share/git-cola/icons/circle-slash-red.svg
   /usr/local/share/git-cola/icons/circle-slash.svg
   /usr/local/share/git-cola/icons/dark
   /usr/local/share/git-cola/icons/dark/a-z-order.svg
   /usr/local/share/git-cola/icons/dark/arrow-down.svg
   /usr/local/share/git-cola/icons/dark/arrow-up.svg
   /usr/local/share/git-cola/icons/dark/check.svg
   /usr/local/share/git-cola/icons/dark/circle-slash-red.svg
   /usr/local/share/git-cola/icons/dark/circle-slash.svg
   /usr/local/share/git-cola/icons/dark/desktop-download.svg
   /usr/local/share/git-cola/icons/dark/diff.svg
   /usr/local/share/git-cola/icons/dark/document-save-symbolic.svg
   /usr/local/share/git-cola/icons/dark/edit-copy.svg
   /usr/local/share/git-cola/icons/dark/edit-cut.svg
   /usr/local/share/git-cola/icons/dark/edit-paste.svg
   /usr/local/share/git-cola/icons/dark/edit-redo.svg
   /usr/local/share/git-cola/icons/dark/edit-select-all.svg
   /usr/local/share/git-cola/icons/dark/edit-undo.svg
   /usr/local/share/git-cola/icons/dark/ellipsis.svg
   /usr/local/share/git-cola/icons/dark/eye.svg
   /usr/local/share/git-cola/icons/dark/file-binary.svg
   /usr/local/share/git-cola/icons/dark/file-code.svg
   /usr/local/share/git-cola/icons/dark/file-directory.svg
   /usr/local/share/git-cola/icons/dark/file-download.svg
   /usr/local/share/git-cola/icons/dark/file-media.svg
   /usr/local/share/git-cola/icons/dark/file-text.svg
   /usr/local/share/git-cola/icons/dark/file-zip.svg
   /usr/local/share/git-cola/icons/dark/fold.svg
   /usr/local/share/git-cola/icons/dark/folder-new.svg
   /usr/local/share/git-cola/icons/dark/folder.svg
   /usr/local/share/git-cola/icons/dark/gear.svg
   /usr/local/share/git-cola/icons/dark/git-branch.svg
   /usr/local/share/git-cola/icons/dark/git-cola.svg
   /usr/local/share/git-cola/icons/dark/git-commit.svg
   /usr/local/share/git-cola/icons/dark/git-compare.svg
   /usr/local/share/git-cola/icons/dark/git-merge.svg
   /usr/local/share/git-cola/icons/dark/last-first-order.svg
   /usr/local/share/git-cola/icons/dark/link-external.svg
   /usr/local/share/git-cola/icons/dark/modified.svg
   /usr/local/share/git-cola/icons/dark/partial.svg
   /usr/local/share/git-cola/icons/dark/pencil.svg
   /usr/local/share/git-cola/icons/dark/plus.svg
   /usr/local/share/git-cola/icons/dark/primitive-dot.svg
   /usr/local/share/git-cola/icons/dark/question-plain.svg
   /usr/local/share/git-cola/icons/dark/question.svg
   /usr/local/share/git-cola/icons/dark/repo-pull.svg
   /usr/local/share/git-cola/icons/dark/repo-push.svg
   /usr/local/share/git-cola/icons/dark/repo.svg
   /usr/local/share/git-cola/icons/dark/screen-full.svg
   /usr/local/share/git-cola/icons/dark/search.svg
   /usr/local/share/git-cola/icons/dark/staged.svg
   /usr/local/share/git-cola/icons/dark/star.svg
   /usr/local/share/git-cola/icons/dark/sync.svg
   /usr/local/share/git-cola/icons/dark/tag.svg
   /usr/local/share/git-cola/icons/dark/telescope.svg
   /usr/local/share/git-cola/icons/dark/three-bars.svg
   /usr/local/share/git-cola/icons/dark/trashcan.svg
   /usr/local/share/git-cola/icons/dark/unfold.svg
   /usr/local/share/git-cola/icons/dark/upstream.svg
   /usr/local/share/git-cola/icons/dark/x.svg
   /usr/local/share/git-cola/icons/dark/zoom-fit-best.svg
   /usr/local/share/git-cola/icons/dark/zoom-in.svg
   /usr/local/share/git-cola/icons/dark/zoom-out.svg

Bug#1055202: rust-sct: please provide package linked with rust-ring 0.17

2023-11-01 Thread Jonas Smedegaard

Source: rust-sct
Version: 0.7.0-2
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please provide a package linked with rust-ring v0.17 in experimental.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmVDN5gACgkQLHwxRsGg
ASH53A/7B3qd/OoxtL4QnZey7qGgatm8bKEJT/vcIsZpL/7BUIZqGrH6vGewpOFb
4TXYYwc18JNAQujpvepEA2sbX0C4/vnhrWZpLI5xTAI3bq5grjci1RFHFu0ffBF2
bvGLXBzdJfvbHU5tYvqQF+YZiJ0/ZM6aYOfhKxutuziboezTEnELYYxeOJnpwVYC
0lCjXk3aO+RkcM0X4PUKDFSBdRpgZQeFuk0QHfcOiFaCHhCGf73JdSXLqQuhtAL1
x6I8hnQ7vkIMxBPkzYLUmlH1BB448G7KxviI0U/oh9pC8uYGwsS95B0hl4P01j/5
mDjrogADTeojirkEjrmhLTfDNgr2J7Hn6eZ3ftxKfqp1PF8/AfDqbFr77hy110ea
6pNBaUeqDJnmu+8rPlGnePLa98KKZIyFrC9htq8aRrLCRYa/dCXt5SQvfO59EN67
CmkaD/p5mijb2i7I3/bl2YVeF5ZxF1qcRrwDMrPKwsZ/8eJWTL/+OTMCLTsqQutq
XT1Yx0T/lXpi8mkXUapyT6RJxiG9z6mrE42r9aHp5gRkWdbugBwKmbYGr4AdVlac
kWOgwLMHBEFKiMB1snY0PANpKNEOrZMkXwfTT9x7G4VYhx32+m6hwNWlMLClFxN9
UR3FZRIn1ve+IgowCpt55c7AvdbE45Cqstuvr7duj7TsFBFhw/0=
=kHCx
-END PGP SIGNATURE-

Bug#1055201: Microphone is Not Working at Aspire A315-24P NX.KDEEY.003

2023-11-01 Thread Hayrettin KÖROĞLU

Package: pulseaudio
Version: 16.1

My computers microphone is not working. Headphone is working but microphone
is not. What can I doing? My computers model is Acer Aspire A315-24P
NX.KDEEY.003
It is seems 'Family 17h/19h HD Audio Controller Analog Stereo'.
I need a solution to this urgently.
Thanks in advance.

Distributor ID: Pardus
Description: Pardus GNU/Linux 23 (yirmiuc)
Release: 23.0
Codename: yirmiuc

-- 
Hayrettin KÖROĞLU

Bug#932491: python3-apt: segfault reading from lzma stream

2023-11-01 Thread Cyril Brulebois

Control: severity -1 important

Hi,

David Bremner  (2019-07-19):
> The following script segfaults if python3-apt is installed, but
> completes if not. Replacing lzma.open with open (and replacing
> Sources.xz with Sources) also makes the segfault go away.  It seems to
> be the same with python3-apt 1.8.4. I didn't check the python2 version
> because lzma is (afaik) python3 only.
> 
> #!/usr/bin/python3
> from debian.deb822 import Sources
> import lzma
> 
> with lzma.open('Sources.xz', mode='rb') as f:
> for src in Sources.iter_paragraphs(f):
> package_name = src.get('Package')
> version = src.get('Version')

This isn't my first attempt at dealing with .xz files using python3-apt,
and I've never managed to get something to work without resorting to
temporary, uncompressed files…

Initial code was:

import gzip
with gzip.open('Packages.gz') as f:
tf = apt_pkg.TagFile(f)
for stanza in tf:
do_something_with(stanza)

which should be replaceable with the following given the documentation
of all relevant modules:

import lzma
with lzma.open('Packages.xz') as f:
tf = apt_pkg.TagFile(f)
for stanza in tf:
do_something_with(stanza)

Using lzma.LZMAFile(), toying with text vs. binary mode, encoding, bytes
flag, etc. didn't help…


Today I had a few more minutes to spend on this, so here's a little
debugging session. My main system is still bullseye, but the same tests
in a bookworm chroots fail the same way.

Depending on the input data, I'm seeing various expressions of the same
bug, some include a SIGSEGV, some don't.

Here's some sample data:

# Real files, SIGSEGV (archived suite == those files won't
# change over time, other indices would do just fine):
wget 
http://archive.debian.org/debian/dists/stretch/main/binary-amd64/Packages.gz
wget 
http://archive.debian.org/debian/dists/stretch/main/binary-amd64/Packages.xz

# Smaller stanzas, different errors
printf "Key1: Short1\nKey2: Short2\n\nKey3: SlightlyLonger1\nKey4: 
SlightlyLonger2\n\n" > Test
gzip -k -f Test
xz -k -f Test

Trying to understand why the lzma case was failing, I tried digging into
apt_pkg.TagFile's internal data, leading to the bug-932491-a.py test
case you'll find attached.

Running it against the Test{.gz,.xz} pair gives:

$ ./bug-932491-a.py Test
gz == xz: True
gz: section 1 size: 26
gz: section 1 keys: ['Key1', 'Key2']
gz: section 2 size: 44
gz: section 2 keys: ['Key3', 'Key4']
Traceback (most recent call last):
  File "/path/to/bug-932491-a.py", line 33, in 
tf_xz.step()
apt_pkg.Error: E:Unable to parse package file  (1)

Running it against the Packages{.gz,.xz} pair gives:

$ ./bug-932491-a.py Packages
gz == xz: True
gz: section 1 size: 1281
gz: section 1 keys: ['Package', 'Version', 'Installed-Size', 'Maintainer', 
'Architecture', 'Depends', 'Pre-Depends', 'Description', 'Homepage', 
'Description-md5', 'Tag', 'Section', 'Priority', 'Filename', 'Size', 'MD5sum', 
'SHA256']
gz: section 2 size: 585
gz: section 2 keys: ['Package', 'Version', 'Installed-Size', 'Maintainer', 
'Architecture', 'Pre-Depends', 'Suggests', 'Description', 'Homepage', 
'Description-md5', 'Tag', 'Section', 'Priority', 'Filename', 'Size', 'MD5sum', 
'SHA256']
xz: section 1 size: 163530
Segmentation fault

See how crazy the size of the first section is…

The stacktrace can be huge, and this should be easily reproducible so
I'm not attaching anything else, but here's where things explode:

Program received signal SIGSEGV, Segmentation fault.
TagSecKeys (Self=, 
Args=Args@entry=()) at python/tag.cc:284
284   Py_DECREF(Obj);
(gdb) l
279   const char *End = Start;
280   for (; End < Stop && *End != ':'; End++);
281 
282   PyObject *Obj;
283   PyList_Append(List,Obj = 
PyString_FromStringAndSize(Start,End-Start));
284   Py_DECREF(Obj);
285}
286return List;
287 }
288 
(gdb) p List
$1 = []
(gdb) p Obj
$2 = 0x0


I was mentioning different expressions… Let's see what happens with the
approach I was starting from, using a for loop on the TagFile object,
against the Packages{.gz,.xz} pair again. The bug-932491-b.py test case
implements a demo using gzip then lzma, printing a dot for each
iteration, showing that the lzma problem shows up on the very first
iteration:

$ ./bin/bug-932491-b.py Packages
gz packages: 50771
.Traceback (most recent call last):
  File "/path/to/bug-932491-b.py", line 27, in 
xz_packages.append(stanza['Package'])
   ~~^^^
KeyError: 'Package'

Since we're only getting xz files for some suites already, it would be
best if they would be manageable through python3-apt…


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member --

Bug#1055200: g++-multilib: bullseye & bookworm currently has amd64 support for this package, add support for aarch64 (64-bit ARM)

2023-11-01 Thread jahway-bug-reports

Subject: g++-multilib: bullseye & bookworm currently has amd64 support for this 
package, add support for aarch64 (64-bit ARM)
Package: g++-multilib
X-Debbugs-Cc: jahway-bug-repo...@proton.me
Severity: wishlist

Dear Maintainer,

   * What led up to the situation? Requiring the ability to compile particular
   * software requiring the g++-multilib library to have support for the
   * aarch64 architecture. This package currently does have amd64 support in
   * Bullsye & Bookworm, as seen here:
   * https://packages.debian.org/bookworm/g++-multilib
   * What exactly did you do (or not do) that was effective (or
 ineffective)? Tried to install g++-multilib on aarch64,
   * but support does not exist for that architecture.
   * What was the outcome of this action? Compilation of software on the
   * aarch64 architecture requiring this package failed.
   * What outcome did you expect instead? Compilation of software on the
   * aarch64 architecture to be successful as there would be support for the
   * aarch64 (64-bit ARM) architecture.

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 5.10.0-21-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1055199: gcc-multilib: bullseye & bookworm currently has amd64 support for this package, add support for aarch64 (64-bit ARM)

2023-11-01 Thread jahway-bug-reports

Subject: gcc-multilib: bullseye & bookworm currently has amd64 support for this 
package, add support for aarch64 (64-bit ARM)
Package: gcc-multilib
X-Debbugs-Cc: jahway-bug-repo...@proton.me
Severity: wishlist

Dear Maintainer,

   * What led up to the situation? Requiring the ability to compile particular
   * software requiring the gcc-multilib library to have support for the 
   * aarch64 architecture. This package currently does have amd64 support in
   * Bullsye & Bookworm, as seen here:
   * https://packages.debian.org/bookworm/gcc-multilib
   * What exactly did you do (or not do) that was effective (or
 ineffective)? Tried to install gcc-multilib on aarch64,
   * but support does not exist for that architecture.
   * What was the outcome of this action? Compilation of software on the
   * aarch64 architecture requiring this package failed.
   * What outcome did you expect instead? Compilation of software on the
   * aarch64 architecture to be successful as there would be support for the
   * aarch64 (64-bit ARM) architecture.

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 5.10.0-21-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1055039: redis-server: Crash every two hours (oom), seemingly due to systemd's ProcSubset=pid

2023-11-01 Thread Arnaud Rebillout


Ola Chris!

On 02/11/2023 02:00, Chris Lamb wrote:

I just had a good look and ProcSubset=pid does not exist in redis in
stable, so no backport or update needed. (That's good, because updating
stable is a not completely straightforward.)


What do you mean with 'stable'? ProcSubset=pid definitely exists in 
bookworm, and that's debian stable.


By 'exists' I mean the setting exists in systemd (was introduced in 
version 247), and it's set in the redis service file:


  $ apt policy redis
  redis:
    Installed: 5:7.0.11-1
    Candidate: 5:7.0.11-1
    Version table:
   *** 5:7.0.11-1 500
      500 http://deb.debian.org/debian bookworm/main amd64 Packages
          500 mirror+file:/etc/apt/mirrors/debian.list bookworm/main 
amd64 Packages

      100 /var/lib/dpkg/status

This version of redis is what's in stable:

  $ rmadison redis | grep -w stable
  redis  | 5:7.0.11-1 | stable    | source, all

Am I missing something?



Glad that we (well, you!) managed to solve this problem and thanks for
passing it on. :)


No worries, thanks for your quick feedback. BTW I opened minor MRs in 
Salsa, but CI fails (unrelated), not sure you receive any notification 
for those. Nothing pressing though.


Cheers,

Arnaud

Bug#923828: ruby-riddle: FTBFS randomly (failing tests)

2023-11-01 Thread Santiago Vila


Version: 2.3.1-2~deb10u1

I no longer have access to the Scaleway machines on which this
used to fail (randomly), so there is no point in keeping this open.
Closing with version in buster.

Thanks.

Bug#1055198: ITP: lzfse -- LZFSE Compression library

2023-11-01 Thread Tobias Heider

Package: wnpp
Severity: wishlist
Owner: Tobias Heider 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: lzfse
  Version : 1.0
  Upstream Authors:
  URL : https://github.com/lzfse/lzfse
* License : BSD-3-Clause
  Description : LZFSE Compression library

LZFSE is a Lempel-Ziv style data compression algorithm using Finite
State Entropy coding. It targets similar compression rates at higher
compression and decompression speed compared to deflate using zlib.

I plan to maintain this as part of the bananas team.

Bug#850201: tendermint-go-flowrate: FTBFS randomly (failing tests)

2023-11-01 Thread Santiago Vila


Version: 0.0~git20161104.0.a20c98e-1+bullseye

There is little point in keeping this open. I'm closing it
using a fake version number (as ftpmaster would do) to indicate
that it does no longer happen in bullseye (because in fact
the package does not even exist in bullseye).

Thanks.

Bug#1028722: prody: FTBFS: AssertionError: 3205 != 3211 : selection 'abs(x) == sqrt(sq(x))' for Selection 'all' failed, expected 3211, selected 3205

2023-11-01 Thread Santiago Vila


El 13/10/23 a las 8:04, Andrius Merkys escribió:

To summarize: The failing test is buggy because when it fails
it does not necessarily mean that the package was misbuilt,
and in my opinion the best thing to do would be to disable it,
both in stable and unstable.

Trivial patch in the second attach.


Many thanks for investigating this issue. I will apply your patch, but prody 
would still FTBFS in sid and trixie due to unrelated incompatibility with 
python3-biopython.


Note: I'd like to see this fixed in stable, but RMs require
(rightly so) that this is fixed in unstable first.

I would be willing to join debichem and do the work
myself if it helps, for this kind of stuff.

Thanks.

Bug#997431: khard: FTBFS: Could not import extension autoapi.extension (exception: No module named 'typing_extensions')

2023-11-01 Thread Santiago Vila


Version: 0.18.0-1

El 8/2/22 a las 9:50, s3v escribió:

Dear Maintainer,

astroid (versioned as 2.8.4-1) added runtime dependency to
python3-typing-extensions [1][2] and your package actually builds fine.
Unfortunately no intervention was performed in time and khard was
removed from testing although you didn't deserve this.


Thanks a lot for the information.

Since this package builds ok in bookworm, I'm closing this
bug using the version in bookworm (even if the package
was not really to blame for the failure).

Thanks.

Bug#967764: sylpheed: depends on deprecated GTK 2

2023-11-01 Thread Alexandre Detiste

Hi,

I had been using sylpheed before & clawsmail
more recently. I do think it's time to drop the ball:

i.e:
 1) RM src:sylpheed
 2) let src:claws-mail provide a "sylpheed" transitional package,
  3) maybe with a config migration script, but this step is not mandatory
  to get 1 & 2 done.

Conveniently the version number of claws-mail is higher than sylpheed's one,
so no need for extra debhelper wizardy.

(I did somethink like "3" for residualvm -> scummvm but MR was rejected...
it's better to discuss first)

Greetings

> From: Bastian Germann 
> Date: Wed, 25 Oct 2023 20:15:53 +0200
>
> With claws-mail, there is a sylpheed fork available in Debian that has the 
> porting to GTK 3 done.
> sylpheed upstream development seems to have stalled.
> Please consider to have a good migration story for users and get rid of 
> sylpheed for trixie.

> From: Ricardo Mones
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036799
>
> This fact joined with the increased slowness of upstream development
> during the past years makes me wonder if it's still worth to maintain
> Sylpheed within Debian.

Bug#1054453: yuzu: FTBFS: Could not find a configuration file for package "Catch2" that is compatible

2023-11-01 Thread Bastian Germann


I am uploading a NMU to fix this. The changes are in git.

Bug#1055078: autoproject: autopkgtest fails since texinfo 1.7

2023-11-01 Thread Hilmar Preuße


Control: severity -1 important
Control: tags -1 + patch
Control: retitle -1 autopkgtest fails since texinfo 7.1

On 10/30/23 23:53, Hilmar Preusse wrote:

Hi all,


No, I don't have a patch for this yet. I'll try to look into this, but can'
promise anything.


Patch is attached, tagging.

H.
--
Testmail

diff -Nru autoproject-0.20/debian/changelog autoproject-0.20/debian/changelog
--- autoproject-0.20/debian/changelog   2021-10-01 02:19:30.0 +0200
+++ autoproject-0.20/debian/changelog   2023-11-01 23:35:44.0 +0100
@@ -1,3 +1,9 @@
+autoproject (0.20-15) unstable; urgency=medium
+
+  * Don't use @setfilename in TeXInfo file, if file is included.
+
+ -- Hilmar Preusse   Wed, 01 Nov 2023 23:35:44 +0100
+
 autoproject (0.20-14) unstable; urgency=medium
 
   * QA upload.
diff -Nru 
autoproject-0.20/debian/patches/40_not_use_setfilename_when_include.patch 
autoproject-0.20/debian/patches/40_not_use_setfilename_when_include.patch
--- autoproject-0.20/debian/patches/40_not_use_setfilename_when_include.patch   
1970-01-01 01:00:00.0 +0100
+++ autoproject-0.20/debian/patches/40_not_use_setfilename_when_include.patch   
2023-11-01 22:41:59.0 +0100
@@ -0,0 +1,8 @@
+--- autoproject-0.20.orig/lib/all/all/all/gpl.texinfo
 autoproject-0.20/lib/all/all/all/gpl.texinfo
+@@ -1,4 +1,4 @@
+-@setfilename gpl.info
++@comment @setfilename gpl.info
+ 
+ @unnumbered GNU GENERAL PUBLIC LICENSE
+ @center Version 2, June 1991
diff -Nru autoproject-0.20/debian/patches/series 
autoproject-0.20/debian/patches/series
--- autoproject-0.20/debian/patches/series  2021-10-01 02:19:30.0 
+0200
+++ autoproject-0.20/debian/patches/series  2023-11-01 22:42:27.0 
+0100
@@ -1,3 +1,4 @@
 10_fix-manpage.patch
 20_modernize-AC_INIT.patch
 30_remove_@refill_command.patch
+40_not_use_setfilename_when_include.patch


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#525359: wish there was a libcoreutils

2023-11-01 Thread Alexandre Detiste

There is libmd0 as a tiny generic hashing library.

Greetings

Bug#1055197: cron: "crontab -l" background color output is still incorrect

2023-11-01 Thread Vincent Lefevre

Package: cron
Version: 3.0pl1-178
Severity: normal

"crontab -l" still incorrectly outputs a yellow background color where
it shouldn't: when scrolling is involved[*], the trailing whitespace
in a line that follows a comment (possibly the prompt line) has a
yellow background.

BTW, among the programs that colorize their output, crontab is the
only one that does not use the default background color.

[*] For instance, when the command is entered at the bottom line of
the terminal.

-- Package-specific info:
--- EDITOR:
not set

--- /usr/bin/editor:
/usr/bin/emacs-gtk

--- /usr/bin/crontab:
-rwxr-sr-x 1 root crontab 47840 2023-11-01 17:56:35 /usr/bin/crontab

--- /var/spool/cron:
drwxr-xr-x 5 root root 4096 2015-10-06 17:16:02 /var/spool/cron

--- /var/spool/cron/crontabs:
drwx-wx--T 2 root crontab 4096 2023-11-01 19:33:07 /var/spool/cron/crontabs

--- /etc/cron.d:
drwxr-xr-x 2 root root 4096 2023-11-01 22:22:15 /etc/cron.d

--- /etc/cron.daily:
drwxr-xr-x 2 root root 4096 2023-11-01 22:22:15 /etc/cron.daily

--- /etc/cron.hourly:
drwxr-xr-x 2 root root 4096 2023-11-01 22:22:15 /etc/cron.hourly

--- /etc/cron.monthly:
drwxr-xr-x 2 root root 4096 2023-11-01 22:22:15 /etc/cron.monthly

--- /etc/cron.weekly:
drwxr-xr-x 2 root root 4096 2023-11-01 22:22:15 /etc/cron.weekly


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-3-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cron depends on:
ii  cron-daemon-common   3.0pl1-178
ii  init-system-helpers  1.64
ii  libc62.37-12
ii  libpam-runtime   1.5.2-9.1
ii  libpam0g 1.5.2-9.1
ii  libselinux1  3.5-1
ii  sensible-utils   0.0.20

Versions of packages cron recommends:
ii  exim4-daemon-light [mail-transport-agent]  4.97~RC3-1

Versions of packages cron suggests:
ii  anacron2.3-39
pn  checksecurity  
ii  logrotate  3.21.0-1

Versions of packages cron is related to:
pn  libnss-ldap   
pn  libnss-ldapd  
pn  libpam-ldap   
pn  libpam-mount  
pn  nis   
pn  nscd  

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1055196: ITP: golang-github-apenella-go-common-utils -- Set of golang utilities

2023-11-01 Thread Ananthu C V

Package: wnpp
Severity: wishlist
Owner: Ananthu C V 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian...@lists.debian.org

* Package name: golang-github-apenella-go-common-utils
  Version : 0.5.1-1
  Upstream Author : Aleix Penella 
* URL : https://github.com/apenella/go-common-utils
* License : Expat
  Programming Lang: Go
  Description : Set of golang utilities

 Go-common-utils repository contains a set of helpers or common functions
 which could be used such a library from any Golang project.
 .
 Common utils are organized in:
 .
   data: Functions to manipulate data structures.
   errors: An error interface implementation that could have a
 context and a list of wrapped errors.
   logger: Manages log messages (no longer maintained)
   networking: Functions for networking purpose.
   os: Functions to interactuate with the system.
   transformer/string: Functions to manipulate messages
   types: Custom types definition.

This is a dependency for packaging go-ansble(#1055192).

Bug#1055167: Network interface lost IP when lease expired after switching from isc-dhcp-client

2023-11-01 Thread Geert Stappers

On Wed, Nov 01, 2023 at 02:44:13PM +0100, Larsen wrote:
>   ... but instead the package should take care of such a situation.

Please add logging of the install ( "apt" )  stop of isc-dhcp-client (
either journalctl or /var/log/ ) and start of udhcpc ( journalctl or log
)


Groeten
Geert Stappers
-- 
Silence is hard to parse

Bug#1055195: ITP: golang-github-sosedoff-ansible-vault-go -- Go package to interact with Ansible Vault files

2023-11-01 Thread Ananthu C V

Package: wnpp
Severity: wishlist
Owner: Ananthu C V 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian...@lists.debian.org

* Package name: golang-github-sosedoff-ansible-vault-go
  Version : 0.2.0-1
  Upstream Author : Dan Sosedoff 
* URL : https://github.com/sosedoff/ansible-vault-go
* License : Expat
  Programming Lang: Go
  Description : Go package to interact with Ansible Vault files

 Go package to read/write Ansible Vault secrets.

This is a dependency for packaging go-ansible(#1055192).

Bug#1055194: transition: openturns

2023-11-01 Thread Pierre Gruet

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: opentu...@packages.debian.org
Control: affects -1 + src:openturns

Dear Release Team,

I would like to request a transition slot for openturns. It has been accepted
to experimental after a SONAME bump as some symbols changed in a not
backward-compatible way. It builds correctly.

There is only one rdep, persalys, which FTBFS against the new openturns, but
the new upstream version of persalys builds correctly in experimental (upstream
is the same). I have filled an Important bug anyway, #1055050.

The auto-generated Ben file in the transition tracker looks good.

Thanks a lot,

-- 
Pierre

Bug#1055192: ITP: golang-github-apenella-go-ansible -- Go package for executing ansible from Golang applications

2023-11-01 Thread weepingclown


Control: forcemerge -1 1055191

Both bugs are the same, some issue caused them to created twice.

On 11/2/23 02:58, Ananthu C V wrote:

Package: wnpp
Severity: wishlist
Owner: Ananthu C V
X-Debbugs-Cc:debian-de...@lists.debian.org,debian...@lists.debian.org

* Package name: golang-github-apenella-go-ansible
   Version : 1.2.0-1
   Upstream Author : Aleix Penella
* URL :https://github.com/apenella/go-ansible
* License : Expat
   Programming Lang: Go
   Description : Go package for executing ansible from Golang applications

  Go-ansible is a Go package that enables the execution of ansible-playbooks
  and ansible commands directly from Golang applications. It supports a
  wide range of options for each command, enabling smooth integration of
  Ansible functionality into projects.

Debian currently does not seem to have any Ansible libaries for Golang.
It would be extremely helpful to have this one in debian.


--

PGP: BC55 8A19 E57C 716D D12F 2FA2 EEED 479E 6CEC F707

Bug#1055193: libarchive-zip-perl: Document (or remove) the checksum-part-of-filename behavior

2023-11-01 Thread Sam Geeraerts

Package: libarchive-zip-perl
Version: 1.68-1
Severity: normal

Dear maintainer,

The crc32 utility computes a checksum of the given files, e.g.:

$ filename=blah ; filepath=/tmp/"${filename}" ; echo foo > "${filepath}" ; 
crc32 "${filepath}"
7e3265a8

However, when part of the filename looks like a checksum, crc32 assumes that it 
should validate against that checksum and has different output. E.g. this 
happens when the path contains a UUID:

$ filename=$(uuidgen) ; filepath=/tmp/"${filename}" ; echo foo > "${filepath}" 
; crc32 "${filepath}"
7e3265a8BAD 7e3265a8 != b2c8fb74

This behavior is not documented in the man page. If this functionality is 
desirable and intended, then it should be documented.

On the other hand, one could argue that the program's behavior should not 
depend on the format of a file's path. In other words, it's an unwanted side 
effect. Then the functionality should be removed. Or if there is a valid use 
case for it, then it should be an option (that is disabled by default) and be 
documented as such.

I ran into this when I wanted to verify some files on a partition that was 
mounted by UUID.

Workaround: pipe crc32 to cut, e.g. sum=$(crc32 /path/to/file | cut -f 1)

Related upstream bug report: 
https://github.com/redhotpenguin/perl-Archive-Zip/issues/97

-- System Information:
Debian Release: 11.8
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldoldstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-26-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libarchive-zip-perl depends on:
ii  perl  5.32.1-4+deb11u2

libarchive-zip-perl recommends no packages.

libarchive-zip-perl suggests no packages.

-- no debconf information

Bug#1055192: ITP: golang-github-apenella-go-ansible -- Go package for executing ansible from Golang applications

2023-11-01 Thread Ananthu C V

Package: wnpp
Severity: wishlist
Owner: Ananthu C V 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian...@lists.debian.org

* Package name: golang-github-apenella-go-ansible
  Version : 1.2.0-1
  Upstream Author : Aleix Penella 
* URL : https://github.com/apenella/go-ansible
* License : Expat
  Programming Lang: Go
  Description : Go package for executing ansible from Golang applications

 Go-ansible is a Go package that enables the execution of ansible-playbooks
 and ansible commands directly from Golang applications. It supports a
 wide range of options for each command, enabling smooth integration of
 Ansible functionality into projects.

Debian currently does not seem to have any Ansible libaries for Golang.
It would be extremely helpful to have this one in debian.

Bug#1055191: ITP: golang-github-apenella-go-ansible -- Go package for executing ansible from Golang applications

2023-11-01 Thread Ananthu C V

Package: wnpp
Severity: wishlist
Owner: Ananthu C V 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian...@lists.debian.org

* Package name: golang-github-apenella-go-ansible
  Version : 1.2.0-1
  Upstream Author : Aleix Penella 
* URL : https://github.com/apenella/go-ansible
* License : Expat
  Programming Lang: Go
  Description : Go package for executing ansible from Golang applications

 Go-ansible is a Go package that enables the execution of ansible-playbooks
 and ansible commands directly from Golang applications. It supports a
 wide range of options for each command, enabling smooth integration of
 Ansible functionality into projects.

Debian currently does not seem to have any Ansible libaries for Golang.
It would be extremely helpful to have this one in debian.

Bug#1055161: linux-image-6.1.55-1-amd64: Dell R650xs hangs on reboot if ipxe.efi initialized network (tg3 driver bug)

2023-11-01 Thread Salvatore Bonaccorso

Hi,

On Wed, Nov 01, 2023 at 02:16:14PM +0200, George Shuklin wrote:
> Package: linux-image-6.1.55-1-amd64
> Version: 6.1.38-4
> Severity: normal
> Tags: patch upstream
> X-Debbugs-Cc: george.shuk...@gmail.com
> 
> When Dell R660xs server is booting using ipxe.efi (in UEFI mode), reboots are
> hanging because of tg3 driver.
> 
> Steps to reproduce:
> 
> 1. Switch server to EFI mode
> 2. Enable PXE on any interfaces
> 3. Enable PXE  as first in boot order
> 4. Configure external dhcp/tftp server with ipxe.efi (of any version)
> 5. Boot. ipxe.efi will try to get loading parameters and exit, a normal linux
> is loaded
> 6. Assure tg3 driver is loaded (rmmod tg3; modprobe tg3)
> 7. Reboot
> 
> Expected behaivor: reboot
> 
> Actual behavior: system hanging after message `ACPI: PM: Preparing to enter
> system sleep state S5`.
> 
> I belive this problem was present present for long time, but in 6.0 there was
> introduced commit 2ca1c94ce0b  which changed the tg3_shutdown function.
> 
> -   if (system_state == SYSTEM_POWER_OFF)
> -   tg3_power_down(tp);
> +   tg3_power_down(tp);
> 
> Because of that tg3_power_down now is called even when SYSTEM_RESTART. (I
> confirmed that it causes hangs on older kernels during power off, but it's 
> less
> of the problem, because for servers it's expected to get server working back
> after reboot, not so much for poweroff).
> 
> (ipxe.efi is important to reproduce this bug). Any network card can be used,
> just a presence of tg3 driver and embedded Broadcom Inc. and subsidiaries
> BCM57416 NetXtreme-E Dual-Media 10G RDMA Ethernet Controller is enough to
> trigger it.
> 
> Restoring back this behavior is solving reboot problem. I've reported it to 
> the
> Dell community forum:
> https://www.dell.com/community/en/users/647c085ec3b1ef2541ca0c64, but it's
> unknown if they fix EFI network driver or not.
> 
> Patch to fix hanging is attached.

The issue is still present as well in Linux mainline?

Can you please report the regression to upstream (including the
regressions list) and from the get_maintainers.pl output:

Siva Reddy Kallam  (supporter:BROADCOM TG3 GIGABIT 
ETHERNET DRIVER)
Prashant Sreedharan  (supporter:BROADCOM TG3 GIGABIT 
ETHERNET DRIVER)
Michael Chan  (supporter:BROADCOM TG3 GIGABIT ETHERNET 
DRIVER)
"David S. Miller"  (maintainer:NETWORKING DRIVERS)
Eric Dumazet  (maintainer:NETWORKING DRIVERS)
Jakub Kicinski  (maintainer:NETWORKING DRIVERS)
Paolo Abeni  (maintainer:NETWORKING DRIVERS)
net...@vger.kernel.org (open list:BROADCOM TG3 GIGABIT ETHERNET DRIVER)
linux-ker...@vger.kernel.org (open list)

Additionally the people who are from 2ca1c94ce0b6 ("tg3: Disable tg3
device on system reboot to avoid triggering AER"), at least Kai-Heng
Feng .

Regards,
Salvatore

Bug#1055189: ucspi-unix: Please reconsider diet support

2023-11-01 Thread Bastian Germann


Source: ucspi-unix
Version: 1.0-2
Severity: wishlist

I cannot find a good reason to have the package build-depend on dietlibc-dev.
Please consider dropping the support for it.

Bug#1055188: please disable video autoplay by default

2023-11-01 Thread Andres Salomon


Package: firefox-esr
Version: 115.4.0esr-1~deb12u1
Severity: wishlist

Last night my laptop crashed (hung hard) multiple times. I noticed that 
it was running really hot, and that several tabs I had open on a site 
(tabs.ultimate-guitar.com) were autoplaying videos in the background. I 
went into Settings, set autoplay "Default for all websites" to "Block 
Audio and Video", and my laptop has been running noticeably cooler ever 
since.


Now obviously my laptops fans & cpu scaling should be able to handle 
playing multiple videos, so I haven't solved the root of the problem, 
but also autoplaying videos is vile. It would be great if firefox in 
debian could change this setting to disable autoplaying of videos by 
default.

Bug#1055187: gdbm: Please reconsider no-lfs build

2023-11-01 Thread Bastian Germann


Source: gdbm
Version: 1.18.1-4
Severity: wishlist

The "no large file support" build was introduced to "facilate transition of databases, created on 
Stretch and before". Please consider only building with LFS.

Bug#1055186: gdbm: Please reconsider diet support

2023-11-01 Thread Bastian Germann


Source: gdbm
Version: 1.12-4
Severity: wishlist

I cannot find a good reason to have the gdbm package build-depend on 
dietlibc-dev.
Please consider dropping the support for it.

Bug#1055185: vim-editorconfig: package still needed?

2023-11-01 Thread Reiner Herrmann

Source: vim-editorconfig
Version: 0.3.3+dfsg-2.1

Dear maintainer,

I noticed that the editorconfig vim plugin is meanwhile included by the
upstream vim project and therefore already available when vim is installed:

$ dpkg -L vim-runtime | grep editorconfig
/usr/share/vim/vim90/pack/dist/opt/editorconfig
...

Currently it is even available in version 1.1.1, while src:vim-editorconfig
ships the outdated version 0.3.3 of the plugin.
I think this package no longer provides any benefit. Maybe it should be RM'd?

Thanks for considering and maintaining it so far!

Kind regards,
  Reiner


signature.asc
Description: PGP signature

Bug#1055184: python3-kerberos: Please update to at least version 1.2.4

2023-11-01 Thread Carsten Leonhardt

Package: python3-kerberos
Version: 1.1.14-3.1+b7
Severity: wishlist
X-Debbugs-Cc: l...@debian.org

Dear maintainer,

starting with at least version 1.2.1 pykerberos gained the ability to
do message encryption. This is very useful when trying to setup
ansible to control windows hosts. See
e.g. https://github.com/diyan/pywinrm/issues/300

I have locally packaged version 1.2.4 that I'm using without problems
so far.

You may want to have a look at https://pypi.org/project/kerberos/ too.

Regards

Carsten

Bug#1055183: connman: new upstream version available

2023-11-01 Thread Bastian Germann


Source: connman
Version: 1.41-3
Severity: wishlist

There is a new upstream version available, which is 1.42 currently.
Please import it.

Bug#1000401: golang-github-go-git-go-git: please make the build reproducible

2023-11-01 Thread Santiago Vila


El 1/11/23 a las 16:37, Chris Lamb escribió:

Chris Lamb wrote:


However, if you don't see these files when you "dpkg -c" the .deb
files, that suggests something strange is going on...


I am seeing them, at least:

$ dget --quiet golang-github-go-git-go-git-dev

$ dpkg -c golang-github-go-git-go-git-dev_5.4.2-3_all.deb | grep tmp | tail -n10
-rw-r--r-- root/root  1919 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/51/7a2143aae436b802cac429249a4df4b4b39cec


Oops! You are right, I didn't notice.

Ok, I guess the next step would be to package the new version available
and see if that still happens. I'll leave that for other members of the
team, since I joined recently and mainly to work on FTBFS bugs
and stuff like that.

Thanks.

Bug#980768: gnupg2: reduce Build-Depends

2023-11-01 Thread Samuel Thibault

Hello,

Helmut Grohne, le jeu. 21 janv. 2021 20:17:21 +0100, a ecrit:
>  * ghostscript was used to create doc/gnupg-card-architecture.pdf, but
>this step is not performed during build.
>  * imagemagick's convert and transfig's fig2dev are mentioned in
>doc/Makefile.am, but since the relevant artifacts are included in the
>source distribution, they're not run during build.

Ideally they would be rebuilt, so the dependency would make sense.

But it would be indeed useful to at least take them out of a bootstrap
profile (as well as transfig), so that people bootstrapping ports know
that they can use this to build gnupg2 easily (in order to be able to
install apt and properly build packages at all), as the attached patch
does.

>  * librsvg2-bin's rsvg-convert is never mentioned anywhere.

This one was already dropped.

Samuel
--- debian/control.original 2023-11-01 18:32:41.0 +
+++ debian/control  2023-11-01 18:37:27.0 +
@@ -12,9 +12,9 @@
  debhelper-compat (= 13),
  file,
  gettext,
- ghostscript,
+ ghostscript ,
  gpgrt-tools,
- imagemagick,
+ imagemagick ,
  libassuan-dev (>= 2.5.0),
  libbz2-dev,
  libcurl4-gnutls-dev,
@@ -30,7 +30,7 @@
  openssh-client ,
  pkg-config,
  texinfo,
- transfig,
+ transfig ,
  zlib1g-dev | libz-dev,
 Build-Depends-Indep:
  binutils-multiarch [!amd64 !i386],

Bug#1055182: apt-listchanges: [INTL:nl] Dutch translation for the apt-listchanges package's documentation

2023-11-01 Thread Frans Spiesschaert

 
 
Package: apt-listchanges 
Severity: wishlist 
Tags: l10n patch 
 
 
 
 
Dear Maintainer, 
 
 
Please find attached the updated Dutch po file for the apt-listchanges
package's documentation.
A draft has been posted to the debian-l10n-dutch mailing list allowing for 
review. 
Please add it to your next package revision. 
It should be put as "doc/po/nl.po" in your package build tree. 

-- 
Met vriendelijke groet,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#1055181: flask-appbuilder: CVE-2023-29005

2023-11-01 Thread Moritz Mühlenhoff

Source: flask-appbuilder
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for flask-appbuilder.

CVE-2023-29005[0]:
| Flask-AppBuilder versions before 4.3.0 lack rate limiting which can
| allow an attacker to brute-force user credentials. Version 4.3.0
| includes the ability to enable rate limiting using
| `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting
| an `AUTH_RATE_LIMIT`.

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-29005
https://www.cve.org/CVERecord?id=CVE-2023-29005

Please adjust the affected versions in the BTS as needed.

Bug#1055180: apt-listchanges: [INTL:nl] Dutch translation for the apt-listchanges package

2023-11-01 Thread Frans Spiesschaert

 
 
Package: apt-listchanges 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the updated Dutch po file for the apt-listchanges
package. 
A draft has been posted to the debian-l10n-dutch mailing list allowing for
review. 
Please add it to your next package revision. 
It should be put as "po/nl.po" in your package build tree. 
 

-- 
Met vriendelijke groet,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#1055179: salt: CVE-2023-34049

2023-11-01 Thread Moritz Mühlenhoff

Source: salt
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for salt.

CVE-2023-34049[0]:
https://saltproject.io/security-announcements/2023-10-27-advisory/index.html

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34049
https://www.cve.org/CVERecord?id=CVE-2023-34049

Please adjust the affected versions in the BTS as needed.

Bug#1051543: grub2: Fails to load normal.mod from a XFS v5 parition.

2023-11-01 Thread Paul Gevers


Hi all,

Reading the thread starting at [1] it seems that upstream there's 
convergence on the patch? Can we move this bug forward in Debian too?


Paul

[1] https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00150.html


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1055178: apt: [INTL:nl] Dutch translation for the apt package

2023-11-01 Thread Frans Spiesschaert

 
 
Package: apt 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the updated Dutch po file for the apt package. 
A draft has been posted to the debian-l10n-dutch mailing list allowing for
review. 
Please add it to your next package revision. 
It should be put as "po/nl.po" in your package build tree. 
 

-- 
Met vriendelijke groet,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#1055177: gradle: CVE-2023-44387

2023-11-01 Thread Moritz Mühlenhoff

Source: gradle
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for gradle.

CVE-2023-44387[0]:
| Gradle is a build tool with a focus on build automation and support
| for multi-language development. When copying or archiving symlinked
| files, Gradle resolves them but applies the permissions of the
| symlink itself instead of the permissions of the linked file to the
| resulting file. This leads to files having too much permissions
| given that symlinks usually are world readable and writeable. While
| it is unlikely this results in a direct vulnerability for the
| impacted build, it may open up attack vectors depending on where
| build artifacts end up being copied to or un-archived. In versions
| 7.6.3, 8.4 and above, Gradle will now properly use the permissions
| of the file pointed at by the symlink to set permissions of the
| copied or archived file.

https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9
https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-44387
https://www.cve.org/CVERecord?id=CVE-2023-44387

Please adjust the affected versions in the BTS as needed.

Bug#1055176: gradle: CVE-2023-42445

2023-11-01 Thread Moritz Mühlenhoff

Source: gradle
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for gradle.

CVE-2023-42445[0]:
| Gradle is a build tool with a focus on build automation and support
| for multi-language development. In some cases, when Gradle parses
| XML files, resolving XML external entities is not disabled. Combined
| with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead
| to exfiltration of local text files to a remote server. Gradle
| parses XML files for several purposes. Most of the time, Gradle
| parses XML files it generated or were already present locally. Only
| Ivy XML descriptors and Maven POM files can be fetched from remote
| repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4,
| resolving XML external entities has been disabled for all use cases
| to protect against this vulnerability. Gradle will now refuse to
| parse XML files that have XML external entities.

https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-42445
https://www.cve.org/CVERecord?id=CVE-2023-42445

Please adjust the affected versions in the BTS as needed.

Bug#1055175: zabbix: CVE-2023-29449 CVE-2023-29450 CVE-2023-29451 CVE-2023-29452 CVE-2023-29453 CVE-2023-29454 CVE-2023-29455 CVE-2023-29456 CVE-2023-29457 CVE-2023-29458

2023-11-01 Thread Moritz Mühlenhoff

Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for zabbix.

CVE-2023-29449[0]:
| JavaScript preprocessing, webhooks and global scripts can cause
| uncontrolled CPU, memory, and disk I/O utilization.
| Preprocessing/webhook/global script configuration and testing are
| only available to Administrative roles (Admin and Superadmin).
| Administrative privileges should be typically granted to users who
| need to perform tasks that require more control over the system. The
| security risk is limited because not all users have this level of
| access.

https://support.zabbix.com/browse/ZBX-22589
Upstream patch for 5.0.32: https://github.com/zabbix/zabbix/commit/e90b8a3c62
applied in upstream release/5.0 branch: 
https://github.com/zabbix/zabbix/commit/c21cf2fa656b75733e3abc09d8f20690735b3f22
vulnerable module introduced in 
https://github.com/zabbix/zabbix/commit/18d2abfc40 (5.0.0alpha1)

CVE-2023-29450[1]:
| JavaScript pre-processing can be used by the attacker to gain access
| to the file system (read-only access on behalf of user "zabbix") on
| the Zabbix Server or Zabbix Proxy, potentially leading to
| unauthorized access to sensitive data.

https://support.zabbix.com/browse/ZBX-22588
Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4
Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb

CVE-2023-29451[2]:
| Specially crafted string can cause a buffer overrun in the JSON
| parser library leading to a crash of the Zabbix Server or a Zabbix
| Proxy.

https://support.zabbix.com/browse/ZBX-22587

CVE-2023-29452[3]:
| Currently, geomap configuration (Administration -> General ->
| Geographical maps) allows using HTML in the field “Attribution text”
| when selected “Other” Tile provider.

https://support.zabbix.com/browse/ZBX-22981
Patches links: https://support.zabbix.com/browse/ZBX-22720
vulnerable geopmap widget introduced in version with 
https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2
 (6.0.0alpha6)

CVE-2023-29453[4]:
| Templates do not properly consider backticks (`) as Javascript
| string delimiters, and do not escape them as expected. Backticks are
| used, since ES6, for JS template literals. If a template contains a
| Go template action within a Javascript template literal, the
| contents of the action can be used to terminate the literal,
| injecting arbitrary Javascript code into the Go template. As ES6
| template literals are rather complex, and themselves can do string
| interpolation, the decision was made to simply disallow Go template
| actions from being used inside of them (e.g., "var a = {{.}}"),
| since there is no obviously safe way to allow this behavior. This
| takes the same approach as github.com/google/safehtml. With fix,
| Template. Parse returns an Error when it encounters templates like
| this, with an ErrorCode of value 12. This ErrorCode is currently
| unexported but will be exported in the release of Go 1.21. Users who
| rely on the previous behavior can re-enable it using the GODEBUG
| flag jstmpllitinterp=1, with the caveat that backticks will now be
| escaped. This should be used with caution.

https://support.zabbix.com/browse/ZBX-23388

CVE-2023-29454[5]:
| Stored or persistent cross-site scripting (XSS) is a type of XSS
| where the attacker first sends the payload to the web application,
| then the application saves the payload (e.g., in a database or
| server-side text files), and finally, the application
| unintentionally executes the payload for every victim visiting its
| web pages.

https://support.zabbix.com/browse/ZBX-22985

CVE-2023-29455[6]:
| Reflected XSS attacks, also known as non-persistent attacks, occur
| when a malicious script is reflected off a web application to the
| victim's browser. The script is activated through a link, which
| sends a request to a website with a vulnerability that enables
| execution of malicious scripts.

https://support.zabbix.com/browse/ZBX-22986

CVE-2023-29456[7]:
| URL validation scheme receives input from a user and then parses it
| to identify its various components. The validation scheme can ensure
| that all URL components comply with internet standards.

https://support.zabbix.com/browse/ZBX-22987

CVE-2023-29457[8]:
| Reflected XSS attacks, occur when a malicious script is reflected
| off a web application to the victim's browser. The script can be
| activated through Action form fields, which can be sent as request
| to a website with a vulnerability that enables execution of
| malicious scripts.

https://support.zabbix.com/browse/ZBX-22988

CVE-2023-29458[9]:
| Duktape is an 3rd-party embeddable JavaScript engine, with a focus
| on portability and compact footprint. When adding too many values in
| valstack JavaScript will crash. This issue occurs due to bug in
| Duktape 2.6 which is an 3rd-party solution that we use.

This appears to be bug in Zabbix's use of

Bug#1055174: qemu: CVE-2023-1386

2023-11-01 Thread Moritz Mühlenhoff

Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for qemu.

CVE-2023-1386[0]:
| A flaw was found in the 9p passthrough filesystem (9pfs)
| implementation in QEMU. When a local user in the guest writes an
| executable file with SUID or SGID, none of these privileged bits are
| correctly dropped. As a result, in rare circumstances, this flaw
| could be used by malicious users in the guest to elevate their
| privileges within the guest and help a host local user to elevate
| privileges on the host.

https://github.com/v9fs/linux/issues/29

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-1386
https://www.cve.org/CVERecord?id=CVE-2023-1386

Please adjust the affected versions in the BTS as needed.

Bug#1055173: src:lwip: fails to migrate to testing for too long: FTBFS on s390x

2023-11-01 Thread Paul Gevers


Source: lwip
Version: 2.1.3+dfsg1-2
Severity: serious
Control: close -1 2.1.3+dfsg1-3
Tags: sid trixie ftbfs
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 30 days as having a Release Critical bug in 
testing [1]. Your package src:lwip has been trying to migrate for 31 
days [2]. Hence, I am filing this bug. The version in unstable failed to 
build on s390x.


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and trixie, so 
it doesn't affect (old-)stable.


If you believe your package is unable to migrate to testing due to 
issues beyond your control, don't hesitate to contact the Release Team.


Paul

[1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html
[2] https://qa.debian.org/excuses.php?package=lwip



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1055039: redis-server: Crash every two hours (oom), seemingly due to systemd's ProcSubset=pid

2023-11-01 Thread Chris Lamb

Hey Arnaud,

> I would say yes, upload to stable as well.

I just had a good look and ProcSubset=pid does not exist in redis in
stable, so no backport or update needed. (That's good, because updating
stable is a not completely straightforward.)

> Moreover, I see that ProcSusbset=pid caused some trouble already, that 
> you fixed in 80470e3dc0ae56db9c9512c38a175783bcfc ;)

Ah, I had forgotten about that... And, yes, based on your other remarks
it seems like this hardening flag is a little troublesome, so I'm more
confident about dropping it.

Glad that we (well, you!) managed to solve this problem and thanks for
passing it on. :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1054713: libsquashfuse-dev: needed headers (e.g. config.h) are not shipped

2023-11-01 Thread Peter Wienemann


Control: affects -1 + src:charliecloud
thanks

Hi,

this bug also affects charliecloud:

-
configure:6729: checking for squashfuse/ll.h
configure:6729: gcc -c -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection -std=c99 -Wall -I/usr/include 
-L/usr/lib -Wno-unused-command-line-argument -Werror -Wdate-time 
-D_FORTIFY_SOURCE=2 conftest.c >&5

In file included from /usr/include/squashfuse/dir.h:28,
 from /usr/include/squashfuse/squashfuse.h:28,
 from /usr/include/squashfuse/ll.h:28,
 from conftest.c:17:
/usr/include/squashfuse/common.h:28:10: fatal error: config.h: No such 
file or directory

   28 | #include "config.h"
  |  ^~
compilation terminated.
-

Charliecloud users notice this as:

-
$ ch-run myimage.sqfs -- /bin/bash
ch-run[7126]: error: this ch-run does not support internal SquashFS 
mounts (ch-run.c:202)

-

Best regards,

Peter

Bug#1052650: overflows stack on ruff

2023-11-01 Thread Matthias Geiger

On Mon, 25 Sep 2023 17:23:29 +0100 Jelmer =?utf-8?Q?Vernoo=C4=B3?= 
 wrote:

> Package: cargo-debstatus
> Version: 0.5.0-3
> Severity: normal
>
> Hello,
>
> "cargo debstatus" runs out of stack space on ruff:
>
> $ git clone https://github.com/astral-sh/ruff
> $ cd ruff
> $ cargo debstatus -p ruff_cli --no-indent
> ...
> thread 'main' has overflowed its stack
> fatal runtime error: stack overflow
>
> ruff's dependency stack is pretty crazy FWIW, so that may be related.
>
> -- System Information:
> Debian Release: trixie/sid
> APT prefers buildd-unstable
> APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 
'testing'), (1, 'buildd-experimental'), (1, 'experimental')

> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 6.5.0-1-amd64 (SMP w/32 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en

> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages cargo-debstatus depends on:
> ii libc6 2.37-10
> ii libgcc-s1 13.2.0-4
>
> cargo-debstatus recommends no packages.
>
> cargo-debstatus suggests no packages.
>
> -- no debconf information
>
>

Hi Jelmer,


yeah, cargo debstatus atm doesn't deal too well with huge dependency 
trees. fwiw


cloning the repos of subdependencies and running it there helps 
splitting the dependency tree and making the output more readable.



best,


werdahias

Bug#1055080: obfuscate: Missing manpage

2023-11-01 Thread Matthias Geiger

On Tue, 31 Oct 2023 01:35:05 +0100 gregor herrmann  
wrote:

Package: obfuscate  > Version: 0.0.9-2 > Severity: minor >
I saw the ITP bug for obfuscate, and installed it after it entered
the archive.

The next step, as usual, was to type `man obfuscate', but alas:

% man obfusctate
No manual entry for obfusctate

(Also to --help output is not very helpful …)


Cheers,
gregor


Hi Gregor,

like Jeremy pointed out it does not have a man- or helppage. Most GNOME 
apps unfortunately do not provide one. Feel free to contribute a help 
page, I'll gladly upload a revision containing it.


best,

werdahias

Bug#1052347: src:canu: fails to migrate to testing for too long: unresolved RC issue

2023-11-01 Thread Paul Gevers


Hi Andreas,

On 01-11-2023 07:34, Andreas Tille wrote:

   ... is it possible that the CI is restricting memory so when it tries
   to allocate some it fails?


Because of lack of automatic reporting, I created this wiki some time ago:
https://wiki.debian.org/ContinuousIntegration/WorkerSpecs

The memory for the arm64 workers isn't huge (8GB), but all i386 and some 
of the amd64 workers have the same.


Paul


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1023601: libgpgme-dev: removal of gpgme-config breaks the build of software relying on it

2023-11-01 Thread Vincent Lefevre

Hi Andreas,

On 2023-11-01 18:39:24 +0100, Andreas Metzler wrote:
> I am closing this since afaict this is a solved issue and I do not see
> any TODOs on the gpgme side.
> https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gpgme-config-transition;users=pkg-gnupg-ma...@lists.alioth.debian.org
> has shrunk to 4 open bugs, three of them with patches (undead packages?)
> and I am going to close the fourth one myself since it seems to have
> been fixed upstream and has been fixed in Debian by a uploading this
> version.

Yes, this was at least fixed in Mutt. I'm not aware of any new issue
in other software, and as there were no new comments since last year,
I assume that this has been fixed everywhere (or no-one cares).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1055172: python3 should recommend netbase

2023-11-01 Thread Bastien Roucariès

Package: python3
Version: 3.11.4-5+b1
Severity: important
Tags: newcomer

Dear Maintainer,

I order to avoid some strange error in autopkgtest of python related package,
could be possible to recommend netbase ? It is needed for acessing
/etc/services and well known port/host

Bastien


-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel

Kernel: Linux 6.5.0-2-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3 depends on:
ii  libpython3-stdlib  3.11.4-5+b1
ii  python3-minimal3.11.4-5+b1
ii  python3.11 3.11.6-3

python3 recommends no packages.

Versions of packages python3 suggests:
ii  python3-doc   3.11.4-5
ii  python3-tk3.11.5-1
ii  python3-venv  3.11.4-5+b1

-- no debconf information

Bug#1037446: RFP: golang-github-seancfoley-ipaddress-go -- Go library for handling IP addresses and subnets, both IPv4 and IPv6

2023-11-01 Thread Nilesh Patra

Control: retitle -1 ITP: golang-github-seancfoley-ipaddress-go -- Go library 
for handling IP addresses and subnets, both IPv4 and IPv6
Control: owner -1 mirth.hickf...@gmail.com

>   IP address and network manipulation, CIDR, operations, iterations,
>   containment checks, longest prefix match, subnetting, and data
>   structures, with polymorphic code
> 
> This needed to package new upstream version of kitty.

You need to convert RFP into ITP whenever you want to package something
that is an RFP. Please keep that in mind for future.


signature.asc
Description: PGP signature

Bug#1054142: cron-daemon-common: Cron now depends on systemd.

2023-11-01 Thread Georges Khaznadar

Control: tags 1054142 + moreinfo

Dear Jerry, please can you elaborate a little more about bug #1054142?

So far the only useful information is the title of the bug report.

Please can you check whether the file /etc/init.d/cron does exist in your
computer? It should contain the line 
8<---
# Default-Start: 2 3 4 5
8<---

So, if your system is ruled by SYSV Init, I suppose that the file
/etc/init.d/cron is symlinked to the directories /etc/rc2.d, /etc/rc3.d,
/etc/rc3.d and /etc/rc5.d; do you find those symlinks?

Thank you for that additional information about your system.

Best regards,   Georges.


Jerry Kaisler a écrit :
> Package: cron-daemon-common
> Severity: important
> X-Debbugs-Cc: bugrep...@ntlhelp.net
> 
> Dear Maintainer,
> 
> *** Reporter, please consider answering these questions, where appropriate ***
> 
>* What led up to the situation? cron should NOT depend on systemd.
>* What exactly did you do (or not do) that was effective (or
>  ineffective)? tried to install a base system without systemd.
>* What was the outcome of this action? It failed because systemd was not
> installed.
>* What outcome did you expect instead? the ability to install cron after
> stripping out the hot steaming pile that is systemd.
> 
> *** End of the template - remove these template lines ***
> 
> 
> -- System Information:
> Debian Release: bookworm/sid
>   APT prefers jammy-updates
>   APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 
> 'jammy'), (100, 'jammy-backports')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 6.5.4-76060504-generic (SMP w/20 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
> TAINT_UNSIGNED_MODULE
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not 
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 

-- 
Georges KHAZNADAR et Jocelyne FOURNIER
22 rue des mouettes, 59240 Dunkerque France.
Téléphone +33 (0)3 28 29 17 70



signature.asc
Description: PGP signature

Bug#1054565: RFP: golang-github-zeebo-xxh3 -- XXH3 algorithm in Go

2023-11-01 Thread Ricardo B. Marliere

On 23/11/01 10:46PM, Nilesh Patra wrote:
> You need to convert RFP into ITP whenever you want to package something
> that is an RFP. Please keep that in mind for future.

I thought inserting a new ITP would be unnecessary duplication. Would
that make the system automatically convert the RFP into ITP? I had this
doubt because they would come from different users.

In any case, noted. Thank you and sorry for the rework!
-   Ricardo

Bug#1054565: RFP: golang-github-zeebo-xxh3 -- XXH3 algorithm in Go

2023-11-01 Thread Nilesh Patra

Control: retitle -1 ITP: golang-github-zeebo-xxh3 -- XXH3 algorithm in Go
Control: owner -1 rica...@marliere.net

On Mon, 30 Oct 2023 18:28:54 -0300 "Ricardo B. Marliere"  
wrote:
> On 23/10/25 09:19PM, James McCoy wrote:
> > Package: wnpp
> > Severity: wishlist
> > Control: block 1037440 by -1
> > 
> > * Package name: golang-github-zeebo-xxh3
> >   Version : 1.0.2-1
> >   Upstream Author : Jeff Wendling
> > * URL : https://github.com/zeebo/xxh3
> > * License : BSD-2-clause
> >   Programming Lang: Go
> >   Description : XXH3 algorithm in Go
> > 
> >  XXH3
> >  .
> >  GoDoc (https://godoc.org/github.com/zeebo/xxh3) Sourcegraph
> >  (https://sourcegraph.com/github.com/zeebo/xxh3?badge) Go Report Card
> >  (https://goreportcard.com/report/github.com/zeebo/xxh3)
> >  .
> >  This package is a port of the xxh3 (https://github.com/Cyan4973/xxHash)
> >  library to Go.
> >  .
> >  Upstream has fixed the output as of v0.8.0, and this package matches
> >  that.
> > 
> > This is needed to package a new upstream version of kitty.
> > 
> > Cheers,
> > -- 
> > James
> > GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7  2D23 DFE6 91AE 331B A3DB
> > 
> 
> Hello James,
> 
> please consider reviewing for uploading the following:
> 
> https://salsa.debian.org/go-team/packages/golang-github-zeebo-assert
> https://salsa.debian.org/go-team/packages/golang-github-zeebo-xxh3

You need to convert RFP into ITP whenever you want to package something
that is an RFP. Please keep that in mind for future.


signature.asc
Description: PGP signature

Bug#470185: can we close this bug?

2023-11-01 Thread Thomas Lange

Hi Cord,

you have requested for help in 2008. But it seems that you actively
maintain the package at least in the last 3 years. Please think about
if this bug can be closed.

-- 
viele Grüße Thomas

Bug#1055171: fpga-icestorm: icebram incompatible with yosys 0.23

2023-11-01 Thread Daniel Gröber

Package: fpga-icestorm
Version: 0~20220915gita545498-3
X-Debbugs-Cc: Andras Pal 

Hi Andras,

On Wed, Nov 01, 2023 at 04:52:25PM +0100, Andras Pal wrote:
> I'm using the yosys/nextpnr/icestorm toolchain regularly under Debian and
> after upgrading to bookworm i noted (after some debugging) that in some
> cases yosys-0.23 tends to generate memory instances whose initialization
> values cannot be replaced with the `icebram` utility in a similar way like
> in the previous (and in the following) releases.

Do you have a reproducer/example for this? I haven't had the need to use
icebram in my projects yet so having a regression test in the package would
be good.

> By checking the source code on github, i found that `icebram` underwent a
> significant refactoring, likely after freezing the bookworm release (i.e.
> sometimes in between Sept '22 and Feb '23). And indeed, after manually
> downloading installing the trixie version (20230218gitd20a5e9-1) of the
> fpga-icestorm and fpga-icestrom-chipdb packages, the toolchain started to
> work again as it is expected.
> 
> Is it possible to backport this upgraded version of `icebram` to bookworm as
> well in order to be compatible with the shipped yosys version? I don't know
> what is the severity of this bug - it is indeed not a security issue, but
> otherwise the packeges are broken in this sense. And it might be beneficial
> for another users and projects as well.

Sholdn't be a problem. There's two ways to go, either we find a (small)
patch that fixes the issue in the version from stable or (with some
negotiation with the release team) we get permission to upgrade the version
in stable.

--Daniel

Bug#1055160: Acknowledgement (not installable as gcc-arm-non-eabi has moved to 15:12.3.rel1-1)

2023-11-01 Thread Harald Welte

I've actually tried to resolve this by doing a local dpkg-buildpackage 
of the completely unmodified package retrieved by "apt source 
libstdc++-arm-none-eabi"
and it worked:

dpkg-deb: building package 'libstdc++-arm-none-eabi-newlib' in 
'../libstdc++-arm-none-eabi-newlib_12.3.rel1-1+23_all.deb'.
dpkg-deb: building package 'libstdc++-arm-none-eabi-dev' in 
'../libstdc++-arm-none-eabi-dev_12.3.rel1-1+23_all.deb'.
dpkg-deb: building package 'libstdc++-arm-none-eabi-picolibc' in 
'../libstdc++-arm-none-eabi-picolibc_12.3.rel1-1+23_all.deb'.

which I could then install via dpkg without any conflicts, as it's 15:12.3 

Selecting previously unselected package libstdc++-arm-none-eabi-dev.
(Reading database ... 840133 files and directories currently installed.)
Preparing to unpack libstdc++-arm-none-eabi-dev_12.3.rel1-1+23_all.deb ...
Unpacking libstdc++-arm-none-eabi-dev (15:12.3.rel1-1+23) ...
Selecting previously unselected package libstdc++-arm-none-eabi-newlib.
Preparing to unpack libstdc++-arm-none-eabi-newlib_12.3.rel1-1+23_all.deb ...
Unpacking libstdc++-arm-none-eabi-newlib (15:12.3.rel1-1+23) ...
Selecting previously unselected package libstdc++-arm-none-eabi-picolibc.
Preparing to unpack libstdc++-arm-none-eabi-picolibc_12.3.rel1-1+23_all.deb ...
Unpacking libstdc++-arm-none-eabi-picolibc (15:12.3.rel1-1+23) ...
Setting up libstdc++-arm-none-eabi-dev (15:12.3.rel1-1+23) ...
Setting up libstdc++-arm-none-eabi-newlib (15:12.3.rel1-1+23) ...
Setting up libstdc++-arm-none-eabi-picolibc (15:12.3.rel1-1+23) ...

-- 
- Harald Welte   https://laforge.gnumonks.org/

"Privacy in residential applications is a desirable marketing option."
  (ETSI EN 300 175-7 Ch. A6)

Bug#1055170: libnbd: CVE-2023-5871

2023-11-01 Thread Salvatore Bonaccorso

Source: libnbd
Version: 1.18.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libnbd.

CVE-2023-5871[0]:
| generator: Fix assertion in ext-mode BLOCK_STATUS


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-5871
https://www.cve.org/CVERecord?id=CVE-2023-5871
[1] 
https://lists.libguestfs.org/archives/list/gues...@lists.libguestfs.org/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD/
[2] 
https://gitlab.com/nbdkit/libnbd/-/commit/4451e5b61ca07771ceef3e012223779e7a0c7701

Regards,
Salvatore

Bug#1043159: [ftpmas...@ftp-master.debian.org: Accepted golang-golang-x-image 0.11.0-1 (source) into unstable]

2023-11-01 Thread Salvatore Bonaccorso

Source: golang-golang-x-image
Source-Version: 0.11.0-1

This upload did fix CVE-2023-29407 and CVE-2023-29408 tracked with
#1043159, but bug was not closed. Doing so manually now.

- Forwarded message from Debian FTP Masters 
 -

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 09 Oct 2023 17:18:55 -0600
Source: golang-golang-x-image
Architecture: source
Version: 0.11.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 
Changed-By: Anthony Fok 
Changes:
 golang-golang-x-image (0.11.0-1) unstable; urgency=medium
 .
   * New upstream version 0.11.0
   * Bump versioned dependency as per go.mod
Checksums-Sha1:
 37c57b6a3933e82f467867ea31b5b9c0d130768d 2263 
golang-golang-x-image_0.11.0-1.dsc
 ebfd0ce0e59e9abdbf63516755083a941ad4f407 5091140 
golang-golang-x-image_0.11.0.orig.tar.gz
 0a0eab374f191800fa95529e476840e9baf1898b 6000 
golang-golang-x-image_0.11.0-1.debian.tar.xz
 0644fab4e599ee2b5076ea8cd1e74704ac42e5dd 6414 
golang-golang-x-image_0.11.0-1_amd64.buildinfo
Checksums-Sha256:
 619e95134248736300d83dd93dd3b6973b396a858d21890dbf3bc01c03d0d13a 2263 
golang-golang-x-image_0.11.0-1.dsc
 f3f2478f08274fabf49f4947ba98bdda9de35e811a0e28cc76144ae33c816680 5091140 
golang-golang-x-image_0.11.0.orig.tar.gz
 656232d3c92220508297280d518190e232661743d4a896bdda94f759044557ee 6000 
golang-golang-x-image_0.11.0-1.debian.tar.xz
 a28c2ad16ab37e33500bef8dbb13d57019fa16ffe41a1799cc1524eb21198369 6414 
golang-golang-x-image_0.11.0-1_amd64.buildinfo
Files:
 bdd4304555f073266c06ee0bab86e141 2263 golang optional 
golang-golang-x-image_0.11.0-1.dsc
 d1d83dd6426cd4bf3d934d63e5607d9a 5091140 golang optional 
golang-golang-x-image_0.11.0.orig.tar.gz
 a0fda588765829ea0bc9e609c29e8571 6000 golang optional 
golang-golang-x-image_0.11.0-1.debian.tar.xz
 9ddebacc5a47b3e65755416248a44d8d 6414 golang optional 
golang-golang-x-image_0.11.0-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmUlO5IQHGZva2FAZGVi
aWFuLm9yZwAKCRDqJQC0EsWaz3OdD/wNDZFTRGdhef5gRdnR4TYEj4s7c8p2U+6j
KSxIkLL849reqyYDvdRwm58It9mF3bECGvHpAp0TR7bd8TG0Sp9a5BTJu1THidVx
4jauaVxpYjBQ3TCPFVir51obHjHVc0C9lFVwqd8oABKzPVfoda0479+VtlZ761Qb
dTc8U82JIdibyUP/gZjWs7rtzU/gOUxgGO7v4S9dmDhabGbeIDf7TGB9Z0DdYr4x
w+Y+2hn8ZZ7rjqhvCx2x8kGmVRWoL1LwYkZVpI7GWE1p0ueI9dn1oimDunqLSQTt
cZTbR+Mpqqd2jh4BP1m+FVxAedwJ18NLpsfpP2XJb4FnExJwGMQqI1nF25azTeAk
Xv4elgnJ712h+AFmdkTeSyAfYkJvKiGiHFUTSXx+43TqB8lX/NvFEkFY0EZjri2o
sj5TV06hAkOTrpewHp8EBXIznSxzl/qt1JeAXyd2U+HQ5267HGf43/UBWzPHRk9U
pJaNhq/C0lUrv0/OQj1Xr9s4NbU1PqNf8KPM64J/5IcH5tHvgz+fbMdcdyOTmgHY
/Th3QF8JXkWfgeU3ZnITgc7lTF8POHTd1G9VeL8Use0VuR/gSm1Q1VXiOjuZczAy
GDAQYTh/gyJM+dkeu0XuVfey+YPD30nR1rtWDz5OQymG7mN7cQv2sXcyEpwPSM3W
tncFTHFsvA==
=HZ4L
-END PGP SIGNATURE-


- End forwarded message -

Bug#1055169: zipalign: undefined symbol: _ZN11zip_archive6WriterD2Ev

2023-11-01 Thread behzad

Package: zipalign
Version: 1:10.0.0+r36-1
Severity: important
X-Debbugs-Cc: behzadasb...@gmail.com

Dear Maintainer,

I'm getting this error when I run zipalign:

```
/bin/zipalign: symbol lookup error: /bin/zipalign: undefined symbol:
_ZN11zip_archive6WriterD2Ev
```

I have this problem with debian sid and experimental. I also had a
similar problem like this with aapt but that was solved by installing
aapt from experimental. I tried on two computers and not worked, but
with debian experimental on termux with proot, zipalign is working properly.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-3-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages zipalign depends on:
ii  android-liblog 1:34.0.4-1
ii  android-libutils   1:34.0.4-1
ii  android-libziparchive  1:34.0.4-1
ii  libc6  2.37-12
ii  libgcc-s1  13.2.0-5
ii  libstdc++6 13.2.0-5
ii  libzopfli1 1.0.3-2
ii  zlib1g 1:1.2.13.dfsg-3

zipalign recommends no packages.

zipalign suggests no packages.

-- no debconf information

Bug#1054376: liborcus: FTBFS on hppa - segmentation fault in orcus-test-xml-mapped

2023-11-01 Thread John David Anglin

This is orcus issue #194:
https://gitlab.com/orcus/orcus/-/issues/194

The attached change fixes orcus_test_xml_mapped test on hppa hardware:
https://buildd.debian.org/status/fetch.php?pkg=liborcus=hppa=0.17.2-4=1698851675=0

Regards,
Dave Anglin
---

Index: liborcus-0.17.2/src/orcus_test_xml_mapped.cpp
===
--- liborcus-0.17.2.orig/src/orcus_test_xml_mapped.cpp
+++ liborcus-0.17.2/src/orcus_test_xml_mapped.cpp
@@ -66,9 +66,8 @@ void test_mapped_xml_import()
 { SRCDIR"/test/xml-mapped/nested-repeats-4", false },
 };
 
-auto dump_xml_structure = [](std::string& dump_content, std::string& 
/*strm*/, const char* filepath, xmlns_context& cxt)
+auto dump_xml_structure = [](std::string& dump_content, const 
file_content& content, xmlns_context& cxt)
 {
-file_content content(filepath);
 dom::document_tree tree(cxt);
 tree.load(content.str());
 ostringstream os;
@@ -146,9 +145,10 @@ void test_mapped_xml_import()
 // input one. They should be identical.
 
 string dump_input, dump_output;
-string strm_data_file, strm_out_file; // Hold the stream content 
in memory while the namespace context is being used.
-dump_xml_structure(dump_input, strm_data_file, 
data_file.string().data(), cxt);
-dump_xml_structure(dump_output, strm_out_file, out_file.data(), 
cxt);
+// Hold the stream content in memory while the namespace context 
is being used.
+file_content strm_data_file(data_file.string()), 
strm_out_file(out_file);
+dump_xml_structure(dump_input, strm_data_file, cxt);
+dump_xml_structure(dump_output, strm_out_file, cxt);
 assert(!dump_input.empty() && !dump_output.empty());
 
 cout << dump_input << endl;



signature.asc
Description: PGP signature

Bug#1000401: golang-github-go-git-go-git: please make the build reproducible

2023-11-01 Thread Chris Lamb

Chris Lamb wrote:

> However, if you don't see these files when you "dpkg -c" the .deb
> files, that suggests something strange is going on...

I am seeing them, at least:

$ dget --quiet golang-github-go-git-go-git-dev

$ dpkg -c golang-github-go-git-go-git-dev_5.4.2-3_all.deb | grep tmp | tail -n10
-rw-r--r-- root/root  1919 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/51/7a2143aae436b802cac429249a4df4b4b39cec
drwxr-xr-x root/root 0 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/59/
-rw-r--r-- root/root  1925 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/59/a889a87437c5c9cb1d249f5a38b29102dd2af4
drwxr-xr-x root/root 0 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/91/
-rw-r--r-- root/root   885 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/91/3a3f146a2d1eff37138e668ebb67ff265227b8
drwxr-xr-x root/root 0 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/ee/
-rw-r--r-- root/root   177 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/ee/372bb08322c1e6e7c6c4f953cc6bf72784e7fb
drwxr-xr-x root/root 0 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/pack/
-rw-r--r-- root/root111840 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/pack/pack-f2e0a8889a746f7600e07d2246a2e29a72f696be.idx
-rw-r--r-- root/root   1542854 2021-11-22 05:37 
./usr/share/gocode/src/github.com/go-git/go-git/plumbing/format/packfile/.tmp/946035611/objects/pack/pack-f2e0a8889a746f7600e07d2246a2e29a72f696be.pack

$ 


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1000401: golang-github-go-git-go-git: please make the build reproducible

2023-11-01 Thread Chris Lamb

Hi Santiago,

> The program is already built when the tests are executed. How does the
> outcome of the tests affects the package contents? 

Unfortunately I don't remember the specific details of this, but the
testsuite affecting the debs is definitely possible. Specifically, if
the ordering of a Debian package build, in rough terms, is:

 1. Compile the code (into the working directory)
 2. Run the testsuite
 3. Build/construct the .debs

... then if the tests modify the working directory (and/or subdirs),
then the .debs could definitely reflect those changes, no?

However, if you don't see these files when you "dpkg -c" the .deb
files, that suggests something strange is going on...


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1055168: RFP: redwax-tool -- The universal certificate conversion tool.

2023-11-01 Thread Graham Leggett

Package: wnpp
Severity: wishlist

* Package name  : redwax-tool
   Version: 0.9.3
   Upstream Author : Graham Leggett 
* URL  : https://redwax.eu/rt/
* License : Apache 2.0
  Programming Lang: C
  Description   : The universal certificate conversion tool.

Read certificates and keys from your chosen sources, filter the certificates
and keys you're interested in, write those certificates and keys to the
destinations of your choice.

Support for reading from and writing to PEM files, PKCS11 smartcards,
PKCS12, and NSS. Extract metadata and write to XML, JSON, YAML, iCal
calendars and iCal reminders.

Bug#1054660: debdelta: Improve performance info

2023-11-01 Thread Stefan Monnier

> 2) if there is no delta, it will "download" the new package (this may be
>because, the delta was too big, or the package was too small, or, some
>error)
> 3) after all available deltas have been applied, it may exit, or continue
>   downloading all needed new .deb
> This behavior can be tuned with the option --deb-policy option, see
> man page.

I guess my question is: why does it ever download the `.deb` package?

[..time passes..]

Oh.. could it be that you do it as an optimization: if we're still
applying patches, rather than leave the network unused and since we
can't start `apt` yet, download some of the remaining packages, so the
(presumed) subsequent `apt` will be faster?

>> Q uestions that I can't answer based on the above output:
>> - I don't see any other mention of "avahi-daemon" than the "created" line,
>>so how was it created?
> by downloading the delta and applying it

But in the output there was no mention of downloading anything related to
that package, whereas most other packages have two lines, one about the
download and one about the creation (in my sample out, this is the case
for `libreoffice-calc`).

>>There's no subsequent matching "created" line, so IIUC it was
>>downloaded in non-delta form, which I'd expect `debdelta-upgrade`
>>never does (leaving it to `apt upgrade` instead).
> actually, it does

I did not expect that behavior.

>> - I'd appreciate seeing the actual size of the downloaded data on each
>>   line (maybe instead of the time?).
> add some -v options

Duh, can't believe I didn't think of that.
This said, with a `-v` I get more output than what I'd like, but well,
one can't satisfy everyone.


Stefan

Bug#1040333: restic fails when using rest backend

2023-11-01 Thread David Roman

It does contain an entry for the localhost. The issue was not present 
before updating to Debian 12 so I guess the problem comes from some 
configuration changed with Debian 12 that made restic fail with that setup.





--
Avís -
Aviso - Legal Notice - (LOPD) - http://legal.ifae.es

Bug#1023481: unofficial patch available

2023-11-01 Thread Hilko Bengen

Via , I found a patch[1]
that seems to replace all problematic Int with Int64 types. I am not
sure about any undesirable side-effects, though.

Cheers,
-Hilko

[1] https://github.com/dmy/elm-raspberry-pi/blob/master/patches/elm-0.19.1.patch

Bug#1054665: debdelta: Avoid generating the actual `.deb`

2023-11-01 Thread Stefan Monnier

> debpatch and debdelta-upgrade have an option
>  --format unzipped
> that will recreate the deb w/o compressing the data part: this is
> much faster.

But it would often use a lot more disk space :-(
If we were instead to just keep the original `.deb` together with the
xdelta, it would be in most cases smaller.

> The point is, I do not know if apt will accept those .debs . Maybe apt may
> have an option to accept debs even when the size is not what is expected.

I strongly suspect that it would require changes in APT, indeed.


Stefan

Bug#1040333: restic fails when using rest backend

2023-11-01 Thread Félix Sipma


Hi,

Sorry for the late reply.

That indeed looks like a problem on your setup. Maybe your /etc/hosts 
does not contain "127.0.0.1  localhost"?


Regards,

--
Félix


signature.asc
Description: PGP signature

Bug#1037756: litecoin: ftbfs with GCC-13

2023-11-01 Thread Bastian Germann


I am uploading a NMU to fix this. The changes are included in git.

Bug#1042659: restic: diff for NMU version 0.14.0-1.1

2023-11-01 Thread Andreas Metzler

Control: tags 1042659 + pending

Dear maintainer,

I've prepared an NMU for restic (versioned as 0.14.0-1.1) and uploaded
it to DELAYED/10. (Autoremoval from testing is scheduled on Nov 14)
Please feel free to tell me if I should delay it longer.

Kind regards

Andreas
diff -Nru restic-0.14.0/debian/changelog restic-0.14.0/debian/changelog
--- restic-0.14.0/debian/changelog	2022-08-27 12:48:55.0 +0200
+++ restic-0.14.0/debian/changelog	2023-11-01 13:49:52.0 +0100
@@ -1,3 +1,11 @@
+restic (0.14.0-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add 0002-doc-fix-building-with-Sphinx-6.patch from upstream to fix
+FTBFS against sphinx >= 6. Closes: #1042659
+
+ -- Andreas Metzler   Wed, 01 Nov 2023 13:49:52 +0100
+
 restic (0.14.0-1) unstable; urgency=medium
 
   * New upstream version 0.14.0 (Closes: #1018154)
diff -Nru restic-0.14.0/debian/patches/0002-doc-fix-building-with-Sphinx-6.patch restic-0.14.0/debian/patches/0002-doc-fix-building-with-Sphinx-6.patch
--- restic-0.14.0/debian/patches/0002-doc-fix-building-with-Sphinx-6.patch	1970-01-01 01:00:00.0 +0100
+++ restic-0.14.0/debian/patches/0002-doc-fix-building-with-Sphinx-6.patch	2023-11-01 13:47:00.0 +0100
@@ -0,0 +1,23 @@
+From c4e6b198ae535eeac711fdd424ee20b367fd5624 Mon Sep 17 00:00:00 2001
+From: Michael Eischer 
+Date: Sun, 12 Mar 2023 11:45:26 +0100
+Subject: [PATCH] doc: fix building with Sphinx 6
+
+---
+ doc/conf.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/conf.py b/doc/conf.py
+index 3c0af927b..3fd8dc119 100644
+--- a/doc/conf.py
 b/doc/conf.py
+@@ -106,5 +106,5 @@ html_static_path = ['_static']
+ htmlhelp_basename = 'resticdoc'
+ 
+ extlinks = {
+-'issue': ('https://github.com/restic/restic/issues/%s', '#'),
++'issue': ('https://github.com/restic/restic/issues/%s', '#%s'),
+ }
+-- 
+2.42.0
+
diff -Nru restic-0.14.0/debian/patches/series restic-0.14.0/debian/patches/series
--- restic-0.14.0/debian/patches/series	2022-08-27 12:48:55.0 +0200
+++ restic-0.14.0/debian/patches/series	2023-11-01 13:47:04.0 +0100
@@ -1 +1,2 @@
 0001-privacy-breach.patch
+0002-doc-fix-building-with-Sphinx-6.patch


signature.asc
Description: PGP signature

Bug#1055150: a2d: Failed to analyze the VCS repository, and new upstream available

2023-11-01 Thread Yogeswaran Umasankar


Ignore my previous request to block 1055040 by 1055041, posted in wrong bug 
number.

On Wed, Nov 01, 2023 at 10:03:21AM -0400, Yogeswaran Umasankar wrote:

Hi,
Could anyone help to block 1055040 by 1055041, seems thats been removed
in the process.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055041

Thank you,
Yogeswaran Umasankar.

On Wed, Nov 01, 2023 at 08:33:03AM +, Debian Bug Tracking System wrote:

Processing control commands:


reopen -1

Bug #1055040 {Done: Tobias Frost } [a2d] a2d: Failed to 
analyze the VCS repository, and new upstream available
Bug reopened
Ignoring request to alter fixed versions of bug #1055040 to the same values 
previously set

--
1055040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055040
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1055040: a2d: Failed to analyze the VCS repository, and new upstream available

2023-11-01 Thread Yogeswaran Umasankar


Hi,
Could anyone help to block 1055040 by 1055041, seems thats been removed
in the process.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055041

Thank you,
Yogeswaran Umasankar.

On Wed, Nov 01, 2023 at 08:33:03AM +, Debian Bug Tracking System wrote:

Processing control commands:


reopen -1

Bug #1055040 {Done: Tobias Frost } [a2d] a2d: Failed to 
analyze the VCS repository, and new upstream available
Bug reopened
Ignoring request to alter fixed versions of bug #1055040 to the same values 
previously set

--
1055040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055040
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1055150: a2d: Failed to analyze the VCS repository, and new upstream available

2023-11-01 Thread Yogeswaran Umasankar


Hi,
Could anyone help to block 1055040 by 1055041, seems thats been removed
in the process.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055041

Thank you,
Yogeswaran Umasankar.

On Wed, Nov 01, 2023 at 08:33:03AM +, Debian Bug Tracking System wrote:

Processing control commands:


reopen -1

Bug #1055040 {Done: Tobias Frost } [a2d] a2d: Failed to 
analyze the VCS repository, and new upstream available
Bug reopened
Ignoring request to alter fixed versions of bug #1055040 to the same values 
previously set

--
1055040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055040
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1055167: Network interface lost IP when lease expired after switching from isc-dhcp-client

2023-11-01 Thread Larsen


Package: udhcpc
Version: 1:1.35.0-4+b3

After switching from isc-dhcp-client to udhcpc (apt purge isc-dhcp-client
udhcpc+), when the DHCP lease expired, the network interface didn't get a
new IP, pushing the server offline (luckily I had a remote console to fix
the problem). The package was installed via Puppet and I didn't notice
that this doesn't run needrestart (or at least doesn't restart services
with our configuration). I now use the workaround to "needrestart -r a"
after installing the package with Puppet.

IMHO needrestart shouldn't be needed, but instead the package should take
care of such a situation.


Lars

Bug#1055150: a2d: apt remove a2k nukes user data (postinst)

2023-11-01 Thread Yogeswaran Umasankar


Hi,
On Wed, Nov 01, 2023 at 10:38:31AM +0100, Tobias Frost wrote:

Package: a2d
Version: 2.0.1-1
Severity: serious
Justification: Policy 10.7.3

Found during package review:

postinst has:

#Remove user conf files
case "$1" in
   purge|remove|deconfigure|disappear)
   # Remove the user-generated configuration file
   if [ -e "/etc/a2d" ]; then
 rm -r /etc/a2d
   fi

   if [ -e "/var/lib/a2d" ]; then
 rm -r /var/lib/a2d
   fi

   if [ -e "/var/log/a2d_gu_error.log" ]; then
 rm -r /var/log/a2d_gu_error.log
   fi

   ;;

   *)
   # For other cases, do nothing
   ;;
esac

Multiple issues.
- Deleting user data is postinst must only done when purging.
- /etc/a2d is handled as conffile, it it dpkg's job to clean it up.
- /var/lib/a2d and /var/lib/a2d/dbs is also shipped with the package,
 and removing the directories should also be left to dpkg.
 (If possible the package should only delete the files it has
 created itself.)


Thank you for reviewing the package. I believe you are talking about
postrm, postinst dont remove anything. 


As you suggested, I have fixed the postrm so only during purge it
deletes user config and user's a2d database. The user generated/modified
config and user's a2d database created by flask seems to stay after
removing the package, so removing them by postrm during purge helps.

Thank you,
Yogeswaran Umasankar.

Bug#1055043: Debian carnivore: port from Python 2 to 3

2023-11-01 Thread Danial Behzadi


I made a merge request for it:


در دوشنبه, اكتبر 30 2023 at ۱۳:۲۹:۱۱ +08:00:00, Paul 
Wise  نوشته بود:

Package: qa.debian.org
Severity: serious
User: qa.debian@packages.debian.org 


Usertags: carnivore
X-Debbugs-CC: m...@qa.debian.org , 
debian-pyt...@lists.debian.org 


The carnivore system which tracks the activity of Debian members is
written in Python 2, which has been removed from Debian, so carnivore
needs porting to Python 3 and volunteers are needed to work on that.






--
bye,
pabs

Bug#1035505: firmware-nonfree: debian/bin/gencontrol.py fails on spaces and backslashes

2023-11-01 Thread James Addison

Source: firmware-nonfree
Followup-For: Bug #1035505
X-Debbugs-Cc: didi.deb...@cknow.org, 1029...@bugs.debian.org, k...@debian.org
Control: forwarded -1 
https://salsa.debian.org/kernel-team/firmware-nonfree/-/merge_requests/65
Control: tags -1 patch

Please find an updated attempt to handle spaces within the filenames of
firmware files (as relevant for some firmware files, as noted in #1029843) for
Debian packages at:

  https://salsa.debian.org/kernel-team/firmware-nonfree/-/merge_requests/65

I've performed some manual testing of this locally but would appreciate any
review time available.

Bug#1055166: lua-rex-pcre: There is no release for Debian 12 (bookworm)

2023-11-01 Thread Alexandre Detiste

control: tag -1 wontfix

Hi,

You will have to migrate to the new lua-rex-pcre2.

https://packages.debian.org/bookworm/lua-rex-pcre2

Greetings

Bug#1053662: RFS: qt5-ukui-platformtheme/4.1.0.1-1 -- Qt5 QPA platform theme of UKUI

2023-11-01 Thread Tobias Frost

Control: tags -1 moreinfo

Same as with the other packages, this first needs clarification.
This is a hidden NMU with xibowen adding themself as Uploaders, with
no information whether this was somehow discussed with the maintainers.

Same as #1053143:

> did you contact the maintainers prior to this RFS?
> 
> (pinging the team to make them aware of this RFS.)
> 
> The current state of sid/experimental does not say xibowen is an
> existing maintainer, so this is technically an NMU, and the changes
> are likely out of scope for an NMU -- see dev-ref)
> 
> This should be clarified if the current maintainers are aware.

--
tobi

Bug#1053575: RFS: ruby-mdl/0.13.0-1 -- Markdown lint tool

2023-11-01 Thread Tobias Frost

Control: tags -1 moreinfo
Control: forcemerge -1 1054258

On Wed, 1 Nov 2023 10:47:08 +0100 Norwid Behrnd 
wrote:
> The RFS ticket #1054258 /
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054258 
> aims to correct errors and substitute `ruby-mdl` by `mdl` for good. 
Thus, the
> uploaded to mentors.debian.net by 2023-10-29 finally uses only one
control file
> in common to assemble both `ruby-mdl` as the transition dummy package,
and
> `mdl` as the one where further curated in future.
> 

As Bastian said (and I did too, without knowing this bug report in
#1054258), this is not a good reason to rename a source package.
We explictly WANT to retrain the history of the package, for example.

I'm merging the bug reports, as we should be discussed on a single bug.

--
tobi

Bug#1055158: python-imageio's autopkg tests fails with pillow 10.1.0

2023-11-01 Thread Ole Streicher

The problem is that imageio <= 2.31.6 is known being incompatible to 
pillow >= 10.1; see https://github.com/imageio/imageio/pull/1046


Therefore, I am waiting for an upstream fix.

Bug#1055041: RFS: a2d/2.0.3-1 -- APRS to DAPNET portal

2023-11-01 Thread Yogeswaran Umasankar


Hi Tobi,
On Wed, Nov 01, 2023 at 10:23:54AM +0100, Tobias Frost wrote:

Control: tags -1 moreinfo

Hi Yogeswaran,

I've took a look at your package:


Thank you for reviewing the package, I appreciate your feedback and
comments.


- You do not replace the debian changelog, you append the new
 information. (hint: use "debchange" or "dch" for changelog manipulation)


I am using visual studio code to do all the modifications before using
gbp for packaging. That maybe the reason its replacing the changelog.
Unless its an issue, I would like to use visual studio code for now.


- there are undocumented changes, for example it seems that dependencies
 has been changeed. that (and why it is) should be noted in
 d/changelog.


I have fixed all the undocumented changes, and noted all of them in
debian changelog.


(You are also upstream)


Thank you for the feedback on upstream, it helped to improve the
upstream.


- It seems you have renamed a2dapp to a2d. This change is not good,
 as it is too short / generic, and renaming is a breaking change
 for your users. I'd appreaciate if you could stay with the old name.


I am not renaming the package from a2dapp to a2d. The original package
name was a2d from the begining. And a2dapp was not defined properly in
the previous version in setup.py (not according to Debian python). So in
upstream I have fixed it by moving the flask files to original a2d, and
also updated to toml instead of setup.py.


- Do you really need an hard dependency on nginx?
 (I've checked myself: I think you don't. you'll use nginx as a proxy,
 but people might want to setup e.g another http server for that or
 even directly connect to the 9333 port (can they?); I think nginx
 should be Recommends: not Depends: -- see policy about the definition
 of Depends.)


Yes we need hard dependency on nginx. a2d is a flask app and it is
designed in a way that flask handles reverse proxy setup all the way to
generating signed CA SLL for the user. Without nginx the whole flask
will crash. It is by design to make it easy for ham radio users with
limited experience in linux systems. I have provided detailed
instructions for the users in the flask app on how changing ports and
working on SSL will impact their system.


- You README.md suggests to do rm -rf 
 That is bad advice! Do not blindly say that they should nuke the nginx
 configuration; (If, then the user should run apt purge nginx, but this
 is also still dangerous a people might loose data); deluser is also
 a bad advice, (system) users should not be deleted after they have
 been created.


I have added clear warning to the user in the README.md file about
removing nginx. I have removed the part about deluser.


- postinst is wrong. Especially you do not remove those files on
 "remove" -- only purge should delete user configuration, for example.

Thinking about it I am not sure if you are handling conffiles correctly,
as your postrm will nuke also files not handled by your packge, by
blindly removing them. This is an RC bug. Probably your application
will create files there? Maybe than /etc/ is the wrong location, maybe
app-created files should be reside in /var/lib/a2d? I'm not sure here
if/how this is handled correctly, maybe someone else will chime in.
I'm just sure that "rm -r /etc/a2d" could make some admins unhappy.


I believe you are talking about postrm, postinst dont remove anything.
(1) As you suggested, I have fixed the postrm so only during purge it
deletes user config and user's a2d database.
(2) I placed the user generated config files in /etc/, here the user use
flask to create their config files. So I believe it should be in /etc/
and not in /var/lib/a2d.


(I'm running out of time here, the review might not be complete)


Thank you again for your time!
Yogeswaran Umasankar.

Bug#1053148: RFS: peony/4.1.1.1-1 -- file Manager for the UKUI desktop

2023-11-01 Thread Tobias Frost

Control: tags -1 moreinfo

Same as #1053143:

> did you contact the maintainers prior to this RFS?
> 
> (pinging the team to make them aware of this RFS.)
> 
> The current state of sid/experimental does not say xibowen is an
> existing maintainer, so this is technically an NMU, and the changes
> are likely out of scope for an NMU -- see dev-ref)
> 
> This should be clarified if the current maintainers are aware.

--
tobi

Bug#1055166: lua-rex-pcre: There is no release for Debian 12 (bookworm)

2023-11-01 Thread lalshe

Package: lua-rex-pcre
Severity: wishlist

Dear Maintainer, we tried to migrate to Debian 12 for our applications with
Nginx, but found, that there is no release for package `lua-rex-pcre` for
bookworm https://packages.debian.org/en/bullseye/lua-rex-pcre

Could you please release a build for Debian 12 (bookworm) and publish it to
https://packages.debian.org?

--

It's my first issue in debian tracker, please sorry if I mistacked about
place
to report.

-- System Information:
Debian Release: 11.6
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500,
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-0.deb11.11-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lua-rex-pcre depends on:
ii  libc6 2.31-13+deb11u7
ii  libpcre3  2:8.45-1+0~20230620.10+debian11~1.gbp8792c4

lua-rex-pcre recommends no packages.

Bug#1053143: RFS: ukui-session-manager/4.0.0.0-1 -- Session manager of the UKUI desktop environment

2023-11-01 Thread Tobias Frost

Control: tags -1 moreinfo

Hi xibowen,

did you contact the maintainers prior to this RFS?

(pinging the team to make them aware of this RFS.) 

The current state of sid/experimental does not say xibowen is an
existing maintainer, so this is technically an NMU, and the changes
are likely out of scope for an NMU -- see dev-ref)

This should be clarified if the current maintainers are aware of this
NMU before this RFS goes forward.

On Thu, 28 Sep 2023 14:39:14 +0800 "=?utf-8?B?eGlib3dlbg==?=" > 
>  ukui-session-manager (4.0.0.0-1) unstable; urgency=medium
>  .
>    * New upstream release.
>    * Upload to unstable.

Not all changes seems documented, for example, that you'Ve added



> Regards,
> -- 
>   xibowen

 
Cheers,
tobi

Bug#1055162: ITP: libhinoko -- I/O library for IEEE 1394 isochronous communication

2023-11-01 Thread Takashi Sakamoto

I note that libhinoko 1.0.0 depends on libhinawa 4.0.0 which is under
working for debian packaging.

https://salsa.debian.org/debian/libhinawa/-/issues/27

Bug#1052015: RFS: blktrace/1.3.0-1 -- utilities for block layer IO tracing

2023-11-01 Thread Tobias Frost

Control: tags -1 moreinfo


Hi Daichi,

this seems to be a NMU, and for NMUs there is a set of rules [0], for
example it needs to fix (important) bugs.
 
Maybe I am missing something but I think this upload is outside of the
scope of an NMU. Please let me know if I missed something.


[0]
https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#non-maintainer-uploads-nmus

-- 
tobi

Bug#1025825: ImportError: cannot import name 'safe_join' from 'flask'

2023-11-01 Thread Stanislav Maslovski

Package: grip
Version: 4.2.0-3
Followup-For: Bug #1025825
X-Debbugs-Cc: stanislav.maslov...@gmail.com

Hi,

The changelog to v. 2.1.0 of flask says:

"safe_join is removed, use werkzeug.utils.safe_join instead."

So, either a patch or an update is needed for grip package.

As a workaround, downgrading python3-flask to v. 2.0.3-1 (available at
snapshot.debian.org) may help.

BR,

Stanislav

Bug#1055165: lmdb homepage is specified incorrectly

2023-11-01 Thread Michael Tokarev

Package: liblmdb0
Version: 0.9.24-1
Severity: normal

Homepage in d/control should be http://www.symas.com/lmdb ,
not http://symas.com/mdb/ (note lmdb vs mdb).
Also it might be a good idea to switch to https and
use canonical host name (with www - their web server
redirects to www)

/mjt

Bug#1051498: RFS: strace/6.5-0.1 [NMU] -- System call tracer

2023-11-01 Thread Tobias Frost

Control: tags -1 moreinfo

Hi Bo YU,

can you expand on the background of the NMU?
A new upstream version are usually only acceptable in NMUs in rare
circumstances, so this needs extra explanation. 

Have you been in contact with Steve and told them about your intentions
to NMU it? 

Cheers,
-- 
tobi

On Sat, 9 Sep 2023 02:03:55 +0800 Bo YU  wrote:
> Package: sponsorship-requests
> Severity: normal
> 
> Dear mentors,
> 
> I am looking for a sponsor for my package "strace":
> 
>  * Package name : strace
>    Version  : 6.5-0.1
>    Upstream contact : [fill in name and email of upstream]
>  * URL  : https://strace.io
>  * License  : [fill in]
>  * Vcs  : https://salsa.debian.org/debian/strace
>    Section  : utils
> 
> The source builds the following binary packages:
> 
>   strace - System call tracer
>   strace64 - System call tracer for 64bit binaries
>   strace-udeb - System call tracer
> 
> To access further information about this package, please visit the
following URL:
> 
>   https://mentors.debian.net/package/strace/
> 
> Alternatively, you can download the package with 'dget' using this
command:
> 
>   dget -x
https://mentors.debian.net/debian/pool/main/s/strace/strace_6.5-0.1.dsc
> 
> Changes since the last upload:
> 
>  strace (6.5-0.1) unstable; urgency=medium
>  .
>    * Non-maintainer upload.
>    * New upstream version 6.5
> 
> >-
> 
> I'd be appreciated that if you import-dsc 6.4-0.1[0] to salsa[1] also
> 
> [0]:
https://deb.debian.org/debian/pool/main/s/strace/strace_6.4-0.1.dsc
> [1]: https://salsa.debian.org/debian/strace
> 
> -- 
> Regards,
> --
>   Bo YU
>

Bug#1055164: O: gkrelluim -- GKrellM plugin for uim

2023-11-01 Thread HIGUCHI Daisuke (VDR dai)

Package: wnpp
Severity: normal
X-Debbugs-Cc: gkrell...@packages.debian.org
Control: affects -1 + src:gkrelluim

I (upstream) do not use, develop and maintain it anymore.
No plan to migrate to GTK > 2, so it may be appropriate to RM.

Description: GKrellM plugin for uim
 A GKrellM plugin for an input method module library uim.
 It allows you to monitor and configure uim on GKrellM.
 .
 You can watch uim conversion status on GKrellM panel
 and change uim conversion mode on GKrellM button.
 In addition, you can launch uim related tools on it.
-- 
Regards,
dai

GPG Fingerprint = 0B29 D88E 42E6 B765 B8D8 EA50 7839 619D D439 668E


signature.asc
Description: PGP signature

Bug#1055163: gnome-control-center: Intel Management Engine disabled in BIOS but reporting out-of-date (active)

2023-11-01 Thread Steven Jay Cohen

Package: gnome-control-center
Version: 1:45.1-1
Severity: normal
X-Debbugs-Cc: steven.jay.co...@gmail.com

Dear Maintainer,

Gnome-Control-Center > Privacy > Device Security

Security Events:
Intel Management Engine Version
The Intel Management Engine controls device components and needs to have a
recent version to avoid security issues.

I booted into the BIOS and found that IME was already disabled and has been
since before the original Linux Install on this device.

SUGGESTION:
Can IME state be detected?
If so, is this still an issue?
If it is not an issue, then it should not be reported or it should be reported
differently and not treated as a Security Event Failure.

Disabling IME reports as LOCKED (see below). Which is why a valid IME version
is not being reported back.

So, if both IME Mode and IME Override report back Pass(Locked) and IME Version
reports back (Not Valid) then IME is Disabled, right?

Device Security Report
==

Report details
  Date generated:  2023-11-01 08:28:16
  fwupd version:   1.9.6

System details
  Hardware model:  Dell Inc. Latitude 7210
2-in-1
  Processor:   Intel(R) Core(TM) i7-10610U
CPU @ 1.80GHz
  OS:  Debian GNU/Linux trixie/sid
  Security level:  HSI:0! (v1.9.6)

HSI-1 Tests
  Firmware BIOS Region:Pass (Locked)
  UEFI Platform Key:   Pass (Valid)
  UEFI Bootservice Variables:  Pass (Locked)
  MEI Key Manifest:Pass (Valid)
  TPM v2.0:  ! Fail (Not Found)
  Firmware Write Protection Lock:  Pass (Enabled)
  Platform Debugging:  Pass (Not Enabled)
  Intel Management Engine Manufacturing Mode:  Pass (Locked)
  UEFI Secure Boot:Pass (Enabled)
  BIOS Firmware updates:   Pass (Enabled)
  Firmware Write Protection:   Pass (Not Enabled)
  Intel Management Engine Override:Pass (Locked)
  Intel Management Engine Version:   ! Fail (Not Valid)

HSI-2 Tests
  Platform Debugging:  Pass (Locked)
  Intel BootGuard ACM Protected:   Pass (Valid)
  IOMMU Protection:Pass (Enabled)
  Intel BootGuard Fuse:Pass (Valid)
  Intel GDS Mitigation:Pass (Enabled)
  BIOS Rollback Protection:  ! Fail (Not Enabled)
  Intel BootGuard Verified Boot:   Pass (Valid)
  Intel BootGuard: Pass (Enabled)

HSI-3 Tests
  Intel CET: ! Fail (Not Supported)
  Intel BootGuard Error Policy:Pass (Valid)
  Pre-boot DMA Protection: Pass (Enabled)
  Suspend To RAM:  Pass (Not Enabled)
  Suspend To Idle: Pass (Enabled)

HSI-4 Tests
  Encrypted RAM: ! Fail (Not Supported)
  Intel SMAP:  Pass (Enabled)

Runtime Tests
  Firmware Updater Verification:   Pass (Not Tainted)
  Linux Swap:! Fail (Not Encrypted)
  Linux Kernel Lockdown:   Pass (Enabled)
  Linux Kernel Verification:   Pass (Not Tainted)

Host security events
  2022-07-05 18:46:50   Intel Management Engine Versi! Fail (Valid → Not Valid)

For information on the contents of this report, see
https://fwupd.github.io/hsi.html


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-3-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-control-center depends on:
ii  accountsservice   23.13.9-4
ii  apg   2.2.3.dfsg.1-5+b2
ii  colord1.4.6-3
ii  desktop-base  12.0.6+nmu1
ii  desktop-file-utils0.26-1
ii  gnome-control-center-data 1:45.1-1
ii  gnome-desktop3-data   44.0-2
ii  gnome-settings-daemon 45.0-1
ii  gsettings-desktop-schemas 45.0-1
ii  libaccountsservice0   23.13.9-4
ii  libadwaita-1-01.4.0-1
ii  libc6 2.37-12
ii  libcairo2 1.18.0-1
ii  libcolord-gtk4-1  0.3.0-4
ii  libcolord21.4.6-3
ii  libcups2  2.4.7-1
ii

Bug#1055162: ITP: libhinoko -- I/O library for IEEE 1394 isochronous communication

2023-11-01 Thread Takashi Sakamoto

Package: wnpp
Severity: wishlist
Owner: Takashi Sakamoto 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libhinoko
  Version : 1.0.0
  Upstream Contact: Takashi Sakamoto 
* URL : https://git.kernel.org/pub/scm/libs/ieee1394/libhinoko.git/
* License : LGPL-2.1-or-later
  Programming Lang: C
  Description : I/O library for IEEE 1394 isochronous communication

This package contains library to operate 1394 OHCI hardware for
transmission of isochronous packets in IEEE 1394 bus. It is a sister
library of libhinawa (https://tracker.debian.org/pkg/libhinawa). Both
libraries provide application programming API to communicate with node
in IEEE 1394 bus. The libraries support GObject Introspection for
language bindings so that developers can select preferable programming
language for the communication.

I need some sponsors for the package in Debian project.

Bug#1053791: tbsync: Please provide a backport for bookworm

2023-11-01 Thread Mechtilde Stehmann

Control: retitle -1 tbsync: Provide a new version to bookworm (proposed 
update)


Tbsync, dav4tbsync and eas4tbsync are waiting for release at

https://release.debian.org/proposed-updates/stable.html

Kind regards

--
Mechtilde Stehmann
## Debian Developer
## PGP encryption welcome
## F0E3 7F3D C87A 4998 2899  39E7 F287 7BBA 141A AD7F


OpenPGP_signature.asc
Description: OpenPGP digital signature

1 2 >

1 - 100 of 140 matches

Mail list logo