Bug#1069772: pmbootstrap: description doesn't tell me what the package does

[Sam Hartman]

package: pmbootstrap
version: 2.2.1-1
severity: minor

The description should tell the user what postmarket OS is.  That is for
example more important than knowing the package uses alpine chroots in
determining whether this package is useful to me as a user.

--Sam

Bug#1069161: libfreetype-dev: Unable to install libfreetype-dev, depends on libpng16-16

[Laurent Cheylus]

Hi Hugh,

> This isn't a bug with freetype or libpng1.6. The problem is that
> you've mixed packages from two different distributions during a large
> and very complex transition.
> 
> Why are you installing packages from unstable (sid) on your testing
> system? As you've seen, that is a guaranteed way to cause breakage.

You're right: my installation looks like a "Franken Debian" mixing packages 
from testing and unstable repositories.
I'm using unstable because I needed to install VirtualBox and Firefox from 
unstable repositories (not available in testing).
 
> You need to remove the libpng packages from your system and then
> install the packages from testing. Then you will be able to install
> libfreetype-dev.

I solved my issue by removing unstable repository and packages installed from 
it. I replaced the installation for Firefox with official Mozilla repository 
and VirtualBox with "Fast Track" repo.

You can close this bug.

Thanks, Laurent

Bug#1069771: libslow5lib FTBFS on big endian architectures

[Helge Deller]

Source: libslow5lib
Version: 0.7.0+dfsg-2.1
Tags: ftbfs

build log reports:
[slow5_open_with::ERROR]
Big endian machine detected. slow5lib only supports little endian at this time. 
Please open a github issue stating your machine spec 
.

Full log is here:
https://buildd.debian.org/status/fetch.php?pkg=libslow5lib&arch=hppa&ver=0.7.0%2Bdfsg-2.1&stamp=1713388301&raw=0

I opened a ticket upstream:
https://github.com/hasindu2008/slow5lib/issues/88

Bug#1058888: pyferret FTBSF on several architectures: dh_install: error: missing files, aborting

[Colin Watson]

Control: retitle -1 pyferret FTBFS on several architectures: dh_install: error: 
missing files, aborting
Control: tag -1 patch

On Sun, Dec 17, 2023 at 08:24:07PM +0200, Adrian Bunk wrote:
> https://buildd.debian.org/status/logs.php?pkg=pyferret&ver=7.6.5-5
> 
> ...
>dh_install -a
> dh_install: warning: Cannot find (any matches for) 
> "debian/tmp/ext_func/pylibs" (tried in ., debian/tmp)
> 
> dh_install: warning: python3-ferret missing files: debian/tmp/ext_func/pylibs
>   install -m0755 -d debian/python3-ferret//usr/bin
>   cp --reflink=auto -a ./debian/pyferret3 debian/python3-ferret//usr/bin/
>   install -m0755 -d debian/python3-ferret//usr/lib/python3/dist-packages
>   cp --reflink=auto -a 
> ./debian/tmp/lib/python3.11/libpyferret.cpython-311-powerpc64le-linux-gnu.so 
> ./debian/tmp/lib/python3.12/libpyferret.cpython-312-powerpc64le-linux-gnu.so 
> ./install/local/lib/python3.11/dist-packages/__pycache__ 
> ./install/local/lib/python3.11/dist-packages/gcircle-7.65-py3.11.egg-info 
> ./install/local/lib/python3.11/dist-packages/gcircle.py 
> ./install/local/lib/python3.11/dist-packages/pipedviewer 
> ./install/local/lib/python3.11/dist-packages/pipedviewer-7.65-py3.11.egg-info 
> ./install/local/lib/python3.11/dist-packages/pyferret 
> ./install/local/lib/python3.11/dist-packages/pyferret-7.65-py3.11.egg-info 
> debian/python3-ferret//usr/lib/python3/dist-packages/
>   install -m0755 -d 
> debian/python3-ferret//usr/share/bash-completion/completions/
>   cp --reflink=auto -a ./debian/bash_completion.d/pyferret3 
> debian/python3-ferret//usr/share/bash-completion/completions//
> dh_install: error: missing files, aborting
> make: *** [debian/rules:8: binary-arch] Error 25

I've proposed
https://salsa.debian.org/science-team/pyferret/-/merge_requests/3 to fix
this.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#1069591: cyckle: Fails to start

[Konstantin L. Metlov]

This BUG was fixed in cycle 0.3.3. Please upgrade to

https://debian.pkgs.org/sid/debian-main-arm64/cycle_0.3.3-1_all.deb.html

Bug#1069770: elementpath: please update to latest upstream release

[Timo Röhling]

Source: elementpath
Version: 3.0.2-1
Severity: wishlist
Control: affects -1 src:python-xmlschema

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear maintainer,

I'd like to update python-xmlschema, but this needs to be coordinated with 
elementpath. Could you please update elementpath?


Cheers
Timo


-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEmwPruYMA35fCsSO/zIxr3RQD9MoFAmYpARMACgkQzIxr3RQD
9MpCrA/7BNJIB7+w7k/ImJY0i06BDhfT6HTITaxHjoqL6+i43nsTRUASel2cbhvM
B+inRa03W8/QlQr0TkI7gurrIZwujerP0Ux3z1OBQAIGflGFU3yTQuSwj1WVXJU8
PIJ71fDhTegYqUA65R9QT3KOvVkCq+5P87TFy8hl2AVOvBsxkK9rGsut6KlFconf
+fYzbJEtaBQmMSKVt0ZzRVxpXcWVuH5T3JWclwdpZTREquLj4sb5iN+sCKK7m7k2
cGlm/1egm26jWk2O5YlxZGR1PldnEeJ2DaYobbz8SbRQMJmEoGhnH4GyH4YdYFBz
o3i3y2O44NUniV7jM63hQDCuYQ6CUROxe+2kce2tfsIJNc84CH4Q88bHAXGo5AYw
cfVmzYSppyQshYYAWz0FMxN3n0x2itB0EsBpHT+niDdxWLQj28IH0Dhprlprmx3E
ujAXi9nJnQexkWxUzMH1S5Q3gx+xYMI/WJF1dJ4BCV8heR85LUvJQQmmWP8inTiJ
LHfbrAsV13R+mjywFo4UvoyY97GvoGGECKXjrz0LXplbvoV6vQFrQ8QQgNu5zFQs
zgjkyYGJqwuHczan2aGMF/EnvfYTGxaH7ZeoLiuov+fSwbTITA59b+cgzoJ1u0HK
T3NR11xcBJdtvHVWmsEe7/18VDd4c3uDW38EN6viyPbCO5b2Gpk=
=j4DF
-END PGP SIGNATURE-

Bug#1069769: haskell-versions: Disable RTS -N on loong64

[zhangdandan]

Source: haskell-versions
Version: 6.0.2-1
Severity: normal
Tags: ftbfs patch
User: debian-loonga...@lists.debian.org
Usertags: loong64

Dear maintainers,

Compiling the haskell-versions failed for loong64 in the Debian Package 
Auto-Building environment.

The error log is as follows,
```
Running 1 test suites...
Test suite versions-test: RUNNING...
versions-test: unknown RTS option: -N
versions-test:
versions-test: Usage:   [+RTS  | -RTS ] ... 
--RTS 

versions-test:
```

The Full log can be found at 
https://buildd.debian.org/status/logs.php?pkg=haskell-versions&ver=6.0.2-1&arch=loong64.


We need to disable -with-rtsopts=-N option on loongarch64.
I have built haskell-versions successfully in my local ENV.
Please consider the patch I attached.
Your opinions are welcome.

Thanks,
Dandan Zhang

Description: Disable RTS -N on loong64 
Last-Update: 2024-04-24

--- haskell-versions-6.0.2.orig/versions.cabal
+++ haskell-versions-6.0.2/versions.cabal
@@ -58,7 +58,7 @@ test-suite versions-test
   type:   exitcode-stdio-1.0
   main-is:Test.hs
   hs-source-dirs: test
-  if arch(arm) || arch(mips) || arch(s390x) || arch(i386) || arch(riscv64)
+  if arch(arm) || arch(mips) || arch(s390x) || arch(i386) || arch(riscv64) || arch(loongarch64)
 ghc-options:-threaded
   else
 ghc-options:-threaded -with-rtsopts=-N

Bug#1069768: dropbear-initramfs becomes unresponsive after several connection attempts

[Lee Garrett]

Package: dropbear-initramfs
Version: 2022.83-1+deb12u1
Severity: normal
X-Debbugs-Cc: deb...@rocketjump.eu

Hi,

I have a remote server running bookworm that is configured to use
dropbear-initramfs and cryptsetup-initramfs to unlock the LUKS container. The
way I unlock it is shown below:

$ until ssh r...@hopper-boot.rocketjump.eu cryptroot-unlock; do sleep 3; done
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection refused
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
ssh: connect to host hopper-boot.rocketjump.eu port 22: Connection timed out
Please unlock disk md2_crypt
Timeout, server hopper-boot.rocketjump.eu not responding.
Please unlock disk md2_crypt
Timeout, server hopper-boot.rocketjump.eu not responding.
Please unlock disk md2_crypt
Timeout, server hopper-boot.rocketjump.eu not responding.
Timeout, server hopper-boot.rocketjump.eu not responding.
Timeout, server hopper-boot.rocketjump.eu not responding.
Timeout, server hopper-boot.rocketjump.eu not responding.

^C^C

As you can see, while rebooting the connection is refused, as sshd is already
shutdown, but the server is reachable. Then the connection times out while it's
still doing a POST. At some point dropbear becomes reachable, as shown by the
output of "Please unlock disk md2_crypt", however the connection seems to error
out after a while, and after three attempts, dropbear becomes unresponsive. This
forces me to hard reset the server and try again until I catch it in the right
moment.

After some debugging, it turns out that ServerAliveInterval != 0 will cause the
ssh client to reset the connection, which dropbear will count as unlock attempt,
and after three tries it will fail and drop to initramfs shell, after which it's
not reachable anymore.

It would be great to prominently document that dropbear(-initramfs) does not
handle the ServerAliveInterval ssh client setting.

Greets,
Lee


-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'proposed-updates'), (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-20-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dropbear-initramfs depends on:
ii  busybox  1:1.35.0-4+b3
pn  dropbear-bin 
ii  initramfs-tools  0.142
ii  udev 252.23-1~deb12u1

Versions of packages dropbear-initramfs recommends:
ii  cryptsetup-initramfs  2:2.6.1-4~deb12u2

dropbear-initramfs suggests no packages.

Bug#1034483: dmidecode: CVE-2023-30630

[Petter Reinholdtsen]

Any hope to have this CVE issue fixed in stable and oldstable as well?

If not, I suspect this BTS report should be closed.
-- 
Happy hacking
Petter Reinholdtsen

Bug#1069767: dmidecode: New upstream version 3.6 available

[Petter Reinholdtsen]

Package: dmidecode
Version: 3.5
Severity: wishlist

A new version was just released.

 Start of forwarded message 
Date: Wed, 24 Apr 2024 14:19:28 +0200
From: Jean Delvare 
To: dmidecode-de...@nongnu.org
Subject: Dmidecode 3.6 has been released

Hi all,

Dmidecode 3.6 was released today. The changes from 3.5 are as follows:
  - [PORTABILITY] Use -DALIGNMENT_WORKAROUND on arm.
  - [PORTABILITY] Read SMBIOS entry point via kenv on DragonFly BSD.
  - Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
  - Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
  - Add bash completion.
  - Decode HPE OEM records 197, 239 and 245.
  - Implement options --list-strings and --list-types.
  - Update HPE OEM records 203, 212, 216, 221, 233, 236, 237, 238 and 242.
  - Update Redfish support.
  - Bug fixes:
Fix option --from-dump for user root
Fix enabled slot characteristics not being printed
  - Minor improvements:
Print slot width on its own line
Use standard strings for slot width

This new release is available for download from the usual place:
  http://download.savannah.gnu.org/releases/dmidecode/dmidecode-3.6.tar.xz
  http://download.savannah.gnu.org/releases/dmidecode/dmidecode-3.6.tar.xz.sig

Please allow for up to 24 hours before the files propagate to all
mirrors.

-- 
Jean Delvare
SUSE L3 Support

 End of forwarded message 

Bug#1069766: mp3splt: please add support for loong64

[wuruilong]

Source: mp3splt
Severity: normal
Tags: patch
User: debian-loonga...@lists.debian.org
Usertags: loong64
X-Debbugs-Cc: wuruil...@loongson.cn

Dear Maintainer,

mp3splt compiles incorrectly on loongarch, the attached patch has solved the 
problem, please refer to the patch to modify the code

wuruilong

-- System Information:
Debian Release: trixie/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'unstable')
Architecture: loong64 (loongarch64)

Kernel: Linux 5.10.0-60.96.0.126.oe2203.loongarch64 (SMP w/32 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
--- mp3splt-2.6.2+20170630-origin/debian/rules  2023-08-29 21:53:19.0 
+
+++ mp3splt-2.6.2+20170630/debian/rules 2024-04-24 12:07:59.539387477 +
@@ -85,6 +85,8 @@
 
 
 $(lib_objdir)/config.status: libmp3splt/configure
+   dh_update_autotools_config
+   dh_autoreconf
dh_testdir
mkdir -p $(lib_objdir)
cd $(lib_objdir) && \
@@ -107,6 +109,8 @@
 lib_ldflags = -L$(CURDIR)/$(lib_objdir)/src/.libs -lmp3splt
 
 $(cli_objdir)/config.status: mp3splt/configure
+   dh_update_autotools_config
+   dh_autoreconf
dh_testdir
mkdir -p $(cli_objdir)
cd $(cli_objdir) && \
@@ -127,6 +131,8 @@
|| (cat config.log; exit 1)
 
 $(gui_objdir)/config.status: mp3splt-gtk/configure
+   dh_update_autotools_config
+   dh_autoreconf
dh_testdir
mkdir -p $(gui_objdir)
cd $(gui_objdir) && \

Bug#1069765: haskell-termonad: please add support for loong64

[wuruilong]

Source: haskell-termonad
Severity: normal
Tags: patch
User: debian-loonga...@lists.debian.org
Usertags: loong64
X-Debbugs-Cc: wuruil...@loongson.cn

Dear Maintainer,

haskell-termonad compiles incorrectly on loongarch, the attached patch has 
solved the problem, please refer to the patch to modify the code

wuruilong

-- System Information:
Debian Release: trixie/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'unstable')
Architecture: loong64 (loongarch64)

Kernel: Linux 5.10.0-60.96.0.126.oe2203.loongarch64 (SMP w/32 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Description: 
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 haskell-termonad (4.5.0.0-1) unstable; urgency=medium
 .
   [ Ilias Tsitsimpis ]
   * Declare compliance with Debian policy 4.6.2
 .
   [ Clint Adams ]
   * New upstream release
Author: Clint Adams 

---
The information above should follow the Patch Tagging Guidelines, please
checkout https://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: (upstream|backport|vendor|other), (|commit:)
Bug: 
Bug-Debian: https://bugs.debian.org/
Bug-Ubuntu: https://launchpad.net/bugs/
Forwarded: (no|not-needed|)
Applied-Upstream: , (|commit:)
Reviewed-By: 
Last-Update: 2024-04-24

--- haskell-termonad-4.5.0.0.orig/termonad.cabal
+++ haskell-termonad-4.5.0.0/termonad.cabal
@@ -148,7 +148,10 @@ executable termonad
   build-depends:   base
  , termonad
   default-language:Haskell2010
-  ghc-options: -Wall -threaded -rtsopts -with-rtsopts=-N
+  if arch(loongarch64)
+ ghc-options: -Wall -threaded -rtsopts 
+  else
+ ghc-options: -Wall -threaded -rtsopts -with-rtsopts=-N
 
 test-suite doctests
   type:exitcode-stdio-1.0
@@ -177,7 +180,10 @@ test-suite termonad-test
  , tasty-hedgehog
  , tasty-hspec
   default-language:Haskell2010
-  ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
+  if arch(loongarch64)
+ ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts
+  else
+ ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
   default-extensions:  DataKinds
  , GADTs
  , GeneralizedNewtypeDeriving
@@ -207,7 +213,10 @@ executable termonad-readme
  , colour
   ghc-options: -pgmL markdown-unlit
   default-language:Haskell2010
-  ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
+  if arch(loongarch64)
+ ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts 
+  else
+ ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
 
   if flag(buildexamples)
 buildable: True
@@ -220,7 +229,10 @@ executable termonad-example-colour-exten
  , termonad
  , colour
   default-language:Haskell2010
-  ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
+  if arch(loongarch64)
+ ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts 
+  else
+ ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
 
   if flag(buildexamples)
 buildable: True
@@ -233,7 +245,10 @@ executable termonad-example-colour-exten
  , termonad
  , colour
   default-language:Haskell2010
-  ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
+  if arch(loongarch64)
+ ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts 
+  else 
+ ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
 
   if flag(buildexamples)
 buildable: True
@@ -246,7 +261,10 @@ executable termonad-example-colour-exten
  , termonad
  , colour
   default-language:Haskell2010
-  ghc-options: -Wall -Wincomplete-uni-patterns 
-Wincomplete-record-updates -threaded -rtsopts -with-rtsopts=-N
+  if arch(loongarch64)
+   

Bug#1069764: python-flask-cors: CVE-2024-1681

[Moritz Mühlenhoff]

Source: python-flask-cors
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for python-flask-cors.

CVE-2024-1681[0]:
| corydolphin/flask-cors is vulnerable to log injection when the log
| level is set to debug. An attacker can inject fake log entries into
| the log file by sending a specially crafted GET request containing a
| CRLF sequence in the request path. This vulnerability allows
| attackers to corrupt log files, potentially covering tracks of other
| attacks, confusing log post-processing tools, and forging log
| entries. The issue is due to improper output neutralization for
| logs.

https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644
https://github.com/corydolphin/flask-cors/issues/349


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-1681
https://www.cve.org/CVERecord?id=CVE-2024-1681

Please adjust the affected versions in the BTS as needed.

Bug#1069763: matrix-synapse: CVE-2024-31208

[Moritz Mühlenhoff]

Source: matrix-synapse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for matrix-synapse.

CVE-2024-31208[0]:
| Synapse is an open-source Matrix homeserver. A remote Matrix user
| with malicious intent, sharing a room with Synapse instances before
| 1.105.1, can dispatch specially crafted events to exploit a weakness
| in the V2 state resolution algorithm. This can induce high CPU
| consumption and accumulate excessive data in the database of such
| instances, resulting in a denial of service. Servers in private
| federations, or those that do not federate, are not affected. Server
| administrators should upgrade to 1.105.1 or later. Some workarounds
| are available. One can ban the malicious users or ACL block servers
| from the rooms and/or leave the room and purge the room using the
| admin API.

https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
 (v1.105.1)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-31208
https://www.cve.org/CVERecord?id=CVE-2024-31208

Please adjust the affected versions in the BTS as needed.

Bug#1069762: pdns-recursor: CVE-2024-25583

[Moritz Mühlenhoff]

Source: pdns-recursor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for pdns-recursor.

CVE-2024-25583[0]:
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of service in Recursor
https://www.openwall.com/lists/oss-security/2024/04/24/1 


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-25583
https://www.cve.org/CVERecord?id=CVE-2024-25583

Please adjust the affected versions in the BTS as needed.

Bug#1069761: O: httest - HTTP test tool

[Eva Ramon]

Package: wnpp
Severity: normal
Version: 2.4.23-2

Dear Debian Developers,
unfortunately I can't take care of this package anymore. Furthermore,
there have been no upstream releases in the last couple of years.
Thank you

Bug#1059101: upstream bug

[David Edmondson]

tag 1059101 + upstream
thanks

This is bug#70122 upstream, and Braun & Eli are converging on a fix
there.
-- 
Any social occasion, it's hello, how do you do.

Bug#1069066: LIMITS_H_TEST is frequently wrong on Debian

[Matthias Klose]

Control: tags -1 - patch


As a result I suggest that we also move forward with my proposed
LIMITS_H_TEST replacement in Debian. Upstream gcc fails to move forward
here and the problem affects Debian in particular due to our use of
multiarch and our changing of the compiler search path. Would you agree
to carry this as a Debian patch until gcc manages to fix it one way or
another?


Sorry, but AFAICS, you didn't submit the patch upstream for review.  You 
opened a bug report, but didn't send it out for review on the 
gcc-patches ML.  You also didn't CC me or other Debian GCC Maintainers 
in the upstrem bug report, and only opened a Debian bug report after 
seven years having the upstream bug report.  I'm glad to help if you 
have questions how to submit upstream patches.



I've been using this last iteration of the patch for quite a
while now and didn't have any misdetections since.


yes, you used it in the context of Debian cross builds in a multiarch 
environment.  No other context.


Filing a bug report seven years ago, having a proposed unreviewed patch, 
and then claiming that upstream is not moving forward is a bit odd.


Please could you properly address the issue upstream to get it applied 
there first? I'm happy to backport it to GCC 14 once it's accepted upstream.


Matthias

Bug#1069760: linux-headers-6.1.0-20-amd64: WWAN adapter (Modem) is not found after update to this kernel

[Serge Polyakov]

Package: linux-headers-6.1.0-20-amd64
Version: 6.1.85-1
Severity: important
X-Debbugs-Cc: beer-b...@yandex.ru

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

After updating stable Debian to the latest version my laptop Thinkpad X390
loses modem device.
After sleep or even after reboot Settings don't have Mobile Network tab and
icon for Mobile Network is  disappeared from panels on Gnome Desktop (right top
corner)

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

1. In Gnome desktop search for Mobile Network
2. Launch it.
3. Mobile Network appears in Settings again but have "No WWAN Adapter found"
status.
4. Launch Network Manager
5. Save existing Mobile Broadband configuration.
6. It CAN fixes and Modem is back, or nothing has changed.

I haven't determine solution for sure.

   * What was the outcome of this action?

   * What outcome did you expect instead?
*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-20-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-headers-6.1.0-20-amd64 depends on:
ii  linux-compiler-gcc-12-x86  6.1.85-1
ii  linux-headers-6.1.0-20-common  6.1.85-1
ii  linux-kbuild-6.1   6.1.85-1

linux-headers-6.1.0-20-amd64 recommends no packages.

linux-headers-6.1.0-20-amd64 suggests no packages.

-- no debconf information

Bug#1066355: Re: spotlighter: FTBFS: spotlighter.c:105:3: error: implicit declaration of function ‘on_window_screen_changed’ [-Werror=implicit-function-declaration]

[Andreas Rönnquist]

Control: tags -1 pending

On Mon, 15 Apr 2024 13:47:04 +1200 Vladimir Petko  wrote:
> Dear Maintainer,
> 
> Would it be possible to consider the attached patch as the solution for the
> issue?
> 
> In Ubuntu, the attached patch was applied to achieve the following:
> 
>   * d/p/2_ftbfs_implicit_declaration.patch: declare callback to
> resolve -Werror=implicit-function-declaration ftbfs (LP: #2061331).
> 
> 
> Thanks for considering the patch.
> 


Thank you very much for the patch! I intend to 0-day nmu this later
today to help with the time_t transition, debdiff attached.

best
/Andreas Rönnquist
gus...@debian.org


spotlighter_nmu.debdiff
Description: Binary data


pgpx2FOZIYWin.pgp
Description: OpenPGP digital signatur

Bug#1069759: alabaster: Please update to the latest upstream version

[Dmitry Shachnev]

Source: alabaster
Version: 0.7.12-1
Severity: wishlist

Dear Maintainer,

Sphinx now requires alabaster 0.7.14 or newer [1]. It would be nice if you
packaged the latest version, which is 0.7.16 at the moment [2].

I can prepare a pull request if needed.

[1]: https://github.com/sphinx-doc/sphinx/pull/11858
[2]: https://pypi.org/project/alabaster/

--
Dmitry Shachnev


signature.asc
Description: PGP signature

Bug#1069758: www.debian.org: upgrade procedure instructs users to run “apt update” but neglects upgrading

[Manny]

Package: www.debian.org
Severity: normal
X-Debbugs-Cc: debbug.www.debian@sideload.33mail.com

The Bookworm release notes instruct users to “upgrade” to the latest point 
release of Bullseye prior to upgrading to Bookworm:

  
https://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.en.html#upgrade-to-latest-point-release

When following that link, the article says to do an “apt update” then neglects 
to tell users to perform the upgrade.

Bug#1069751: gvfs-daemons: gvfsd-network fills the logs with errors

[Simon McVittie]

On Wed, 24 Apr 2024 at 09:24:14 +0200, Francesco Potortì wrote:
> 2024-04-23T04:21:41.887252+02:00 tucano gvfsd-wsdd[1507271]: Failed to spawn 
> the wsdd daemon: Failed to execute child process “wsdd” (No such file or 
> directory)
> 2024-04-23T04:21:41.887324+02:00 tucano gvfsd-network[318402]: Couldn't 
> create directory monitor on wsdd:///. Error: Automount failed: Failed to 
> spawn the underlying wsdd daemon.
> 
> The above sequence is repeated every 15 s

This should be fixed by 1.54.x from unstable, when it migrates to testing
(upstream commit "wsdd: Print debug info only if GVFS_WSDD_DEBUG is set").
That's currently blocked by the 64-bit time_t transition, but according to
the latest update from the release team, packages should start migrating
again soon.

> 2024-04-23T04:55:28.315700+02:00 tucano gvfsd-network[318402]: GFileInfo 
> created without standard::content-type
> 2024-04-23T04:55:28.315722+02:00 tucano gvfsd-network[318402]: file 
> ../../../gio/gfileinfo.c: line 1822 (g_file_info_get_content_type): should 
> not be reached
> 2024-04-23T04:55:28.315743+02:00 tucano gvfsd-network[318402]: 
> g_ref_string_new_intern: assertion 'str != NULL' failed

This might be fixed by 1.54.x too.

smcv

Bug#1068680: din: Process 166294 (din) of user 1000 dumped core

[Bernhard Übelacker]

Hello Cláudio,
I am not maintainer of the din package, just reading through some crash reports.

Unfortunately I cannot follow your claim "The crash occurred in the module 
libzstd.so.1".
None of the 5 threads show a frame inside libzstd.
It seems just listed in the Module list.

Thread 166294 shows all the last frames in the din executable,
all other visible threads may just be "waiting", therefore the epoll_wait frame.

I would suggest to install systemd-coredump and gdb if not happened yet.

If it was, following sequence of command should enable the debugger to load
debug information for involved executables and print out function names
with source file and line number information.

export DEBUGINFOD_URLS="https://debuginfod.debian.net";
coredumpctl gdb 166294
  y
  thread apply all bt full
  quit

This downloads several megabytes into $HOME/.cache/debuginfod_client.

And would show way more details for the maintainer to look at.


I tried to reconstruct the line information to your first thread,
which I suspect is the crashing one.


More information about debugging crashes can be found in this page:
https://wiki.debian.org/HowToGetABacktrace

Kind regards,
Bernhard




Stack trace of thread 166294:
#0  0x5617dbae42ab n/a (din + 0xc02ab)in font::draw_char(char, int, 
int, int) at ./src/font.cc:203
#1  0x5617dbae4a75 n/a (din + 0xc0a75)in draw_string(std::__cxx11::basic_string, std::allocator > const&, int, int, int) at 
./src/font.cc:220
#2  0x5617dba8c2e4 n/a (din + 0x682e4)in options_list::draw() at 
./src/options_list.h:93
#3  0x5617dbb73b55 n/a (din + 0x14fb55)   in settings::draw() at 
./src/settings.cc:281
#4  0x5617dbb8aab0 n/a (din + 0x166ab0)   in ui_list::draw() at 
./src/ui.cc:151
#5  0x5617dba5a15b main (din + 0x3615b)   in main(int, char**) at 
./src/main.cc:1606

https://sources.debian.org/src/din/56-1/src/font.cc/#L203

Bug#1068649: winbind: Should be wanted by and ordered before nss-user-lookup.target

[Michael Tokarev]

08.04.2024 17:27, Magnus Holmgren wrote:

Package: winbind
Version: 2:4.17.12+dfsg-0+deb12u1

I'm not entirely sure, but I think winbind.service should include

[Unit]
Wants=nss-user-lookup.target
Before=nss-user-lookup.target

systemd.special(7) says:

"All services which provide parts of the user/group database should be ordered
before this target, and pull it in."

and winbind does provide parts of the user/group database (as long as it's
mentioned in nsswitch.conf, but typically that's the point, isn't it?).


This is a grey area (to me anyway).  Myself, I tend to avoid this sort of 
dependencies
as much as possible.  Since winbind itself is ordered after network.target, 
we're
at risk to make login impossible until network is up, and network might not be 
up
until, say, wifi is running, etc.


We've had trouble with cron not running some jobs for a good while, and I just
now figured out that it's because we have some jobs configured to run as Samba
users, and cron started before winbind on boot and complained about invalid
users.


Please note how /etc/init.d/cron is set up: cron itself is ordered after 
winbindd.
Maybe this is not a nice as systemd variant which you outlined above, but in my
view it is more reliable.

Or maybe not, - cron often used to run @reboot jobs to start services...  which 
is
a bad idea anyway :)

But I dunno what to do here.

Thanks,

/mjt

Bug#1069757: kafs-client: please add support for loong64

[wuruilong]

Source: kafs-client
Severity: normal
Tags: patch
User: debian-loonga...@lists.debian.org
Usertags: loong64
X-Debbugs-Cc: wuruil...@loongson.cn

Dear Maintainer,

kafs-client compiles incorrectly on loongarch, the attached patch has solved 
the problem, please refer to the patch to modify the code

wuruilong

-- System Information:
Debian Release: trixie/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'unstable')
Architecture: loong64 (loongarch64)

Kernel: Linux 5.10.0-60.96.0.126.oe2203.loongarch64 (SMP w/32 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
diff -Nru kafs-client-0.5/debian/changelog kafs-client-0.5/debian/changelog
--- kafs-client-0.5/debian/changelog2023-02-06 04:48:30.0 +0800
+++ kafs-client-0.5/debian/changelog2024-01-06 18:35:32.0 +0800
@@ -1,3 +1,9 @@
+kafs-client (0.5-4.1) UNRELEASED; urgency=medium
+
+  * Fix build failure casued by unrecognized flag "-m64"
+
+ -- Gui-Yue   Sat, 06 Jan 2024 18:35:32 +0800
+
 kafs-client (0.5-4) unstable; urgency=medium
 
   [ Bill MacAllister ]
diff -Nru kafs-client-0.5/debian/patches/fix_unrecognized-flag-m64.patch 
kafs-client-0.5/debian/patches/fix_unrecognized-flag-m64.patch
--- kafs-client-0.5/debian/patches/fix_unrecognized-flag-m64.patch  
1970-01-01 08:00:00.0 +0800
+++ kafs-client-0.5/debian/patches/fix_unrecognized-flag-m64.patch  
2024-01-06 18:35:32.0 +0800
@@ -0,0 +1,23 @@
+Description: Fix bug report #976557
+--- a/Makefile
 b/Makefile
+@@ -30,7 +30,7 @@
+ CFLAGS+= -m32
+ else
+ ifeq ($(BUILDFOR),64-bit)
+-CFLAGS+= -m64
++CFLAGS+=
+ endif
+ endif
+ 
+--- a/src/Makefile.config
 b/src/Makefile.config
+@@ -48,7 +48,7 @@
+ CFLAGS+= -m32
+ else
+ ifeq ($(BUILDFOR),64-bit)
+-CFLAGS+= -m64
++CFLAGS+=
+ endif
+ endif
+ 
diff -Nru kafs-client-0.5/debian/patches/series 
kafs-client-0.5/debian/patches/series
--- kafs-client-0.5/debian/patches/series   2023-02-06 04:48:30.0 
+0800
+++ kafs-client-0.5/debian/patches/series   2024-01-06 18:34:25.0 
+0800
@@ -18,3 +18,4 @@
 0018-rxrpc-pod.patch
 0019-kafs-dns-pod.patch
 auto-gitignore
+fix_unrecognized-flag-m64.patch

Bug#1068502: Dead upstream and broken, remove or switch to a fork?

[Timo Röhling]

Hi,

I have uploaded a patch that fixes the FTBFS bug with flake8 >= 7,
so we have a bit of breathing room for now.

The pytest-flake8 fork has been archived already; the author states 
[1]:
I am no longer invested into the flake8 as a tool, as I have moved 
to using ruff.


And I strongly recommend running QC tools as a separate step. 
Integrating flake8 into the unittest framework looks like a false 
economy to me nowdays.


I tend to agree and think we should work towards removing this 
package. There are only five reverse dependencies anyway:


 $ build-rdeps python3-pytest-flake8
 Reverse Build-depends in unstable/main:
 ---

 cvise
 pytest-pylint
 python-cssselect2
 python-tinycss2
 rpmlint

 Found a total of 5 reverse build-depend(s) for 
 python3-pytest-flake8.


Cheers
Timo

[1] https://github.com/VRGhost/pytest-flake8

--
⢀⣴⠾⠻⢶⣦⠀   ╭╮
⣾⠁⢠⠒⠀⣿⡁   │ Timo Röhling   │
⢿⡄⠘⠷⠚⠋⠀   │ 9B03 EBB9 8300 DF97 C2B1  23BF CC8C 6BDD 1403 F4CA │
⠈⠳⣄   ╰╯


signature.asc
Description: PGP signature

Bug#1069756: readability: build time test error: lxml.html.clean module is now a separate project lxml_html_clean

[Étienne Mollier]

Source: readability
Version: 0.8.1+dfsg1-3
Severity: serious
Tags: ftbfs
Justification: ftbfs

Dear Maintainer,

Attempt to run readability tests at build time results in the
following error:

==
ERROR: readability (unittest.loader._FailedTest.readability)
--
ImportError: Failed to import test module: readability
Traceback (most recent call last):
  File "/usr/lib/python3.11/unittest/loader.py", line 452, in 
_find_test_path
package = self._get_module_from_name(name)
  
  File "/usr/lib/python3.11/unittest/loader.py", line 362, in 
_get_module_from_name
__import__(name)
  File 
"/<>/.pybuild/cpython3_3.11/build/readability/__init__.py", line 
3, in 
from .readability import Document
  File 
"/<>/.pybuild/cpython3_3.11/build/readability/readability.py", 
line 11, in 
from .cleaners import clean_attributes
  File 
"/<>/.pybuild/cpython3_3.11/build/readability/cleaners.py", line 
3, in 
from lxml.html.clean import Cleaner
  File "/usr/lib/python3/dist-packages/lxml/html/clean.py", line 18, in 

raise ImportError(
ImportError: lxml.html.clean module is now a separate project 
lxml_html_clean.
Install lxml[html_clean] or lxml_html_clean directly.

As far as I could witness, replacing the python3-lxml build
dependency by python3-lxml-html-clean resolved the issue at
least for the bulid time test.  The package is subject to
autodep8 python3 test, which raises that the binary package will
also need it dependencies adjusted; this suggests the setup.py
would probably need patching so this is addressed appropriately
at a larger scale than Debian's.  The missing dependency on
python3-lxml-html-clean is also causing a regression in offpunk
autopkgtest[1], although that could be easily worked around by
pulling the missing dependency there.

[1]: https://ci.debian.net/packages/o/offpunk/unstable/amd64/44684161/

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier 
 : :' :  pgp: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/4, please excuse my verbosity
   `-on air: Mike Oldfield - Lion


signature.asc
Description: PGP signature

Bug#1069729: bsdgames: Please keep quiz

[Dr. Tobias Quathamer]

Am 23.04.24 um 21:42 schrieb Kacper Gutowski:

Dear Maintainer,

Recently quiz(6) was removed from the package.
I understand that the plan is to switch to a different fork linked in
changelog whose developers consider quiz(6) to be "just plain junk."
I can't say I understand that rationale, or why does it apply to quiz(6)
but not to arithmetic(6), for example. But seeing that pom(6) was
retained despite that fork disliking it, I would like to request
that quiz(6) is kept packaged as well. I find it useful.


Hi Kacper,

thanks for your bug report. I'll admit that the removal of all those 
programs has been a test to see if those programs are still in use. As 
long as I don't actually switch "upstream", I can revert all those 
removals quite easily.


So apparently, at least two programs are missed if I remove them. I've 
re-added quiz now as well, it'll get uploaded shortly.


Regards,
Tobias



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1069753: libuv1: y2k38 known upstream issue on 32-bits archs

[Jérémy Lal]

Potentially impacted packages...

Reverse Build-depends in testing/main:
--

ardour
bind9
chiark-utils
cmake
cowsql
csound-plugins
dnsjit
dnswire
dqlite
driftnet
getdns
golang-github-evanw-esbuild
h2o
haxe
hddemux
ipywidgets
janus
jupyterlab
kamailio
knot-resolver
libstorj
libwebsockets
lomiri-calculator-app
lua-luv
macaulay2
moarvm
mosquitto
node-emotion
node-fbjs
node-grunt-sass
node-gulp-sass
node-iconv
node-ipydatagrid
node-jasmine
node-jupyterlab
node-libpq
node-modern-syslog
node-nan
node-node-pty
node-node-sass
node-nouislider
node-opencv
node-pre-gyp
node-re2
node-react
node-react-toastify
node-rollup-plugin-sass
node-shiny-server
node-sqlite3
node-stdlib
node-vega-embed
node-vega-tooltip
node-ws
node-zx
nodejs
npm
nqp
ocaml-luv
passenger
pcp
pipewire
polybar
python-gevent
r-cran-fs
r-cran-httpuv
r-cran-v8
raft
rakudo
roc-toolkit
rtpengine
seafile
select2.js
siridb-server
swupdate
tensorpipe
uvloop

Found a total of 76 reverse build-depend(s) for libuv1-dev.

Le mer. 24 avr. 2024 à 09:51, Jérémy Lal  a écrit :

> Package: libuv1
> Version: 1.48.0-1
> Severity: important
>
> Hi Dominique,
>
> on 32-bits archs, nodejs fails some y2k38 tests.
>
> It is a well-known issue that has been fixed in libuv master branch,
> https://github.com/libuv/libuv/issues/3864
> but might not be fixed anytime soon in 1.x branch.
>
> Indeed, fixing it breaks API.
>
> However, in Debian, I think we can just do that, as long as we patch
> reverse dependencies on libuv1.
>
> What do you think about that ?
>
>
> -- System Information:
> Debian Release: trixie/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 6.6.15-amd64 (SMP w/4 CPU threads; PREEMPT)
> Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE not
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages libuv1 depends on:
> ii  libc6  2.37-15
>
> libuv1 recommends no packages.
>
> libuv1 suggests no packages.
>
> -- no debconf information
>
>

Bug#1069754: screenshot

[Russell Coker]

The attached image shows the results of cating a file containing emoji in both 
kitty and konsole and using CTRL-+ repeatedly to change the size, kitty scales 
the emoji with the text and konsole doesn't.

I don't think the config option to set the emoji font size should even exist, 
it should just be scaled to the text.

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/

Bug#1063758: spamd: /etc/init.d/spamd still uses --name instead of --exec

[Alessandro Vesely]

On Tue 23/Apr/2024 18:39:00 +0200 Noah Meyerhans wrote:

On Sun, Apr 14, 2024 at 02:09:05PM +0200, Alessandro Vesely wrote:

Sorry for the delay.  Today a new kernel image was loaded, so I had to
reboot. I attach a screenshot of the closing session.  Near the bottom, it
says:

Stopping S.M.A.R.T. daemon smartd.
Stopping SpamAssassin Mail Filter Daemon spamd.
start-stop-daemon: warning: this system is not able to track process names
longer than 15 characters. please use --exec instead of --name.

Next it hangs there for several seconds (~30).  The next string says:

Asking all remaining processes to terminate...done.

Is it not SpamAssassin causing that warning?


If it is, it doesn't do it on Debian.  Even with sysvinit, though, the
stop jobs during shutdown run in parallel, so that message may be coming
from somewhere else.

If you manually stop spamassassin with `/etc/init.d/spamd stop`, do you
get the same warning?



Good question!  No, I don't.  It stops cleanly and quickly.

Sorry for the noise.
Ale

Bug#1069755: libntlm0: broken symlink: README -> README.md

[Paul Wise]

Package: libntlm0
Version: 1.8-2
Severity: normal
File: /usr/share/doc/libntlm0/README
User: debian...@lists.debian.org
Usertags: adequate broken-symlink

libntlm0 1.8-2 introduced a broken symlink:
   
   /usr/share/doc/libntlm0/README -> README.md

This appears to be because upstream switched README to a symlink to
README.md and debian/libntlm0.docs was not updated to use README.md.

-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental'), 
(500, 'stable-updates'), (500, 'stable-security-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), 
(500, 'proposed-updates'), (500, 'buildd-proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libntlm0:amd64 depends on:
ii  libc6  2.37-18

libntlm0:amd64 recommends no packages.

libntlm0:amd64 suggests no packages.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1069754: konsole: The emoji font isn't scaled when you use CTRL-+ and CTRL-- to scale fonts

[Russell Coker]

Package: konsole
Version: 4:23.08.1-1+b1
Severity: normal
Tags: upstream

If you need to temporarily change the font size for a Konsole window and use
CTRL-+ or CTRL-- it only changes the font size for ASCII characters not for
emoji.

I'll send a screenshot after the bug is created.

-- System Information:
Debian Release: trixie/sid
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages konsole depends on:
ii  kio5.107.0-1+b2
ii  konsole-kpart  4:23.08.1-1+b1
ii  libc6  2.37-18
ii  libkf5configcore5  5.107.0-1+b2
ii  libkf5configwidgets5   5.107.0-2+b2
ii  libkf5coreaddons5  5.107.0-1+b2
ii  libkf5crash5   5.107.0-1+b2
ii  libkf5dbusaddons5  5.107.0-1+b2
ii  libkf5globalaccel-bin  5.107.0-2+b2
ii  libkf5globalaccel5 5.107.0-2+b2
ii  libkf5guiaddons5   5.107.0-1+b2
ii  libkf5i18n55.107.0-1+b2
ii  libkf5kiowidgets5  5.107.0-1+b2
ii  libkf5notifyconfig55.107.0-1+b2
ii  libkf5service-bin  5.107.0-1+b2
ii  libkf5service5 5.107.0-1+b2
ii  libkf5widgetsaddons5   5.107.0-1+b2
ii  libkf5windowsystem55.107.0-1+b2
ii  libkf5xmlgui5  5.107.0-1+b2
ii  libqt5core5t64 5.15.10+dfsg-7.2+b1
ii  libqt5gui5t64  5.15.10+dfsg-7.2+b1
ii  libqt5widgets5t64  5.15.10+dfsg-7.2+b1
ii  libstdc++6 14-20240330-1

konsole recommends no packages.

Versions of packages konsole suggests:
pn  lrzsz  

-- debconf-show failed

Bug#1069753: libuv1: y2k38 known upstream issue on 32-bits archs

[Jérémy Lal]

Package: libuv1
Version: 1.48.0-1
Severity: important

Hi Dominique,

on 32-bits archs, nodejs fails some y2k38 tests.

It is a well-known issue that has been fixed in libuv master branch,
https://github.com/libuv/libuv/issues/3864
but might not be fixed anytime soon in 1.x branch.

Indeed, fixing it breaks API.

However, in Debian, I think we can just do that, as long as we patch
reverse dependencies on libuv1.

What do you think about that ? 


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.6.15-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libuv1 depends on:
ii  libc6  2.37-15

libuv1 recommends no packages.

libuv1 suggests no packages.

-- no debconf information

Bug#1069752: freerdp3: CVE-2024-32658 CVE-2024-32659 CVE-2024-32660 CVE-2024-32661

[Salvatore Bonaccorso]

Source: freerdp3
Version: 3.5.0+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for freerdp3.

CVE-2024-32658[0]:
| FreeRDP is a free implementation of the Remote Desktop Protocol.
| FreeRDP based clients prior to version 3.5.1 are vulnerable to out-
| of-bounds read. Version 3.5.1 contains a patch for the issue. No
| known workarounds are available.


CVE-2024-32659[1]:
| FreeRDP is a free implementation of the Remote Desktop Protocol.
| FreeRDP based clients prior to version 3.5.1 are vulnerable to out-
| of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version
| 3.5.1 contains a patch for the issue. No known workarounds are
| available.


CVE-2024-32660[2]:
| FreeRDP is a free implementation of the Remote Desktop Protocol.
| Prior to version 3.5.1, a malicious server can crash the FreeRDP
| client by sending invalid huge allocation size. Version 3.5.1
| contains a patch for the issue. No known workarounds are available.


CVE-2024-32661[3]:
| FreeRDP is a free implementation of the Remote Desktop Protocol.
| FreeRDP based clients prior to version 3.5.1 are vulnerable to a
| possible `NULL` access and crash. Version 3.5.1 contains a patch for
| the issue. No known workarounds are available.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-32658
https://www.cve.org/CVERecord?id=CVE-2024-32658
[1] https://security-tracker.debian.org/tracker/CVE-2024-32659
https://www.cve.org/CVERecord?id=CVE-2024-32659
[2] https://security-tracker.debian.org/tracker/CVE-2024-32660
https://www.cve.org/CVERecord?id=CVE-2024-32660
[3] https://security-tracker.debian.org/tracker/CVE-2024-32661
https://www.cve.org/CVERecord?id=CVE-2024-32661

Regards,
Salvatore

Bug#1069751: gvfs-daemons: gvfsd-network fills the logs with errors

[Francesco Potortì]

Package: gvfs-daemons
Version: 1.53.90-2
Severity: normal
X-Debbugs-Cc: none, Francesco Potortì 

I keep having tons of these in syslog

2024-04-23T04:55:28.315700+02:00 tucano gvfsd-network[318402]: GFileInfo 
created without standard::content-type
2024-04-23T04:55:28.315722+02:00 tucano gvfsd-network[318402]: file 
../../../gio/gfileinfo.c: line 1822 (g_file_info_get_content_type): should not 
be reached
2024-04-23T04:55:28.315743+02:00 tucano gvfsd-network[318402]: 
g_ref_string_new_intern: assertion 'str != NULL' failed
 [ the above three lines are repeated 63 times in the space of 50 ms ]
2024-04-23T04:21:41.887252+02:00 tucano gvfsd-wsdd[1507271]: Failed to spawn 
the wsdd daemon: Failed to execute child process “wsdd” (No such file or 
directory)
2024-04-23T04:21:41.887324+02:00 tucano gvfsd-network[318402]: Couldn't create 
directory monitor on wsdd:///. Error: Automount failed: Failed to spawn the 
underlying wsdd daemon.
2024-04-23T04:21:41.891620+02:00 tucano gvfsd-network[318402]: 
g_ref_string_release: assertion 'str != NULL' failed
 [ the above line is repeated 64 times in the space of 15 ms ]

The above sequence is repeated every 15 s

This has gone on for 6 days, until I killed the gvfsd-network process.  Six 
days ago I had
rebooted the machine after some months running because I could not stop it and 
I suspected some
library needing reboot, but apparently this is not the case.

-- 
Francesco Potortì (ricercatore)Mobile: +39.348.8283.107
ISTI - CNR, Pisa, ItalyWeb:http://fly.isti.cnr.it


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (101, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.6.15-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gvfs-daemons depends on:
ii  gvfs-common 1.53.90-2
ii  gvfs-libs   1.53.90-2
ii  libbluray2  2:1.3.4-dmo2
ii  libc6   2.37-15
hi  libglib2.0-02.78.4-1
ii  libgudev-1.0-0  238-3
ii  libsecret-1-0   0.21.4-1
ii  libsystemd0 255.4-1
ii  libudisks2-02.10.1-5
ii  lsof4.95.0-1
ii  udisks2 2.10.1-5

Versions of packages gvfs-daemons recommends:
ii  dbus  1.14.10-4
ii  gvfs  1.53.90-2

Versions of packages gvfs-daemons suggests:
ii  gvfs-backends  1.53.90-2

-- no debconf information

Bug#1069750: kitty: should recommend or at least suggest fonts-noto-color-emoji

[Russell Coker]

Package: kitty
Version: 0.33.1-1
Severity: normal

Kitty won't display emoji correctly unless the fonts-noto-color-emoji
package is installed.  Emoji are common enough in files that it's
reasonable to expect a full featured terminal emulator like kitty to
just work when you run "cat emoji.txt", but for that to happen
fonts-noto-color-emoji must be installed.

-- System Information:
Debian Release: trixie/sid
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages kitty depends on:
ii  kitty-shell-integration  0.33.1-1
ii  kitty-terminfo   0.33.1-1
ii  libc62.37-18
ii  libdbus-1-3  1.14.10-4+b1
ii  libharfbuzz0b8.3.0-2+b1
ii  liblcms2-2   2.14-2+b1
ii  libpng16-16t64   1.6.43-5
ii  libpython3.11t64 3.11.9-1
ii  libssl3t64   3.2.1-3
ii  libwayland-client0   1.22.0-2.1+b1
ii  libx11-6 2:1.8.7-1
ii  libx11-xcb1  2:1.8.7-1
ii  libxcursor1  1:1.2.1-1
ii  libxkbcommon-x11-0   1.6.0-1
ii  libxkbcommon01.6.0-1
ii  libxxhash0   0.8.2-2+b1
ii  python3  3.11.8-1
ii  python3.11   3.11.9-1
ii  zlib1g   1:1.3.dfsg-3.1

Versions of packages kitty recommends:
pn  kitty-doc   
ii  libcanberra0t64 [libcanberra0]  0.30-12.2+b2

Versions of packages kitty suggests:
ii  imagemagick  8:6.9.12.98+dfsg1-5.2
ii  imagemagick-6.q16 [imagemagick]  8:6.9.12.98+dfsg1-5.2

-- debconf-show failed

Bug#1066933: how to fix

[Russell Coker]

retitle 1066933 should recommend fonts-noto-color-emoji for plasma-emojier
thanks

This package should at least recommend fonts-noto-color-emoji so that plasma-
emojier can work correctly.  It's probably best to depend on it so things just 
work without user intervention.

The 10.5MB of disk space used by the fonts is small when compared to 
everything else that plasma does and just avoiding the confusion is worth it.

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/

Bug#795495: marked as done (ITP: elixir-ex-doc -- Documentation generator for Elixir projects)

[Sergei Golovan]

Hi!

I totally forgot to add blocking bugs for this one:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065253
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065254
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065256

Currently, elixir-ex-doc is waiting for these three packages
(node-fontsource-inconsolata, node-fontsource-lato,
node-fontsource-merriweather) to be able to be built.

On Tue, Apr 23, 2024 at 9:03 PM Debian Bug Tracking System
 wrote:
>
> Your message dated Tue, 23 Apr 2024 18:00:11 +
> with message-id 
> and subject line Bug#795495: fixed in elixir-ex-doc 0.32.1+dfsg-1
> has caused the Debian Bug report #795495,
> regarding ITP: elixir-ex-doc -- Documentation generator for Elixir projects
> to be marked as done.
>
> This means that you claim that the problem has been dealt with.
> If this is not the case it is now your responsibility to reopen the
> Bug report if necessary, and/or fix the problem forthwith.
>
> (NB: If you are a system administrator and have no idea what this
> message is talking about, this may indicate a serious mail system
> misconfiguration somewhere. Please contact ow...@bugs.debian.org
> immediately.)
>
>
> --
> 795495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795495
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
>
>
> -- Forwarded message --
> From: Evgeny Golyshev 
> To: sub...@bugs.debian.org
> Cc:
> Bcc:
> Date: Fri, 14 Aug 2015 20:25:30 +0300
> Subject: ITP: exdoc -- Documentation generator for Elixir projects
> Package: wnpp
> Severity: wishlist
> Owner: Evgeny Golyshev 
>
> * Package name : exdoc
> * Version : 0.8.1
> * Upstream Author : Plataformatec
> * URL : https://github.com/elixir-lang/ex_doc
> * License : Apache-2.0, BSD-3-clause and MIT
> * Programming Lang : Elixir
> * Description : Documentation generator for Elixir projects
>
> ExDoc is a tool intended for generating API documentation in HTML
> format from Elixir source code. It was inspired by Erlang's EDoc.
>
> Regards,
> Evgeny Golyshev
>
>
>
> -- Forwarded message --
> From: Debian FTP Masters 
> To: 795495-cl...@bugs.debian.org
> Cc:
> Bcc:
> Date: Tue, 23 Apr 2024 18:00:11 +
> Subject: Bug#795495: fixed in elixir-ex-doc 0.32.1+dfsg-1
> Source: elixir-ex-doc
> Source-Version: 0.32.1+dfsg-1
> Done: Sergei Golovan 
>
> We believe that the bug you reported is fixed in the latest version of
> elixir-ex-doc, which is due to be installed in the Debian FTP archive.
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to 795...@bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> Sergei Golovan  (supplier of updated elixir-ex-doc 
> package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmas...@ftp-master.debian.org)
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Format: 1.8
> Date: Sat, 20 Apr 2024 17:39:58 +0300
> Source: elixir-ex-doc
> Binary: elixir-ex-doc
> Architecture: source amd64
> Version: 0.32.1+dfsg-1
> Distribution: unstable
> Urgency: low
> Maintainer: Debian Erlang Packagers 
> Changed-By: Sergei Golovan 
> Description:
>  elixir-ex-doc - Tool to generate documentation for Erlang and Elixir projects
> Closes: 795495
> Changes:
>  elixir-ex-doc (0.32.1+dfsg-1) unstable; urgency=low
>  .
>* Initial Release (closes: #795495).
> Checksums-Sha1:
>  7b7d6de73e9d96c8fe87885d61b0ad6943da2125 2330 elixir-ex-doc_0.32.1+dfsg-1.dsc
>  c487c045396e56f8697bc1347c24804c0c62ff5c 183012 
> elixir-ex-doc_0.32.1+dfsg.orig.tar.xz
>  b50f8a56378961758ee1ec20884e5d3b413180ec 6568 
> elixir-ex-doc_0.32.1+dfsg-1.debian.tar.xz
>  4bf3e25818ff61944085253599492a5d5ba64f14 21106 
> elixir-ex-doc_0.32.1+dfsg-1_amd64.buildinfo
>  60cb184fbce02755e6a89a61b6d30c02529212b0 762080 
> elixir-ex-doc_0.32.1+dfsg-1_amd64.deb
> Checksums-Sha256:
>  0e91ae46fef893f045d4e86a26aaa4172a536e316cb062a8bcc4d497661b827a 2330 
> elixir-ex-doc_0.32.1+dfsg-1.dsc
>  3326de0571871734459490347d7e781eb9586d1f816d4b5da12b5d1b9d8e 183012 
> elixir-ex-doc_0.32.1+dfsg.orig.tar.xz
>  3be4bfbfb854509f56efce17304d82ecf241bc70c1831441014d873ee3ee6da3 6568 
> elixir-ex-doc_0.32.1+dfsg-1.debian.tar.xz
>  5a68509b4cc06b019185e42e7cfbfdce57389d9ca9a8611b072f5e1d8fea4cdb 21106 
> elixir-ex-doc_0.32.1+dfsg-1_amd64.buildinfo
>  7cee3c42d7a39bdceab99646eee2ac14ee255fb3cc00bd6034231d0389cab032 762080 
> elixir-ex-doc_0.32.1+dfsg-1_amd64.deb
> Files:
>  a341f72bac00e9899dd4eb6573596911 2330 devel optional 
> elixir-ex-doc_0.32.1+dfsg-1.dsc
>  cb43391cf0ea4f7a8edd6c53b3725dd8 183012 devel optional 
> elixir-ex-doc_0.32.1+dfsg.orig.tar.xz
>  80f8ff4dd37bf08b102bc227359692b0 6568 devel optional 
> elixir

Bug#1069749: smistrip: Conflicts/Replaces broken after t64 transition?

[Daniel Vacek]

Package: smistrip
Version: 0.4.8+dfsg2-17
Severity: normal
X-Debbugs-Cc: neel...@gmail.com

It seems that t64 transition changed the Conflicts/Replaces while I guess it
should not have been changed?

As of 0.4.8+dfsg2-16:

  --\ Conflicts (1)
--- libsmi2ldbl (<= 0.4.8+dfsg2-1)
  --\ Replaces (1)
--- libsmi2ldbl (<= 0.4.8+dfsg2-1)

Compared to now after t64 change as of 0.4.8+dfsg2-17:

  --\ Conflicts (1)
--- libsmi2t64 (<= 0.4.8+dfsg2-1)
  --\ Replaces (1)
--- libsmi2t64 (<= 0.4.8+dfsg2-1)

If I'm not wrong this should not change. Otherwise, please close this bug.

--nX


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.6.8-rt-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FORCED_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

Bug#1069748: mod_ssl: warning about compilation against OpenSSL 3.0.13 instead of 3.0.11 on bookworm

[Tomaz Solc]

Package: apache2
Version: 2.4.59-1~deb12u1
Severity: normal
X-Debbugs-Cc: t...@security.debian.org

Dear Maintainer,

I noticed that after a recent security update of apache2 on bookworm
(2.4.57-2 -> 2.4.59-1~deb12u1), the following warning started to appear
in the error.log on every apache2 restart:

[ssl:warn] [pid 1144573:tid 281472850739232] AH01882: Init: this version of 
mod_ssl was compiled against a newer library (OpenSSL 3.0.13 30 Jan 2024 
(OpenSSL 3.0.11 19 Sep 2023), version currently loaded is 0x30B0) - may 
result in undefined or erroneous behavior
[mpm_event:notice] [pid 1144575:tid 281472850739232] AH00489: Apache/2.4.59 
(Debian) mod_fcgid/2.3.9 OpenSSL/3.0.11 configured -- resuming normal operations

Comparing package versions on my system with those listed on
packages.debian.org for bookworm it seems I'm up to date with apache2
and libssl3 (3.0.11-1~deb12u2) packages.

Apart from this warning I haven't noticed any problems so far.

Best regards
Tomaž

-- Package-specific info:

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 6.1.0-20-arm64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin2.4.59-1~deb12u1
ii  apache2-data   2.4.59-1~deb12u1
ii  apache2-utils  2.4.59-1~deb12u1
ii  init-system-helpers1.65.2
ii  media-types10.0.0
ii  perl   5.36.0-7+deb12u1
ii  procps 2:4.0.2-3
ii  sysvinit-utils [lsb-base]  3.06-4

Versions of packages apache2 recommends:
pn  ssl-cert  

Versions of packages apache2 suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
pn  www-browser  

Versions of packages apache2-bin depends on:
ii  libapr1  1.7.2-3
ii  libaprutil1  1.6.3-1
ii  libaprutil1-dbd-sqlite3  1.6.3-1
ii  libaprutil1-ldap 1.6.3-1
ii  libbrotli1   1.0.9-2+b6
ii  libc62.36-9+deb12u6
ii  libcrypt11:4.4.33-2
ii  libcurl4 7.88.1-10+deb12u5
ii  libjansson4  2.14-2
ii  libldap-2.5-02.5.13+dfsg-5
ii  liblua5.3-0  5.3.6-2
ii  libnghttp2-141.52.0-1+deb12u1
ii  libpcre2-8-0 10.42-1
ii  libssl3  3.0.11-1~deb12u2
ii  libxml2  2.9.14+dfsg-1.3~deb12u1
ii  perl 5.36.0-7+deb12u1
ii  zlib1g   1:1.2.13.dfsg-1

Versions of packages apache2-bin suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
pn  www-browser  

Versions of packages apache2 is related to:
ii  apache2  2.4.59-1~deb12u1
ii  apache2-bin  2.4.59-1~deb12u1

-- Configuration Files:
/etc/apache2/apache2.conf changed [not included]
/etc/apache2/conf-available/security.conf changed [not included]
/etc/apache2/sites-available/000-default.conf changed [not included]

-- no debconf information