Bug#1081765: Please generate dep11 Components files for riscv64 too
Package: ftp.debian.org Severity: important Hi folks, Please add riscv64 to the list of architectures for generating dep11 Components files (e.g.. dists/trixie/main/dep11/Components-riscv64.yml.gz). We need this data to be able to make installer images for this architecture.
Bug#1081586: RFS: log2ram/1.7.2+ds-1 [ITP] -- Write log files to RAM
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "log2ram": * Package name : log2ram Version : 1.7.2+ds-1 Upstream contact : Azlux * URL : https://github.com/azlux/log2ram * License : MIT * Vcs : https://salsa.debian.org/melizas-guest/log2ram Section : embedded The source builds the following binary packages: log2ram - redirects log file writes into RAM To access further information about this package, please visit the following URL: https://mentors.debian.net/package/log2ram/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/l/log2ram/log2ram_1.7.2+ds-1.dsc Changes for the initial release: log2ram (1.7.2+ds-1) unstable; urgency=low . * Initial release (Closes: #1038399) log2ram is very popular on embedded systems such as a Raspberry Pi as it reduces wear on the uSD card. After installing log2ram you will probably need to edit /etc/log2ram.conf and change "SIZE" from the default of 128MB to something larger. I needed at least 256MB for a non-embedded system. Then you will need to reboot. Regards, Steve
Bug#1081220: fscrypt FTBFS in tests on systems with low available locked memory
Package: fscrypt Version: 0.3.4-2 Severity: minor Tags: patch ftbfs User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu oracular ubuntu-patch Hi Paride, The latest version of fscrypt has been stuck for some time in Ubuntu's devel-proposed pocket because its build-time tests depend on being able to lock memory for keys, and on the ppc64el builders in Launchpad, less memory [...] === RUN TestMakeKeys crypto_test.go:122: could not lock key in memory --- FAIL: TestMakeKeys (0.00s) is available for locking than expected: [...] (https://launchpad.net/ubuntu/+source/fscrypt/0.3.4-2/+build/28152160) The upstream testsuite does already have support for detecting when insufficient locked memory is available and avoiding treating that as a failure, but currently it only applies this when creating "big" keys. The attached patch causes a number of other tests to be skipped when locked memory is unavailable. Unfortunately this is insufficient to get the package to build because there is one remaining test that fails with a segfault, that I have not gotten to the bottom of: [...] === RUN TestKeysAndOutputsDistinct --- FAIL: TestKeysAndOutputsDistinct (0.00s) panic: runtime error: invalid memory address or nil pointer dereference [recovered] panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x101eeda8] goroutine 16 [running]: testing.tRunner.func1.2({0x1021eec0, 0x10410a80}) /usr/lib/go-1.23/src/testing/testing.go:1632 +0x1e8 testing.tRunner.func1() [...] But I believe the patch is still an improvement in overall portability of the package. Thanks for considering, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru fscrypt-0.3.4/debian/patches/dont-fail-tests-on-mlock.patch fscrypt-0.3.4/debian/patches/dont-fail-tests-on-mlock.patch --- fscrypt-0.3.4/debian/patches/dont-fail-tests-on-mlock.patch 1969-12-31 16:00:00.0 -0800 +++ fscrypt-0.3.4/debian/patches/dont-fail-tests-on-mlock.patch 2024-09-09 07:54:54.0 -0700 @@ -0,0 +1,91 @@ +Description: don't fail tests when locked memory is unavailable + The test suite already has support for skipping tests when locked memory + is unavailable, but currently only does this for the "big key" test. On + the Launchpad ppc64el builders, less memory is available for locking than + expected. + . + Patch our test suite to skip tests when locked memory is unavailable + instead of failing. With this, all tests pass under `ulimit -S -l 2` + on x86 except for TestKeysAndOutputsDistinct, whose usage of the locked + memory is deeper and results in a segfault currently. +Author: Steve Langasek +Forwarded: no +Last-Update: 2024-09-09 + +Index: fscrypt-0.3.4/crypto/crypto_test.go +=== +--- fscrypt-0.3.4.orig/crypto/crypto_test.go fscrypt-0.3.4/crypto/crypto_test.go +@@ -118,10 +118,15 @@ + data := []byte("1234\n6789") + + key1, err := NewKeyFromReader(bytes.NewReader(data)) +- if err != nil { ++ switch err { ++ case nil: ++ defer key1.Wipe() ++ case ErrMlockUlimit: ++ // Don't fail just because "ulimit -l" is too low. ++ t.Skip(err) ++ default: + t.Fatal(err) + } +- defer key1.Wipe() + if !bytes.Equal(data, key1.data) { + t.Error("Key from reader contained incorrect data") + } +@@ -139,6 +144,10 @@ + // Tests that wipe succeeds + func TestWipe(t *testing.T) { + key, err := makeKey(1, 1000) ++ if err == ErrMlockUlimit { ++ // Don't fail just because "ulimit -l" is too low. ++ t.Skip(err) ++ } + if err != nil { + t.Fatal(err) + } +@@ -169,6 +178,10 @@ + + key2, err := NewKeyFromReader(bytes.NewReader(nil)) + if err != nil { ++if err == ErrMlockUlimit { ++ // Don't fail just because "ulimit -l" is too low. ++ t.Skip(err) ++ } + t.Fatal(err) + } + defer key2.Wipe() +@@ -188,6 +201,10 @@ + }() + + if err != nil { ++if err == ErrMlockUlimit { ++ // Don't fail just because "ulimit -l" is too low. ++ t.Skip(err) ++ } + t.Fatal(err) + } + if err := key.Wipe(); err != nil { +@@ -217,6 +234,10 @@ + r := io.LimitReader(ConstReader(1), int64(os.Getpagesize())+1) + key, err := NewKeyFromReader(r) + i
Bug#1080207: lxde and lxqt bookworm live images fail to install without network
On Tue, Sep 03, 2024 at 10:20:37PM +0200, Roland Clobus wrote: >> Hello Steve, list, >> >> On 31/08/2024 19:47, Steve McIntyre wrote: >> > Found in testing of the 12.7.0 live images. >> > >> > Doing a live installation using calamares from either of these images >> > fails if no network is available. >> >> That is an openQA-scenario that I have been working on, but did not >> complete yet. > >That scenario is now active in openQA. >Trixie and sid appear not to be affected. ACK. >> > Running /usr/sbin/bootloader-config fails to install the appropriate >> > grub packages and times out after 600 seconds. > >[snip] > >> > Sequence of issues: >> > >> > 1. /etc/apt/sources.list for the image has deb.debian.org listed above >> > the on-media packages. Has that changed in live-build? >> >> The 11.4 image (built with live-wrapper) only has deb.debian.org in >> /etc/apt/sources.list >> There is no difference in content of sources.list between the 12.6.0 and >> 12.7.0 live images. >> >> Interestingly, the order in sources.list appears to matter. >> I've recently manually tested a sid gnome image with Calamares without >> network and all lines in sources.list are attempted, until one works. >> Here in the 12.7.0 lxde image, if the local repository is mentioned >> first, the installation of grub-efi-amd64 happens in a few seconds, no >> network access is being attempted. Yes, I would expect that to be the case. >> Changing the order doesn't work for the Calamares installer, Calamares >> creates its own variant of this file when installing. Bah. >> > 2. Connman is running a DNS server on 127.0.0.1, which apt uses to >> > look up deb.debian.org >> > 3. That DNS server does not fail if no network is available. Instead, >> > it hangs. >> >> This is a new regression. It should have failed quickly. > >It turns out that 12.6 was slow as well but just made it within the 600 >seconds limit, so this is not a regression as I first thought. Hmmm. I don't remember seeing this at all when we tested 12.6. I'd have expected testers to mention a long delay here. >In that case, there is no need to rush things, and we can try to fix it for >the 12.8 release. Sure, that's all we can do at this point. There's at least an obvious workaround here - just connect to a network. -- Steve McIntyre, Cambridge, UK.st...@einval.com Mature Sporty Personal More Innovation More Adult A Man in Dandism Powered Midship Specialty
Bug#1080390: shim-signed: Unable to unlock disk via TPM2 after update to 1.44+15.8 in bookworm
control: reassign -1 systemd Hi Matteo, On Tue, Sep 03, 2024 at 10:23:41AM +, Settenvini, Matteo wrote: >Package: shim-signed >Version: 1.44~1+deb12u1+15.8-1~deb12u1 >Severity: important > >Dear Maintainer, > >after updating the shim-signed package to 1.44~1+deb12u1+15.8~deb12u1, >unlocking the LUKS drive automatically via the tpm as enrolled through >systemd-cryptenroll fails because the value of PCR 7 changes. > >This is problematic in our setup, because only the IT administrator >has the LUKS passphrase which can be used as a fallback unlock method. >Therefore, manual intervention for unlocking and re-enrolling the TPM >is needed. > >At least a NEWS entry should be displayed before the update, and >possibly a solution to automatically re-enroll after a successful unlock >via passphrase added (via systemd unit file? maybe a systemd wishlist >item? `keyctl update` to reseal?). > >In any case, a blind update causes a serious regression for us. We >understand this is intended behavior, but we should at least have >a way to know before applying the update. This sounds like a bug for the systemd folks to deal with, I'll be honest. Any changes in the boot chain (shim/grub/etc.) may cause PCR measurements to change, but we have no idea what might be depending on those measurements. Reassigning appropriately. -- Steve McIntyre, Cambridge, UK.st...@einval.com We don't need no education. We don't need no thought control.
Bug#1080207: Acknowledgement (lxde and lxqt bookworm live images fail to install without network)
Testing shows that there is no sign of this issue in the equivalent 11.11 live images. -- Steve McIntyre, Cambridge, UK.st...@einval.com "I can't ever sleep on planes ... call it irrational if you like, but I'm afraid I'll miss my stop" -- Vivek Das Mohapatra
Bug#1080207: lxde and lxqt bookworm live images fail to install without network
Package: cdimage.debian.org Severity: important X-Debbugs-Cc: debian-l...@lists.debian.org Found in testing of the 12.7.0 live images. Doing a live installation using calamares from either of these images fails if no network is available. Running /usr/sbin/bootloader-config fails to install the appropriate grub packages and times out after 600 seconds. Sequence of issues: 1. /etc/apt/sources.list for the image has deb.debian.org listed above the on-media packages. Has that changed in live-build? 2. Connman is running a DNS server on 127.0.0.1, which apt uses to look up deb.debian.org 3. That DNS server does not fail if no network is available. Instead, it hangs. The bootloader-config script eventually times out and the installation fails. The workaround is to configure networking and then things work, but offline installation is an important thing for some people.
Bug#1079454: bookworm-pu: package python-django/3:3.2.19-1+deb12u2
On Thu, Aug 29, 2024 at 01:51:27PM +0200, Paul Gevers wrote: >On 28-08-2024 13:58, Steve McIntyre wrote: > >> That does very much look like a test with broken assumptions, I'll be >> honest. Ah, I see... >> >> I can see that Josh Schneier (the upstream for django-storages) is the >> person responsible for the CVE against django in the first place - he >> spotted the issue and reported it. In >> >> >> https://github.com/jschneier/django-storages/commit/330966293a74f2dabda18fa2e4a221952bf010a9 >> >> there's a fix on his side to cope with the django change. It looks >> like we'll want that change backporting into python-django-storages. I >> can try to do that too if you like, but I appreciate we're getting >> very tight on time before the weekend. :-/ > >I'm not SRM, just trying to help out with the autopkgtest infrastructure and >results. I'm predicting that SRM might not want a fixed >python-django-storages this late, so I think it would help if you can advise >the SRM: do you think the regression is less bad than leaving the CVE's >unfixed or the other way around? I.e. accept the regression, or keep the >fixed python-django out until the next point release (with a fixed >python-django-storages). I've already spent some time looking at this, and in fact there are *already* changes in our version of django-storages that are clearly expected to work with the fixes in django. But they're not. I'm digging in further to see whether it's something I've done or a wider bug. I don't *think* it's my fault, but stranger things have happened! At this point, I would say let's be safe and hang back on the django update this - it will wait for the next point release. -- Steve McIntyre, Cambridge, UK.st...@einval.com "The problem with defending the purity of the English language is that English is about as pure as a cribhouse whore. We don't just borrow words; on occasion, English has pursued other languages down alleyways to beat them unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll
Bug#1079454: bookworm-pu: package python-django/3:3.2.19-1+deb12u2
Hey Paul! Apologies for the delayed response - busy weekend here... On Sun, Aug 25, 2024 at 09:38:47AM +0200, Paul Gevers wrote: >Hi Steve and python-django-storages maintainers, > >On 23-08-2024 13:24, Steve McIntyre wrote: >> I've backported a lump of upstream CVE fixes for django to the version >> in bookworm. Chris Lamb has reviewed and approved the changes as one >> of the existing maintainers. >> >> The standard test suite all passes as expected. > >But the autopkgtest of python-django-storages fails [1]. This *appears* to me >as a test problem we can accept, but maybe you or the python-django-storages >maintainers can confirm? That does very much look like a test with broken assumptions, I'll be honest. Ah, I see... I can see that Josh Schneier (the upstream for django-storages) is the person responsible for the CVE against django in the first place - he spotted the issue and reported it. In https://github.com/jschneier/django-storages/commit/330966293a74f2dabda18fa2e4a221952bf010a9 there's a fix on his side to cope with the django change. It looks like we'll want that change backporting into python-django-storages. I can try to do that too if you like, but I appreciate we're getting very tight on time before the weekend. :-/ -- Steve McIntyre, Cambridge, UK.st...@einval.com "War does not determine who is right - only who is left." -- Bertrand Russell
Bug#1079454: bookworm-pu: package python-django/3:3.2.19-1+deb12u2
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: python-dja...@packages.debian.org, steve.mcint...@pexip.com Control: affects -1 + src:python-django Hi! I've backported a lump of upstream CVE fixes for django to the version in bookworm. Chris Lamb has reviewed and approved the changes as one of the existing maintainers. The standard test suite all passes as expected. I've already uploaded to p-u Here's the changelog; debdiff attached. python-django (3:3.2.19-1+deb12u2) bookworm; urgency=high * Rename CVE-2023-36053.patch to 0014-CVE-2023-36053.patch * Backport upstream fixes in 3:4.2.14-1: * Closes: #1076069 * CVE-2024-39329: Standardize timing of verify_password() when checking unusable passwords. * CVE-2024-39330: Add extra file name validation in Storage's save method. * CVE-2024-39614: Mitigate potential DoS in get_supported_language_variant. * The patch for CVE-2024-38875 won't sensibly backport. * Backport upstream fixes in 3:4.2.15-1: * Closes: #1078074 * CVE-2024-41989: Prevent excessive memory consumption in floatformat. * CVE-2024-41991: Prevente potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. * CVE-2024-42005: Mitigate QuerySet.values() SQL injection attacks against JSON fields Backport and tweak the upstream fix series to fit into 3.2. * The patch for CVE-2024-41990 won't sensibly backport. -- Steve McIntyre <93...@debian.org> Wed, 21 Aug 2024 12:08:24 +0100 diff -Nru python-django-3.2.19/debian/changelog python-django-3.2.19/debian/changelog --- python-django-3.2.19/debian/changelog 2023-07-28 14:24:04.0 +0100 +++ python-django-3.2.19/debian/changelog 2024-08-21 12:08:24.0 +0100 @@ -1,3 +1,26 @@ +python-django (3:3.2.19-1+deb12u2) bookworm; urgency=high + + * Rename CVE-2023-36053.patch to 0014-CVE-2023-36053.patch + * Backport upstream fixes in 3:4.2.14-1: +* Closes: #1076069 +* CVE-2024-39329: Standardize timing of verify_password() when + checking unusable passwords. +* CVE-2024-39330: Add extra file name validation in Storage's save + method. +* CVE-2024-39614: Mitigate potential DoS in + get_supported_language_variant. +* The patch for CVE-2024-38875 won't sensibly backport. + * Backport upstream fixes in 3:4.2.15-1: +* Closes: #1078074 +* CVE-2024-41989: Prevent excessive memory consumption in floatformat. +* CVE-2024-41991: Prevente potential ReDoS in django.utils.html.urlize() + and AdminURLFieldWidget. +* CVE-2024-42005: Mitigate QuerySet.values() SQL injection attacks against JSON fields + Backport and tweak the upstream fix series to fit into 3.2. +* The patch for CVE-2024-41990 won't sensibly backport. + + -- Steve McIntyre <93...@debian.org> Wed, 21 Aug 2024 12:08:24 +0100 + python-django (3:3.2.19-1+deb12u1) bookworm-security; urgency=high * CVE-2023-36053: Potential regular expression denial of service diff -Nru python-django-3.2.19/debian/patches/0014-CVE-2023-36053.patch python-django-3.2.19/debian/patches/0014-CVE-2023-36053.patch --- python-django-3.2.19/debian/patches/0014-CVE-2023-36053.patch 1970-01-01 01:00:00.0 +0100 +++ python-django-3.2.19/debian/patches/0014-CVE-2023-36053.patch 2024-08-07 16:56:53.0 +0100 @@ -0,0 +1,242 @@ +From: Mariusz Felisiak +Date: Wed, 14 Jun 2023 12:23:06 +0200 +Subject: [PATCH] [3.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in + EmailValidator and URLValidator. + +Thanks Seokchan Yoon for reports. +--- + django/core/validators.py| 7 +-- + django/forms/fields.py | 3 +++ + docs/ref/forms/fields.txt| 7 ++- + docs/ref/validators.txt | 25 +++- + tests/forms_tests/field_tests/test_emailfield.py | 5 - + tests/forms_tests/tests/test_forms.py| 19 -- + tests/validators/tests.py| 11 +++ + 7 files changed, 66 insertions(+), 11 deletions(-) + +diff --git a/django/core/validators.py b/django/core/validators.py +index 6b28eef08dd2..52ebddac6345 100644 +--- a/django/core/validators.py b/django/core/validators.py +@@ -93,6 +93,7 @@ class URLValidator(RegexValidator): + message = _('Enter a valid URL.') + schemes = ['http', 'https', 'ftp', 'ftps'] + unsafe_chars = frozenset('\t\r\n') ++max_length = 2048 + + def __init__(self, schemes=None, **kwargs): + super().__init__(**kwargs) +@@ -100,7 +101,7 @@ class URLValidator(RegexValidator): + self.schemes = schemes + + def __call__(self, value): +-if not isinstance(value, str): ++if not isinstance(v
Bug#1079139: Failed boot after install
Hi Louigi, On Tue, Aug 20, 2024 at 02:25:13PM +0200, louigi 600 wrote: >Package: installation-reports > >Boot method: cat debian-12.6.0-amd64-DVD-1.iso > /dev/sda (where sda is the >where my system sees the usb stick) > Then I proceed with normal graphical install > > >Image version: https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/ >debian-12.6.0-amd64-DVD-1.iso >Not sure if I got it directly from the link above in any case here is the >md5sum of what I have >462e540d1ba2ca5ecc68ab79c8e3788a > >Date: 20/08/2024 was the last time I tried after changing target drive and >updating bios > >Machine: Dell Optiplex 7040 micro system >Processor: Intel(R) Core(TM) i7-6700T >Memory: 16Gb >Partitions: >label: gpt >label-id: 57F1B3D2-BE5F-4F4F-8875-415984544A0C >device: /dev/sde >unit: sectors >first-lba: 34 >last-lba: 976773134 >sector-size: 512 ... >Comments/Problems: the installation fails to boot but only on the optiplex >7040, I took the M2 sata drive out of the dell optiplex 7040 and put it into >another PC and it boots normally. >I performed the same with nvme and normal disk drive, results were the same. >I updated bios and even tried manually configuring the boot entry in bios: >still will not boot on the 7040. >I tried booting to recovery mode from install media to reinstall boot loader: >sill no go on the 7040. >The information gouged out of the system is actually from Ubuntu 22.04 LTE >running on it at the moment ... but i would rather have Debian on it. > >No point sharing the install logs because the installation is fine and >functional on another computer. >There is something Debian does not like about my Dell Optiplex 7040 but at the >same time Fedora and Ubunto seem to work fine on my 7040. >What's up with debian not liking the 7040 ? Ubuntu 22.04 LTE and Fedora 40 >install and boot normally there. When you say "fails to boot" here, what *exactly* do you mean please? Does the boot loader screen come up at all? Do you get kernel messages? What's the last thing you see? -- Steve McIntyre, Cambridge, UK.st...@einval.com Google-bait: https://www.debian.org/CD/free-linux-cd Debian does NOT ship free CDs. Please do NOT contact the mailing lists asking us to send them to you.
Bug#1079113: Azure marketplace: bookworm image errors from growpart
Package: cloud.debian.org Severity: important Hey folks, We've just tried the bookworm image from the Azure marketplace and is seeing a load of errors at boot from growpart: ... Begin: Loading essential drivers ... done. Begin: Running /scripts/init-premount ... done. Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done. Begin: Running /scripts/local-premount ... done. Warning: fsck not present, so skipping root file system [2.295556] EXT4-fs (sda1): mounted filesystem with ordered data mode. Quota mode: none. done. Begin: Running /scripts/local-bottom ... GROWROOT: /sbin/growpart: 824: /sbin/growpart: grep: not found /sbin/growpart: 853: /sbin/growpart: sed: not found WARN: unknown label /sbin/growpart: 354: /sbin/growpart: sed: not found FAILED: sed failed on dump output /sbin/growpart: 83: /sbin/growpart: rm: not found done. Begin: Running /scripts/init-bottom ... done. ...
Bug#1079003: RM: digikam [armel mips64el ppc64el riscv64 s390x alpha hppa hurd-amd64 hurd-i386 loong64 m68k powerpc ppc64 sh4 sparc64 x32] -- ROM; Set of supported architectures has changed
Package: ftp.debian.org Severity: normal X-Debbugs-Cc: digi...@packages.debian.org Control: affects -1 + src:digikam User: ftp.debian@packages.debian.org Usertags: remove The most recent upstream release of Digikam has made use of Qt Webengine mandatory. Therefore, Digikam can only be built on the architectures supported by Qt6 Webengine. I am making this request because my understanding is that the remaining architectures need to be removed to allow transition to "testing".
Bug#1079001: RM: mgt -- ROM; Obsolete, no recent release
Package: ftp.debian.org Severity: normal X-Debbugs-Cc: m...@packages.debian.org Control: affects -1 + src:mgt User: ftp.debian@packages.debian.org Usertags: remove This package hasn't had an upstream release since 1996, has few users according to popcon, and needs work to build with modern compiler (#1075268).
Bug#1078940: O: mgt -- game record display/editor for the oriental game of go
Package: wnpp Severity: normal X-Debbugs-Cc: m...@packages.debian.org Control: affects -1 + src:mgt This package hasn't had an upstream release since 1996, so may be long past its usefulness. I intend to orphan the mgt package. The package description is: Mgt allows the user to examine Go game tree files in the SmartGo format. Mgt also has basic Go game tree editing capabilities and may be used to create or edit game tree files. . Mailgo is a utility which manages E-mail Go games using mgt as the Go board editor. It is included in the mgt package.
Bug#1078604: tzdata: Interactive tzdata debconf failure produces bad /etc/timezone
Package: tzdata Version: 2024a-0+deb12u1 Severity: minor X-Debbugs-Cc: satw...@disjoint.net Dear Maintainer, When installing the tzdata and debconf tries to ask questions and fails because stdin is not available, the package writes "/UTC" to /etc/timezone, which doesn't seem to be valid (note the leading slash). I would expect it to write either "Etc/UTC" or "UTC". This can happen, for example, during docker builds. (Example: https://github.com/docker-library/buildpack-deps/issues/161) It's easy to fix by setting DEBIAN_FRONTEND=noninteractive during install, but it seems like tzdata should still be able to write the correct default value to /etc/timezone in this situation. Example: root@76562861bcf7:/# apt-get install tzdata < /dev/null Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: tzdata 0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded. Need to get 255 kB of archives. After this operation, 1410 kB of additional disk space will be used. Get:1 http://deb.debian.org/debian sid/main amd64 tzdata all 2024a-4 [255 kB] Fetched 255 kB in 0s (1803 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package tzdata. (Reading database ... 6627 files and directories currently installed.) Preparing to unpack .../tzdata_2024a-4_all.deb ... Unpacking tzdata (2024a-4) ... Setting up tzdata (2024a-4) ... debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 79.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (This frontend requires a controlling tty.) debconf: falling back to frontend: Teletype Configuring tzdata -- Please select the geographic area in which you live. Subsequent configuration questions will narrow this down by presenting a list of cities, representing the time zones in which they are located. 1. Africa 3. Antarctica 5. Asia 7. Australia 9. Indian11. Etc 2. America 4. Arctic 6. Atlantic 8. Europe 10. Pacific Geographic area: Use of uninitialized value $_[1] in join or string at /usr/share/perl5/Debconf/DbDriver/Stack.pm line 112. Current default time zone: '/UTC' Local time is now: Tue Aug 13 13:29:39 UTC 2024. Universal Time is now: Tue Aug 13 13:29:39 UTC 2024. Run 'dpkg-reconfigure tzdata' if you wish to change it. Use of uninitialized value $val in substitution (s///) at /usr/share/perl5/Debconf/Format/822.pm line 84, line 4. Use of uninitialized value $val in concatenation (.) or string at /usr/share/perl5/Debconf/Format/822.pm line 85, line 4. root@76562861bcf7:/# cat /etc/timezone /UTC -- System Information: Debian Release: 12.6 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-23-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tzdata depends on: ii debconf [debconf-2.0] 1.5.82 tzdata recommends no packages. tzdata suggests no packages. -- debconf information excluded
Bug#1077650: Binary build patching insanity
Control: tags -1 +patch Hey, On Wed, Jul 31, 2024 at 02:28:55PM +0100, Steve McIntyre wrote: >On Wed, Jul 31, 2024 at 07:55:32PM +0900, Samuel Henrique wrote: >> >>We are quite flexible with getting external contributions to the curl package, >>the repository is in the debian org on salsa and you have my permission to >>prepare a fix and push it straight there. >> >>We should then upload it within a week (depending on how we end up >>coordinating >>the uploads for the next changes). > >I'm already working on the change... :-) It seems that git on salsa is outdated compared to what's in the archive, so it's not so easy to check that this is current. But here's an MR anyway: https://salsa.debian.org/debian/curl/-/merge_requests/34 -- Steve McIntyre, Cambridge, UK.st...@einval.com "Managing a volunteer open source project is a lot like herding kittens, except the kittens randomly appear and disappear because they have day jobs." -- Matt Mackall
Bug#1077650: Binary build patching insanity
Hey Samuel! On Wed, Jul 31, 2024 at 07:55:32PM +0900, Samuel Henrique wrote: > >> Severity: serious > >Could you please clarify why you think this severity is appropriate? >I'm tempted to lower it. It's *very* different from normal packaging practice, just about the opposite of the "principle of least surprise". >> I'm maintaining a distro derived from Debian, and we've just tripped >> over issues in building the curl package with more patches applied. > >I take it this happened because the person did not read the comment in >d/p/series which says: >""" ># Do not add patches below. ># Used to generate packages for the other crypto libraries. >""" Correct. We have tooling that just appends patches. >> Why on earth are you doing this? It should surely be possible to apply >> all the needed patches and then use conditionals with automake in each >> build case. That would make a lot more sense. > >This was done a long time ago, I don't know who did it and why, and I didn't >cared enough to change it myself. > >> Please fix this surprising mess. > >Sounds like a nice contribution for a derivative to make, unless this affects >Debian directly (?) [0]. > >We are quite flexible with getting external contributions to the curl package, >the repository is in the debian org on salsa and you have my permission to >prepare a fix and push it straight there. > >We should then upload it within a week (depending on how we end up coordinating >the uploads for the next changes). I'm already working on the change... :-) -- Steve McIntyre, Cambridge, UK.st...@einval.com “Why do people find DNS so difficult? It’s just cache invalidation and naming things.” -– Jeff Waugh (https://twitter.com/jdub)
Bug#1077650: Binary build patching insanity
Source: curl Version: 7.88.1-10+deb12u5 Severity: serious Hi, I'm maintaining a distro derived from Debian, and we've just tripped over issues in building the curl package with more patches applied. I've just found the code in debian/rules that calls quilt at build time to mess around with the source that's built for various of the alternative SSL libs. Boggle. Why on earth are you doing this? It should surely be possible to apply all the needed patches and then use conditionals with automake in each build case. That would make a lot more sense. Please fix this surprising mess. -- System Information: Debian Release: 12.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-23-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#1076265: SHA256SUM ERROR
Hi! On Sat, Jul 13, 2024 at 11:13:11AM +, be...@proton.me wrote: >Package: debian-live-12.6.0-amd64-gnome.iso.torrent >Version: 12.6 > >Debian 12.6 amd64 gnome live iso (downloaded as torrent with 2 different >clients, tixati and trasnmission) produces a different sha256sum than the one >privided in the list of sha256sums in the same directory. I've just tested this right now and don't see any problem. Can you demonstrate exactly what you're getting please? -- Steve McIntyre, Cambridge, UK.st...@einval.com "Further comment on how I feel about IBM will appear once I've worked out whether they're being malicious or incompetent. Capital letters are forecast." Matthew Garrett, http://www.livejournal.com/users/mjg59/30675.html
Bug#959170: linux: at boot: Process '/usr/sbin/alsactl ... restore 0' failed with exit code 99
Hey guys, On Sat, May 08, 2021 at 06:33:49PM +0200, Vincent Lefevre wrote: >FYI, other users got the same error: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848395 > https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1568772 > https://bugs.launchpad.net/ubuntu/+source/alsa-utils/+bug/1624435 > https://bugs.gentoo.org/578138 > >In Debian bug 848395: as said by the alsactl(1) man page: > >init tries to initialize all devices to a default state. >If device is not known, error code 99 is returned. > >I can see 2 possibilities: > >1. For some reason, the device is not always initialized by the > kernel. > >2. There is a race condition: alsactl is run too soon, while the > device has not been initialized yet by the kernel. > >(2) would explain why this isn't always reproducible. I'm seeing what appears to be a very similar problem here *one my system running bookworm and 6.1.0-18-amd64 / 6.1.76-1. I have a USB dongle paired with a wireless headset. * If I hot-plug this in on my laptop, it initialises and shows up ~immediately in the pipewire<->pavucontrol stack. * If I hot-plug this on my desktop, it reproducibly fails to initialise with the same error mentioned here: Jul 05 20:04:21 lump (udev-worker)[332849]: controlC0: Process '/usr/sbin/alsactl -E HOME=/run/alsa -E XDG_RUNTIME_DIR=/run/alsa/runtime restore 0' failed with exit code 99. On the desktop system, if I kill one of the bits in the stack (e.g. pipewire-pulse), things re-initialise OK and the device shows up. I don't know if this data point is useful, but I thought it was worth sharing maybe. -- Steve McIntyre, Cambridge, UK.st...@einval.com "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." -- Edward Snowden
Bug#1075848: Debian 12.6: jigdo-ing fails as some packages are broken on cdimage.debian.org
On Sat, Jul 06, 2024 at 09:07:00PM +0100, Steve McIntyre wrote: >> >>Please fix the broken packages on cdimage.debian.org > >Thanks for reporting, looking at this now. Having written a script to fully check the snapshot bits for 12.6, I found some more files int snapsho that were broken as well as the ones you listed. I'm not sure exactly how they were broken, but I've thoroughly checked the complete set of files from 12.6 now. I've replaced all the broken files and I *believe* all should be good now; I'm re-running the checker script now to be 100% sure. -- Steve McIntyre, Cambridge, UK.st...@einval.com The two hard things in computing: * naming things * cache invalidation * off-by-one errors -- Stig Sandbeck Mathisen
Bug#1075848: Debian 12.6: jigdo-ing fails as some packages are broken on cdimage.debian.org
Hi Matthias! On Sat, Jul 06, 2024 at 01:11:17PM +0200, M. Buecher wrote: >Package: cdimage.debian.org >Version: 12.6 > >Jigdo downloading the update DVDs for Debian 12.6.0 from cdimage.debian.org >fails. > >Update DVDs #1 and #3 fail to complete due to packages >crowdsec-custom-bouncer_0.0.15-3+b2_amd64.deb and >termshark_2.4.0-1+b6_amd64.deb on >http://cdimage.debian.org/mirror/cdimage/snapshot/Debian/pool/main/ > >When using the German Mirror ftp.de.debian.org then I am able to complete the >jigdo download. > >So, I checked their SHA256 sums and they differ. > >#1 cdimage.debian.org >http://cdimage.debian.org/mirror/cdimage/snapshot/Debian/pool/main/c/crowdsec-custom-bouncer/crowdsec-custom-bouncer_0.0.15-3+b2_amd64.deb >http://cdimage.debian.org/mirror/cdimage/snapshot/Debian/pool/main/t/termshark/termshark_2.4.0-1+b6_amd64.deb >b4264c6c0be0cd815580efb85d0ab83d8dd4d4ec270608fadeb619900278216d >*cdimage/crowdsec-custom-bouncer_0.0.15-3+b2_amd64.deb >a1d767d398e205af7eefdf9c3785066c3e5de4b0df922dbab9fb80f98b0ab7be >*cdimage/termshark_2.4.0-1+b6_amd64.deb > >#2 ftp.de.debian.org >http://ftp.de.debian.org/debian/pool/main/t/termshark/termshark_2.4.0-1+b6_amd64.deb >http://ftp.de.debian.org/debian/pool/main/c/crowdsec-custom-bouncer/crowdsec-custom-bouncer_0.0.15-3+b2_amd64.deb >5a66c3d47e770f0cba5cf33fe0f24df9810cdab01e1d6421a5a6a41b1049f3f9 >*de/crowdsec-custom-bouncer_0.0.15-3+b2_amd64.deb >575632b72bcc8cc5cf3b6f9e977a23febfa433e17d096b15513744709729 >*de/termshark_2.4.0-1+b6_amd64.deb > >Please fix the broken packages on cdimage.debian.org Thanks for reporting, looking at this now. -- Steve McIntyre, Cambridge, UK.st...@einval.com Who needs computer imagery when you've got Brian Blessed?
Bug#1074346: Trixie and later on i386 will no longer support UEFI Secure Boot
On Thu, Jun 27, 2024 at 02:49:26PM +0200, Paul Gevers wrote: >Hi, > >On 27-06-2024 2:16 p.m., Thorsten Glaser wrote: >> > we no longer have a signed >> > shim. Signed GRUB and fwupd-efi packages will also be removed soon. >> >> Might want to note this on amd64 as well, for those >> 64-bit systems with 32-bit EFI. For the tiny number of such systems that ever existed, it's not likely that many still survive at this point, but... >The release notes are no longer split per architecture, so we just need >proper wording. is definitely the right answer. -- Steve McIntyre, Cambridge, UK.st...@einval.com < Aardvark> I dislike C++ to start with. C++11 just seems to be handing rope-creating factories for users to hang multiple instances of themselves.
Bug#1074346: Trixie and later on i386 will no longer support UEFI Secure Boot
Package: release-notes Severity: normal X-Debbugs-Cc: debian-...@lists.debian.org We need to document that i386 Secure Boot is no longer supported. We no longer have signed kernels, and we no longer have a signed shim. Signed GRUB and fwupd-efi packages will also be removed soon.
Bug#1064102: shim-signed: Shim needs to be updated to latest version for Microsoft Surface devices
Hi! On Sat, Feb 17, 2024 at 11:17:35AM +0100, Valerio Passini wrote: >Package: shim-signed >Version: 1.40+15.7-1 >Severity: normal >Tags: upstream > >Dear Maintainer, > >*** Reporter, please consider answering these questions, where appropriate *** > >I tried to install Debian on a Surface Pro 9, but it doesn't boot even with a >disabled SecureBoot (secured core must be disabled in any case). >In order to have a bootable Linux you need to hack into /efi/boot/debian and >overwrite mmx64.efi with grubx64.efi or even try more exotic actions. >Here you can find a more detailed explanation on this bug and possible working >solutions: >https://github.com/linux-surface/linux-surface/issues/1274 > >[...]The good news is: This issue is fixed on the shim main branch, so once the >distributions update their shim, this issue should disappear. The bad news is, >that it is not possible for us to fix this, since we can't get a signed shim / >MokManager from Microsoft. We're not quite ready (yet) to have an NX-capable boot chain. There's a bit more work needed in GRUB yet. Hopefully soon. -- Steve McIntyre, Cambridge, UK.st...@einval.com "Since phone messaging became popular, the young generation has lost the ability to read or write anything that is longer than one hundred and sixty characters." -- Ignatios Souvatzis
Bug#1074032: nvidia-smi locks up machine with new file descriptor limit
Package: nvidia-smi Version: 535.183.01-1 Severity: normal A couple months ago, I ran "nvidia-smi" command without issue. I ran it again today and the machine simply locked up. Recently, the hard limit of file descriptors was raised for debian: https://lists.debian.org/debian-devel/2024/06/msg00041.html I think nvidia-smi breaks because of this. I lowered the limit using ulimit -Hn 1048576 and now the command again runs without issue. -Steve -- Package-specific info: uname -a: Linux riemann 6.8.12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.8.12-1 (2024-05-31) x86_64 GNU/Linux /proc/version: Linux version 6.8.12-amd64 (debian-ker...@lists.debian.org) (x86_64-linux-gnu-gcc-13 (Debian 13.2.0-25) 13.2.0, GNU ld (GNU Binutils for Debian) 2.42) #1 SMP PREEMPT_DYNAMIC Debian 6.8.12-1 (2024-05-31) /proc/driver/nvidia/version: NVRM version: NVIDIA UNIX x86_64 Kernel Module 535.183.01 Sun May 12 19:39:15 UTC 2024 GCC version: gcc version 13.2.0 (Debian 13.2.0-25) lspci 'display controller [030?]': 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP107 [GeForce GTX 1050 Ti] [10de:1c82] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Micro-Star International Co., Ltd. [MSI] Device [1462:3351] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- Kernel driver in use: nvidia Kernel modules: nvidia dmesg: Device node permissions: crw-rw+ 1 root video 226, 0 Jun 21 21:33 /dev/dri/card0 crw-rw+ 1 root render 226, 128 Jun 21 21:33 /dev/dri/renderD128 crw-rw-rw- 1 root root 195, 254 Jun 21 21:33 /dev/nvidia-modeset crw-rw-rw- 1 root root 237, 0 Jun 21 22:02 /dev/nvidia-uvm crw-rw-rw- 1 root root 237, 1 Jun 21 22:02 /dev/nvidia-uvm-tools crw-rw-rw- 1 root root 195, 0 Jun 21 21:33 /dev/nvidia0 crw-rw-rw- 1 root root 195, 255 Jun 21 21:33 /dev/nvidiactl /dev/dri/by-path: total 0 lrwxrwxrwx 1 root root 8 Jun 21 21:33 pci-:01:00.0-card -> ../card0 lrwxrwxrwx 1 root root 13 Jun 21 21:33 pci-:01:00.0-render -> ../renderD128 /dev/nvidia-caps: total 0 cr 1 root root 240, 1 Jun 21 22:02 nvidia-cap1 cr--r--r-- 1 root root 240, 2 Jun 21 22:02 nvidia-cap2 video:x:44:steve Alternative 'nvidia': nvidia - auto mode link best version is /usr/lib/nvidia/current link currently points to /usr/lib/nvidia/current link nvidia is /usr/lib/nvidia/nvidia slave nvidia--libEGL_nvidia.so.0-i386-linux-gnu is /usr/lib/i386-linux-gnu/libEGL_nvidia.so.0 slave nvidia--libEGL_nvidia.so.0-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libEGL_nvidia.so.0 slave nvidia--libGLESv1_CM_nvidia.so.1-i386-linux-gnu is /usr/lib/i386-linux-gnu/libGLESv1_CM_nvidia.so.1 slave nvidia--libGLESv1_CM_nvidia.so.1-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libGLESv1_CM_nvidia.so.1 slave nvidia--libGLESv2_nvidia.so.2-i386-linux-gnu is /usr/lib/i386-linux-gnu/libGLESv2_nvidia.so.2 slave nvidia--libGLESv2_nvidia.so.2-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libGLESv2_nvidia.so.2 slave nvidia--libGLX_nvidia.so.0-i386-linux-gnu is /usr/lib/i386-linux-gnu/libGLX_nvidia.so.0 slave nvidia--libGLX_nvidia.so.0-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libGLX_nvidia.so.0 slave nvidia--libcuda.so-i386-linux-gnu is /usr/lib/i386-linux-gnu/libcuda.so slave nvidia--libcuda.so-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libcuda.so slave nvidia--libcuda.so.1-i386-linux-gnu is /usr/lib/i386-linux-gnu/libcuda.so.1 slave nvidia--libcuda.so.1-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libcuda.so.1 slave nvidia--libglxserver_nvidia.so is /usr/lib/nvidia/libglxserver_nvidia.so slave nvidia--libnvcuvid.so-i386-linux-gnu is /usr/lib/i386-linux-gnu/libnvcuvid.so slave nvidia--libnvcuvid.so-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libnvcuvid.so slave nvidia--libnvcuvid.so.1-i386-linux-gnu is /usr/lib/i386-linux-gnu/libnvcuvid.so.1 slave nvidia--libnvcuvid.so.1-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libnvcuvid.so.1 slave nvidia--libnvidia-allocator.so.1-i386-linux-gnu is /usr/lib/i386-linux-gnu/libnvidia-allocator.so.1 slave nvidia--libnvidia-allocator.so.1-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libnvidia-allocator.so.1 slave nvidia--libnvidia-cfg.so.1-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/nvidia/libnvidia-cfg.so.1 slave nvidia--libnvidia-encode.so.1-i386-linux-gnu is /usr/lib/i386-linux-gnu/libnvidia-encode.so.1 slave nvidia--libnvidia-ml.so-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libnvidia-ml.so slave nvidia--libnvidia-ml.so.1-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1 slave nvidia--libnvidia-nvvm.so.4-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libnvidia-nvvm.so.4 slave nvidia--libnvidia-nvvm.so.535.183.01-x86_64-linux-gnu is /usr/lib/x86_64-linux-gnu/libnvidia-nvvm.so.535.183
Bug#1070249: bookworm-pu: package python-jwcrypto/1.1.0-1+deb12u1
On Sat, Jun 15, 2024 at 04:07:53PM +0100, Adam Barratt wrote: >Control: tags -1 + confirmed > >On Thu, 2024-05-02 at 18:53 +0100, Steve McIntyre wrote: >> I've backported the upstream fix for CVE-2024-28102 (#1065688) to >> bookworm. It's not considered critical as a security fix by the >> security team, but would still be good to have in bookworm. > >Please go ahead. Done -- Steve McIntyre, Cambridge, UK.st...@einval.com Into the distance, a ribbon of black Stretched to the point of no turning back
Bug#1071693: sbsign should check certificate's expiration
On Thu, May 23, 2024 at 10:27:09PM +0200, Christoph Biedl wrote: >Package: sbsigntool >Version: 0.9.4-3.1+b1 >Severity: normal >X-Debbugs-Cc: debian.a...@manchmal.in-ulm.de > >Greetings, > >it was a bit surprising to learn sbsign will happily sign EFI images >even if the certificate, provided via the --cert parameter, has expired. >While this possibly will not affect functionality, it might still cause >surprising and hard-to-debug issues later. Wow, yes. Thanks for the heads-up and patch. I'll try to get this upstream too. -- Steve McIntyre, Cambridge, UK.st...@einval.com “Rarely is anyone thanked for the work they did to prevent the disaster that didn’t happen.” -- Mikko Hypponen (https://twitter.com/mikko/)
Bug#1056166: systemd-homed: `passwd` fails
On Sun, May 26, 2024 at 07:01:30PM +0100, Luca Boccassi wrote: > Control: tags -1 help > This is the pam config I ship: > # cat /usr/share/pam-configs/systemd-homed > Name: Enable user management by systemd-homed > Default: yes > Priority: 257 > Auth-Type: Primary > Auth: > [success=end default=ignore]pam_systemd_home.so > Account-Type: Primary > Account: > [success=end default=ignore]pam_systemd_home.so > Session-Type: Additional > Session: > optionalpam_systemd_home.so > Password-Type: Primary > Password: > [success=end default=ignore]pam_systemd_home.so > > > For some reason, this results in the following change being applied to > /etc/pam.d/common-password: > > -password [success=1 default=ignore] pam_unix.so obscure yescrypt > +password [success=2 default=ignore] pam_systemd_home.so > +password [success=1 default=ignore] pam_unix.so obscure use_authtok > try_first_pass yescrypt > > The first line is fine, but the second is the issue. > IE, use_authtok try_first_pass are added to pam_unix.so, which break > everything. Removing those manually fix things again. I have no idea > where they are coming from... PAM experts, any idea? The expectation is that when multiple password modules are stacked together via /usr/share/pam-configs, they will interoperate in a way that they will all share a single new password token. The 'try_first_pass use_authtok' arguments are injected by pam-auth-update in support of this. Presumably, in cases that a user does not have a systemd-home setup, the module does not prompt for a new password, thus causing pam_unix to fail because it expects the new password token to already be established in the pam stack (and will not prompt for it again). This behavior is not configurable through pam-auth-update; it is essential that the stack work this way to support password strength checking modules (if the password strength checker says the provided password fails the requirements and therefore does not set the token, it would be a bug for pam_unix (or other backend) to prompt again for a password and allow it to be set. pam_systemd_home would need to be modified to conform to the expected behavior (always prompt for old and new passwords even if not used) in order to be used with pam-auth-update. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: PGP signature
Bug#1069859: atop: Fix atop for 64-bit time_t on arm
On Sun, May 26, 2024 at 06:12:50PM +0200, Marc Haber wrote: > I am not too fond about the suggested patch since it breaks atop on > systems with 32bit time_t, It does not: promoting the time_t to a long long on all architectures before passing it as an argument to the format string is portable to all (existing) architectures. Either sizeof(time_t) == sizeof(long long) and the cast is a no-op, or sizeof(time_t) < sizeof(long long) and this is merely a signed extension operation. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: PGP signature
Bug#1071215: shim-signed 15.8 still on hold. Inconsistencies with shim-helpers-amd64-signed based on 15.8
On Thu, May 16, 2024 at 11:56:19AM +0200, Eric Valette wrote: >Package: shim-signed >Version: 1.40+15.7-1 >Severity: normal > >For about two weeks, shim-helpers-amd64-signed is at version 15.8 >(I have downgraded and put it on hold) but corresponding shim-signed >is apparently blocked and not entering unstable. > >Any rationale? The process of getting a new version of shim-signed is long and complex, and not entirely under our control: 1. Build shim, test the hell out of it. 2. Upload shim, wait for it to build, check that the binary is reproducible. 3. Submit a shim-review issue (or several) at https://github.com/rhboot/shim-review/issues . 4. Upload our binaries to Microsoft's site for signing. 5. Wait for the review (and maybe fix things), potentially multiple passes here. 6. Wait for the signature to come back. 7. Prepare the shim-signed package with the signed binaries, and test like hell. 8. Upload shim-signed. We're currently at step 5. -- Steve McIntyre, Cambridge, UK.st...@einval.com There's no sensation to compare with this Suspended animation, A state of bliss
Bug#996202: EFI Secure Boot for systemd-boot
On Fri, May 10, 2024 at 03:44:35PM +0100, Luca Boccassi wrote: >On Fri, 10 May 2024 at 15:36, Steve McIntyre wrote: >> On Fri, May 10, 2024 at 04:29:00PM +0200, Ansgar 🙀 wrote: >> >> >Maybe we should use a non-trusted cert for the initial setup and only >> >switch to a proper cert once everything is confirmed to be working as >> >expected? >> >> Hmmm, maybe? Luca? > >What do you mean precisely here? A DSA-managed cert used by FTP to >sign but that doesn't chain to the Debian CA? Or to do something >completely local to the systemd-boot package? Exactly the former - we can use a test key for signing systemd-boot to start with. Once we're happy all round, we can switch to a cert in the chain. >I am fine with any approach that lets us move forward, if that needs >to be some intermediate testing stage that's fine by me. Cool. -- Steve McIntyre, Cambridge, UK.st...@einval.com Mature Sporty Personal More Innovation More Adult A Man in Dandism Powered Midship Specialty
Bug#996202: EFI Secure Boot for systemd-boot
On Fri, May 10, 2024 at 04:29:00PM +0200, Ansgar 🙀 wrote: >Hi, > >On Fri, 2024-05-10 at 15:20 +0100, Luca Boccassi wrote: >> On Thu, 04 Apr 2024 20:41:59 +0100 Luca Boccassi >> > On IRC Steve mentioned that he's ok with proceeding with this. >> > jcristau from DSA said that it's the FTP team that should confirm the >> > request >> > for the new intermediate signer cert for systemd-boot to DSA. >> > >> > FTP team, are you ok with proceeding with this? If so, would it be >> > possible to have an ACK, please? Is there any more information required >> > beforehand? > >As long as the security boot people are fine with this, I think this >should be fine. (And AFAIU this seems to be the case.) Yes, I'm happy for us to add this. Please go ahead. >Maybe we should use a non-trusted cert for the initial setup and only >switch to a proper cert once everything is confirmed to be working as >expected? Hmmm, maybe? Luca? Also, while I'm thinking about things... We should probably also move to a new kernel signing cert for unstable/testing now that we've moved to build-time ephemeral keys for the modules. At some point in the future that will let us DBX-block the old kernel signing certificate(s) in a new shim build. Bastian: I'm assuming the ephemeral change is only a thing in testing/unstable? Can we (easily) use a different signer for different releases of the kernel here? In fact, if we're going to generate new keys and certs for the intermediate signers, it might be worth refreshing them all anyway maybe? -- Steve McIntyre, Cambridge, UK.st...@einval.com "Every time you use Tcl, God kills a kitten." -- Malcolm Ray
Bug#1068684: For arm64 -ffp-contract=off helps
Hello, FWIW, adding -ffp-contract=off to CFLAGS and CXXFLAGS appears to fix the build s.t the unit tests on arm64 pass and the package builds successfully. Cheers, -- Steve Capper
Bug#1068170: re: 'rust-apr: FTBFS on non-amd64/mips64el: error[E0308]: arguments to this function are incorrect'
Hello, For info… The signed-ness of char issues have been fixed upstream here: https://github.com/jelmer/apr-rs/commit/9ac891f205cb27a907b52860ce1741e1a5347135 By utilising std::ffi::c_char. Cheers, -- Steve Capper
Bug#1069410: efitools: FTBFS on arm64: make[1]: *** [Make.rules:130: HelloWorld-signed.efi] Error 1
Control: tags -1 +confirmed On Sat, Apr 20, 2024 at 02:01:48PM +0200, Lucas Nussbaum wrote: >Source: efitools >Version: 1.9.2-3 >Severity: serious >Justification: FTBFS >Tags: trixie sid ftbfs >User: lu...@debian.org >Usertags: ftbfs-20240420 ftbfs-trixie ftbfs-t64-arm64 > >Hi, > >During a rebuild of all packages in sid, your package failed to build >on arm64. ... >> Signature at: 40 >> sbsign --key DB.key --cert DB.crt --output HelloWorld-signed.efi >> HelloWorld.efi >> ./cert-to-efi-sig-list -g ----123456789abc PK.crt PK.esl >> Invalid DOS header magic >> make[1]: *** [Make.rules:130: HelloWorld-signed.efi] Error 1 I can reproduce this here. The HelloWorld.efi binary seems to be totally malformed. Digging further... -- Steve McIntyre, Cambridge, UK.st...@einval.com You lock the door And throw away the key There's someone in my head but it's not me
Bug#1070670: bullseye-pu: package shim/15.8-1~deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: debian-...@lists.debian.org This is a new upstream version of shim, built for bullseye. This is needed for better handling of SBAT-based revocations, plus a range of security updates from upstream. [ This is very similar to the bookworm update in #1070660 ] See attached debdiff for the changes. They're not minimal, but in the case of shim we need to be as close to upstream as possible for the sake of getting stuff reviewed and signed. The only local patches to the upstream source now are: * to force SBAT updates to revoke older insecure grub binaries * to allow for building on arm64 with older toolchain (retained from previous bullseye builds) There are some minor changes to packaging to help with review. I've tested locally using CI and also by hand on various machines and all looks good here. Obviously, once this is accepted and autobuilt I'll need to submit things for review and signing elsewhere. Then we'll be want shim-signed updting too. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable shim (15.8-1~deb11u1) bullseye; urgency=medium * New upstream release fixing more bugs * Remove previous patches, no longer needed: + Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now upstream) + Enable-NX.patch (we don't want NX just yet until the whole boot stack is NX-capable) + block-grub-sbat3-debian.patch (not needed now upstream grub SBAT is 4) * Cherry-pick 2 new patches from upstream for grub revocations: + 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch + 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch * Log if the build is nx-compatible or not * Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" * Install a copy of the Debian CA certificate into /usr/share/shim. Closes: #1069054 * Clean up better after build. Closes: #1046268 shim_15.8-1~deb11u1.debdiff.gz Description: application/gzip
Bug#1070660: bookworm-pu: package shim/15.8-1~deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: debian-...@lists.debian.org This is a new upstream version of shim, built for bookworm. This is needed for better handling of SBAT-based revocations, plus a range of security updates from upstream. See attached debdiff for the changes. They're not minimal, but in the case of shim we need to be as close to upstream as possible for the sake of getting stuff reviewed and signed. The only local patches to the upstream source now are to force SBAT updates to revoke older insecure grub binaries. There are some minor changes to packaging to help with review, and to add some autopkgtest stuff. I've tested locally using CI and also by hand on various machines and all looks good here. Obviously, once this is accepted and autobuilt I'll need to submit things for review and signing elsewhere. Then we'll be want shim-signed updting too. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable shim (15.8-1~deb12u1) bookworm; urgency=medium [ Steve McIntyre ] * Cope with changes in pesign packaging. * New upstream release fixing more bugs * Remove all our previous patches, no longer needed: + Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now upstream) + Enable-NX.patch (we don't want NX just yet until the whole boot stack is NX-capable) + block-grub-sbat3-debian.patch (not needed now upstream grub SBAT is 4) * Cherry-pick 2 new patches from upstream for grub revocations: + 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch + 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch * Log if the build is nx-compatible or not * Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" * Install a copy of the Debian CA certificate into /usr/share/shim. Closes: #1069054 * Clean up better after build. Closes: #1046268 [ Bastien Roucariès ] * Port autopkgtest from ubuntu * Import MR-12: "shim-unsigned:amd64 cannot be installed alongside shim-unsigned:i386", thanks to adrian15 adrian15 (Closes: #936009). * Fix debian/watch and check signature shim_15.8-1~deb12u1.debdiff.gz Description: application/gzip
Bug#1065688: [Pkg-freeipa-devel] Bug#1065688: python-jwcrypto: CVE-2024-28102
Hi Timo, On Thu, May 02, 2024 at 09:07:08AM +0300, Timo Aaltonen wrote: >Steve McIntyre kirjoitti 30.4.2024 klo 19.19: >> Hi! >> >> On Fri, Mar 08, 2024 at 10:42:40PM +0100, Salvatore Bonaccorso wrote: >> > Source: python-jwcrypto >> > Version: 1.5.4-1 >> > Severity: important >> > Tags: security upstream >> > X-Debbugs-Cc: car...@debian.org, Debian Security Team >> > >> > >> > Hi, >> > >> > The following vulnerability was published for python-jwcrypto. >> > >> > CVE-2024-28102[0]: >> > | JWCrypto implements JWK, JWS, and JWE specifications using python- >> > | cryptography. Prior to version 1.5.6, an attacker can cause a denial >> > | of service attack by passing in a malicious JWE Token with a high >> > | compression ratio. When the server processes this token, it will >> > | consume a lot of memory and processing time. Version 1.5.6 fixes >> > | this vulnerability by limiting the maximum token length. >> >> We wanted this fixed in Pexip, so I've taken a look at this bug. >> >> The upstream bugfix just needs a small rework so it applies cleanly to >> the version in bookworm. Here's a debdiff for that that in case it's >> useful. > >I've pushed 1.5.6 to sid now, feel free to upload the proposed version for >bookworm, thanks. I've asked the release team to approve, ready to upload when they say so. I've also pushed a bookworm branch and a tag for this release to https://salsa.debian.org/93sam/python-jwcrypto/-/tree/bookworm if you'd like to merge those. -- Steve McIntyre, Cambridge, UK.st...@einval.com Getting a SCSI chain working is perfectly simple if you remember that there must be exactly three terminations: one on one end of the cable, one on the far end, and the goat, terminated over the SCSI chain with a silver-handled knife whilst burning *black* candles. --- Anthony DeBoer
Bug#1070249: bookworm-pu: package python-jwcrypto/1.1.0-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: steve.mcint...@pexip.com, Timo Aaltonen Hi, [ Reason ] I've backported the upstream fix for CVE-2024-28102 (#1065688) to bookworm. It's not considered critical as a security fix by the security team, but would still be good to have in bookworm. Ready to upload if you're happy. Timo is happy for me to upload this - see the conversation in #1065688. [ Impact ] Minor security issue. [ Tests ] The patch comes from upstream, and includes a unit test. [ Risks ] The changes are straightforward, cherry-picked from current upstream and just massaged to fit the older version in bookworm. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The debdiff here just contains trivial metadata changes from my initial debdiff in #1065688 python-jwcrypto (1.1.0-1+deb12u1) bookworm; urgency=medium * Apply and tweak upstream security fix for CVE-2024-28102 Address potential DoS with high compression ratio diff -Nru python-jwcrypto-1.1.0/debian/changelog python-jwcrypto-1.1.0/debian/changelog --- python-jwcrypto-1.1.0/debian/changelog 2022-03-29 08:33:50.0 +0100 +++ python-jwcrypto-1.1.0/debian/changelog 2024-04-26 17:18:31.0 +0100 @@ -1,3 +1,10 @@ +python-jwcrypto (1.1.0-1+deb12u1) bookworm; urgency=medium + + * Apply and tweak upstream security fix for CVE-2024-28102 +Address potential DoS with high compression ratio + + -- Steve McIntyre <93...@debian.org> Fri, 26 Apr 2024 17:18:31 +0100 + python-jwcrypto (1.1.0-1) unstable; urgency=medium * New upstream release. diff -Nru python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch --- python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch 1970-01-01 01:00:00.0 +0100 +++ python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch 2024-04-26 17:18:31.0 +0100 @@ -0,0 +1,72 @@ +commit 90477a3b6e73da69740e00b8161f53fea19b831f +Author: Simo Sorce +Date: Tue Mar 5 16:57:17 2024 -0500 + +Address potential DoS with high compression ratio + +Fixes CVE-2024-28102 + +Signed-off-by: Simo Sorce + +Index: os-python-jwcrypto/jwcrypto/jwe.py +=== +--- os-python-jwcrypto.orig/jwcrypto/jwe.py os-python-jwcrypto/jwcrypto/jwe.py +@@ -9,6 +9,9 @@ from jwcrypto.common import base64url_de + from jwcrypto.common import json_decode, json_encode + from jwcrypto.jwa import JWA + ++# Limit the amount of data we are willing to decompress by default. ++default_max_compressed_size = 256 * 1024 ++ + + # RFC 7516 - 4.1 + # name: (description, supported?) +@@ -387,6 +390,10 @@ class JWE: + + compress = jh.get('zip', None) + if compress == 'DEF': ++if len(data) > default_max_compressed_size: ++raise InvalidJWEData( ++'Compressed data exceeds maximum allowed' ++'size' + f' ({default_max_compressed_size})') + self.plaintext = zlib.decompress(data, -zlib.MAX_WBITS) + elif compress is None: + self.plaintext = data +Index: os-python-jwcrypto/jwcrypto/tests.py +=== +--- os-python-jwcrypto.orig/jwcrypto/tests.py os-python-jwcrypto/jwcrypto/tests.py +@@ -1716,6 +1716,32 @@ class ConformanceTests(unittest.TestCase + check.decrypt(key) + self.assertEqual(check.payload, b'plain') + ++def test_jwe_decompression_max(self): ++key = jwk.JWK(kty='oct', k=base64url_encode(b'A' * (128 // 8))) ++payload = '{"u": "' + "u" * 4 + '", "uu":"' \ +++ "u" * 4 + '"}' ++protected_header = { ++"alg": "A128KW", ++"enc": "A128GCM", ++"typ": "JWE", ++"zip": "DEF", ++} ++enc = jwe.JWE(payload.encode('utf-8'), ++ recipient=key, ++ protected=protected_header).serialize(compact=True) ++with self.assertRaises(jwe.InvalidJWEData): ++check = jwe.JWE() ++check.deserialize(enc) ++check.decrypt(key) ++ ++defmax = jwe.default_max_compressed_size ++jwe.default_max_compressed_size = 10 ++# ensure we can eraise the limit and decrypt ++check = jwe.JWE() ++check.deserialize(enc) ++c
Bug#1070133: Patches for these two bugs
On Thu, May 02, 2024 at 08:09:46AM -0400, Stefano Rivera wrote: >Control: tag 1070133 +pending >Control: tag 1070135 +pending > >Hi Steve (2024.05.01_06:07:10_-0400) > >Thanks for the patches, backported some more security patches and filed >a bookworm-pu request (#1070232). Lovely. :-) -- Steve McIntyre, Cambridge, UK.st...@einval.com Armed with "Valor": "Centurion" represents quality of Discipline, Honor, Integrity and Loyalty. Now you don't have to be a Caesar to concord the digital world while feeling safe and proud.
Bug#1070133: Patches for these two bugs
Control: tag 1070133 +patch Control: tag 1070135 +patch Here's a debdiff against what's already in 3.11.2-6+deb12u1 in -proposed-updates -- Steve McIntyre, Cambridge, UK.st...@einval.com < sladen> I actually stayed in a hotel and arrived to find a post-it note stuck to the mini-bar saying "Paul: This fridge and fittings are the correct way around and do not need altering" diff -Nru python3.11-3.11.2/debian/changelog python3.11-3.11.2/debian/changelog --- python3.11-3.11.2/debian/changelog 2024-03-02 20:28:50.0 + +++ python3.11-3.11.2/debian/changelog 2024-04-26 16:10:48.0 +0100 @@ -1,3 +1,14 @@ +python3.11 (3.11.2-6+deb12u2) bookworm; urgency=medium + + * Apply upstream security fix for CVE-2024-0450 +Protect zipfile from "quoted-overlap" zipbomb. +Closes: #1070133 + * Apply and tweak upstream security fix for CVE-2023-6597 +tempfile.TemporaryDirectory: fix symlink bug in cleanup +Closes: #1070135 + + -- Steve McIntyre Fri, 26 Apr 2024 16:10:48 +0100 + python3.11 (3.11.2-6+deb12u1) bookworm; urgency=medium [ Anders Kaseorg ] diff -Nru python3.11-3.11.2/debian/patches/CVE-2023-6597.patch python3.11-3.11.2/debian/patches/CVE-2023-6597.patch --- python3.11-3.11.2/debian/patches/CVE-2023-6597.patch1970-01-01 01:00:00.0 +0100 +++ python3.11-3.11.2/debian/patches/CVE-2023-6597.patch2024-04-26 16:10:48.0 +0100 @@ -0,0 +1,202 @@ +commit 5585334d772b253a01a6730e8202ffb1607c3d25 +Author: Serhiy Storchaka +Date: Thu Dec 7 18:37:10 2023 +0200 + +[3.11] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930) (GH-112839) + +(cherry picked from commit 81c16cd94ec38d61aa478b9a452436dc3b1b524d) + +Co-authored-by: Søren Løvborg + +diff --git a/Lib/tempfile.py b/Lib/tempfile.py +index aace11fa7b..f59a63a7b4 100644 +--- a/Lib/tempfile.py b/Lib/tempfile.py +@@ -270,6 +270,22 @@ def _mkstemp_inner(dir, pre, suf, flags, output_type): + raise FileExistsError(_errno.EEXIST, + "No usable temporary file name found") + ++def _dont_follow_symlinks(func, path, *args): ++# Pass follow_symlinks=False, unless not supported on this platform. ++if func in _os.supports_follow_symlinks: ++func(path, *args, follow_symlinks=False) ++elif _os.name == 'nt' or not _os.path.islink(path): ++func(path, *args) ++ ++def _resetperms(path): ++try: ++chflags = _os.chflags ++except AttributeError: ++pass ++else: ++_dont_follow_symlinks(chflags, path, 0) ++_dont_follow_symlinks(_os.chmod, path, 0o700) ++ + + # User visible interfaces. + +@@ -863,17 +879,10 @@ def __init__(self, suffix=None, prefix=None, dir=None, + def _rmtree(cls, name, ignore_errors=False): + def onerror(func, path, exc_info): + if issubclass(exc_info[0], PermissionError): +-def resetperms(path): +-try: +-_os.chflags(path, 0) +-except AttributeError: +-pass +-_os.chmod(path, 0o700) +- + try: + if path != name: +-resetperms(_os.path.dirname(path)) +-resetperms(path) ++_resetperms(_os.path.dirname(path)) ++_resetperms(path) + + try: + _os.unlink(path) +diff --git a/Lib/test/test_tempfile.py b/Lib/test/test_tempfile.py +index 1242ec7e3c..675edc8de9 100644 +--- a/Lib/test/test_tempfile.py b/Lib/test/test_tempfile.py +@@ -1565,6 +1565,103 @@ def test_cleanup_with_symlink_to_a_directory(self): + "were deleted") + d2.cleanup() + ++@os_helper.skip_unless_symlink ++def test_cleanup_with_symlink_modes(self): ++# cleanup() should not follow symlinks when fixing mode bits (#91133) ++with self.do_create(recurse=0) as d2: ++file1 = os.path.join(d2, 'file1') ++open(file1, 'wb').close() ++dir1 = os.path.join(d2, 'dir1') ++os.mkdir(dir1) ++for mode in range(8): ++mode <<= 6 ++with self.subTest(mode=format(mode, '03o')): ++def test(target, target_is_directory): ++d1 = self.do_create(recurse=0) ++symlink = os.path.join(d1.name, 'symlink') ++os.symlink(target, symlink, ++target_is_directory=target_is_directory) ++try: ++os.chmod(symlink, mode, follow_symlinks=False) ++except NotImplementedError: ++pass ++
Bug#1070135: Acknowledgement (tempfile.TemporaryDirectory: symlink bug in cleanup (CVE-2023-6597))
Control: fixed 1070135 3.11.8-1 On Tue, Apr 30, 2024 at 05:45:04PM +, Debian Bug Tracking System wrote: >Thank you for filing a new Bug report with Debian. > >You can follow progress on this Bug here: 1070135: >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070135. > >This is an automatically generated reply to let you know your message >has been received. > >Your message is being forwarded to the package maintainers and other >interested parties for their attention; they will reply in due course. > >As you requested using X-Debbugs-CC, your message was also forwarded to > steve.mcint...@pexip.com, debian security team >(after having been given a Bug report number, if it did not have one). > >Your message has been sent to the package maintainer(s): > Matthias Klose > >If you wish to submit further information on this problem, please >send it to 1070...@bugs.debian.org. > >Please do not send mail to ow...@bugs.debian.org unless you wish >to report a problem with the Bug-tracking system. > >-- >1070135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070135 >Debian Bug Tracking System >Contact ow...@bugs.debian.org with problems > -- Steve McIntyre, Cambridge, UK.st...@einval.com "C++ ate my sanity" -- Jon Rabone
Bug#1070135: tempfile.TemporaryDirectory: symlink bug in cleanup (CVE-2023-6597)
Source: python3.11 Version: 3.11.2-6 Severity: minor Tags: security upstream X-Debbugs-Cc: steve.mcint...@pexip.com, Debian Security Team Quoting https://security-tracker.debian.org/tracker/CVE-2023-6597: An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Upstream have a patch for this, against 3.11.8. It's not too hard to backport - I'll attach the tweaked patch shortly. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-20-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debconf-show failed
Bug#1070133: Acknowledgement (python 3.11 zipbomb attack (CVE-2024-0450))
Control: fixed 1070133 3.11.8-1 On Tue, Apr 30, 2024 at 05:24:04PM +, Debian Bug Tracking System wrote: >Thank you for filing a new Bug report with Debian. > >You can follow progress on this Bug here: 1070133: >https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070133. > >This is an automatically generated reply to let you know your message >has been received. > >Your message is being forwarded to the package maintainers and other >interested parties for their attention; they will reply in due course. > >As you requested using X-Debbugs-CC, your message was also forwarded to > debian security team >(after having been given a Bug report number, if it did not have one). > >Your message has been sent to the package maintainer(s): > Matthias Klose > >If you wish to submit further information on this problem, please >send it to 1070...@bugs.debian.org. > >Please do not send mail to ow...@bugs.debian.org unless you wish >to report a problem with the Bug-tracking system. > >-- >1070133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070133 >Debian Bug Tracking System >Contact ow...@bugs.debian.org with problems > -- Steve McIntyre, Cambridge, UK.st...@einval.com You raise the blade, you make the change... You re-arrange me 'til I'm sane...
Bug#1070133: python 3.11 zipbomb attack (CVE-2024-0450)
Source: python3.11 Version: 3.11.2-6 Severity: important Tags: upstream security X-Debbugs-Cc: Debian Security Team Quoting https://security-tracker.debian.org/tracker/CVE-2024-0450: An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. Upstream have a patch for this, against 3.11.8. It's not too hard to backport - I'll attach the tweaked patch shortly. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-20-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debconf-show failed
Bug#1059007: python-asyncssh: CVE-2023-48795
Hi! On Tue, Dec 19, 2023 at 09:31:00AM +0100, Salvatore Bonaccorso wrote: >Source: python-asyncssh >Version: 2.10.1-2 >Severity: important >Tags: security upstream >X-Debbugs-Cc: car...@debian.org, Debian Security Team > > >Hi, > >The following vulnerability was published for python-asyncssh. > >CVE-2023-48795[0]: >| The SSH transport protocol with certain OpenSSH extensions, found in >| OpenSSH before 9.6 and other products, allows remote attackers to >| bypass integrity checks such that some packets are omitted (from the >| extension negotiation message), and a client and server may >| consequently end up with a connection for which some security >| features have been downgraded or disabled, aka a Terrapin attack. >| This occurs because the SSH Binary Packet Protocol (BPP), >| implemented by these extensions, mishandles the handshake phase and >| mishandles use of sequence numbers. For example, there is an >| effective attack against SSH's use of ChaCha20-Poly1305 (and CBC >| with Encrypt-then-MAC). The bypass occurs in >| chacha20-poly1...@openssh.com and (if CBC is used) the >| -e...@openssh.com MAC algorithms. This also affects Maverick Synergy >| Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh >| before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before >| 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and >| libssh2 through 1.11.0; and there could be effects on Bitvise SSH >| through 9.31. We wanted this fixed in Pexip, so I've taken a look at this bug. The upstream bugfix just needs a small rework so it applies cleanly to the version in bookworm. Here's a debdiff for that that in case it's useful. -- Steve McIntyre, Cambridge, UK.st...@einval.com Into the distance, a ribbon of black Stretched to the point of no turning back diff -Nru python-asyncssh-2.10.1/debian/changelog python-asyncssh-2.10.1/debian/changelog --- python-asyncssh-2.10.1/debian/changelog 2022-12-22 03:54:16.0 + +++ python-asyncssh-2.10.1/debian/changelog 2024-04-29 11:45:47.0 +0100 @@ -1,3 +1,11 @@ +python-asyncssh (2.10.1-2+deb12u1) bookworm; urgency=medium + + * Apply and tweak upstream security fix for CVE-2023-48795 + Implement "strict kex" support to harden AsyncSSH against Terrapin +Attack. Closes: #1059007 + + -- Steve McIntyre Mon, 29 Apr 2024 11:45:47 +0100 + python-asyncssh (2.10.1-2) unstable; urgency=medium * Team Upload. diff -Nru python-asyncssh-2.10.1/debian/patches/CVE-2023-48795.patch python-asyncssh-2.10.1/debian/patches/CVE-2023-48795.patch --- python-asyncssh-2.10.1/debian/patches/CVE-2023-48795.patch 1970-01-01 01:00:00.0 +0100 +++ python-asyncssh-2.10.1/debian/patches/CVE-2023-48795.patch 2024-04-29 11:45:47.0 +0100 @@ -0,0 +1,382 @@ +commit 0bc73254f41acb140187e0c89606311f88de5b7b +Author: Ron Frederick +Date: Mon Dec 18 07:41:57 2023 -0800 + +Implement "strict kex" support to harden AsyncSSH against Terrapin Attack + +This commit implements "strict kex" support and other countermeasures to +protect against the Terrapin Attack described in CVE-2023-48795. Thanks +once again go to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for +identifying and reporting this vulnerability and providing detailed +analysis and suggestions about proposed fixes. + +Index: b/asyncssh/connection.py +=== +--- a/asyncssh/connection.py b/asyncssh/connection.py +@@ -810,6 +810,7 @@ class SSHConnection(SSHPacketHandler, as + self._kexinit_sent = False + self._kex_complete = False + self._ignore_first_kex = False ++self._strict_kex = False + + self._gss: Optional[GSSBase] = None + self._gss_kex = False +@@ -1343,10 +1344,13 @@ class SSHConnection(SSHPacketHandler, as + (alg_type, b','.join(local_algs).decode('ascii'), + b','.join(remote_algs).decode('ascii'))) + +-def _get_ext_info_kex_alg(self) -> List[bytes]: +-"""Return the kex alg to add if any to request extension info""" ++def _get_extra_kex_algs(self) -> List[bytes]: ++"""Return the extra kex algs to add""" + +-return [b'ext-info-c' if self.is_client() else b'ext-info-s'] ++if self.is_client(): ++return [b'ext-info-c', b'kex-strict-c-...@openssh.com'] ++else: ++return [b'ext-info-s', b'kex-strict-s-...@openssh.com'] + + def _send(self, data: bytes) -> None: + """Send data to the SSH connection""" +@@ -1487,6 +1491,11 @@ class SSHConnection(
Bug#1065688: python-jwcrypto: CVE-2024-28102
Hi! On Fri, Mar 08, 2024 at 10:42:40PM +0100, Salvatore Bonaccorso wrote: >Source: python-jwcrypto >Version: 1.5.4-1 >Severity: important >Tags: security upstream >X-Debbugs-Cc: car...@debian.org, Debian Security Team > > >Hi, > >The following vulnerability was published for python-jwcrypto. > >CVE-2024-28102[0]: >| JWCrypto implements JWK, JWS, and JWE specifications using python- >| cryptography. Prior to version 1.5.6, an attacker can cause a denial >| of service attack by passing in a malicious JWE Token with a high >| compression ratio. When the server processes this token, it will >| consume a lot of memory and processing time. Version 1.5.6 fixes >| this vulnerability by limiting the maximum token length. We wanted this fixed in Pexip, so I've taken a look at this bug. The upstream bugfix just needs a small rework so it applies cleanly to the version in bookworm. Here's a debdiff for that that in case it's useful. -- Steve McIntyre, Cambridge, UK.st...@einval.com Can't keep my eyes from the circling sky, Tongue-tied & twisted, Just an earth-bound misfit, I... diff -Nru python-jwcrypto-1.1.0/debian/changelog python-jwcrypto-1.1.0/debian/changelog --- python-jwcrypto-1.1.0/debian/changelog 2022-03-29 08:33:50.0 +0100 +++ python-jwcrypto-1.1.0/debian/changelog 2024-04-26 17:18:31.0 +0100 @@ -1,3 +1,10 @@ +python-jwcrypto (1.1.0-1+deb12u1) unstable; urgency=medium + + * Apply and tweak upstream security fix for CVE-2024-28102 +Address potential DoS with high compression ratio + + -- Steve McIntyre Fri, 26 Apr 2024 17:18:31 +0100 + python-jwcrypto (1.1.0-1) unstable; urgency=medium * New upstream release. diff -Nru python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch --- python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch 1970-01-01 01:00:00.0 +0100 +++ python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch 2024-04-26 17:18:31.0 +0100 @@ -0,0 +1,72 @@ +commit 90477a3b6e73da69740e00b8161f53fea19b831f +Author: Simo Sorce +Date: Tue Mar 5 16:57:17 2024 -0500 + +Address potential DoS with high compression ratio + +Fixes CVE-2024-28102 + +Signed-off-by: Simo Sorce + +Index: os-python-jwcrypto/jwcrypto/jwe.py +=== +--- os-python-jwcrypto.orig/jwcrypto/jwe.py os-python-jwcrypto/jwcrypto/jwe.py +@@ -9,6 +9,9 @@ from jwcrypto.common import base64url_de + from jwcrypto.common import json_decode, json_encode + from jwcrypto.jwa import JWA + ++# Limit the amount of data we are willing to decompress by default. ++default_max_compressed_size = 256 * 1024 ++ + + # RFC 7516 - 4.1 + # name: (description, supported?) +@@ -387,6 +390,10 @@ class JWE: + + compress = jh.get('zip', None) + if compress == 'DEF': ++if len(data) > default_max_compressed_size: ++raise InvalidJWEData( ++'Compressed data exceeds maximum allowed' ++'size' + f' ({default_max_compressed_size})') + self.plaintext = zlib.decompress(data, -zlib.MAX_WBITS) + elif compress is None: + self.plaintext = data +Index: os-python-jwcrypto/jwcrypto/tests.py +=== +--- os-python-jwcrypto.orig/jwcrypto/tests.py os-python-jwcrypto/jwcrypto/tests.py +@@ -1716,6 +1716,32 @@ class ConformanceTests(unittest.TestCase + check.decrypt(key) + self.assertEqual(check.payload, b'plain') + ++def test_jwe_decompression_max(self): ++key = jwk.JWK(kty='oct', k=base64url_encode(b'A' * (128 // 8))) ++payload = '{"u": "' + "u" * 4 + '", "uu":"' \ +++ "u" * 4 + '"}' ++protected_header = { ++"alg": "A128KW", ++"enc": "A128GCM", ++"typ": "JWE", ++"zip": "DEF", ++} ++enc = jwe.JWE(payload.encode('utf-8'), ++ recipient=key, ++ protected=protected_header).serialize(compact=True) ++with self.assertRaises(jwe.InvalidJWEData): ++check = jwe.JWE() ++check.deserialize(enc) ++check.decrypt(key) ++ ++defmax = jwe.default_max_compressed_size ++jwe.default_max_compressed_size = 10 ++# ensure we can eraise the limit and decrypt ++check = jwe.JWE() ++check.deserialize(enc) ++check.decrypt(key) ++jwe.default_max_compressed_size = def
Bug#1068035: FTBFS: wrong --link-doc target
Package: mdbtools Version: 1.0.0+dfsg-1.2 Followup-For: Bug #1068035 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Hi Jean-Michel, I am unclear how there are binaries in the archive for mdbtools 1.0.0+dfsg-1.2, given this bug is present there and affects all architectures. Nevertheless, the fix for the problem is attached. As this is fallout from the time_t transition, I am uploading a 0-day NMU to correct the issue. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru mdbtools-1.0.0+dfsg/debian/rules mdbtools-1.0.0+dfsg/debian/rules --- mdbtools-1.0.0+dfsg/debian/rules2023-04-03 05:46:44.0 -0700 +++ mdbtools-1.0.0+dfsg/debian/rules2024-04-22 22:55:55.0 -0700 @@ -8,5 +8,5 @@ dh_auto_configure -- --with-unixodbc=/usr override_dh_installdocs: - dh_installdocs --no-package=mdbtools-doc --link-doc=libmdb3 + dh_installdocs --no-package=mdbtools-doc --link-doc=libmdb3t64 dh_installdocs --package=mdbtools-doc
Bug#1069920: libtimezonemap: fixed-up port to libsoup3
Package: libtimezonemap Version: 0.4.6-6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Dear maintainers, Because webkit2gtk has now moved to libsoup3, and because we have reverse-dependencies that require both libtimezonemap and webkit2gtk, I have done the work in Ubuntu to fix up the port of libtimezonemap to libsoup3. This has been confirmed to work in the timezone picker in oem-config as used on our Ubuntu images for Raspberry Pi and has shipped in Ubuntu 24.04 LTS. Please consider including this revised patch in Debian. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru libtimezonemap-0.4.6/debian/control libtimezonemap-0.4.6/debian/control --- libtimezonemap-0.4.6/debian/control 2024-03-30 19:18:27.0 -0700 +++ libtimezonemap-0.4.6/debian/control 2024-04-08 16:33:09.0 -0700 @@ -19,7 +19,7 @@ libgtk-3-dev (>= 3.1.4), libcairo2-dev (>= 1.10), libjson-glib-dev, - libsoup2.4-dev + libsoup-3.0-dev (>= 3.0.7) Standards-Version: 4.6.2 Homepage: https://launchpad.net/timezonemap Vcs-Browser: https://salsa.debian.org/cinnamon-team/libtimezonemap diff -Nru libtimezonemap-0.4.6/debian/patches/port-to-libsoup3.patch libtimezonemap-0.4.6/debian/patches/port-to-libsoup3.patch --- libtimezonemap-0.4.6/debian/patches/port-to-libsoup3.patch 2023-06-20 23:54:22.0 -0700 +++ libtimezonemap-0.4.6/debian/patches/port-to-libsoup3.patch 2024-04-08 16:31:23.0 -0700 @@ -5,11 +5,11 @@ Forwarded: not-yet Last-Update: 2022-08-06 --- -diff --git a/configure.ac b/configure.ac -index 3f74dae..4e90e64 100644 a/configure.ac -+++ b/configure.ac -@@ -50,13 +50,13 @@ GDK_REQUIRED_VERSION=2.22 +Index: libtimezonemap/configure.ac +=== +--- libtimezonemap.orig/configure.ac libtimezonemap/configure.ac +@@ -50,13 +50,13 @@ GLIB_REQUIRED_VERSION=2.26 GTK3_REQUIRED_VERSION=3.1.4 GIO_REQUIRED_VERSION=2.5.11 @@ -25,23 +25,24 @@ json-glib-1.0) LIBTIMEZONEMAP_LIBS="$LIBTIMEZONEMAP_LIBS $LIBM" -diff --git a/src/timezone-completion.c b/src/timezone-completion.c -index d310235..6971ae9 100644 a/src/timezone-completion.c -+++ b/src/timezone-completion.c -@@ -271,8 +271,10 @@ geonames_data_ready (GObject *object, GAsyncResult *res, gpointer user_data) +Index: libtimezonemap/src/timezone-completion.c +=== +--- libtimezonemap.orig/src/timezone-completion.c libtimezonemap/src/timezone-completion.c +@@ -270,9 +270,10 @@ + CcTimezoneCompletionPrivate * priv = completion->priv; GError * error = NULL; GInputStream * stream; - SoupMessage *message; +- SoupMessage *message; + const gchar * reason_phrase; + SoupStatus status_code; - stream = soup_request_send_finish (SOUP_REQUEST (object), res, &error); -+ stream = soup_session_send_finish (SOUP_SESSION (object), res, &error); ++ stream = soup_session_send_finish (priv->soup_session, res, &error); if (stream == NULL) { if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) -@@ -283,8 +285,9 @@ geonames_data_ready (GObject *object, GAsyncResult *res, gpointer user_data) +@@ -283,8 +284,9 @@ return; } @@ -53,7 +54,7 @@ { JsonParser *parser; -@@ -296,7 +299,7 @@ geonames_data_ready (GObject *object, GAsyncResult *res, gpointer user_data) +@@ -296,10 +298,10 @@ else { g_warning ("Unable to fetch geonames (server responded with: %u %s)", @@ -61,8 +62,12 @@ + status_code, reason_phrase); } - g_object_unref (message); -@@ -362,7 +365,7 @@ static gboolean +- g_object_unref (message); ++ g_object_unref (object); + g_object_unref (stream); + } + +@@ -362,7 +364,7 @@ request_zones (CcTimezoneCompletion * completion) { CcTimezoneCompletionPrivate * priv = completion->priv; @@ -71,28 +76,17 @@ GError *error = NULL; priv->queued_request = 0; -@@ -388,13 +391,14 @@ request_zones (CcTimezoneCompletion * completion) - gchar * version = get_version (); - gchar * locale = get_locale (); - gchar * url = g_strdup_printf (GEONAME_URL, escaped, version, locale); -+ GAsyncResult * res; +@@ -391,10 +393,11 @@ g_free (locale); g_free (escaped); - req = soup_session_request (priv->soup_session, url, &error); -+ req = soup_message_new_from_uri (NULL, (GUri *) url); ++ req = soup_message_new (NULL, url); if (req) { - soup_request_sen
Bug#1015476: libbpp-qt: ftbfs with LTO (link time optimization) enabled
Package: libbpp-qt Version: 2.4.1-9.1 Followup-For: Bug #1015476 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Dear maintainers, This build failure is reproducible in Ubuntu, where LTO is enabled by default on amd64. The attached patch was sufficient to fix the build failure there, and I expect will be sufficient to fix it in Debian with LTO enabled, as well. Thanks for considering, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru libbpp-qt-2.4.1/debian/libbpp-qt2t64.symbols.amd64 libbpp-qt-2.4.1/debian/libbpp-qt2t64.symbols.amd64 --- libbpp-qt-2.4.1/debian/libbpp-qt2t64.symbols.amd64 2024-02-29 07:30:55.0 -0800 +++ libbpp-qt-2.4.1/debian/libbpp-qt2t64.symbols.amd64 2024-04-11 22:54:36.0 -0700 @@ -264,7 +264,7 @@ _ZN5QListI7QStringED2Ev@Base 2.4.1 _ZN5QListIP13QGraphicsItemED1Ev@Base 2.4.1 _ZN5QListIP13QGraphicsItemED2Ev@Base 2.4.1 - _ZN5QListIP15QAbstractButtonE6detachEv@Base 2.4.1 + (optional)_ZN5QListIP15QAbstractButtonE6detachEv@Base 2.4.1 _ZN5QListIP15QAbstractButtonED1Ev@Base 2.4.1 _ZN5QListIP15QAbstractButtonED2Ev@Base 2.4.1 _ZN5QListIP17QGraphicsTextItemE18detach_helper_growEii@Base 2.4.1 @@ -273,7 +273,7 @@ _ZN7QStringC2EPKc@Base 2.4.1 _ZN7QStringD1Ev@Base 2.4.1 _ZN7QStringD2Ev@Base 2.4.1 - _ZN9QtPrivate8RefCount5derefEv@Base 2.4.1 + (optional)_ZN9QtPrivate8RefCount5derefEv@Base 2.4.1 _ZNK3bpp10TreeCanvas10metaObjectEv@Base 2.4.1 _ZNK3bpp10TreeCanvas12drawingWidthEv@Base 2.4.1 _ZNK3bpp10TreeCanvas13drawingHeightEv@Base 2.4.1
Bug#1062071: genometools: NMU diff for 64-bit time_t transition
Dear maintainers, There was a hard-coded test dependency on libgenometools0 in debian/tests/control which prevents this package from being able to migrate to testing. There is no need to hard-code a dependency on the runtime lib given that there is already a test dependency on libgenometools-dev. I am uploading a follow-up 0-day NMU to fix this outstanding issue from the time_t transition. Please find attached a comprehensive NMU debdiff. On Wed, Feb 28, 2024 at 04:30:06PM +, Steve Langasek wrote: > Dear maintainer, > > Please find attached a final version of this patch for the time_t > transition. This patch is being uploaded to unstable. > > Note that this adds a versioned build-dependency on dpkg-dev, to guard > against accidental backports with a wrong ABI. > > Thanks! > > > -- System Information: > Debian Release: trixie/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT) > Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE > Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > diff -Nru genometools-1.6.5+ds/debian/changelog > genometools-1.6.5+ds/debian/changelog > --- genometools-1.6.5+ds/debian/changelog 2023-10-25 22:08:09.0 > + > +++ genometools-1.6.5+ds/debian/changelog 2024-02-28 16:25:48.0 > + > @@ -1,3 +1,10 @@ > +genometools (1.6.5+ds-2.1) unstable; urgency=medium > + > + * Non-maintainer upload. > + * Rename libraries for 64-bit time_t transition. Closes: #1062071 > + > + -- Steve Langasek Wed, 28 Feb 2024 16:25:48 + > + > genometools (1.6.5+ds-2) unstable; urgency=medium > >* Facilitate building twice from the same source directory. > diff -Nru genometools-1.6.5+ds/debian/control > genometools-1.6.5+ds/debian/control > --- genometools-1.6.5+ds/debian/control 2023-09-19 21:22:02.0 > + > +++ genometools-1.6.5+ds/debian/control 2024-02-28 16:25:48.0 > + > @@ -4,7 +4,7 @@ > Andreas Tille > Section: science > Priority: optional > -Build-Depends: debhelper (>= 13), > +Build-Depends: dpkg-dev (>= 1.22.5), debhelper (>= 13), > debhelper-compat (= 13), > dh-python, > liblua5.1-0-dev, > @@ -70,7 +70,10 @@ > transformations, style files, etc. required to use the GenomeTools > executable and/or library. > > -Package: libgenometools0 > +Package: libgenometools0t64 > +Provides: ${t64:Provides} > +Replaces: libgenometools0 > +Breaks: libgenometools0 (<< ${source:Version}) > Architecture: any > Section: libs > Depends: ${shlibs:Depends}, > @@ -91,7 +94,7 @@ > Section: libdevel > Depends: ${shlibs:Depends}, > ${misc:Depends}, > - libgenometools0 (= ${binary:Version}) > + libgenometools0t64 (= ${binary:Version}) > Description: development files for GenomeTools > This package contains the GenomeTools static library and necessary > header files. > @@ -118,7 +121,7 @@ > Depends: ${shlibs:Depends}, > ${misc:Depends}, > ${python3:Depends}, > - libgenometools0 > + libgenometools0t64 > Description: Python3 bindings for genometools > Partial Python3 bindings for the GenomeTools library. Besides basic > bioinformatics data structures, the library contains components for sequence > diff -Nru genometools-1.6.5+ds/debian/libgenometools0.install > genometools-1.6.5+ds/debian/libgenometools0.install > --- genometools-1.6.5+ds/debian/libgenometools0.install 2023-09-19 > 21:22:02.0 + > +++ genometools-1.6.5+ds/debian/libgenometools0.install 1970-01-01 > 00:00:00.0 + > @@ -1 +0,0 @@ > -lib/libgenometools.so.0 usr/lib > diff -Nru genometools-1.6.5+ds/debian/libgenometools0t64.install > genometools-1.6.5+ds/debian/libgenometools0t64.install > --- genometools-1.6.5+ds/debian/libgenometools0t64.install1970-01-01 > 00:00:00.0 + > +++ genometools-1.6.5+ds/debian/libgenometools0t64.install2023-09-19 > 21:22:02.0 + > @@ -0,0 +1 @@ > +lib/libgenometools.so.0 usr/lib > diff -Nru genometools-1.6.5+ds/debian/libgenometools0t64.lintian-overrides > genometools-1.6.5+ds/debian/libgenometools0t64.lintian-overrides > --- genometools-1.6.5+ds/debian/libgenometools0t64.lintian-overrides > 1970-01-01 00:00:00.0 + > +++ genometools-1.6.5+ds/debian/libgenometools0t64.lintian-overrides > 2024-02-28 16:15:24.0 +00
Bug#1069915: file: wrong Breaks/Replaces in libmagic-mgc
Package: file Version: 5.45-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu ubuntu-patch Hi Christoph, The time_t transition automation scripts incorrectly changed the versioned Breaks/Replaces against old libmagic1 to point to libmagic1t64, which clearly never had a package version (<< 1:5.28-4~). The attached patch fixes this mistake, although since the version in oldoldstable is 1:5.35-4+deb10u2, perhaps you would prefer to drop the fields instead. Regards, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru file-5.45/debian/control file-5.45/debian/control --- file-5.45/debian/control2024-03-01 09:30:02.0 -0800 +++ file-5.45/debian/control2024-03-22 11:54:36.0 -0700 @@ -50,9 +50,9 @@ Architecture: any Depends: ${misc:Depends}, Breaks: -libmagic1t64 (<< 1:5.28-4~), +libmagic1 (<< 1:5.28-4~), Replaces: -libmagic1t64 (<< 1:5.28-4~), +libmagic1 (<< 1:5.28-4~), Section: libs Priority: optional Multi-Arch: foreign
Bug#1069910: ecl: FTBFS with LTO
Package: ecl Version: 21.2.1+ds-4.1 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu ubuntu-patch Dear maintainers, ecl fails to build when LTO is enabled, basically hanging indefinitely until hitting a timeout and being killed. https://launchpad.net/ubuntu/+source/ecl/21.2.1+ds-4.1/+build/27828342 LTO is enabled by default in Ubuntu, so we have worked around this there by disabling LTO as in the attached patch. LTO is not enabled by default in Debian, however there have been discussions about doing so. Therefore you may want to consider applying the attached patch in Debian as well, to future-proof the package against toolchain changes. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru ecl-21.2.1+ds/debian/rules ecl-21.2.1+ds/debian/rules --- ecl-21.2.1+ds/debian/rules 2021-12-04 11:51:55.0 -0800 +++ ecl-21.2.1+ds/debian/rules 2024-03-27 22:26:54.0 -0700 @@ -3,6 +3,8 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS=optimize=-lto + %: dh $@
Bug#1069909: dcraw: FTBFS due to conflicting memmem prototype
Package: dcraw Version: 9.28-5 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Hi Filip, In Ubuntu, dcraw was failing to build because of a local implementation of memmem() whose prototype conflicts with the glibc prototype: [...] gcc -DPACKAGE_NAME=\"dcraw\" -DPACKAGE_TARNAME=\"dcraw\" -DPACKAGE_VERSION=\"9.28\" -DPACKAGE_STRING=\"dcraw\ 9.28\" -DPACKAGE_BUGREPORT=\"hr...@physics.muni.cz\" -DPACKAGE_URL=\"\" -DPACKAGE=\"dcraw\" -DVERSION=\"9.28\" -DHAVE_LIBM=1 -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DHAVE_JPEGLIB_H=1 -DHAVE_LIBJPEG=1 -DHAVE_LCMS2_H=1 -DHAVE_LIBLCMS2=1 -I. -Wdate-time -D_FORTIFY_SOURCE=3 -g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/<>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/<>=/usr/src/dcraw-9.28-5build1 -O4 -c -o parse.o parse.c [...] parse.c:1216:7: error: conflicting types for ‘memmem’; have ‘char *(char *, size_t, char *, size_t)’ {aka ‘char *(char *, long unsigned int, char *, long unsigned int)’} 1216 | char *memmem (char *haystack, size_t haystacklen, | ^~ In file included from parse.c:13: /usr/include/string.h:389:14: note: previous declaration of ‘memmem’ with type ‘void *(const void *, size_t, const void *, size_t)’ {aka ‘void *(const void *, long unsigned int, const void *, long unsigned int)’} 389 | extern void *memmem (const void *__haystack, size_t __haystacklen, | ^~ [...] (https://launchpad.net/ubuntu/+source/dcraw/9.28-5build1/+build/28000832) This is not currently a build failure in Debian, but that is strictly a question of compiler behavior, and this may start to FTBFS in Debian at some later point. And anyway, there's no reason to reimplement memmem() here, it's probably less performant than the version provided by glibc. We have applied the attached patch in Ubuntu to fix the build failure. I think it would be a good idea to apply it in Debian as well. Thanks for considering, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru dcraw-9.28/debian/patches/remove-duplicate-memmem.patch dcraw-9.28/debian/patches/remove-duplicate-memmem.patch --- dcraw-9.28/debian/patches/remove-duplicate-memmem.patch 1969-12-31 16:00:00.0 -0800 +++ dcraw-9.28/debian/patches/remove-duplicate-memmem.patch 2024-04-09 16:49:27.0 -0700 @@ -0,0 +1,28 @@ +Description: don't reimplement memmem() + memmem() is implemented in glibc, don't have a redundant duplicate + implementation with a different prototype. +Author: Steve Langasek +Last-Update: 2024-04-09 +Forwarded: no + +Index: dcraw-9.28/parse.c +=== +--- dcraw-9.28.orig/parse.c dcraw-9.28/parse.c +@@ -1213,16 +1213,6 @@ + } + } + +-char *memmem (char *haystack, size_t haystacklen, +- char *needle, size_t needlelen) +-{ +- char *c; +- for (c = haystack; c <= haystack + haystacklen - needlelen; c++) +-if (!memcmp (c, needle, needlelen)) +- return c; +- return NULL; +-} +- + /* +Identify which camera created this file, and set global variables +accordingly.Return nonzero if the file cannot be decoded. diff -Nru dcraw-9.28/debian/patches/series dcraw-9.28/debian/patches/series --- dcraw-9.28/debian/patches/series2024-03-26 02:42:04.0 -0700 +++ dcraw-9.28/debian/patches/series2024-04-09 16:48:07.0 -0700 @@ -8,3 +8,4 @@ iowrap.diff 0009-missing_headers.patch 0010-Fuji-headers.patch +remove-duplicate-memmem.patch
Bug#1062074: clanlib FTBFS
Control: tags 1069385 patch Please find attached a comprehensive NMU patch for both the time_t conversion and the FTBFS errors. I am uploading this now as a 0-day NMU. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru clanlib-1.0~svn3827/debian/changelog clanlib-1.0~svn3827/debian/changelog --- clanlib-1.0~svn3827/debian/changelog2023-09-15 13:49:45.0 -0700 +++ clanlib-1.0~svn3827/debian/changelog2024-04-25 14:29:44.0 -0700 @@ -1,3 +1,20 @@ +clanlib (1.0~svn3827-11.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix dep from -dev package to point to current runtime lib name. +Closes: #1069385. + * debian/patches/64-bit-time-t-compat.patch: compatibility with 64-bit +time_t. Closes: #1067616. + + -- Steve Langasek Thu, 25 Apr 2024 21:29:44 + + +clanlib (1.0~svn3827-11.1) unstable; urgency=medium + + * Non-maintainer upload. + * Rename libraries for 64-bit time_t transition. Closes: #1062074 + + -- Steve Langasek Wed, 28 Feb 2024 15:52:37 + + clanlib (1.0~svn3827-11) unstable; urgency=medium * Team upload. diff -Nru clanlib-1.0~svn3827/debian/control clanlib-1.0~svn3827/debian/control --- clanlib-1.0~svn3827/debian/control 2023-09-15 13:49:45.0 -0700 +++ clanlib-1.0~svn3827/debian/control 2024-04-25 14:29:44.0 -0700 @@ -4,7 +4,7 @@ Barry deFreese Section: libs Priority: optional -Build-Depends: +Build-Depends: dpkg-dev (>= 1.22.5), bzip2, debhelper-compat (= 12), libasound2-dev [linux-any], @@ -28,14 +28,17 @@ Vcs-Git: https://salsa.debian.org/games-team/clanlib.git Homepage: https://github.com/sphair/ClanLib -Package: libclanapp-1.0v5 +Package: libclanapp-1.0t64 +Provides: ${t64:Provides} +X-Time64-Compat: libclanapp-1.0v5 +Breaks: libclanapp-1.0v5 (<< ${source:Version}) Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Conflicts: libclanapp-1.0 -Replaces: +Replaces:libclanapp-1.0v5, libclanapp-1.0 Multi-Arch: same Description: ClanLib game SDK runtime @@ -60,7 +63,7 @@ Architecture: any Section: libdevel Depends: - libclanapp-1.0v5 (= ${binary:Version}), + libclanapp-1.0t64 (= ${binary:Version}), ${misc:Depends} Recommends: libfreetype-dev, diff -Nru clanlib-1.0~svn3827/debian/libclanapp-1.0t64.install clanlib-1.0~svn3827/debian/libclanapp-1.0t64.install --- clanlib-1.0~svn3827/debian/libclanapp-1.0t64.install1969-12-31 16:00:00.0 -0800 +++ clanlib-1.0~svn3827/debian/libclanapp-1.0t64.install2023-09-15 13:49:45.0 -0700 @@ -0,0 +1,11 @@ +usr/lib/*/libclanApp*.so.* +usr/lib/*/libclanCore*.so.* +usr/lib/*/libclanDisplay*.so.* +usr/lib/*/libclanGL*.so.* +usr/lib/*/libclanGUI*.so.* +usr/lib/*/libclanGUIStyleSilver*.so.* +usr/lib/*/libclanMikMod*.so.* +usr/lib/*/libclanNetwork*.so.* +usr/lib/*/libclanSignals*.so.* +usr/lib/*/libclanSound*.so.* +usr/lib/*/libclanVorbis*.so.* diff -Nru clanlib-1.0~svn3827/debian/libclanapp-1.0t64.lintian-overrides clanlib-1.0~svn3827/debian/libclanapp-1.0t64.lintian-overrides --- clanlib-1.0~svn3827/debian/libclanapp-1.0t64.lintian-overrides 1969-12-31 16:00:00.0 -0800 +++ clanlib-1.0~svn3827/debian/libclanapp-1.0t64.lintian-overrides 2024-02-28 07:52:20.0 -0800 @@ -0,0 +1 @@ +libclanapp-1.0t64: package-name-doesnt-match-sonames libclanapp-1.0v5 diff -Nru clanlib-1.0~svn3827/debian/libclanapp-1.0v5.install clanlib-1.0~svn3827/debian/libclanapp-1.0v5.install --- clanlib-1.0~svn3827/debian/libclanapp-1.0v5.install 2023-09-15 13:49:45.0 -0700 +++ clanlib-1.0~svn3827/debian/libclanapp-1.0v5.install 1969-12-31 16:00:00.0 -0800 @@ -1,11 +0,0 @@ -usr/lib/*/libclanApp*.so.* -usr/lib/*/libclanCore*.so.* -usr/lib/*/libclanDisplay*.so.* -usr/lib/*/libclanGL*.so.* -usr/lib/*/libclanGUI*.so.* -usr/lib/*/libclanGUIStyleSilver*.so.* -usr/lib/*/libclanMikMod*.so.* -usr/lib/*/libclanNetwork*.so.* -usr/lib/*/libclanSignals*.so.* -usr/lib/*/libclanSound*.so.* -usr/lib/*/libclanVorbis*.so.* diff -Nru clanlib-1.0~svn3827/debian/patches/64-bit-time-t-compat.patch clanlib-1.0~svn3827/debian/patches/64-bit-time-t-compat.patch --- clanlib-1.0~svn3827/debian/patches/64-bit-time-t-compat.patch 1969-12-31 16:00:00.0 -0800 +++ clanlib-1.0~svn3827/debian/patches/64-bit-time-t-compat.patch 2024-04-25 14:29:44.0 -0700 @@ -0,0 +1,53 @@ +Description: compatibility with 64-bit time_t + linux/input.h uses a different structure when time_t is 64-bit, so + patch around this. +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1067616 +Last-Update: 2024-04-25 +Forwarded: no + +Index: clanlib-1.0~svn3827/Sources/GL/GLX/input_device_linux
Bug#1069862: blktrace: FTBFS on ppc64el in Ubuntu (-O3?) due to wrong code analysis
Package: blktrace Version: 1.2.0-5 Severity: minor Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu ubuntu-patch Dear maintainers, In Ubuntu, we found that blktrace was failing to rebuild on ppc64el because the compiler was wrongly identifying problems with format string handling: [...] gcc -o blkparse.o -c -D__DEB_CANARY_CPPFLAGS_4e732ced3463d06de0ca9a15b6153677__ -Wdate-time -D_FORTIFY_SOURCE=3 -g -O3 -Werror=implicit-function-declaration -Werror=array-bounds -Werror=clobbered -Werror=volatile-register-var -D__DEB_CANARY_CFLAGS_4e732ced3463d06de0ca9a15b6153677__ -fno-omit-frame-pointer -ffile-prefix-map=/<>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-stack-clash-protection -fdebug-prefix-map=/<>=/usr/src/blktrace-1.2.0-5build1 -Wall -Wextra -Wno-shadow -Werror -g -Wl,-Bsymbolic-functions -Wl,-z,deb-canary-4e732ced3463d06de0ca9a15b6153677 -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 blkparse.c blkparse.c: In function ‘main’: blkparse.c:376:56: error: ‘%s’ directive argument is null [-Werror=format-overflow=] 376 | fprintf(stderr, "Out of memory, device %s (%d)\n", name, size); |^~ [...] blkparse.c:1885:68: error: ‘):’ directive output may be truncated writing 2 bytes into a region of size between 1 and 41 [-Werror=format-truncation=] [...] (https://launchpad.net/ubuntu/+source/blktrace/1.2.0-5build1/+build/27931723) It's possible/likely that this build failure is caused by the use of -O3 by default for ppc64el builds in Ubuntu; so the attached patch, while it fixes the problem in Ubuntu and should be harmless in Debian, may not be something you want to apply as-is. Perhaps you would prefer to use $(filter -O3,...) instead? Thanks for considering, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru blktrace-1.2.0/debian/control blktrace-1.2.0/debian/control --- blktrace-1.2.0/debian/control 2024-03-16 02:13:36.0 -0700 +++ blktrace-1.2.0/debian/control 2024-03-22 19:17:48.0 -0700 @@ -1,8 +1,7 @@ Source: blktrace Section: utils Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Bas Zoetekouw +Maintainer: Bas Zoetekouw Uploaders: Dmitry Smirnov Build-Depends: debhelper (>= 11), diff -Nru blktrace-1.2.0/debian/rules blktrace-1.2.0/debian/rules --- blktrace-1.2.0/debian/rules 2019-02-23 14:17:21.0 -0800 +++ blktrace-1.2.0/debian/rules 2024-03-22 19:17:33.0 -0700 @@ -10,6 +10,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all future=+all qa=+all reproducible=+all export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed +ifeq ($(DEB_HOST_ARCH),ppc64el) + export DEB_CFLAGS_MAINT_APPEND = -Wno-error=format-overflow -Wno-error=format-truncation +endif # make sure TeX/dvipdfm generates reproducable builds export FORCE_SOURCE_DATE=1
Bug#1069859: atop: Fix atop for 64-bit time_t on arm
Package: atop Version: 2.10.0-2 Severity: grave Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Hi Marc, Although atop currently builds successfully on armhf and armel, it is broken at runtime because it tries to use a time_t in a format string which now no longer uses the correct size for the data. This was found in Ubuntu via autopkgtests (unfortunately, Debian does not run autopkgtests for binNMUs): 358s /tmp/autopkgtest.Nzaczp/build.Xps/src/debian/tests/01-numcpus: line 15: 1136 Segmentation fault (core dumped) atop -P cpu 5 1 1>&2 Please see attached a patch that fixes this issue. It has been uploaded to Ubuntu. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru atop-2.10.0/debian/patches/64-bit-time-t-compat.patch atop-2.10.0/debian/patches/64-bit-time-t-compat.patch --- atop-2.10.0/debian/patches/64-bit-time-t-compat.patch 1969-12-31 16:00:00.0 -0800 +++ atop-2.10.0/debian/patches/64-bit-time-t-compat.patch 2024-03-22 11:11:06.0 -0700 @@ -0,0 +1,22 @@ +Description: compatibility with 64-bit time_t +Author: Steve Langasek +Forwarded: no +Last-Update: 2024-03-22 + +Index: atop-2.10.0/parseable.c +=== +--- atop-2.10.0.orig/parseable.c atop-2.10.0/parseable.c +@@ -214,10 +214,10 @@ + convdate(curtime, datestr); + convtime(curtime, timestr); + +- snprintf(header, sizeof header, "%s %s %ld %s %s %d", ++ snprintf(header, sizeof header, "%s %s %lld %s %s %d", + labeldef[i].label, + utsname.nodename, +- curtime, ++ (long long)curtime, + datestr, timestr, numsecs); + + /* diff -Nru atop-2.10.0/debian/patches/series atop-2.10.0/debian/patches/series --- atop-2.10.0/debian/patches/series 2024-01-14 12:18:53.0 -0800 +++ atop-2.10.0/debian/patches/series 2024-03-22 11:10:13.0 -0700 @@ -15,3 +15,4 @@ no-atopgpud handle-default-file default +64-bit-time-t-compat.patch
Bug#1069745: magics-python: wrong arch: any packaging builds potentially uninstallable packages
Package: magics-python Version: 2:1.5.8-1 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Hi Alastair, Working to resolve per-arch uninstallability of python3-magics++ in Ubuntu for the upcoming release, I found significant issues in the packaging that should be resolved. - The package build-depends on libeccodes-dev, but does not use it - It depends on libmagplus3v5, but nothing ensures that this package is only built for architectures on which libmagplus3v5 is available (both libmagplus3v5 and libeccodes have *similar* portability issues, but not identical; in Ubuntu we're now in the situation that we have architectures where libeccodes-dev is available but libmagplus is not) - It doesn't actually *use* libmagplus3v5, so this dependency is wrong; what it does use is libMagPlus.so, from libmagics++-dev, which is resolved via python3-ecmwflibs - But the package is missing an actual dependency on python3-ecmwflibs, so installing python3-magics++ by itself results in a python module that fails to import - But also, this package is a pure-python module containing no architecture-dependent code, so it should be Architecture: all anyway instead of Architecture: any (which also makes the per-arch installability issues go away) - And because it's architecture-independent it should build-depend on python3 - not python3-dev, which is for binary modules. Please find attached a patch addressing these issues, which has been uploaded to Ubuntu. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru magics-python-1.5.8/debian/control magics-python-1.5.8/debian/control --- magics-python-1.5.8/debian/control 2022-04-17 00:12:44.0 -0700 +++ magics-python-1.5.8/debian/control 2024-04-23 17:10:54.0 -0700 @@ -4,8 +4,7 @@ Maintainer: Alastair McKinstry Build-Depends: debhelper-compat (= 13), dh-sequence-python3, - libeccodes-dev, - python3-dev, + python3, python3-setuptools, python3-pytest-runner Standards-Version: 4.6.0 @@ -14,8 +13,8 @@ Vcs-Git: https://salsa.debian.org:/science-team/magics-python.git -b debian/latest Package: python3-magics++ -Architecture: any -Depends: libmagplus3v5 , ${misc:Depends}, +Architecture: all +Depends: python3-ecmwflibs, ${misc:Depends}, ${python3:Depends}, python3-simplejson, python3-jinja2
Bug#1069682: debian-cd DVD source run failing
Package: cdimage.debian.org As a reminder for me: the latest weekly build failed, looks like source packages no longer fit??? -- Steve McIntyre, Cambridge, UK.st...@einval.com "C++ ate my sanity" -- Jon Rabone
Bug#1069533: sayonara: Please package new upstream version
Is this not an issue that would prevent such an update for the time being? This package is part of the ongoing testing transition known as auto-qtbase- opensource-src. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug. This package is part of the ongoing testing transition known as libglib2.0- 0t64. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug. Thanks -Steve On Sat, 2024-04-20 at 09:19 -0400, Boyuan Yang wrote: > Source: sayonara > Version: 1.8.0-beta1-1 > Tags: sid > X-Debbugs-CC: kokoye2...@gmail.com s...@swm1.com > > Dear Debian sayonara package maintainers, > > A new upstream release of package sayonara was released in Jan 2024. > Since you are listed as Debian package maintainers, please consider > upgrading its Debian package. If you have any questions, please let > me know. > > Thanks, > Boyuan Yang
Bug#1066684: xpat2: FTBFS: loadsave.c:279:24: error: implicit declaration of function ‘cuserid’ [-Werror=implicit-function-declaration]
Here's an NMU diff that fixes the FTBFS. In incoming right now. -- Steve McIntyre, Cambridge, UK.st...@einval.com "I used to be the first kid on the block wanting a cranial implant, now I want to be the first with a cranial firewall. " -- Charlie Stross diff -Nru xpat2-1.07/debian/changelog xpat2-1.07/debian/changelog --- xpat2-1.07/debian/changelog 2016-11-02 10:32:41.0 + +++ xpat2-1.07/debian/changelog 2024-04-18 21:21:46.0 + @@ -1,3 +1,10 @@ +xpat2 (1.07-20+nmu1) unstable; urgency=medium + + * NMU + * Fix FTBFS for implicit declaration(s). Closes: #1066684 + + -- Steve McIntyre <93...@debian.org> Thu, 18 Apr 2024 22:21:46 +0100 + xpat2 (1.07-20) unstable; urgency=medium * maintainer address change diff -Nru xpat2-1.07/debian/patches/fix-implicit-declarations.diff xpat2-1.07/debian/patches/fix-implicit-declarations.diff --- xpat2-1.07/debian/patches/fix-implicit-declarations.diff1970-01-01 00:00:00.0 + +++ xpat2-1.07/debian/patches/fix-implicit-declarations.diff2024-04-18 21:21:46.0 + @@ -0,0 +1,11 @@ +--- xpat2-1.07.orig/src/loadsave.c xpat2-1.07/src/loadsave.c +@@ -26,6 +26,8 @@ + + #include + ++#define NO_CUSERID /* Disable, it's not there */ ++ + #ifndef _POSIX_NAME_MAX + # undef _POSIX_SOURCE/* seems that we have no POSIX system! */ + # define NAME_MAX14 /* every UNIX should have at least this */ diff -Nru xpat2-1.07/debian/patches/series xpat2-1.07/debian/patches/series --- xpat2-1.07/debian/patches/series2016-11-02 09:58:54.0 + +++ xpat2-1.07/debian/patches/series2024-04-18 21:21:46.0 + @@ -4,3 +4,4 @@ localization-improvement icon-removal patch-loadsave.diff +fix-implicit-declarations.diff
Bug#1061519: shim: CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551
On Mon, Apr 15, 2024 at 11:33:14AM +, Bastien Roucariès wrote: >Source: shim >Followup-For: Bug #1061519 >Control: tags -1 + patch > >Dear Maintainer, > >Please find a MR here >https://salsa.debian.org/efi-team/shim/-/merge_requests/13 ACK. Thanks for trying to help, but the merge isn't the hard bit here. Tthe new upstream is a little problematic and I'm debugging some boot failures in my local CI already. -- Steve McIntyre, Cambridge, UK.st...@einval.com Into the distance, a ribbon of black Stretched to the point of no turning back
Bug#1066342: eterm: FTBFS: libscream.c:3231:16: error: implicit declaration of function ‘safe_print_string’ [-Werror=implicit-function-declaration]
Package: eterm Followup-For: Bug #1066342 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru eterm-0.9.6/debian/patches/no-implicit-declarations.patch eterm-0.9.6/debian/patches/no-implicit-declarations.patch --- eterm-0.9.6/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ eterm-0.9.6/debian/patches/no-implicit-declarations.patch 2024-04-13 16:46:57.0 -0700 @@ -0,0 +1,18 @@ +Description: add missing include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066342 +Last-Update: 2024-04-13 +Forwarded: no + +Index: eterm-0.9.6/src/libscream.c +=== +--- eterm-0.9.6.orig/src/libscream.c eterm-0.9.6/src/libscream.c +@@ -44,6 +44,7 @@ + + #include "config.h" + #include "feature.h" ++#include "misc.h" + + /* use libast if we have it */ + #ifdef DEBUG_ESCREEN diff -Nru eterm-0.9.6/debian/patches/series eterm-0.9.6/debian/patches/series --- eterm-0.9.6/debian/patches/series 2023-03-10 12:03:30.0 -0800 +++ eterm-0.9.6/debian/patches/series 2024-04-13 16:45:35.0 -0700 @@ -6,3 +6,4 @@ fix-esetroot-on-pseudocolor.patch CVE-2021-33477.patch fix-fail-to-build-with-imlib2.patch +no-implicit-declarations.patch
Bug#1065790: libosmo-netif: FTBFS on arm{el,hf}: tests fail
Package: libosmo-netif Followup-For: Bug #1065790 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Well, maybe a version of the patch without a stray character that breaks compilation. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru libosmo-netif-1.2.0/debian/patches/64-bit-time-t.patch libosmo-netif-1.2.0/debian/patches/64-bit-time-t.patch --- libosmo-netif-1.2.0/debian/patches/64-bit-time-t.patch 1969-12-31 16:00:00.0 -0800 +++ libosmo-netif-1.2.0/debian/patches/64-bit-time-t.patch 2024-04-13 12:31:32.0 -0700 @@ -0,0 +1,136 @@ +Description: use a 64-bit safe format string for time_t. +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1065790 +Last-Update: 2024-04-13 +Forwarded: no + +Index: libosmo-netif-1.2.0/examples/ipa-stream-client.c +=== +--- libosmo-netif-1.2.0.orig/examples/ipa-stream-client.c libosmo-netif-1.2.0/examples/ipa-stream-client.c +@@ -143,7 +143,8 @@ + timersub(&tv, &found->tv, &diff); + + LOGP(DLINP, LOGL_NOTICE, "message %d replied " +- "in %lu.%.6lu\n", num, diff.tv_sec, diff.tv_usec); ++ "in %lld.%.6lld\n", num, (long long int)diff.tv_sec, ++ (long long int)diff.tv_usec); + talloc_free(found); + } else { + LOGP(DLINP, LOGL_ERROR, +Index: libosmo-netif-1.2.0/src/jibuf.c +=== +--- libosmo-netif-1.2.0.orig/src/jibuf.c libosmo-netif-1.2.0/src/jibuf.c +@@ -385,10 +385,10 @@ + timeradd(&jb->last_enqueue_time, &delay_ts, &sched_ts); + + LOGP(DLJIBUF, LOGL_DEBUG, "enqueuing packet seq=%"PRIu16" rel=%d delay=%d" \ +- " skew=%d thres=%d {%lu.%06lu -> %lu.%06lu} %s\n", ++ " skew=%d thres=%d {%lld.%06lld -> %lld.%06lld} %s\n", + msg_get_sequence(msg), rel_delay, delay, jb->skew_us, jb->threshold_delay, +- jb->last_enqueue_time.tv_sec, jb->last_enqueue_time.tv_usec, +- sched_ts.tv_sec, sched_ts.tv_usec, msg_get_marker(msg)? "M" : ""); ++ (long long int)jb->last_enqueue_time.tv_sec, (long long int)jb->last_enqueue_time.tv_usec, ++ (long long int)sched_ts.tv_sec, (long long int)sched_ts.tv_usec, msg_get_marker(msg)? "M" : ""); + + /* Add scheduled dequeue time in msg->cb so we can check it later */ + unsigned long *old_cb = talloc_memdup(jb->talloc_ctx, msg->cb, sizeof(msg->cb)); +Index: libosmo-netif-1.2.0/tests/osmux/osmux_test.c +=== +--- libosmo-netif-1.2.0.orig/tests/osmux/osmux_test.c libosmo-netif-1.2.0/tests/osmux/osmux_test.c +@@ -69,8 +69,10 @@ + struct timeval tv; \ + osmo_clock_gettime(CLOCK_MONOTONIC, &ts); \ + osmo_gettimeofday(&tv, NULL); \ +- fprintf(stderr, "sys={%lu.%06lu}, mono={%lu.%06lu}: " fmt, \ +- tv.tv_sec, tv.tv_usec, ts.tv_sec, ts.tv_nsec/1000, ##args); \ ++ fprintf(stderr, "sys={%lld.%06lld}, mono={%lld.%06lld}: " fmt, \ ++ (long long int)tv.tv_sec, (long long int)tv.tv_usec, \ ++ (long long int)ts.tv_sec, \ ++ (long long int)ts.tv_nsec/1000, ##args); \ + } while(0) + + static void clock_override_enable(bool enable) +Index: libosmo-netif-1.2.0/tests/stream/stream_test.c +=== +--- libosmo-netif-1.2.0.orig/tests/stream/stream_test.c libosmo-netif-1.2.0/tests/stream/stream_test.c +@@ -60,7 +60,7 @@ + #define LOGCLI(cli, fmt, args...) do { \ + struct timeval tv; \ + osmo_gettimeofday(&tv, NULL); \ +- printf("{%lu.%06lu} [%s] Client's %s(): " fmt, tv.tv_sec, tv.tv_usec, \ ++ printf("{%lld.%06lld} [%s] Client's %s(): " fmt, (long long int)tv.tv_sec, (long long int)tv.tv_usec, \ + osmo_stream_cli_get_data(cli) ? "OK" : "NA", __func__, ##args); \ + } while (0) + +@@ -235,7 +235,7 @@ + #define LOGSRV(srv, fmt, args...) do { \ + struct timeval tv; \ + osmo_gettimeofday(&tv, NULL); \ +- printf("{%lu.%06lu} [%s|%s] Server's %s(): " fmt
Bug#1065790: libosmo-netif: FTBFS on arm{el,hf}: tests fail
Package: libosmo-netif Followup-For: Bug #1065790 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached an alternative solution to this which has been uploaded to Ubuntu. I found it easier to fix the portability issue than deal with removing the reverse-dependency chain. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru libosmo-netif-1.2.0/debian/patches/64-bit-time-t.patch libosmo-netif-1.2.0/debian/patches/64-bit-time-t.patch --- libosmo-netif-1.2.0/debian/patches/64-bit-time-t.patch 1969-12-31 16:00:00.0 -0800 +++ libosmo-netif-1.2.0/debian/patches/64-bit-time-t.patch 2024-04-13 12:30:35.0 -0700 @@ -0,0 +1,142 @@ +Description: use a 64-bit safe format string for time_t. +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1065790 +Last-Update: 2024-04-13 +Forwarded: no + +Index: libosmo-netif-1.2.0/examples/ipa-stream-client.c +=== +--- libosmo-netif-1.2.0.orig/examples/ipa-stream-client.c libosmo-netif-1.2.0/examples/ipa-stream-client.c +@@ -143,7 +143,8 @@ + timersub(&tv, &found->tv, &diff); + + LOGP(DLINP, LOGL_NOTICE, "message %d replied " +- "in %lu.%.6lu\n", num, diff.tv_sec, diff.tv_usec); ++ "in %lld.%.6lld\n", num, (long long int)diff.tv_sec, ++ (long long int)diff.tv_usec); + talloc_free(found); + } else { + LOGP(DLINP, LOGL_ERROR, +Index: libosmo-netif-1.2.0/src/jibuf.c +=== +--- libosmo-netif-1.2.0.orig/src/jibuf.c libosmo-netif-1.2.0/src/jibuf.c +@@ -385,10 +385,10 @@ + timeradd(&jb->last_enqueue_time, &delay_ts, &sched_ts); + + LOGP(DLJIBUF, LOGL_DEBUG, "enqueuing packet seq=%"PRIu16" rel=%d delay=%d" \ +- " skew=%d thres=%d {%lu.%06lu -> %lu.%06lu} %s\n", ++ " skew=%d thres=%d {%lld.%06lld -> %lld.%06lld} %s\n", + msg_get_sequence(msg), rel_delay, delay, jb->skew_us, jb->threshold_delay, +- jb->last_enqueue_time.tv_sec, jb->last_enqueue_time.tv_usec, +- sched_ts.tv_sec, sched_ts.tv_usec, msg_get_marker(msg)? "M" : ""); ++ (long long int)jb->last_enqueue_time.tv_sec, (long long int)jb->last_enqueue_time.tv_usec, ++ (long long int)sched_ts.tv_sec, (long long int)sched_ts.tv_usec, msg_get_marker(msg)? "M" : ""); + + /* Add scheduled dequeue time in msg->cb so we can check it later */ + unsigned long *old_cb = talloc_memdup(jb->talloc_ctx, msg->cb, sizeof(msg->cb)); +Index: libosmo-netif-1.2.0/tests/osmux/osmux_test.c +=== +--- libosmo-netif-1.2.0.orig/tests/osmux/osmux_test.c libosmo-netif-1.2.0/tests/osmux/osmux_test.c +@@ -1,4 +1,4 @@ +-/* ++y/* + * (C) 2013 by Pablo Neira Ayuso + * (C) 2013 by On Waves ehf <http://www.on-waves.com> + * +@@ -69,8 +69,10 @@ + struct timeval tv; \ + osmo_clock_gettime(CLOCK_MONOTONIC, &ts); \ + osmo_gettimeofday(&tv, NULL); \ +- fprintf(stderr, "sys={%lu.%06lu}, mono={%lu.%06lu}: " fmt, \ +- tv.tv_sec, tv.tv_usec, ts.tv_sec, ts.tv_nsec/1000, ##args); \ ++ fprintf(stderr, "sys={%lld.%06lld}, mono={%lld.%06lld}: " fmt, \ ++ (long long int)tv.tv_sec, (long long int)tv.tv_usec, \ ++ (long long int)ts.tv_sec, \ ++ (long long int)ts.tv_nsec/1000, ##args); \ + } while(0) + + static void clock_override_enable(bool enable) +Index: libosmo-netif-1.2.0/tests/stream/stream_test.c +=== +--- libosmo-netif-1.2.0.orig/tests/stream/stream_test.c libosmo-netif-1.2.0/tests/stream/stream_test.c +@@ -60,7 +60,7 @@ + #define LOGCLI(cli, fmt, args...) do { \ + struct timeval tv; \ + osmo_gettimeofday(&tv, NULL); \ +- printf("{%lu.%06lu} [%s] Client's %s(): " fmt, tv.tv_sec, tv.tv_usec, \ ++ printf("{%lld.%06lld} [%s] Client's %s(): " fmt, (long long int)tv.tv_sec, (long long int)tv.tv_usec, \ + osmo_stream_cli_get_data(cli) ? "OK" : "NA", __func__, ##args); \ + } while (0) + +@@ -235,7 +235,7 @
Bug#1066551: ramond: FTBFS: src/main.c:164:17: error: implicit declaration of function ‘LOG’ [-Werror=implicit-function-declaration]
Package: ramond Followup-For: Bug #1066551 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru ramond-0.5/debian/patches/0001-Daemonize-ramond-by-default.patch ramond-0.5/debian/patches/0001-Daemonize-ramond-by-default.patch --- ramond-0.5/debian/patches/0001-Daemonize-ramond-by-default.patch 2020-09-09 13:09:14.0 -0700 +++ ramond-0.5/debian/patches/0001-Daemonize-ramond-by-default.patch 2024-04-13 09:50:06.0 -0700 @@ -8,10 +8,10 @@ src/main.h |1 + 2 files changed, 80 insertions(+), 2 deletions(-) -diff --git a/src/main.c b/src/main.c -index 0cb6e8a..3c4543d 100644 a/src/main.c -+++ b/src/main.c +Index: ramond-0.5/src/main.c +=== +--- ramond-0.5.orig/src/main.c ramond-0.5/src/main.c @@ -1,6 +1,5 @@ #include "main.h" #include "log.h" @@ -19,7 +19,7 @@ apr_pool_t *masterPool; struct configuration *config; -@@ -14,8 +13,9 @@ void listRules(void); +@@ -14,8 +13,9 @@ void usage(char *prog_name) { @@ -30,7 +30,7 @@ fprintf(stderr, " -c : path to config file.\n"); } -@@ -824,11 +824,74 @@ void rafixd_clearRoute(struct ra_info *data) +@@ -824,11 +824,74 @@ pcap_close(fd); } @@ -81,7 +81,7 @@ + pidfile = open("/var/run/ramond.pid", O_RDWR|O_CREAT, 0640); + if(pidfile < 0) + exit(EXIT_FAILURE); -+ if(flock(pidfile, F_TLOCK, 0) < 0) ++ if(lockf(pidfile, F_TLOCK, 0) < 0) + exit(EXIT_SUCCESS); + + sprintf(pidstr, "%d\n", getpid()); @@ -105,7 +105,7 @@ if(argc > 6) { usage(argv[0]); -@@ -842,6 +905,20 @@ int main(int argc, char *argv[]) +@@ -842,6 +905,20 @@ signal(SIGCHLD, sigchld_handler); @@ -126,10 +126,10 @@ /* Find the config file */ if(!parseConfigFile(argc,argv)) { -diff --git a/src/main.h b/src/main.h -index 26de811..6552d5b 100644 a/src/main.h -+++ b/src/main.h +Index: ramond-0.5/src/main.h +=== +--- ramond-0.5.orig/src/main.h ramond-0.5/src/main.h @@ -1,5 +1,6 @@ #include #include diff -Nru ramond-0.5/debian/patches/no-implicit-declarations.patch ramond-0.5/debian/patches/no-implicit-declarations.patch --- ramond-0.5/debian/patches/no-implicit-declarations.patch1969-12-31 16:00:00.0 -0800 +++ ramond-0.5/debian/patches/no-implicit-declarations.patch2024-04-13 09:50:06.0 -0700 @@ -0,0 +1,29 @@ +Description: fix missing function declarations. +Author: Steve Langasek +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2061024 +Bug-Debian: https://bugs.debian.org/1066551 +Last-Update: 2024-04-13 +Forwarded: no + +Index: ramond-0.5/src/log.h +=== +--- ramond-0.5.orig/src/log.h ramond-0.5/src/log.h +@@ -25,4 +25,6 @@ + + FILE *log_file; + ++void LOG(const char *fmt, ...); ++ + #endif +Index: ramond-0.5/src/main.c +=== +--- ramond-0.5.orig/src/main.c ramond-0.5/src/main.c +@@ -1,3 +1,6 @@ ++#include ++#include ++ + #include "main.h" + #include "log.h" + apr_pool_t *masterPool; diff -Nru ramond-0.5/debian/patches/series ramond-0.5/debian/patches/series --- ramond-0.5/debian/patches/series2022-04-20 16:48:49.0 -0700 +++ ramond-0.5/debian/patches/series2024-04-13 09:48:15.0 -0700 @@ -4,3 +4,4 @@ 0004-Honor-CFLAGS-CPPFLAGS-and-LDFLAGS.patch compiler.patch libxml2.patch +no-implicit-declarations.patch
Bug#1068431: rakarrack dependencies unsatisfiable on 32-bit non-i386 architectures.
Package: rakarrack Followup-For: Bug #1068431 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru rakarrack-0.6.1/debian/control rakarrack-0.6.1/debian/control --- rakarrack-0.6.1/debian/control 2024-03-12 00:01:51.0 -0700 +++ rakarrack-0.6.1/debian/control 2024-04-12 22:22:56.0 -0700 @@ -21,9 +21,6 @@ Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, - libfltk1.3, - libxpm4, - libasound2, jackd Description: Simple and easy guitar effects processor for GNU/Linux Rakarrack is a guitar effects processor for GNU / Linux simple and easy to use
Bug#1067623: FTBFS: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘__time64_t’ {aka ‘long long int’}
Package: acm Followup-For: Bug #1067623 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru acm-6.0+20200416/debian/patches/64-bit-time-t.patch acm-6.0+20200416/debian/patches/64-bit-time-t.patch --- acm-6.0+20200416/debian/patches/64-bit-time-t.patch 1969-12-31 16:00:00.0 -0800 +++ acm-6.0+20200416/debian/patches/64-bit-time-t.patch 2024-04-12 17:30:16.0 -0700 @@ -0,0 +1,22 @@ +Description: use 64-bit-safe format string for time_t +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1067623 +Last-Update: 2024-04-12 +Forwarded: no + +Index: acm-6.0+20200416/src/dis/test/disscope.c +=== +--- acm-6.0+20200416.orig/src/dis/test/disscope.c acm-6.0+20200416/src/dis/test/disscope.c +@@ -239,8 +239,9 @@ + printf ("Family %d\n", pdu.hdr.protocol_family); + printf ("Exercise id %d\n", pdu.hdr.exercise_id); + dis_timestampToTimeval (&pdu.hdr.time_stamp, &tm); +- printf ("Time stamp %ld.%ld\n", tm.tv_sec, +- tm.tv_usec / 1000); ++ printf ("Time stamp %lld.%lld\n", ++ (long long int)tm.tv_sec, ++ (long long int)tm.tv_usec / 1000); + switch (pdu.hdr.pdu_type) { + case PDUTypeEntityState: + printf ("Entity (sim.app.eid) : %d/%d/%d\n", diff -Nru acm-6.0+20200416/debian/patches/series acm-6.0+20200416/debian/patches/series --- acm-6.0+20200416/debian/patches/series 2022-10-17 08:51:57.0 -0700 +++ acm-6.0+20200416/debian/patches/series 2024-04-12 17:28:43.0 -0700 @@ -4,3 +4,4 @@ fix_paths_in_acm_tcl.patch hardening1.patch fix_buffer_size.patch +64-bit-time-t.patch
Bug#1066315: kraptor: FTBFS: src/main.c:57:5: error: implicit declaration of function ‘mkdir’ [-Werror=implicit-function-declaration]
Package: kraptor Followup-For: Bug #1066315 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru kraptor-0.0.20040403+ds/debian/patches/no-implicit-declarations.patch kraptor-0.0.20040403+ds/debian/patches/no-implicit-declarations.patch --- kraptor-0.0.20040403+ds/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ kraptor-0.0.20040403+ds/debian/patches/no-implicit-declarations.patch 2024-04-12 16:42:20.0 -0700 @@ -0,0 +1,18 @@ +Description: add missing include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066315 +Last-Update: 2024-04-12 +Forwarded: no + +Index: kraptor-0.0.20040403+ds/src/main.c +=== +--- kraptor-0.0.20040403+ds.orig/src/main.c kraptor-0.0.20040403+ds/src/main.c +@@ -19,6 +19,7 @@ + // + #include + #include ++#include + #include + #include + #include /* DUMB: musica MOD, XM, etc */ diff -Nru kraptor-0.0.20040403+ds/debian/patches/series kraptor-0.0.20040403+ds/debian/patches/series --- kraptor-0.0.20040403+ds/debian/patches/series 2024-01-04 16:48:45.0 -0800 +++ kraptor-0.0.20040403+ds/debian/patches/series 2024-04-12 16:40:54.0 -0700 @@ -14,3 +14,4 @@ 14_create-hidden-kraptor-directory-in-home.patch 15_reproducible-build.patch fix_building_kraptor_with_fix_functions.patch +no-implicit-declarations.patch
Bug#1066654: mlpcap: FTBFS: utils.c:184:3: error: implicit declaration of function ‘camlidl_ml2c_pcap_pcap_handle’ [-Werror=implicit-function-declaration]
Package: mlpcap Followup-For: Bug #1066654 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue that has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru mlpcap-0.9/debian/patches/no-implicit-declarations.patch mlpcap-0.9/debian/patches/no-implicit-declarations.patch --- mlpcap-0.9/debian/patches/no-implicit-declarations.patch1969-12-31 16:00:00.0 -0800 +++ mlpcap-0.9/debian/patches/no-implicit-declarations.patch2024-04-10 16:59:47.0 -0700 @@ -0,0 +1,22 @@ +Description: add missing prototype + This function is code generated by camlidl from the .idl input file; + unfortunately it does not emit a header including the prototype. +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066654 +Last-Update: 2024-04-10 +Forwarded: no + +Index: mlpcap-0.9/utils.c +=== +--- mlpcap-0.9.orig/utils.c mlpcap-0.9/utils.c +@@ -33,6 +33,9 @@ + #include + #include "utils.h" + ++extern void camlidl_ml2c_pcap_pcap_handle(value _v1, pcap_handle * _c2, ++ camlidl_ctx _ctx); ++ + void + _pcap_callback (void *cback, va_alist alist) + { diff -Nru mlpcap-0.9/debian/patches/series mlpcap-0.9/debian/patches/series --- mlpcap-0.9/debian/patches/series2023-09-11 22:50:01.0 -0700 +++ mlpcap-0.9/debian/patches/series2024-04-10 16:57:47.0 -0700 @@ -5,3 +5,4 @@ 03_correct_META.diff 07_dll_with_camlidl.diff 08_ffcall.diff +no-implicit-declarations.patch
Bug#1065774: libdigidoc: FTBFS on arm{el,hf}: /<>/libdigidoc/DigiDocService.c:327:19: error: implicit declaration of function ‘ddocAddSignatureFromMemory’ [-Werror=implicit-function-decla
Package: libdigidoc Followup-For: Bug #1065774 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue that has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru libdigidoc-3.10.5/debian/patches/no-implicit-declarations.patch libdigidoc-3.10.5/debian/patches/no-implicit-declarations.patch --- libdigidoc-3.10.5/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ libdigidoc-3.10.5/debian/patches/no-implicit-declarations.patch 2024-04-10 16:10:25.0 -0700 @@ -0,0 +1,30 @@ +Description: add missing define and includes required for prototypes +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1065774 +Last-Update: 2024-04-10 +Forwarded: no + +Index: libdigidoc-3.10.5/libdigidoc/DigiDocVerify.c +=== +--- libdigidoc-3.10.5.orig/libdigidoc/DigiDocVerify.c libdigidoc-3.10.5/libdigidoc/DigiDocVerify.c +@@ -20,6 +20,7 @@ + // Creation + //== + ++#define WITH_DEPRECATED_FUNCTIONS + #include "DigiDocVerify.h" + #include "DigiDocError.h" + #include "DigiDocLib.h" +Index: libdigidoc-3.10.5/libdigidoc/DigiDocService.c +=== +--- libdigidoc-3.10.5.orig/libdigidoc/DigiDocService.c libdigidoc-3.10.5/libdigidoc/DigiDocService.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + #include + #include diff -Nru libdigidoc-3.10.5/debian/patches/series libdigidoc-3.10.5/debian/patches/series --- libdigidoc-3.10.5/debian/patches/series 2022-07-10 19:12:11.0 -0700 +++ libdigidoc-3.10.5/debian/patches/series 2024-04-10 16:08:47.0 -0700 @@ -1,3 +1,4 @@ versioninfo.cmake-set-build_date-using-u.patch build-with-openssl-v3.patch fix-national-encoding.patch +no-implicit-declarations.patch
Bug#1066512: latencytop: FTBFS: fsync.c:330:17: error: implicit declaration of function ‘gettimeofday’ [-Werror=implicit-function-declaration]
Package: latencytop Followup-For: Bug #1066512 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru latencytop-0.5.0/debian/patches/no-implicit-declarations.patch latencytop-0.5.0/debian/patches/no-implicit-declarations.patch --- latencytop-0.5.0/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ latencytop-0.5.0/debian/patches/no-implicit-declarations.patch 2024-04-10 16:02:15.0 -0700 @@ -0,0 +1,18 @@ +Description: add missing include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066512 +Last-Update: 2024-04-10 +Forwarded: no + +Index: latencytop-0.5.0/fsync.c +=== +--- latencytop-0.5.0.orig/fsync.c latencytop-0.5.0/fsync.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + #include + diff -Nru latencytop-0.5.0/debian/patches/series latencytop-0.5.0/debian/patches/series --- latencytop-0.5.0/debian/patches/series 2021-08-24 10:26:05.0 -0700 +++ latencytop-0.5.0/debian/patches/series 2024-04-10 16:01:05.0 -0700 @@ -1,3 +1,4 @@ 0001-Convert-to-autoconf.patch 0002-Fix-FTBFS-in-fsync.c.patch 0003-typo-fix.patch +no-implicit-declarations.patch
Bug#1066689: kdrill: FTBFS: init.c:171:12: error: implicit declaration of function ‘isMapped’; did you mean ‘IsUnmapped’? [-Werror=implicit-function-declaration]
Package: kdrill Followup-For: Bug #1066689 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru kdrill-6.5deb2/debian/patches/no-implicit-declarations.patch kdrill-6.5deb2/debian/patches/no-implicit-declarations.patch --- kdrill-6.5deb2/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ kdrill-6.5deb2/debian/patches/no-implicit-declarations.patch 2024-04-10 15:56:58.0 -0700 @@ -0,0 +1,18 @@ +Description: add missing include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066689 +Last-Update: 2024-04-10 +Forwarded: no + +Index: kdrill-6.5deb2/init.c +=== +--- kdrill-6.5deb2.orig/init.c kdrill-6.5deb2/init.c +@@ -24,6 +24,7 @@ + #include "searchwidgets.h" + #include "widgets.h" + #include "timeout.h" ++#include "utils.h" + + #include "icon_xbm" + diff -Nru kdrill-6.5deb2/debian/patches/series kdrill-6.5deb2/debian/patches/series --- kdrill-6.5deb2/debian/patches/series2021-10-20 10:11:20.0 -0700 +++ kdrill-6.5deb2/debian/patches/series2024-04-10 15:55:23.0 -0700 @@ -12,3 +12,4 @@ use-env-flags.diff warning-fixes.diff rename-getline.diff +no-implicit-declarations.patch
Bug#1067259: jabberd2: FTBFS: make[3]: *** [Makefile:538: libsx_la-websocket.lo] Error 1
Package: jabberd2 Followup-For: Bug #1067259 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue that has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru jabberd2-2.7.0/debian/patches/no-implicit-declarations.patch jabberd2-2.7.0/debian/patches/no-implicit-declarations.patch --- jabberd2-2.7.0/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ jabberd2-2.7.0/debian/patches/no-implicit-declarations.patch 2024-04-10 15:03:46.0 -0700 @@ -0,0 +1,81 @@ +Description: add missing includes and disable conflicting crypt_r() + Nothing uses crypt_r() externally, it should use the glibc one; so disable + the conflicting prototype in the internal header. +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1067259 +Last-Update: 2024-04-10 +Forwarded: no + +Index: jabberd2-2.7.0/storage/authreg_sqlite.c +=== +--- jabberd2-2.7.0.orig/storage/authreg_sqlite.c jabberd2-2.7.0/storage/authreg_sqlite.c +@@ -32,6 +32,7 @@ + #define _XOPEN_SOURCE 500 + #include "c2s.h" + #include ++#include + + /* Windows does not have the crypt() function, let's take DES_crypt from OpenSSL instead */ + #if defined(HAVE_OPENSSL_CRYPTO_H) && defined(_WIN32) +Index: jabberd2-2.7.0/storage/authreg_pgsql.c +=== +--- jabberd2-2.7.0.orig/storage/authreg_pgsql.c jabberd2-2.7.0/storage/authreg_pgsql.c +@@ -32,6 +32,7 @@ + #else + #ifdef HAVE_CRYPT + #include ++#include + #endif + #endif + +Index: jabberd2-2.7.0/storage/authreg_ldapfull.c +=== +--- jabberd2-2.7.0.orig/storage/authreg_ldapfull.c jabberd2-2.7.0/storage/authreg_ldapfull.c +@@ -35,6 +35,7 @@ + #ifdef STORAGE_LDAP + #ifdef HAVE_CRYPT + #include ++#include + #endif + + #ifdef HAVE_SSL +Index: jabberd2-2.7.0/util/crypt_blowfish.c +=== +--- jabberd2-2.7.0.orig/util/crypt_blowfish.c jabberd2-2.7.0/util/crypt_blowfish.c +@@ -54,6 +54,8 @@ + /* Just to make sure the prototypes match the actual definitions */ + #include "crypt_blowfish.h" + ++char *crypt_r(__const char *key, __const char *setting, void *data); ++ + #if defined(__i386__) || defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) + #define BF_SCALE 1 + #else +Index: jabberd2-2.7.0/util/crypt_blowfish.h +=== +--- jabberd2-2.7.0.orig/util/crypt_blowfish.h jabberd2-2.7.0/util/crypt_blowfish.h +@@ -23,7 +23,6 @@ + #endif + + extern char *bcrypt(__const char *key, __const char *setting); +-extern char *crypt_r(__const char *key, __const char *setting, void *data); + + #ifndef __SKIP_OW + extern char *crypt_rn(__const char *key, __const char *setting, +Index: jabberd2-2.7.0/storage/authreg_mysql.c +=== +--- jabberd2-2.7.0.orig/storage/authreg_mysql.c jabberd2-2.7.0/storage/authreg_mysql.c +@@ -35,6 +35,7 @@ + #else + #ifdef HAVE_CRYPT + #include ++#include + #endif + #endif + diff -Nru jabberd2-2.7.0/debian/patches/series jabberd2-2.7.0/debian/patches/series --- jabberd2-2.7.0/debian/patches/series2023-09-05 14:07:00.0 -0700 +++ jabberd2-2.7.0/debian/patches/series2024-04-10 15:00:33.0 -0700 @@ -7,3 +7,4 @@ systemd-alias.diff m4-ax_check_compile_flag.diff mysql8_my_bool.patch +no-implicit-declarations.patch
Bug#1065969: ike-scan: FTBFS on arm{el,hf}: configure: error: cannot determine snprintf format string for long long int
Package: ike-scan Followup-For: Bug #1065969 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue that has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru ike-scan-1.9.5/debian/patches/no-implicit-declarations.patch ike-scan-1.9.5/debian/patches/no-implicit-declarations.patch --- ike-scan-1.9.5/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ ike-scan-1.9.5/debian/patches/no-implicit-declarations.patch 2024-04-10 14:34:34.0 -0700 @@ -0,0 +1,18 @@ +Description: add missing include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1065969 +Last-Update: 2024-04-10 +Forwarded: no + +Index: ike-scan-1.9.5/acinclude.m4 +=== +--- ike-scan-1.9.5.orig/acinclude.m4 ike-scan-1.9.5/acinclude.m4 +@@ -180,6 +180,7 @@ + AC_CACHE_VAL(pgac_cv_snprintf_long_long_int_format, + [for pgac_format in '%lld' '%qd' '%I64d'; do + AC_TRY_RUN([#include ++#include + typedef long long int int64; + #define INT64_FORMAT "$pgac_format" + diff -Nru ike-scan-1.9.5/debian/patches/series ike-scan-1.9.5/debian/patches/series --- ike-scan-1.9.5/debian/patches/series2021-10-18 02:12:52.0 -0700 +++ ike-scan-1.9.5/debian/patches/series2024-04-10 14:03:18.0 -0700 @@ -1,2 +1,3 @@ disable_aggressive_in_v2.patch skip-malformed-comp.patch +no-implicit-declarations.patch
Bug#1066672: httest: FTBFS: socks_module.c:115:21: error: implicit declaration of function ‘atoi’ [-Werror=implicit-function-declaration]
Package: httest Followup-For: Bug #1066672 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru httest-2.4.23/debian/patches/no-implicit-declarations.patch httest-2.4.23/debian/patches/no-implicit-declarations.patch --- httest-2.4.23/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ httest-2.4.23/debian/patches/no-implicit-declarations.patch 2024-04-10 13:45:54.0 -0700 @@ -0,0 +1,43 @@ +Description: add missing includes +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066672 +Last-Update: 2024-04-10 +Forwarded: no + +Index: httest-2.4.23/src/socks_module.c +=== +--- httest-2.4.23.orig/src/socks_module.c httest-2.4.23/src/socks_module.c +@@ -25,6 +25,8 @@ + / + * Includes + ***/ ++#include ++ + #include "module.h" + #ifndef HAVE_NO_NETINET + #include +Index: httest-2.4.23/src/annotation_module.c +=== +--- httest-2.4.23.orig/src/annotation_module.c httest-2.4.23/src/annotation_module.c +@@ -25,6 +25,7 @@ + / + * Includes + ***/ ++#include + #include "module.h" + + / +Index: httest-2.4.23/src/dbg_module.c +=== +--- httest-2.4.23.orig/src/dbg_module.c httest-2.4.23/src/dbg_module.c +@@ -24,6 +24,7 @@ + / + * Includes + ***/ ++#include + #include "store.h" + #include "module.h" + diff -Nru httest-2.4.23/debian/patches/series httest-2.4.23/debian/patches/series --- httest-2.4.23/debian/patches/series 2023-12-18 04:21:33.0 -0800 +++ httest-2.4.23/debian/patches/series 2024-04-10 13:45:05.0 -0700 @@ -4,3 +4,4 @@ fix-gcc-10.patch autoconf-2.70.patch pcre2.patch +no-implicit-declarations.patch
Bug#1065777: clblas: FTBFS on arm{el,hf}: /<>/src/library/blas/gens/symv.c:955:29: error: implicit declaration of function ‘abs’; did you mean ‘fabs’? [-Werror=implicit-function-declarati
Package: clblas Followup-For: Bug #1065777 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Apologies, the patch I attached fixed a real missing include, but not the one mentioned in this bug and the package still failed to build. Attached is a patch that has passed build testing locally with DEB_CFLAGS_APPEND=-Werror=implicit-function-declaration in Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru clblas-2.12/debian/patches/no-implicit-declarations.patch clblas-2.12/debian/patches/no-implicit-declarations.patch --- clblas-2.12/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ clblas-2.12/debian/patches/no-implicit-declarations.patch 2024-04-09 14:42:11.0 -0700 @@ -0,0 +1,30 @@ +Description: Add missing stdlib.h includes +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1065777 +Last-Update: 2024-04-09 +Forwarded: no + +Index: clblas-2.12/src/library/blas/gens/gemv.c +=== +--- clblas-2.12.orig/src/library/blas/gens/gemv.c clblas-2.12/src/library/blas/gens/gemv.c +@@ -21,6 +21,7 @@ + + #include + #include ++#include + #include + #include + #include +Index: clblas-2.12/src/library/blas/gens/symv.c +=== +--- clblas-2.12.orig/src/library/blas/gens/symv.c clblas-2.12/src/library/blas/gens/symv.c +@@ -21,6 +21,7 @@ + + #include + #include ++#include + #include + #include + #include diff -Nru clblas-2.12/debian/patches/series clblas-2.12/debian/patches/series --- clblas-2.12/debian/patches/series 2023-09-28 16:21:54.0 -0700 +++ clblas-2.12/debian/patches/series 2024-04-09 14:40:35.0 -0700 @@ -9,3 +9,4 @@ Fix-double-literals.patch Fix-null-pointer-crash.patch Fix-local-variables-not-declared-in-outermost-scope.patch +no-implicit-declarations.patch
Bug#1066359: aview: FTBFS: main.c:30:86: error: implicit declaration of function ‘exit’ [-Werror=implicit-function-declaration]
Package: aview Followup-For: Bug #1066359 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru aview-1.3.0rc1/debian/patches/no-implicit-declarations.patch aview-1.3.0rc1/debian/patches/no-implicit-declarations.patch --- aview-1.3.0rc1/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ aview-1.3.0rc1/debian/patches/no-implicit-declarations.patch 2024-04-10 11:18:59.0 -0700 @@ -0,0 +1,15 @@ +Description: add missing includes +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066359 +Last-Update: 2024-04-10 +Forwarded: no + +Index: aview-1.3.0rc1/main.c +=== +--- aview-1.3.0rc1.orig/main.c aview-1.3.0rc1/main.c +@@ -1,3 +1,4 @@ ++#include + #include + #include + #include "image.h" diff -Nru aview-1.3.0rc1/debian/patches/series aview-1.3.0rc1/debian/patches/series --- aview-1.3.0rc1/debian/patches/series2024-02-17 15:14:52.0 -0800 +++ aview-1.3.0rc1/debian/patches/series2024-04-10 11:18:13.0 -0700 @@ -2,3 +2,4 @@ 01_manpages.patch 02_tmp_creation.patch 03_missing_library.patch +no-implicit-declarations.patch
Bug#1066645: gtkterm: FTBFS: ../src/interface.c:738:9: error: implicit declaration of function ‘g_sprintf’; did you mean ‘g_snprintf’? [-Werror=implicit-function-declaration]
Package: gtkterm Followup-For: Bug #1066645 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru gtkterm-1.2.1/debian/patches/no-implicit-declarations.patch gtkterm-1.2.1/debian/patches/no-implicit-declarations.patch --- gtkterm-1.2.1/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ gtkterm-1.2.1/debian/patches/no-implicit-declarations.patch 2024-04-09 22:49:04.0 -0700 @@ -0,0 +1,28 @@ +Description: add missing includes +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066645 +Last-Update: 2024-04-09 +Forwarded: no + +Index: gtkterm-1.2.1/src/interface.c +=== +--- gtkterm-1.2.1.orig/src/interface.c gtkterm-1.2.1/src/interface.c +@@ -79,6 +79,7 @@ + #include "logging.h" + + #include ++#include + #include + + guint id; +Index: gtkterm-1.2.1/src/user_signals.c +=== +--- gtkterm-1.2.1.orig/src/user_signals.c gtkterm-1.2.1/src/user_signals.c +@@ -1,3 +1,5 @@ ++#include ++#include + #include + #include "interface.h" + diff -Nru gtkterm-1.2.1/debian/patches/series gtkterm-1.2.1/debian/patches/series --- gtkterm-1.2.1/debian/patches/series 1969-12-31 16:00:00.0 -0800 +++ gtkterm-1.2.1/debian/patches/series 2024-04-09 22:48:12.0 -0700 @@ -0,0 +1 @@ +no-implicit-declarations.patch
Bug#1066222: gtk-chtheme: FTBFS: theme_sel.c:113:5: error: implicit declaration of function ‘gtk_timeout_add’; did you mean ‘g_timeout_add’? [-Werror=implicit-function-declaration]
Package: gtk-chtheme Followup-For: Bug #1066222 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru gtk-chtheme-0.3.1/debian/patches/no-implicit-declarations.patch gtk-chtheme-0.3.1/debian/patches/no-implicit-declarations.patch --- gtk-chtheme-0.3.1/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ gtk-chtheme-0.3.1/debian/patches/no-implicit-declarations.patch 2024-04-09 22:44:20.0 -0700 @@ -0,0 +1,19 @@ +Description: don't set GTK_DISABLE_DEPRECATED, deprecated APIs in use. +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066222 +Last-Update: 2024-04-09 +Forwarded: no + +Index: gtk-chtheme-0.3.1/Makefile +=== +--- gtk-chtheme-0.3.1.orig/Makefile gtk-chtheme-0.3.1/Makefile +@@ -5,7 +5,7 @@ + + LDFLAGS = $(shell $(PKG_CONFIG) --libs gtk+-2.0) + CFLAGS += -Wall +-CFLAGS += $(shell $(PKG_CONFIG) --cflags gtk+-2.0) -DGTK_DISABLE_BROKEN -DGTK_DISABLE_DEPRECATED ++CFLAGS += $(shell $(PKG_CONFIG) --cflags gtk+-2.0) -DGTK_DISABLE_BROKEN + CFLAGS += -DPROJNAME='"$(PROJNAME)"' -DVERSION='"$(VERSION)"' + CPPFLAGS = + CXXFLAGS = diff -Nru gtk-chtheme-0.3.1/debian/patches/series gtk-chtheme-0.3.1/debian/patches/series --- gtk-chtheme-0.3.1/debian/patches/series 2020-03-28 16:34:21.0 -0700 +++ gtk-chtheme-0.3.1/debian/patches/series 2024-04-09 22:43:09.0 -0700 @@ -2,3 +2,4 @@ deprecated-on-gtk3+.patch cross.patch fix_ftbfs.patch +no-implicit-declarations.patch
Bug#1066463: gnome-paint: FTBFS: cv_resize.c:368:9: error: implicit declaration of function ‘undo_add_resize’ [-Werror=implicit-function-declaration]
Package: gnome-paint Followup-For: Bug #1066463 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru gnome-paint-0.4.0/debian/patches/no-implicit-declarations.patch gnome-paint-0.4.0/debian/patches/no-implicit-declarations.patch --- gnome-paint-0.4.0/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ gnome-paint-0.4.0/debian/patches/no-implicit-declarations.patch 2024-04-09 22:03:59.0 -0700 @@ -0,0 +1,192 @@ +Description: Add missing includes, don't set GTK_DISABLE_DEPRECATED + deprecated APIs are in use. +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066463 +Last-Update: 2024-04-09 +Forwarded: no + +Index: gnome-paint-0.4.0/src/Makefile.am +=== +--- gnome-paint-0.4.0.orig/src/Makefile.am gnome-paint-0.4.0/src/Makefile.am +@@ -78,7 +78,6 @@ + gnome_paint_CFLAGS = \ + -DG_DISABLE_DEPRECATED\ + -DG_DISABLE_SINGLE_INCLUDES\ +- -DGTK_DISABLE_DEPRECATED\ + -DGDK_DISABLE_SINGLE_INCLUDES\ + -DGTK_DISABLE_SINGLE_INCLUDES + +Index: gnome-paint-0.4.0/src/color.c +=== +--- gnome-paint-0.4.0.orig/src/color.c gnome-paint-0.4.0/src/color.c +@@ -20,6 +20,8 @@ + #include "common.h" + #include "color.h" + #include "cv_drawing.h" ++#include "cv_eraser_tool.h" ++#include "cv_paintbrush_tool.h" + #include "pixbuf_util.h" + + #include +Index: gnome-paint-0.4.0/src/undo.c +=== +--- gnome-paint-0.4.0.orig/src/undo.c gnome-paint-0.4.0/src/undo.c +@@ -28,7 +28,7 @@ + #include "gp-image.h" + #include "gp_point_array.h" + #include "file.h" +- ++#include "selection.h" + + + typedef enum +Index: gnome-paint-0.4.0/src/cv_rectangle_tool.c +=== +--- gnome-paint-0.4.0.orig/src/cv_rectangle_tool.c gnome-paint-0.4.0/src/cv_rectangle_tool.c +@@ -25,6 +25,7 @@ + #include + + #include "cv_rectangle_tool.h" ++#include "cv_drawing.h" + #include "file.h" + #include "undo.h" + #include "gp_point_array.h" +Index: gnome-paint-0.4.0/src/cv_pencil_tool.c +=== +--- gnome-paint-0.4.0.orig/src/cv_pencil_tool.c gnome-paint-0.4.0/src/cv_pencil_tool.c +@@ -23,6 +23,7 @@ + + #include + ++#include "cv_drawing.h" + #include "cv_pencil_tool.h" + #include "gp_point_array.h" + #include "undo.h" +Index: gnome-paint-0.4.0/src/cv_resize.c +=== +--- gnome-paint-0.4.0.orig/src/cv_resize.c gnome-paint-0.4.0/src/cv_resize.c +@@ -28,6 +28,7 @@ + #include "cv_resize.h" + #include "cv_drawing.h" + #include "file.h" ++#include "undo.h" + + + #define BOX_EDGE_SIZE 4 +Index: gnome-paint-0.4.0/src/cv_ellipse_tool.c +=== +--- gnome-paint-0.4.0.orig/src/cv_ellipse_tool.c gnome-paint-0.4.0/src/cv_ellipse_tool.c +@@ -24,6 +24,7 @@ + + #include + ++#include "cv_drawing.h" + #include "cv_ellipse_tool.h" + #include "file.h" + #include "undo.h" +Index: gnome-paint-0.4.0/src/cv_polygon_tool.c +=== +--- gnome-paint-0.4.0.orig/src/cv_polygon_tool.c gnome-paint-0.4.0/src/cv_polygon_tool.c +@@ -24,6 +24,7 @@ + + #include + ++#include "cv_drawing.h" + #include "cv_polygon_tool.h" + #include "gp_point_array.h" + #include "undo.h" +Index: gnome-paint-0.4.0/src/image_menu.c +=== +--- gnome-paint-0.4.0.orig/src/image_menu.c gnome-paint-0.4.0/src/image_menu.c +@@ -28,6 +28,7 @@ + #include "selection.h" + #include "image_menu.h" + #include "gp-image.h" ++#include "undo.h" + + typedef enum{ + GP_FILP_VERT = 0, +Index: gnome-paint-0.4.0/src/selection.h +=== +--- gnome-paint-0.4.0.orig/src/selection.h gnome-paint-0.4.0/src/selection.h +@@ -38,6 +38,10 @@ + gbooleangp_selection_start_a
Bug#1066584: gnome-breakout: FTBFS: anim.c:58:17: error: implicit declaration of function ‘gb_error’; did you mean ‘g_error’? [-Werror=implicit-function-declaration]
Package: gnome-breakout Followup-For: Bug #1066584 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue, which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru gnome-breakout-0.5.3/debian/patches/no-implicit-declarations.patch gnome-breakout-0.5.3/debian/patches/no-implicit-declarations.patch --- gnome-breakout-0.5.3/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ gnome-breakout-0.5.3/debian/patches/no-implicit-declarations.patch 2024-04-09 21:55:20.0 -0700 @@ -0,0 +1,30 @@ +Description: fix missing gb_error() prototype +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066584 +Last-Update: 2024-04-09 +Forwarded: no + +Index: gnome-breakout-0.5.3/src/anim.c +=== +--- gnome-breakout-0.5.3.orig/src/anim.c gnome-breakout-0.5.3/src/anim.c +@@ -11,6 +11,7 @@ + #include"gui.h" + #include"animloc.h" + #include"anim.h" ++#include "util.h" + + /* Database of all the animations */ + static Animation *animations; +Index: gnome-breakout-0.5.3/src/gui.c +=== +--- gnome-breakout-0.5.3.orig/src/gui.c gnome-breakout-0.5.3/src/gui.c +@@ -14,6 +14,7 @@ + #include "gui-callbacks.h" + #include "game.h" + #include "anim.h" ++#include "util.h" + + /* See gui.h for more info */ + static GuiInfo *gui = NULL; diff -Nru gnome-breakout-0.5.3/debian/patches/series gnome-breakout-0.5.3/debian/patches/series --- gnome-breakout-0.5.3/debian/patches/series 2018-09-13 05:13:26.0 -0700 +++ gnome-breakout-0.5.3/debian/patches/series 2024-04-09 21:52:53.0 -0700 @@ -7,3 +7,4 @@ 07_fix_wformat_warnings.patch 08_link_mathlib.patch 09_goocanvas_port.patch +no-implicit-declarations.patch
Bug#1066608: dvbstreamer: FTBFS: standard/dvb/sdtprocessor.c:299:14: error: implicit declaration of function ‘UTF8_nextchar’ [-Werror=implicit-function-declaration]
Package: dvbstreamer Followup-For: Bug #1066608 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue which has been uploaded to Ubuntu. In addition to the missing declaration of UTF8_nextchar(), this fixes a typo which would cause one of the plugins to build, but have unresolvable symbol references. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru dvbstreamer-2.1.0/debian/patches/no-implicit-declarations.patch dvbstreamer-2.1.0/debian/patches/no-implicit-declarations.patch --- dvbstreamer-2.1.0/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ dvbstreamer-2.1.0/debian/patches/no-implicit-declarations.patch 2024-04-09 17:01:35.0 -0700 @@ -0,0 +1,38 @@ +Description: fix missing declaration of UTF8_nextchar() and typo +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066608 +Last-Update: 2024-04-09 +Forwarded: no + +Index: dvbstreamer-2.1.0/src/standard/dvb/sdtprocessor.c +=== +--- dvbstreamer-2.1.0.orig/src/standard/dvb/sdtprocessor.c dvbstreamer-2.1.0/src/standard/dvb/sdtprocessor.c +@@ -46,6 +46,7 @@ + #include "sdtprocessor.h" + #include "dvbtext.h" + #include "standard/dvb.h" ++#include "utf8.h" + + /*** + * Defines * +Index: dvbstreamer-2.1.0/src/plugins/cam.c +=== +--- dvbstreamer-2.1.0.orig/src/plugins/cam.c dvbstreamer-2.1.0/src/plugins/cam.c +@@ -97,7 +97,7 @@ + + if (pmt->i_program_number == service->id) + { +-needs_decrypting = PMTDoesNeedDecypting(pmt); ++needs_decrypting = PMTDoesNeedDecrypting(pmt); + + if (currentPMT) + { +@@ -197,4 +197,4 @@ + } + + return false; +-} +\ No newline at end of file ++} diff -Nru dvbstreamer-2.1.0/debian/patches/series dvbstreamer-2.1.0/debian/patches/series --- dvbstreamer-2.1.0/debian/patches/series 2021-10-16 01:37:38.0 -0700 +++ dvbstreamer-2.1.0/debian/patches/series 2024-04-09 17:00:23.0 -0700 @@ -16,3 +16,4 @@ ## does not apply, needs some care #svn_819.diff +no-implicit-declarations.patch
Bug#1066286: das-watchdog: FTBFS: test_rt.c:32:33: error: implicit declaration of function ‘getpid’ [-Werror=implicit-function-declaration]
Package: das-watchdog Followup-For: Bug #1066286 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue, which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru das-watchdog-0.9.0/debian/patches/no-implicit-declarations.patch das-watchdog-0.9.0/debian/patches/no-implicit-declarations.patch --- das-watchdog-0.9.0/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ das-watchdog-0.9.0/debian/patches/no-implicit-declarations.patch 2024-04-09 16:13:22.0 -0700 @@ -0,0 +1,18 @@ +Description: add missing unistd.h include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066286 +Last-Update: 2024-04-09 +Forwarded: no + +Index: das-watchdog-0.9.0/test_rt.c +=== +--- das-watchdog-0.9.0.orig/test_rt.c das-watchdog-0.9.0/test_rt.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + int main() { + struct sched_param params; diff -Nru das-watchdog-0.9.0/debian/patches/series das-watchdog-0.9.0/debian/patches/series --- das-watchdog-0.9.0/debian/patches/series2023-09-19 01:59:37.0 -0700 +++ das-watchdog-0.9.0/debian/patches/series2024-04-09 16:11:24.0 -0700 @@ -6,3 +6,4 @@ 0001-Remove-duplicate-check-for-temp-i-0.patch 0003-The-result-of-fgetc-is-an-int-not-a-char.patch fix-memory-leak-on-realloc.patch +no-implicit-declarations.patch
Bug#1065777: clblas: FTBFS on arm{el,hf}: /<>/src/library/blas/gens/symv.c:955:29: error: implicit declaration of function ‘abs’; did you mean ‘fabs’? [-Werror=implicit-function-declarati
Package: clblas Followup-For: Bug #1065777 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a patch for this issue. This patch has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru clblas-2.12/debian/patches/no-implicit-declarations.patch clblas-2.12/debian/patches/no-implicit-declarations.patch --- clblas-2.12/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ clblas-2.12/debian/patches/no-implicit-declarations.patch 2024-04-09 14:41:58.0 -0700 @@ -0,0 +1,18 @@ +Description: Add missing stdlib.h include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1065777 +Last-Update: 2024-04-09 +Forwarded: no + +Index: clblas-2.12/src/library/blas/gens/gemv.c +=== +--- clblas-2.12.orig/src/library/blas/gens/gemv.c clblas-2.12/src/library/blas/gens/gemv.c +@@ -21,6 +21,7 @@ + + #include + #include ++#include + #include + #include + #include diff -Nru clblas-2.12/debian/patches/series clblas-2.12/debian/patches/series --- clblas-2.12/debian/patches/series 2023-09-28 16:21:54.0 -0700 +++ clblas-2.12/debian/patches/series 2024-04-09 14:40:35.0 -0700 @@ -9,3 +9,4 @@ Fix-double-literals.patch Fix-null-pointer-crash.patch Fix-local-variables-not-declared-in-outermost-scope.patch +no-implicit-declarations.patch
Bug#1067108: alien-arena: FTBFS with -Werror=implicit-function-declaration
Package: alien-arena Followup-For: Bug #1067108 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a fix for this bug, which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru alien-arena-7.71.3+dfsg/debian/patches/no-implicit-declarations.patch alien-arena-7.71.3+dfsg/debian/patches/no-implicit-declarations.patch --- alien-arena-7.71.3+dfsg/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ alien-arena-7.71.3+dfsg/debian/patches/no-implicit-declarations.patch 2024-04-09 13:53:07.0 -0700 @@ -0,0 +1,18 @@ +Description: add missing include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1067108 +Last-Update: 2024-04-09 +Forwarded: no + +Index: alien-arena-7.71.3+dfsg/source/game/g_unlagged.c +=== +--- alien-arena-7.71.3+dfsg.orig/source/game/g_unlagged.c alien-arena-7.71.3+dfsg/source/game/g_unlagged.c +@@ -21,6 +21,7 @@ + #include "config.h" + #endif + ++#include "qcommon/qcommon.h" + #include "g_local.h" + + /* diff -Nru alien-arena-7.71.3+dfsg/debian/patches/series alien-arena-7.71.3+dfsg/debian/patches/series --- alien-arena-7.71.3+dfsg/debian/patches/series 2023-02-12 08:19:19.0 -0800 +++ alien-arena-7.71.3+dfsg/debian/patches/series 2024-04-09 13:51:57.0 -0700 @@ -6,3 +6,4 @@ odeconfig.patch irc.patch http11.patch +no-implicit-declarations.patch
Bug#1066274: aa3d: FTBFS: aa3d.c:37:30: error: implicit declaration of function ‘strcmp’ [-Werror=implicit-function-declaration]
Package: aa3d Version: 1.0-8.2 Followup-For: Bug #1066274 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached a fix for this bug. This fix has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru aa3d-1.0/debian/patches/no-implicit-declarations.patch aa3d-1.0/debian/patches/no-implicit-declarations.patch --- aa3d-1.0/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ aa3d-1.0/debian/patches/no-implicit-declarations.patch 2024-04-09 13:42:30.0 -0700 @@ -0,0 +1,18 @@ +Description: add missing string.h include +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066274 +Last-Update: 2024-04-09 +Forwarded: no + +Index: aa3d-1.0/aa3d.c +=== +--- aa3d-1.0.orig/aa3d.c aa3d-1.0/aa3d.c +@@ -22,6 +22,7 @@ + */ + #include + #include ++#include + static char data[65536 / 2]; + int main(int argc, char **argv) + { diff -Nru aa3d-1.0/debian/patches/series aa3d-1.0/debian/patches/series --- aa3d-1.0/debian/patches/series 1969-12-31 16:00:00.0 -0800 +++ aa3d-1.0/debian/patches/series 2024-04-09 13:41:03.0 -0700 @@ -0,0 +1 @@ +no-implicit-declarations.patch
Bug#1066305: 3dchess: FTBFS: init.c:140:21: error: implicit declaration of function ‘time’ [-Werror=implicit-function-declaration]
Package: 3dchess Version: 0.8.1-21 Followup-For: Bug #1066305 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find attached the fix for this bug, which has been uploaded to Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru 3dchess-0.8.1/debian/patches/no-implicit-declarations.patch 3dchess-0.8.1/debian/patches/no-implicit-declarations.patch --- 3dchess-0.8.1/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ 3dchess-0.8.1/debian/patches/no-implicit-declarations.patch 2024-04-09 13:23:33.0 -0700 @@ -0,0 +1,18 @@ +Description: fix missing declaration of time() +Author: Steve Langasek +Bug-Debian: https://bugs.debian.org/1066305 +Last-Update: 2024-04-09 +Forwarded: no + +Index: 3dchess-0.8.1/src/init.c +=== +--- 3dchess-0.8.1.orig/src/init.c 3dchess-0.8.1/src/init.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include "../include/machine.h" + #include "../include/3Dc.h" + diff -Nru 3dchess-0.8.1/debian/patches/series 3dchess-0.8.1/debian/patches/series --- 3dchess-0.8.1/debian/patches/series 2022-03-26 18:33:58.0 -0700 +++ 3dchess-0.8.1/debian/patches/series 2024-04-09 13:22:34.0 -0700 @@ -4,3 +4,4 @@ 13_machine.h.patch hardening.patch wasteful-CPU-consumption.patch +no-implicit-declarations.patch
Bug#1068679: port-to-libsoup3.patch looks bad
Package: libtimezonemap Version: 0.4.6-6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Hello, This is a follow-up to bug #1037940 which is now archived. With the move of webkit2gtk to libsoup3, this now becomes non-negotiable for us in Ubuntu, as ubiquity requires both webkit and libtimezonemap. I have taken a stab at fixing this patch up based on the feedback in the other bug and have something that passes libtimezonemap's own build-time tests, and ubiquity's tests, though it's hard to tell how much the latter actually matters for verifying libtimezonemap correctness due to mocking. Please consider this for inclusion in Debian as well. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru libtimezonemap-0.4.6/debian/control libtimezonemap-0.4.6/debian/control --- libtimezonemap-0.4.6/debian/control 2024-03-07 21:30:43.0 -0800 +++ libtimezonemap-0.4.6/debian/control 2024-04-08 16:33:09.0 -0700 @@ -1,8 +1,7 @@ Source: libtimezonemap Section: misc Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Debian Cinnamon Team +Maintainer: Debian Cinnamon Team Uploaders: Maximiliano Curia , Margarita Manterola , @@ -20,7 +19,7 @@ libgtk-3-dev (>= 3.1.4), libcairo2-dev (>= 1.10), libjson-glib-dev, - libsoup2.4-dev + libsoup-3.0-dev (>= 3.0.7) Standards-Version: 4.6.2 Homepage: https://launchpad.net/timezonemap Vcs-Browser: https://salsa.debian.org/cinnamon-team/libtimezonemap diff -Nru libtimezonemap-0.4.6/debian/patches/port-to-libsoup3.patch libtimezonemap-0.4.6/debian/patches/port-to-libsoup3.patch --- libtimezonemap-0.4.6/debian/patches/port-to-libsoup3.patch 2023-06-20 23:54:22.0 -0700 +++ libtimezonemap-0.4.6/debian/patches/port-to-libsoup3.patch 2024-04-08 16:31:23.0 -0700 @@ -5,11 +5,11 @@ Forwarded: not-yet Last-Update: 2022-08-06 --- -diff --git a/configure.ac b/configure.ac -index 3f74dae..4e90e64 100644 a/configure.ac -+++ b/configure.ac -@@ -50,13 +50,13 @@ GDK_REQUIRED_VERSION=2.22 +Index: libtimezonemap/configure.ac +=== +--- libtimezonemap.orig/configure.ac libtimezonemap/configure.ac +@@ -50,13 +50,13 @@ GLIB_REQUIRED_VERSION=2.26 GTK3_REQUIRED_VERSION=3.1.4 GIO_REQUIRED_VERSION=2.5.11 @@ -25,23 +25,24 @@ json-glib-1.0) LIBTIMEZONEMAP_LIBS="$LIBTIMEZONEMAP_LIBS $LIBM" -diff --git a/src/timezone-completion.c b/src/timezone-completion.c -index d310235..6971ae9 100644 a/src/timezone-completion.c -+++ b/src/timezone-completion.c -@@ -271,8 +271,10 @@ geonames_data_ready (GObject *object, GAsyncResult *res, gpointer user_data) +Index: libtimezonemap/src/timezone-completion.c +=== +--- libtimezonemap.orig/src/timezone-completion.c libtimezonemap/src/timezone-completion.c +@@ -270,9 +270,10 @@ + CcTimezoneCompletionPrivate * priv = completion->priv; GError * error = NULL; GInputStream * stream; - SoupMessage *message; +- SoupMessage *message; + const gchar * reason_phrase; + SoupStatus status_code; - stream = soup_request_send_finish (SOUP_REQUEST (object), res, &error); -+ stream = soup_session_send_finish (SOUP_SESSION (object), res, &error); ++ stream = soup_session_send_finish (priv->soup_session, res, &error); if (stream == NULL) { if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) -@@ -283,8 +285,9 @@ geonames_data_ready (GObject *object, GAsyncResult *res, gpointer user_data) +@@ -283,8 +284,9 @@ return; } @@ -53,7 +54,7 @@ { JsonParser *parser; -@@ -296,7 +299,7 @@ geonames_data_ready (GObject *object, GAsyncResult *res, gpointer user_data) +@@ -296,10 +298,10 @@ else { g_warning ("Unable to fetch geonames (server responded with: %u %s)", @@ -61,8 +62,12 @@ + status_code, reason_phrase); } - g_object_unref (message); -@@ -362,7 +365,7 @@ static gboolean +- g_object_unref (message); ++ g_object_unref (object); + g_object_unref (stream); + } + +@@ -362,7 +364,7 @@ request_zones (CcTimezoneCompletion * completion) { CcTimezoneCompletionPrivate * priv = completion->priv; @@ -71,28 +76,17 @@ GError *error = NULL; priv->queued_request = 0; -@@ -388,13 +391,14 @@ request_zones (CcTimezoneCompletion * completion) - gchar * version = get_version (); - gchar * locale = get_locale (); -
Bug#1066065: libvformat: FTBFS: vf_reader.c:178:33: error: implicit declaration of function ‘read’; did you mean ‘fread’? [-Werror=implicit-function-declaration]
Package: libvformat Version: 1.13-12.1 Followup-For: Bug #1066065 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch Control: tags -1 patch Please find the fix for this attached. As this is fallout from the time_t transition, I am uploading this as a 0-day NMU. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org diff -Nru libvformat-1.13/debian/control libvformat-1.13/debian/control --- libvformat-1.13/debian/control 2024-03-31 12:51:42.0 -0700 +++ libvformat-1.13/debian/control 2024-04-07 01:00:50.0 -0700 @@ -1,8 +1,7 @@ Source: libvformat Section: devel Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Thomas Preud'homme +Maintainer: Thomas Preud'homme Standards-Version: 4.5.0 Build-Depends: dpkg-dev (>= 1.22.5), debhelper-compat (= 13), texinfo, automake, autoconf, libtool Build-Conflicts: autoconf2.13, automake1.4 diff -Nru libvformat-1.13/debian/patches/no-implicit-declarations.patch libvformat-1.13/debian/patches/no-implicit-declarations.patch --- libvformat-1.13/debian/patches/no-implicit-declarations.patch 1969-12-31 16:00:00.0 -0800 +++ libvformat-1.13/debian/patches/no-implicit-declarations.patch 2024-04-07 00:59:05.0 -0700 @@ -0,0 +1,43 @@ +Description: fix missing unistd.h include + src/vf_reader.c includes unistd.h conditionally, but the condition + doesn't properly match what's emitted by autoconf. Fix the #if so we + get a declaration for read(). +Author: Steve Langasek +Last-Update: 2024-04-07 +Forwarded: no +Bug-Debian: https://bugs.debian.org/1066065 + +Index: libvformat-1.13/src/vf_reader.c +=== +--- libvformat-1.13.orig/src/vf_reader.c libvformat-1.13/src/vf_reader.c +@@ -85,10 +85,12 @@ + *=*/ + + ++#include "config.h" ++ + #include + #include + +-#if defined(HAS_UNISTD_H) ++#if defined(HAVE_UNISTD_H) + #include + #endif + +Index: libvformat-1.13/test/testsuppt.c +=== +--- libvformat-1.13.orig/test/testsuppt.c libvformat-1.13/test/testsuppt.c +@@ -51,9 +51,10 @@ + /** + ANSI C & System-wide Header Files + **/ ++#include "config.h" + + #include +-#if defined(HAS_UNISTD_H) ++#if defined(HAVE_UNISTD_H) + #include + #endif + #include diff -Nru libvformat-1.13/debian/patches/series libvformat-1.13/debian/patches/series --- libvformat-1.13/debian/patches/series 2020-08-10 14:55:14.0 -0700 +++ libvformat-1.13/debian/patches/series 2024-04-07 00:50:34.0 -0700 @@ -9,3 +9,4 @@ 0009-Fix-errors-returned-by-Werror-format-security.patch 0010-Fix-typos-in-man-pages.patch auto-gitignore +no-implicit-declarations.patch
Bug#1068220: normalize case of debian/control fields
Package: debian-policy Version: 4.6.2.1 In the process of preparing mass-NMUs for the time_t transition, I encountered a package where the scripted approach I was using failed because a package already had a 'replaces' field in debian/control, and dpkg detected the addition of a 'Replaces' field as a duplicate. Although we are accustomed to seeing a certain capitalization for fields in debian/control, I was surprised to see upon review that Debian Policy has always said that the field names are case-insensitive. While it may make sense for dpkg to be permissive in this regard, I don't think it makes sense for Debian to allow it, as it unnecessarily makes parsing of this file more difficult for little value. I therefore propose that we change Debian policy 5.1 to standardize its case rules for debian/control field names, using the well-known spongebob casing rules. The first, third, fourth, and seventh characters in the field name are capitalized, with the second, fith, sixth, and eighth characters in lower case, then repeating for each subsequent octet of characters. As you can see, this consistency immediately gives much more readable results: SoURce: xz-utils SeCTioN: utils PrIOriTy: optional MaINtaInEr: Jonathan Nieder UpLOadErS: Mohammed Adnène Trojette BuILd-DePeNDs: debhelper-compat (= 13), dpkg-dev (>= 1.16.2), autoconf (>= 2.64~), automake, libtool (>= 2.2), gettext, autopoint | gettext (<< 0.18-1), autopoint | cvs, po4a BuILd-DePeNDs-Indep: doxygen BuILd-CoNfLIctS: automake1.4 StANdaRdS-VErsIoN: 4.6.1 VcS-brOwSeR: https://salsa.debian.org/debian/xz-utils VcS-giT: https://salsa.debian.org/debian/xz-utils HoMEpaGe: https://tukaani.org/xz/ RuLEs-ReQuIRes-rOoT: no Thanks for considering, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: PGP signature
Bug#1068017: util-linux: please ship liblastlog2 packages
On Sat, Mar 30, 2024 at 08:32:40AM +0100, Sven Joachim wrote: > >> So we could either put pam_lastlog2.so into a common-* file from > >> src:pam, or openssh and shadow should switch their setup. > >> What do we all think about that? > > pam should not be adding any modules to common-* that it itself does not > > ship. Instead they should be added via pam-auth-config. > I think you mean pam-auth-update here. Yes. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: PGP signature
Bug#1068017: util-linux: please ship liblastlog2 packages
On Sat, Mar 30, 2024 at 01:41:40AM +0100, Chris Hofstaedtler wrote: > Hi OpenSSH, shadow Maintainers, > > On Sat, Mar 30, 2024 at 01:32:08AM +0100, Chris Hofstaedtler wrote: > > On Fri, Mar 29, 2024 at 06:02:39PM +0100, Sven Joachim wrote: > > > It seems desirable to ship liblastlog2 in trixie, considering that the > > > /var/log/lastlog file is not Y2038-safe and pam in unstable has already > > > dropped pam_lastlog.so, meaning that non-ssh logins are no longer > > > recorded in /var/log/lastlog. > [..] > > At the same time, all traditional writing to /var/log/lastlog should > > stop. > > So, after some of the current fog clears, src:util-linux could > > introduce new binary packages (at least libpam-lastlog2), but > > src:pam would need to add it to the common-* config files. > > Does this seem right? > Answering my own question, not quite. > Apparently, traditionally we have: > * sshd writes to /var/log/lastlog by itself. > * login has pam_lastlog.so in its PAM snippet. > Both of these would need to be replaced by pam_lastlog2.so. I don't > really know what the other distros are doing right now, and/or if > we should align on this. > So we could either put pam_lastlog2.so into a common-* file from > src:pam, or openssh and shadow should switch their setup. > What do we all think about that? pam should not be adding any modules to common-* that it itself does not ship. Instead they should be added via pam-auth-config. I don't have an opinion about this being done in common-* vs being done in sshd+login particularly; but putting it to common-* by default seems a behavior change that warrants broader discussion e.g. debian-devel. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: PGP signature
Bug#1063085: uhd: NMU diff for 64-bit time_t transition
Control: reopen -1 Reopening, closed by an upload of an unrelated package. On Fri, Mar 22, 2024 at 12:20:06PM +0100, Andreas Beckmann wrote: > Control: reopen -1 > Control: severity -1 serious > I'm reopening this due to the regression (file conflict) #1063324 > Both libuhd4.6.0 and libuhd4.6.0-dpdk provide > /usr/lib/x86_64-linux-gnu/libuhd.so.4.6.0 > and are conflicting with each other. > So I'm a bit confused that only libuhd4.6.0 got renamed to libuhd4.6.0t64 > ... > Even if libuhd4.6.0-dpdk would not need to be renamed, I'd suggest to rename > it anyway to not make the logic too complicated. > Anyway libuhd4.6.0-dpdk (or libuhd4.6.0t64-dpdk) needs > Conflicts: libuhd4.6.0, libuhd4.6.0t64 > to solve #1063324. Ah libuhd4.6.0-dpdk would not have been renamed because it is not built on any 32-bit architectures. So I think the Conflicts: just needs updating but the package does not need renamed. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: PGP signature
Bug#1059150: No longer works with signing subkeys
On Wed, Dec 20, 2023 at 11:59:31PM +0100, Guillem Jover wrote: >Hi! > >On Wed, 2023-12-20 at 15:30:24 +0000, Steve McIntyre wrote: >> Package: debsig-verify >> Version: 0.23+b2 >> Severity: important >> Tags: patch > >> Updating our derived distro from bullseye to bookworm, we've moved on >> from 0.23 to 0.28. We're using subkeys for signing our debs, and that >> no longer works. I can see that the change you've made to no longer >> fall back if a fingerprint doesn't match >> (849d9633ebf809398c848821c603148ae0470278) has broken this. > >Ouch, I've been increasingly unhappy with the whole policy thing, >because it was not functioning as documented, fixing it to do so has >broken multiple use cases, it seems like unnecessary complexity and in >a way trying to reimplement some of the checks that should be done by >the OpenPGP implementation, and it is getting in the way of adding >other OpenPGP backends due to the insistence of tying the signature >issuer fingerprint with the policy to apply, which means the primary >certificate fingerprint cannot be used as would perhaps be usually >expected. Nod. To make everything work reliably here for all cases, we're now making 4 copies of the policy directory for every key we might use, using both the long keyid and the full fingerprint for each of the master key and the signing subkey. Then we're including a keyring with all of the keys in each of those policy directories. It's not wonderful... :-/ >I recorded part of this in the TODO, and I had in mind asking you >about how you use this as part of the redesign work, but I'll leave >that for a later point. :) ACK. :-) So, I'm curious... Debsig-verify does seem to be really quite over-complicated, at least for our use case. Wouldn't it be much simpler to just have a keyring per origin, and then (maybe) a system config file to state which origin(s) are needed. The policy definition files don't seem to add any value here. IMHO. It would also be lovely if the design was less restricted by GnuPG. (Yes, I know!) A real problem for me is that debsig-verify wants to see *every* signature accounted for when verifying a package. This is opposite to the behaviour of gpgv, which is more like what we were inititally expecting / hoping for. We're signing packages with a rolling range of N keys for our releases, similar to Debian's Release.gpg setup, and now we have to include 4*N policy directories for debsig-verify, and our keyring files all have to include *all* the keys. So, I'd be tempted by something easier to follow: * config to say which keyring(s) to use, and (maybe) some config to say "need minimum N valid sigs" * keyring(s) including key(s) * when validating signatures, verify each of them individually rather than expecting GnuPG to DTRT. I think we both know how well that works *grin*. If enough valid sigs are detected, we're good. If not, fail. Does that sound reasonable? What am I missing? -- Steve McIntyre, Cambridge, UK.st...@einval.com "I suspect most samba developers are already technically insane... Of course, since many of them are Australians, you can't tell." -- Linus Torvalds
Bug#1059150: No longer works with signing subkeys
On Wed, Mar 20, 2024 at 05:18:08PM +, Steve McIntyre wrote: >Hi Guillem, > >Sorry, I've been swamped with other stuff then ill for the last week >or so. Looking now... And I can confirm that your changes work here for our system too. Thanks! -- Steve McIntyre, Cambridge, UK.st...@einval.com "Every time you use Tcl, God kills a kitten." -- Malcolm Ray
Bug#1059150: No longer works with signing subkeys
Hi Guillem, Sorry, I've been swamped with other stuff then ill for the last week or so. Looking now... On Thu, Mar 07, 2024 at 04:22:08AM +0100, Guillem Jover wrote: >Hi! > >On Wed, 2023-12-20 at 23:59:31 +0100, Guillem Jover wrote: >> On Wed, 2023-12-20 at 15:30:24 +, Steve McIntyre wrote: >> > diff --git a/src/openpgp-gpg.c b/src/openpgp-gpg.c >> > index 4c29b7f..97ec3a4 100644 >> > --- a/src/openpgp-gpg.c >> > +++ b/src/openpgp-gpg.c >> > @@ -241,6 +242,7 @@ gpg_getKeyID(const char *keyring, const char *match_id) >> >continue; >> > if (strcmp(uid, match_id) != 0) { >> > free(uid); >> > + state = KEYID_SUB; >> >continue; >> >} >> > free(uid); >> >> I think the problem with this is that if the first uid does not match, >> then it will then switch to looking for a new fingerprint line, which >> might then omit some valid uids. >> >> I've prepared a change based on this at: >> >> >> https://git.hadrons.org/cgit/debian/dpkg/debsig-verify.git/log/?h=pu/openpgp-subkey >> >> With the assumption that one would define the policy and keyrings >> paths based on the subkey fingerprint and not the primary public >> certificate fingerprint, because otherwise some of the other matches >> cannot easily match, such as uid-based ones. But wanted to check with >> you whether that's the case before merging. Otherwise I can try to see >> how to support all the various cases. > >I assume you have had no time to look into this, but I'd like to make >sure the above branch fixes your issue before merging, and potentially >preparing a backport for stable. :) > >Thanks, >Guillem > -- Steve McIntyre, Cambridge, UK.st...@einval.com "Further comment on how I feel about IBM will appear once I've worked out whether they're being malicious or incompetent. Capital letters are forecast." Matthew Garrett, http://www.livejournal.com/users/mjg59/30675.html
Bug#1067054: Debian 12 - Copy files on USB 3
pham...@bluewin.ch wrote: > >For complement of information : >The SSD used is a Samsung 850 Pro 256 GB and the case is a Satechi ST-TCDEM. >Write rates were high at the start of the copy (450 MB/sec then dropped before >the crash to +/- 30 Mb/sec). > > > Restoring the disk image with this same SSD but integrated in a Delock USB 3 > Type A case to a USB A socket on my computer works correctly with a transfer >rate of 60 to 90 MB/s. > > >The same SSD still plugged into the Delock USB 3 Type A box but connected to >my machine on a USB C port completes the restoration of the image with a >constant >transfer rate of +/- 41MB/sec. >Regards. What you're describing sounds just as likely to be a hardware problem with the enclosure, to be honest. Does it work 100% reliably elsewhere? -- Steve McIntyre, Cambridge, UK.st...@einval.com Can't keep my eyes from the circling sky, Tongue-tied & twisted, Just an earth-bound misfit, I...