Bug#1002976: installation-reports: Installer Fault Accessibility No Screen Reader Heard

[D.J.J. Ring, Jr.]

On Sun, Jan 2, 2022, 03:59 Holger Wansing  wrote:

> Hi,
>
> Am 2. Januar 2022 02:40:16 MEZ schrieb "David J. Ring, Jr."  >:
> >
> >lspci -knn: 00:03.0 Audio device [0403]: Intel Corporation Broadwell-U
> Audio Controller [8086:160c] (rev 09)
>
>
> As I already wrote:
> my best guess for this one would be
> https://www.debian.org/releases/stable/debian-installer/#errata
>
>
> Holger
>
>
> --
> Sent from /e/ OS on Fairphone3
>

Holger,

So is this fixed? Does the daily our weekly installer with firmware allow
speech to be heard during installation?

Thank you,
David

>

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Am 02.01.22 um 12:15 schrieb Matthias Andree:
>> I am the owner of the domain so nobody is hijacked!
> 
> Are you the owner of "mydomain.de" or of the unnamed domain you intended
> not to show to the public?

Do you want to help with this new certificate issue or discuss the ownership of 
domains?

>> A self signing certificate is absolutely sufficient and perfect for private 
>> use.
> 
> Then install your own CA or (if marked as CA-suitable) issuer
> certificate it into your fetchmail client's OpenSSL trust store, or a
> separate location, and move on.

I want to do this - what must be done?

>> The same TLS1.2 as before shall be used, so it is not understandable why 
>> addtional things are mandantory now?
>> Why old certificates cannot be used any more when the client that uses a 
>> server is upgraded?
> 
> It is not about certificates, but - as László pointed out - about
> repairing fetchmail's security requirements from substandard to "Stand
> der Technik". fetchmail 6.4.0 made --sslcertck the default, as various
> places of the documentation (man page, NEWS file) point out.

When this method is "state of the art", why it is not explained somewhere?

With the search "install OpenSSL trust store" i could find this article:
https://support.code42.com/CP/Admin/On-premises/6/Configuring/Use_OpenSSL_to_install_a_keystore
that explains much of the stuff, but not how to use an self-signed certificate.


> The standard use case for fetchmail is to fetch mail from "big sites"
> and those can be expected to handle proper certification chains.

I agree - but is a private mail-server something that must be eliminated?

> Your use case is "run my own TLS server"; in that case fetchmail can
> safely assume people are aware what they are doing and how to handle trust.

This worked for more then 5 years with TLS1.2 without any problem.
Why this must be a problem now?

 In the Internet are a mass of similar problems with fetchmail, but no 
 description what exactly must be done to solve
 it.
>>> Because "similar problems" are usually a broken setup of either
>>> server-side certificates that don't trace back to commonly used and
>>> trusted stores (Mozilla's trusted CA package, mostly), or local broken
>>> setups.

Take the example Mozilla and please explain why it works without an "OpenSSL 
trust store" ?

>> This "stores" are a big problem of public monitoring, because every 
>> certificate causes requests to this central "stores".
> 
> Untrue. Mozilla's certificates are installed for offline use by Debian,
> Fedora, FreeBSD and derived distros under names such as ca-certificates,
> ca_root_nss or similar. AFAICS and up to and including OpenSSL 3.0.0,
> OpenSSL does not perform Online Certificate Status Protocol (OCSP)
> polls, so no calling home involved to date.

O.K. Then you have no request to this CA-servers for every connect to a server 
with a certificate, but every private
server is registered there and every client will request the "trust" once to 
access the server.
So you can made a profil who is using a server. That's the simple goal of it.

> https://manpages.debian.org/buster/ca-certificates/update-ca-certificates.8.en.html
> might be a starting point.

Thanks - but now i still have no idea where to search for the trust store of 
fetschmail?

Why it is not possible to give the needed commands like before, like
openssl req -x509 -newkey rsa:4096 -keyout /etc/exim4/exim.key.pem -out 
/etc/exim4/exim.cert.pem -days 365 -nodes ?

The reason is the lack of understanding what has changed and what must be done 
and not to bother you.

>> But it would be helpful for others what must be done to create and install 
>> this new "client side certificate" that
>> appears about 2018?
> 
> That's standard TLS library procedure and not specific to fetchmail. The
> only specific part is that fetchmail uses OpenSSL, so your self-signing
> server certificate belongs into OpenSSL's trust store, or you can use
> one or both of the --sslcert* options to fetchmail.

When this is a standard procedure, why it is not possible to find existing 
examples how to handle it?
Why it is still possible to fetch Data with TLS1.2 from the FTP-Server without 
similar problems?

Thank you for your help - we are coming to an solution in little steps.

Cheers
karsten

Bug#1002991: qtsvg-opensource-src: CVE-2021-45930

[Salvatore Bonaccorso]

Source: qtsvg-opensource-src
Version: 5.15.2-3
Severity: important
Tags: security upstream
Forwarded: https://bugreports.qt.io/browse/QTBUG-96044
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 5.11.3-2

Hi,

The following vulnerability was published for qtsvg-opensource-src.

CVE-2021-45930[0]:
| Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-
| of-bounds write in
| QtPrivate::QCommonArrayOpsQPainterPath::Element::growAppend
| (called from QPainterPath::addPath and QPathClipper::intersect).

Note that for 5.12.y it was fixed with [6] in 5.12.12, but remains
unfixed in 5.15.2. The corresponding QT bug does not seem public,
still marking it as forwarded there.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-45930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45930
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
[2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
[3] 
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
[4] https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 
(dev)
[5] https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 
(v6.2.2)
[6] https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc 
(v5.12.12)
[7] https://bugreports.qt.io/browse/QTBUG-96044

Regards,
Salvatore

Bug#926037: systemd: localectl console keymap configuration delayed

[Michael Biebl]

On 02.01.22 13:32, Floris Bos wrote:

On 1/2/22 12:01 PM, Michael Biebl wrote:

On 19.12.21 00:56, Floris Bos wrote:

Yes, your Debian specific stuff in 
debian/patches/debian/Use-Debian-specific-config-files.patch only 
seems to set /etc/default/keyboard


However with other Linux distributions the setting is also instantly 
applied to console, so that is what me and other users are expecting.



With other Linux distributions this seems to be done by restarting 
the systemd-vconsole-setup unit in src/local/localed.c 
vconsole_reload() :


https://github.com/systemd/systemd/blob/main/src/locale/localed.c#L97

Think that function needs to be patched by whatever is necessary to 
have the change do take effect on Debian (run "dpkg-reconfigure 
keyboard-configuration" and "setupcon -k --force" ?)


Currently we disable vconsole via debian/rules, so there is no 
systemd-vconsole-setup.service.


Maybe a fix could be as simple as shipping a symlink
systemd-vconsole-setup.service → keyboard-setup.service ?
Or do we need to restart console-setup.service as well?



I recall in some cases it is also necessary to regenerate initramfs 
after a keyboard settings change.


E.g. when LUKS encryption is used and the user needs to be able to enter 
the password to unlock the disks in the console prior to the rest of the 
system being booted.


So just restarting one of the services actually may not be enough.


Well, I'm not yet convinced that doing this in localed is the correct place.
After all, if you run dpkg-reconfigure console-setup, it doesn't update 
the initramfs either, or does it?




OpenPGP_signature
Description: OpenPGP digital signature

Bug#967275: Bug#967582: libgtkdatabox: depends on deprecated GTK 2

[Graham Inggs]

Control: tags -1 + pending fixed-in-experimental
Control: block 967275 by -1
Control: severity 967275 important
Control: block 967831 by -1
Control: severity 967831 important

Hi Felipe

On Sun, 6 Jun 2021 at 23:42, Felipe Castro  wrote:
> Hi, I'm the new upstream maintainer of GtkDatabox and we have released 
> version 1.0.0 this year, which depends now on GTK3, please update it on 
> Debian.
> The packages which depend on it are klavaro, xoscope and brp-pacu.
> From those, the only upstream which still depends on old gtkdatabox is 
> brp-pacu, but there is a fork which has done the upgrade to use the new GTK3 
> version at GitHub, see: https://github.com/matthew-dews/brp-pacu
> The problem is that they have not released this new version yet, but I could 
> provide another fork and release, if that is the case.

Thanks for your work on these packages!

I've uploaded libtgkdatabox 1.0.0 to experimental. Once it clears NEW
[1], I will prepare uploads of xoscope and brp-pacu which I have
already tested.  klavaro seems to be using an embedded copy of
libgtkdatabox.

Regards
Graham


[1] https://ftp-master.debian.org/new.html

Bug#990524: rabbitmq-server: CVE-2021-32719 CVE-2021-32718

[Salvatore Bonaccorso]

Source: rabbitmq-server
Source-Version: 3.9.4-1

On Thu, Jul 01, 2021 at 01:22:12PM +0200, Moritz Mühlenhoff wrote:
> Source: rabbitmq-server
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
> 
> Hi,
> 
> The following vulnerabilities were published for rabbitmq-server.
> 
> CVE-2021-32719[0]:
> | RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server
> | prior to version 3.8.18, when a federation link was displayed in the
> | RabbitMQ management UI via the `rabbitmq_federation_management`
> | plugin, its consumer tag was rendered without proper script
> | tag sanitization. This potentially allows for JavaScript code
> | execution in the context of the page. The user must be signed in and
> | have elevated permissions (manage federation upstreams and policies)
> | for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As
> | a workaround, disable the `rabbitmq_federation_management` plugin and
> | use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
> 
> https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
> https://github.com/rabbitmq/rabbitmq-server/pull/3122
> 
> CVE-2021-32718[1]:
> | RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server
> | prior to version 3.8.17, a new user being added via management UI
> | could lead to the user's bane being rendered in a confirmation message
> | without proper `script` tag sanitization, potentially allowing
> | for JavaScript code execution in the context of the page. In order for
> | this to occur, the user must be signed in and have elevated
> | permissions (other user management). The vulnerability is patched in
> | RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin
> | and use CLI tools for management operations and Prometheus and Grafana
> | for metrics and monitoring.
> 
> https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
> https://github.com/rabbitmq/rabbitmq-server/pull/3028
> 
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2021-32719
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32719
> [1] https://security-tracker.debian.org/tracker/CVE-2021-32718
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32718
> 
> Please adjust the affected versions in the BTS as needed.

Those were fixed for unstable with the 3.9.4-1 upload.

Regards,
Salvatore

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Am 02.01.22 um 12:28 schrieb Matthias Andree:
> But it would be helpful for others what must be done to create and install 
> this new "client side certificate" that
 appears about 2018?
>>>   I think the certificate issue was there right from the beginning.
>> Definitely no. Mails where fetched for about 5 years without any problem.
> Untrue. Messages were fetched without proper protection from
> MITM/eavesdropping attacks, unless you were using *other* options to
> ensure authenticity of the server. Which I doubt, else you would have
> asked specific questions about fetchmail options.

That's true - but you change the privacy with an voluntary registration at an 
CA-authority.
The people that can make MITM/eavesdropping attacks can fake an CA-authority 
too.
Do you think it is possible to make thousands of MITM/eavesdropping attacks 
parallel for every private server?

Can you please recommend *other* options to ensure more security with self 
signed certificates?

>>
>> I'm caring about safety and privacy, that's the reason encryption with 
>> private certificates are used.
> Nonsense. That's the reason why fetchmail 6.4.0 finally broke
> compatibility with broken sites and finally (far too late) enforces
> proper X.509 certificate chains to so-called trust anchors.

Can you explain this a little bit more please?

Using encryption with an self-signed certificate cannot be more nonsense then 
to use no encryption at all.
This makes no sense for me from a logic point.

>>> In this case the original private certificate from the server is needed?
>>>
>>> Why a client must have additional files now to access an server
>
> No. That's the wrong question to ask. Do not ask "why they are needed
> now", but "why have older fetchmail versions made proper trust
> verification optional" for so many years.

Why have older fetchmail versions made proper trust verification optional? :-)

> And another question to ask is "why do users ignore manuals and NEWS
> files of the applications they use"

That's a really good question.

When I think about it, the honest answer is probably laziness and to some 
extent disinterest.
You set up a server at a certain point in time and as soon as it is running 
smoothly, you don't change anything about it
- true to the motto "don't touch a running system".
To the best of the knowledge and understanding, you have installed encrypted 
communication and hope that this is both
sufficient and maintained through security updates.

> And a third one, to third parties and outside of this bug's context "how
> do we get proper yet concise certificate trust management documentation
> in prominent places?".

This is a very good question too!

The most important problem is that this encryption stuff is very complicate to 
avoid to say "to complicate".
You have to have the affinity to want to understand it, to really see through 
the details.

>
> One half is really OpenSSL basic usage and how to maintain its trust
> store, and one half is, sorry to be so blunt, a half-baked approach at
> trying to be your own CA without knowing what you are doing.

That's correct.
It is an unsuccessful attempt to bridge the gap between encryption in use and 
complete understanding of it.

> Fetchmail's expectation is that the server-presented single self-signed
> certificate, or normally certificate chain, traces back to a root
> signing certificate that is "trusted" and is installed in your local
> computer's OpenSSL trust store (the one running fetchmail), and trusted
> in a way that it properly verifies the sub-CAs it authenticates with
> respect to the policies and practices they implement. But this is all
> OpenSSL trust handling and, again, not specific to fetchmail.

Thank you for this explanation - that helps me to follow you.

Cheers
karsten

Bug#1002956: bullseye-pu: package rabbitmq-server/3.8.9-3 CVE-2021-32718, CVE-2021-32719

[Salvatore Bonaccorso]

Hi Thomas,

On Sat, Jan 01, 2022 at 06:57:42PM +0100, Thomas Goirand wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> [ Reason ]
> Hi,
> 
> I'd like to update rabbitmq-server to address:
> https://bugs.debian.org/990524
> 
> That's CVE-2021-32718, CVE-2021-32719.

Can you please include the fix as well for CVE-2021-22116?

> 
> [ Impact ]
> XSS security bugs.
> 
> [ Risks ]
> The patch only impacts some plugins which aren't activated
> by default, so most user aren't even impacted. However, the
> patches are also super-small, so why not approved them?
> 
> [ Checklist ]
>   [x] *all* changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in (old)stable
>   [x] the issue is verified as fixed in unstable
> 
> Cheers,
> 
> Thomas Goirand (zigo)

> diff -Nru rabbitmq-server-3.8.9/debian/changelog 
> rabbitmq-server-3.8.9/debian/changelog
> --- rabbitmq-server-3.8.9/debian/changelog2021-04-10 22:59:57.0 
> +0200
> +++ rabbitmq-server-3.8.9/debian/changelog2022-01-01 18:46:04.0 
> +0100
> @@ -1,3 +1,23 @@
> +rabbitmq-server (3.8.9-3+deb11u1) bullseye; urgency=medium
> +
> +  * CVE-2021-32719: In rabbitmq-server prior to version 3.8.18, when a
> +federation link was displayed in the RabbitMQ management UI via the
> +`rabbitmq_federation_management` plugin, its consumer tag was rendered
> +without proper script tag sanitization. This potentially allows
> +for JavaScript code execution in the context of the page. The user must
> +be signed in and have elevated permissions (manage federation upstreams
> +and policies) for this to occur. Applied upstream patch: Escape the
> +consumer-tag value in federation mgmt.
> +  * CVE-2021-32718: In rabbitmq-server prior to version 3.8.17, a new user
> +being added via management UI could lead to the user's bane being
> +rendered in a confirmation message without proper `script` tag
> +sanitization, potentially allowing for JavaScript code execution in the
> +context of the page. In order for this to occur, the user must be signed
> +in and have elevated permissions (other user management).
> +  * Closes: #990524
> +
> + -- Thomas Goirand   Sat, 01 Jan 2022 18:46:04 +0100
> +
>  rabbitmq-server (3.8.9-3) unstable; urgency=medium
>  
>[ Adam Cecile ]
> diff -Nru 
> rabbitmq-server-3.8.9/debian/patches/CVE-2021-32718_Escape_username_before_displaying_it.patch
>  
> rabbitmq-server-3.8.9/debian/patches/CVE-2021-32718_Escape_username_before_displaying_it.patch
> --- 
> rabbitmq-server-3.8.9/debian/patches/CVE-2021-32718_Escape_username_before_displaying_it.patch
> 1970-01-01 01:00:00.0 +0100
> +++ 
> rabbitmq-server-3.8.9/debian/patches/CVE-2021-32718_Escape_username_before_displaying_it.patch
> 2022-01-01 18:46:04.0 +0100
> @@ -0,0 +1,21 @@
> +Description: CVE-2021-32718: Escape username before displaying it
> + All other values displayed in pop-ups are already escaped.
> +Author: Michael Klishin 
> +Date: Thu, 6 May 2021 06:57:43 +0300
> +Origin: upstream, 
> https://github.com/rabbitmq/rabbitmq-server/commit/5d15ffc5ebfd9818fae488fc05d1f120ab02703c.patch
> +Bug-Debian: https://bugs.debian.org/990524
> +Last-Update: 2022-01-01
> +
> +diff --git a/deps/rabbitmq_management/priv/www/js/dispatcher.js 
> b/deps/rabbitmq_management/priv/www/js/dispatcher.js
> +index d2842c2da8a..5f1b54dbac8 100644
> +--- a/deps/rabbitmq_management/priv/www/js/dispatcher.js
>  b/deps/rabbitmq_management/priv/www/js/dispatcher.js
> +@@ -189,7 +189,7 @@ dispatcher_add(function(sammy) {
> + res = sync_put(this, '/users/:username');
> + if (res) {
> + if (res.http_status === 204) {
> +-username = res.req_params.username;
> ++username = fmt_escape_html(res.req_params.username);
> + show_popup('warn', "Updated an existing user: '" + 
> username + "'");
> + }
> + update();
> diff -Nru 
> rabbitmq-server-3.8.9/debian/patches/CVE-2021-32719_Escape_the_consumer-tag_value_in_federation_mgmt.patch
>  
> rabbitmq-server-3.8.9/debian/patches/CVE-2021-32719_Escape_the_consumer-tag_value_in_federation_mgmt.patch
> --- 
> rabbitmq-server-3.8.9/debian/patches/CVE-2021-32719_Escape_the_consumer-tag_value_in_federation_mgmt.patch
> 1970-01-01 01:00:00.0 +0100
> +++ 
> rabbitmq-server-3.8.9/debian/patches/CVE-2021-32719_Escape_the_consumer-tag_value_in_federation_mgmt.patch
> 2022-01-01 18:46:04.0 +0100
> @@ -0,0 +1,21 @@
> +Description: CVE-2021-32719 Escape the consumer-tag value in federation mgmt
> + Patches persistent XSS.
> +Author: Patrik Ragnarsson 
> +Date: Sat, 19 Jun 2021 09:23:12 +0200
> +Origin: upstream, https://github.com/rabbitmq/rabbitmq-server/pull/3122
> +Bug-Debian: 

Bug#1002961: [Pkg-pascal-devel] Bug#1002961: src:castle-game-engine: fails to migrate to testing for too long: FTBFS on armel

[Abou Al Montacir]

The issue is that there seem to be a bug in the compiler. However, I'm not able
to understand what kind of issue and cloud not produce a small code that
triggers it.

Moreover, it seems that the bug itself is triggered only when running the full
battery of tests. Then the failing test starts to fail.
If the test is ran alone (after a machine reboot, or after a while) then it will
succeed, but it one runs it after running the full test suite then it will fail
systematically.

No clue how to go forward and no enough information to open an upstream compiler
bug.
Moreover CGE upstream think we should abandon armel (and other non widely used
architectures) as a target for CGE, but I think myself it is a good test for the
compiler and tend to think we should  keep it.
-- 
Cheers,
Abou Al Montacir


signature.asc
Description: This is a digitally signed message part

Bug#978040: [Pkg-pascal-devel] Bug#978040: Warning: (9034) "crtbeginS.o" not found (on non-intel architectures)

[Abou Al Montacir]

Hi Paul,

On Sun, 2022-01-02 at 08:19 +0100, Paul Gevers wrote:
> Hi,
> 
> On 29-12-2021 23:47, Abou Al Montacir wrote:
> > So it should work correctly on all targets.
> 
> Does this work correctly on all multiarch architectures too? I inspected 
> only my own installation and there it only has cpui386 and cpux86_64.
If you check on a porter box for ARM or power PC, you will find only arm or ppc
related ifdefs.
So it works for all architectures, but not multiarch.
If we can safely suppose that all Debian architectures are using the very same
GCC version and path, then we can remove the ifdef and have a generic path that
works for mutiarch with a minimal effort.
> 
> > However, it is true that if a new gcc version is installed after FPC 
> > then the logic will fall down.
> 
> Can't we use a wildcard for the version number? I mean, after 11 comes 
> 12 and 13 and ...
The wildcards work but only for one directory level. This means /path/to/* and
/path/to/prefix*  will work, but not /path/to/*/* or /path/to/prefix*/*
> 
> > If this is judged OK, I propose to close this ticket
> 
> As long as we have a new fpc in every Debian release, we're fine in 
> Debian, but e.g. Ubuntu users may experience issues when they carry the 
> same fpc over to a new version of Ubuntu that comes with a new gcc 
> version. So I don't think it's nice.
If we can add a trigger then we can run dpkg-reconfigure fp-compiler-${VERSION}
and get it updated.
-- 
Cheers,
Abou Al Montacir




signature.asc
Description: This is a digitally signed message part

Bug#1002992: sub...@bugs.debian.org

[Alec Leamas]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "wxsvg":

 * Package name: wxsvg
   Version : 2:1.5.23+dfsg-1
   Upstream Author : Alex Thuering 
 * URL : http://wxsvg.sourceforge.net/
 * License : wxWindows
 * Vcs : https://salsa.debian.org/multimedia-team/wxsvg
   Section : libs

It builds those binary packages:

  libwxsvg3 - SVG library for the wxWidgets toolkit
  libwxsvg-tools - SVG library for the wxWidgets toolkit (tools)
  libwxsvg-dev - Development files for wxSVG


This is a minor update triggered by a new upstream version.

More info: https://mentors.debian.net/package/wxsvg/ or using

  dget -x 
https://mentors.debian.net/debian/pool/main/w/wxsvg/wxsvg_1.5.23+dfsg-1.dsc


Changes since the last upload:

 wxsvg (2:1.5.23+dfsg-1) unstable; urgency=medium
 .
   * New upstream version
   * d/watch: dfsg.1 -> dfsg (lintian warning)
   * d/control: Allow builds against wxWidgets 3.1
   * d/control: Standards-version:  4.5.0 -> 4.6.0, no changes.
   * Add patch for separate -latomic library causing sh4 build errors.

Bug#1002732: needrestart stalled in background when performing update with KDE Discover

[Ryan Armstrong]

So, I actually just installed my regular updates today with Discover and 
noticed a few library changes. The update completed properly. If I run 
needrestart after (or do an apt install), it confirms it wants to restart some 
libraries. I can continue to install other packages with Discover as well.
So it looks like that package was all I needed.

Thanks,
Ryan

On Saturday, January 1, 2022 8:42:26 A.M. EST Thomas Liske wrote:
> Hi,
> 
> could you check running needrestart as root on cli if you have any
> pending restarts?
> 
> You might try to reinstall a lib to trigger needrestart (i.e. via apt-
> get install --reinstall libnss3 - this *should* not break anything) to
> force to get a pending restarts.
> 
> Please check if needrestart and debconf-kde-helper are working when
> using KDE Discover afterwards.
> 
> 
> Regards,
> Thomas
> 
> On Fri, 2021-12-31 at 10:10 -0500, Ryan Armstrong wrote:
> > I did not, but your message prompted me to go looking a bit. I found
> > I had
> > not installed debconf-kde-helper. I would have expected a package
> > like this to
> > get pulled in when I installed KDE, so I expect it is missing as a
> > dependency
> > (for plasma-discover perhaps?)
> > 
> > In my setup, KDE was installed onto an existing setup by running `apt
> > install
> > kde-plasma-desktop`
> > 
> > I did one update after installing the helper, but didn't notice
> > anything (it
> > didn't stall, though). As long as that fixes the problem, I guess
> > this bug
> > should be redirected as a dependency issue?
> > 
> > Ryan
> > 
> > On Friday, December 31, 2021 9:54:02 A.M. EST you wrote:
> > > Hi Ryan,
> > > 
> > > needrestart should not block if it is run non-interactive. On
> > > Debian it
> > > uses the debconf frontend which also has graphical frontends. Do
> > > you
> > > get debconf dialogs in KDE Discover when installing/updating
> > > packages
> > > at all? (Sorry I do not have an KDE environment for testing.)
> > > 
> > > 
> > > Regards,
> > > Thomas
> > > 
> > > On Tue, 2021-12-28 at 08:33 -0500, Ryan Armstrong wrote:
> > > > Package: needrestart
> > > > Version: 3.5-5
> > > > Severity: normal
> > > > 
> > > > Dear Maintainer,
> > > > 
> > > > When I performed an update with KDE Discover, I noticed it
> > > > stalled at
> > > > 99% complete status and would not finish. When I checked the
> > > > process
> > > > tree with htop, I noticed the following lines from packagekitd
> > > > and
> > > > needrestart:
> > > > 
> > > >2629 root   20   0  492M  124M 79624 S  0.0  0.8  0:29.20
> > > > ├─
> > > > /usr/libexec/packagekitd
> > > >2632 root   20   0  492M  124M 79624 S  0.0  0.8  0:00.00
> > > > │
> > > > ├─ /usr/libexec/packagekitd
> > > >2634 root   20   0  492M  124M 79624 S  0.0  0.8  0:00.05
> > > > │
> > > > ├─ /usr/libexec/packagekitd
> > > >   14075 root   20   0  492M  124M 79624 S  0.0  0.8  0:05.78
> > > > │
> > > > ├─ /usr/libexec/packagekitd
> > > >   14090 root   20   0  494M 99648 50800 S  0.0  0.6  0:00.24
> > > > │
> > > > └─ /usr/libexec/packagekitd
> > > >   25864 root   20   0  494M 51924  2336 S  0.0  0.3  0:00.00
> > > > │ └─ /usr/libexec/packagekitd
> > > >   25872 root   20   0  2472   704   616 S  0.0  0.0  0:00.00
> > > > │└─ sh -c test -x /usr/lib/needrestart/apt-pinvoke &&
> > > > /usr/lib/needrestart/apt-pinvoke || true
> > > >   25873 root   20   0 35864 27816  6140 S  0.0  0.2  0:00.64
> > > > │   └─ /usr/bin/perl /usr/sbin/needrestart
> > > > 
> > > > It appears that packagekit is still running needrestart to ask if
> > > > I
> > > > want to restart systemd services. However, this prompt is
> > > > obviously
> > > > not
> > > > visible to me through KDE Discover, so it's stuck waiting
> > > > forever.
> > > > 
> > > > If I use kill on needrestart, the Discover session completes.
> > > > 
> > > > Since, this is an interaction between Discover, packagekit, apt
> > > > and
> > > > needrestart (possibly others?), I'm not 100% sure this is the
> > > > right
> > > > place for it. Feel free to reassign if I got it wrong.
> > > > 
> > > > Ryan
> > > > 
> > > > -- Package-specific info:
> > > > needrestart output:
> > > > Your outdated processes:
> > > > akonadi_archive[3076], akonadi_mailfil[3102],
> > > > akonadi_sendlat[3116],
> > > > akonadi_unified[3117], blueman-applet[2663], Discord[2921, 2924,
> > > > 2967, 2922, 2958, 2917, 3276, 3044], DiscoverNotifie[2571],
> > > > evolution-addre[2767], evolution-alarm[2660], evolution-
> > > > calen[2742],
> > > > evolution-sourc[2698], goa-daemon[2704], kmail[2936],
> > > > kwin_x11[2488],
> > > > nextcloud[2656], plasmashell[2554], QtWebEngineProc[6196, 6215,
> > > > 6194,
> > > > 6193], tracker-miner-f[2674], xdg-desktop-por[2375], xdg-
> > > > document-
> > > > po[2392], xdg-permission-[2397]
> > > > 
> > > > 
> > > > 
> > > > -- System Information:
> > > > Debian Release: bookworm/sid
> > > >   APT prefers testing
> > > >   APT policy: (900, 'testing'), (300, 

Bug#926037: systemd: localectl console keymap configuration delayed

[Floris Bos]

On 1/2/22 2:10 PM, Michael Biebl wrote:

On 02.01.22 13:32, Floris Bos wrote:
I recall in some cases it is also necessary to regenerate initramfs 
after a keyboard settings change.


E.g. when LUKS encryption is used and the user needs to be able to 
enter the password to unlock the disks in the console prior to the 
rest of the system being booted.


So just restarting one of the services actually may not be enough.


Well, I'm not yet convinced that doing this in localed is the correct 
place.
After all, if you run dpkg-reconfigure console-setup, it doesn't 
update the initramfs either, or does it?



It does on my Ubuntu box.

Not certain about upstream Debian.


--
Yours sincerely,

Floris Bos

Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)

[Tobias Frost]

Package: systemd
Version: 247.3-6
Severity: normal

Dear Maintainer,

In a systemd-nspawn container, upgrading from Debian 10 to Debian 11 fails
with:

Setting up systemd (247.3-6) ...
Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:4294967295:r-x,m::r-x,o::r-x" on 
/var/log/journal failed: Invalid argument
Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:4294967295:r-x,m::r-x,o::r-x" on 
/var/log/journal/0168a64537e84260bcb1172567dbc16e failed: Invalid argument
Setting access ACL "u::rw-,g::r-x,g:adm:r--,g:4294967295:r-x,m::r--,o::---" on 
/var/log/journal/0168a64537e84260bcb1172567dbc16e/system.journal failed: 
Invalid argument
dpkg: error processing package systemd (--configure):
 installed systemd package post-installation script subprocess returned error 
exit status 73


The Version before was:
241-7~deb10u8

Please let me know if there are additional details I could supply.

-- 
tobi

Bug#712979: debbugs: get_bug_log can incorrectly return an e-mail body with xsi:type="xsd:long"

[Bastian Venthur]

On 01.01.22 22:05, Don Armstrong wrote:


I'm currently working on it, but my available time is so minimal, that
additional help would be welcome.


Awesome news! Is there some repository to check out? I'd love to help if 
I can.



My current plan is to reimplement the log and database reading pieces in
python (SQLAlchemy + FastAPI) so that the number of people who can
contribute to the web frontend parts is significantly larger. [I've
started in on this, but it's slow going.]




Cheers,

Bastian

--
Dr. Bastian Venthur https://venthur.de
Debian Developer venthur at debian org

Bug#1000887: Info received ([Bug#1000887] xorg: X server segfaults when using xpdf)

[David Haworth]

Some more information:

* A colleague who owns a more modern Radeon GPU than mine (using
 the radeonsi drivers) doesn't have the same problem.

* If I start the X server with color depth 16 the problem goes away,
  but occurs with both 24 and 32 color depths.

>From these observations, I conclude that the problem lies in the full-color
handling of the standard radeon driver.

Bug#974217: RFS: python-radexreader/1.2.1-1 [ITP] -- Reader for the RADEX RD1212 Geiger counter

[Fabrice Creuzot]

I found, this is easy:

in radexreader.manpages:
debian/radexreader.1
debian/radexreader.fr.1

so I didn't say anything

Bug#1002994: expat: CVE-2021-45960: A large number of prefixed XML attributes on a single tag can crash libexpat (troublesome left shifts by >=29 bits in function storeAtts)

[Salvatore Bonaccorso]

Source: expat
Version: 2.4.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexpat/libexpat/issues/531
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 2.2.10-2
Control: found -1 2.2.6-2+deb10u1
Control: found -1 2.2.6-2

Hi,

The following vulnerability was published for expat.

CVE-2021-45960[0]:
| In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more)
| places in the storeAtts function in xmlparse.c can lead to realloc
| misbehavior (e.g., allocating too few bytes, or only freeing memory).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-45960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
[1] https://github.com/libexpat/libexpat/issues/531

Regards,
Salvatore

Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)

[Tobias Frost]

Some more debugging into it:

Adding a set -x to postinst:

+ [ configure = triggered ]
+ [ -z 241-7~deb10u8 ]
+ dpkg --compare-versions 241-7~deb10u8 lt 245.4-4~
+ systemctl enable systemd-pstore.service
+ [ -z 241-7~deb10u8 ]
+ [ -z 241-7~deb10u8 ]
+ [ -z 241-7~deb10u8 ]
+ systemd-machine-id-setup
+ addgroup --quiet --system systemd-journal
+ adduser --quiet --system --group --no-create-home --home /run/systemd --gecos
systemd Network Management systemd-network
+ adduser --quiet --system --group --no-create-home --home /run/systemd --gecos
systemd Resolver systemd-resolve
+ dpkg --compare-versions 241-7~deb10u8 lt 244.1-2~
+ mkdir -p /var/log/journal
+ mountpoint -q /proc
+ systemd-tmpfiles --create --prefix /var/log/journal
Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:4294967295:r-x,m::r-x,o::r-x" on
/var/log/journal failed: Invalid argument
Setting access ACL "u::rwx,g::r-x,g:adm:r-x,g:4294967295:r-x,m::r-x,o::r-x" on
/var/log/journal/0168a64537e84260bcb1172567dbc16e failed: Invalid argument
Setting access ACL "u::rw-,g::r-x,g:adm:r--,g:4294967295:r-x,m::r--,o::---" on
/var/log/journal/0168a64537e84260bcb1172567dbc16e/system.journal failed: Invalid
argument


/proc is mounted in my container.

(I've made locally "systemd-tmpfiles --create --prefix /var/log/journal" a NOP
to be able to proceed with the update. For the ones finding this bug report,
the file to edit: /var/lib/dpkg/info/systemd.postinst)

--
tobi

Bug#997748: libcomps: FTBFS: There is a syntax error in your configuration file: Missing parentheses in call to 'print'. Did you mean print(os.environ['LD_LIBRARY_PATH'])? (conf.py, line 23)

[Holger Levsen]

hi,

On Sun, Oct 24, 2021 at 01:39:00PM +0200, Lucas Nussbaum wrote:
> Source: libcomps
> Version: 0.1.15-4
> Severity: serious
[...] 
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
[...]
> > Running Sphinx v4.2.0
> > 
> > Configuration error:
> > There is a syntax error in your configuration file: Missing parentheses in 
> > call to 'print'. Did you mean print(os.environ['LD_LIBRARY_PATH'])? 
> > (conf.py, line 23)
> > 
> > make[5]: *** [src/python/docs/CMakeFiles/pydocs.dir/build.make:122: pydocs] 
> > Error 2

It seems to me we can fix this bug by simply taking the patch from
https://github.com/rpm-software-management/libcomps/commit/5eebd94a7ce855979eb014595256eee17ee6b359

Can someone confirm? I'd be happy to sponsor an upload again :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Dance like no one's watching. Encrypt like everyone is.


signature.asc
Description: PGP signature

Bug#1002995: ruby3.0: CVE-2021-41816 CVE-2021-41817 CVE-2021-41819

[Salvatore Bonaccorso]

Source: ruby3.0
Version: 3.0.2-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for ruby3.0, they were
fixed upstream in 3.0.3.

CVE-2021-41816[0]:
| Buffer Overrun in CGI.escape_html

CVE-2021-41817[1]:
| Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS
| (regular expression Denial of Service) via a long string. The fixed
| versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.


CVE-2021-41819[2]:
| CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes
| in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-41816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816
[1] https://security-tracker.debian.org/tracker/CVE-2021-41817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817
[2] https://security-tracker.debian.org/tracker/CVE-2021-41819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819

Regards,
Salvatore

Bug#1002219: [PATCH] t/eml.t: ignore newer Email::MIME behavior

[Uwe Kleine-König]

Hello Eric,

On 12/30/21 20:17, Eric Wong wrote:

Uwe Kleine-König  wrote:

Hello,

adding the Debian Perl Group to Cc, maybe they can help here.
(for context look at https://bugs.debian.org/1002219)

On 12/30/21 10:12, Uwe Kleine-König wrote:

I got a bug report against the public-inbox 1.6.1 package about a
failing test, see below for the whole output. I didn't have time yet to
look into it, so this is just a heads up to make you aware. If someone
has a hint what to do, this would be greatly appreciated. Maybe just
updating to 1.7 will help?

Best regards
Uwe

On 12/21/21 17:34, Lucas Nussbaum wrote:

#   Failed test 'filename decoded'
#   at t/eml.t line 407.
#  got: '=?utf-8?q?vtpm-makefile.patch?='
# expected: 'vtpm-makefile.patch'
# Looks like you failed 1 test of 146.
t/eml.t ..


I can reproduce this problem with 1.6.1 checked out. I played a bit around
(suffering from my weak perl foo) and found that when I downgrade
libemail-mime-perl from 1.952-1 (i.e. Debian unstable's version) to 1.949-1
(i.e. Debian stable's version), this works.

The reproducer is:

$ perl -e 'use Email::MIME; print Email::MIME->new("Content-Type:
text/x-patch; name=\"=?utf-8?q?vtpm-fakefile.patch?=\"\nContent-Disposition:
attachment; filename=\"=?utf-8?q?vtpm-makefile.patch?=\"\n\n")->filename;'

which emits "vtpm-makefile.patch" with 1.949-1 (as public-inbox expects),.
but =?utf-8?q?vtpm-makefile.patch?= with 1.952-1.

So the key question is: Is the test correct and his is a regression in
libemail-mime-perl, or is the test wrong and we need to fix the test (and
PublicInbox::Eml)?


I thought I sent a fix to this; but I nuked the root FS on one of
my workstations on accident :<  Still recovering...


Oh, good luck in restoring your precious data.

Thanks for your patch. I just uploaded public-inbox with this change to 
fix the bug.


I still wonder if this is a regression in Email::MIME, or just a wrong 
expectation. In the first case I'd open a bug against libemail-mime-perl.


Bisecting in https://github.com/rjbs/Email-MIME.git yields 
https://github.com/rjbs/Email-MIME/commit/8a7cffd2b1091ff1a750d541a85e1813a6747b72 
as breaking commit. So this looks like an intended change.


Best regards
Uwe


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002404: borgbackup: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p 3.9 returned exit code 13

[Gianfranco Costamagna]

control: close -1
control: severity -1 normal

Hello Lucas, I tried on reproducible builds, and I saw some failures some time 
ago, but I retried today and everything was good.
So I presume something in the build-deps got fixed in the meanwhile?

e.g.

https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/borgbackup_1.1.17-1.rbuild.log.gz

G.

On Wed, 22 Dec 2021 08:50:10 +0100 Lucas Nussbaum  wrote:
> Source: borgbackup
> Version: 1.1.17-1
> Severity: serious
> Justification: FTBFS
> Tags: bookworm sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-20211220 ftbfs-bookworm
> 
> Hi,
> 
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
> 
> 
> Relevant part (hopefully):
> > make[1]: Entering directory '/<>'
> > python3 setup.py build_ext --inplace
> > Detected and preferring liblz4 over bundled LZ4
> > Detected and preferring libb2 over bundled BLAKE2
> > Detected and preferring libzstd over bundled ZSTD
> > Detected and preferring libxxhash over bundled XXHASH
> > running build_ext
> > skipping 'src/borg/algorithms/msgpack/_packer.cpp' Cython extension 
> > (up-to-date)
> > skipping 'src/borg/algorithms/msgpack/_unpacker.cpp' Cython extension 
> > (up-to-date)
> > skipping 'src/borg/compress.c' Cython extension (up-to-date)
> > skipping 'src/borg/crypto/low_level.c' Cython extension (up-to-date)
> > skipping 'src/borg/hashindex.c' Cython extension (up-to-date)
> > skipping 'src/borg/item.c' Cython extension (up-to-date)
> > skipping 'src/borg/chunker.c' Cython extension (up-to-date)
> > skipping 'src/borg/algorithms/checksums.c' Cython extension (up-to-date)
> > skipping 'src/borg/platform/posix.c' Cython extension (up-to-date)
> > skipping 'src/borg/platform/linux.c' Cython extension (up-to-date)
> > skipping 'src/borg/platform/syncfilerange.c' Cython extension (up-to-date)
> > building 'borg.algorithms.msgpack._packer' extension
> > x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g 
> > -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat 
> > -Werror=format-security -g -fwrapv -O2 -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC 
> > -D__LITTLE_ENDIAN__=1 -I/usr/include -I/usr/include -I/usr/include 
> > -I/usr/include -I/usr/include -I/usr/include -I/usr/include/python3.9 -c 
> > src/borg/algorithms/msgpack/_packer.cpp -o 
> > build/temp.linux-x86_64-3.9/src/borg/algorithms/msgpack/_packer.o
> > x86_64-linux-gnu-g++ -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g 
> > -fwrapv -O2 -Wl,-z,relro -Wl,-z,now -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 
> > build/temp.linux-x86_64-3.9/src/borg/algorithms/msgpack/_packer.o -o 
> > /<>/src/borg/algorithms/msgpack/_packer.cpython-39-x86_64-linux-gnu.so
> > building 'borg.algorithms.msgpack._unpacker' extension
> > x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g 
> > -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat 
> > -Werror=format-security -g -fwrapv -O2 -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC 
> > -D__LITTLE_ENDIAN__=1 -I/usr/include -I/usr/include -I/usr/include 
> > -I/usr/include -I/usr/include -I/usr/include -I/usr/include/python3.9 -c 
> > src/borg/algorithms/msgpack/_unpacker.cpp -o 
> > build/temp.linux-x86_64-3.9/src/borg/algorithms/msgpack/_unpacker.o
> > x86_64-linux-gnu-g++ -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g 
> > -fwrapv -O2 -Wl,-z,relro -Wl,-z,now -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 
> > build/temp.linux-x86_64-3.9/src/borg/algorithms/msgpack/_unpacker.o -o 
> > /<>/src/borg/algorithms/msgpack/_unpacker.cpython-39-x86_64-linux-gnu.so
> > building 'borg.compress' extension
> > x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g 
> > -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat 
> > -Werror=format-security -g -fwrapv -O2 -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC 
> > -DBORG_USE_LIBLZ4=YES -DBORG_USE_LIBB2=YES -DBORG_USE_LIBZSTD=YES 
> > -DBORG_USE_LIBXXHASH=YES -DXXH_PRIVATE_API=YES -I/usr/include 
> > -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include 
> > -I/usr/include/python3.9 -c src/borg/compress.c -o 
> > build/temp.linux-x86_64-3.9/src/borg/compress.o
> > x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g 
> > -fwrapv -O2 -Wl,-z,relro -Wl,-z,now -g -O2 
> > -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> > -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 
> > build/temp.linux-x86_64-3.9/src/borg/compress.o -llz4 -lzstd -o 
> > 

Bug#1003010: fonts-liberation2: please Provides fonts-liberation

[Martin-Éric Racine]

Package: fonts-liberation2
Version: 2.1.5-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

It would be desirable for fonts-liberation2 to Provides fonts-liberation so as 
to avoid installing two versions of essentially the same font.

- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/8 CPU threads)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmHR8oMACgkQrh+Cd8S0
17Z7+RAAp5YKO9j36vycnMIvKSJP16hMis0Ua8kRKPbQD5yxHZ2esxA924Po5Owr
DJPfBbHwiMBnZb4FQjDaHYBg+U7HN2ZWZuDJLFPszQr8p9eR+8GA3Wo2WxDTP9Es
YsYia92X2Ay+T4Dq+OhEIQLdL7Dd72s8+BFpDqDWaZ+EAPNgsXFQneKpdCNS3y5w
edw8ToH8xaDUnYILjBN7sD1f80RnA2oa6PbauVU+3CS41lsQ4vDZbFyR7Nedtl6n
+C+HLmxwDHjd2SrvjCjBKkY7IZWMIzvt0fJb7LAoQ39w7+kqeCeTcbb28T+wjyFB
hgPk30LStOgYCB9dQfhajrwt/rL+4/6ICy82BD7TRMOAhyiO8Z9zNViv151aPuMT
6BWSZAM1bjWBdAxDqWgaif9ByZnm7ba/n4NGTOyeQ2MX43HIn21DR1lNypLKsB6J
t1q21TdeZNSmVJR02EtUZ6MhgXtCMJZoubb1uMkpQkeNuBv828mI0iqkCwMAnjfx
Z2yYXDcaL7swtgBifGMtx4gtLJO54bFZ/7391f/AX7V1F07zFy0yiM1P7FY5jAkB
xQ+wHVqGRIeSe0g9j40vQMH9u2T7GkgMCZDcraAiPTREZxUMpSc34o+DgnqOhAfZ
6U9cUH7iMvUfVyID/X3FQASnwjXrV2ALRRG+3tZmuIaTU4GnXKo=
=k7Xm
-END PGP SIGNATURE-

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

[Andres Salomon]

On Sun, 2 Jan 2022 20:15:01 +0100
Moritz Muehlenhoff  wrote:

> On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> > How should I handle this? NMU to sid, let people try it out, and
> > then deal with buster/bullseye?  
> 
> Yeah, let's proceed with unstable first in any case.
> 
> > Upload everything all at once? I'm also
> > going to try building for buster, unless the security team doesn't
> > think I should bother.  
> 
> I saw
> https://salsa.debian.org/dilinger/chromium/-/commit/5c05f430e192961527ec9a64bbaa64401dc14d95
> , but buster now also includes LLVM/clang 11 (it was introduced to
> support a more recent Rust toolchain needed for Firefox), so you
> might be reduce complexity here further:
> https://tracker.debian.org/pkg/llvm-toolchain-11
> 
> It's in buster-proposed-updates since there hasn't been a point
> release since, but for the purposes of buster-security builds, it
> doesn't matter (they chroots have been modified to includen
> buster-proposed-updates temporarily):

Ah, very helpful, thanks! I'll give buster a try (just created
the 'v96-buster' branch). Between that and various backports, I think
we might be in good shape.

Bug#1003009: notcurses FTBFS: notcurses-ffi exists in debian/tmp but is not installed to anywhere

[nick black]

this is addressed in more detail at
https://github.com/dankamongmen/notcurses/issues/2519.
i expect to have this fixed within the hour. sorry for the
annoyance.

Bug#1003036: ITP: golang-github-fatih-camelcase -- Split a camelcase word into a slice of words in Go

[Mason Giles]

X-Debbugs-CC: debian-de...@lists.debian.org, debian...@lists.debian.org
Package: wnpp
Severity: wishlist
Owner: "Mason Giles" 

* Package name    : golang-github-fatih-camelcase
  Version : 1.0.0-1
  Upstream Author : Fatih Arslan
* URL : https://github.com/fatih/camelcase
* License : Expat
  Programming Lang: Go
  Description : Split a camelcase word into a slice of words in Go

 CamelCase is a Go package to split the words of a camelcase type string
 into a slice of words. It can be used to convert a camelcase word (lower
 or upper case) into any type of word.

As with all Go packages, it should be team-maintained within the Debian Go
Packaging Team.

This package is part of the dependency tree of an attempt to package 
LiteIDE:

- liteide
  - gocode
    - gotools
  - golang-github-visualfc-fastmod
  - golang-github-visualfc-goversion
  - gomodifytags
    - golang-github-fatih-camelcase (*)
    - golang-github-fatih-structtag

Bug#1003002: autopkgtest-virt-qemu: Console setup issue on armhf

[Christian Kastner]

Package: autopkgtest
Version: 5.19
Severity: normal

It looks as if one of the necessary consoles is not set up properly on
armhf (it worked fine for me on arm64):

$ sudo autopkgtest-build-qemu \
--architecture armhf \
--mirror http://deb.debian.org/debian \
unstable armhf.img

...

$ autopkgtest libocas -- qemu \
--dpkg-architecture armhf \
-d --show-boot \
armhf.img

produces

  | host login: autopkgtest-virt-qemu: DBG: expect: found "'login prompt on 
serial console'"
  | autopkgtest-virt-qemu: DBG: expect: b'ok'
  | autopkgtest-virt-qemu: DBG: setup_shell(): no default shell on hvc1 or ttyS1
  | qemu-system-arm: terminating on signal 15 from pid 1316826 
(/usr/bin/python3)
  | autopkgtest-virt-qemu: DBG: cleanup...
  | : failure: The VM does not start a root shell on ttyS1 or hvc1 
already. The only other supported login mechanism is through --user and 
--password on the guest ttyS0

[By the way, libocas is just a tiny library with no dependencies that I tend to 
use
as a smoke test.]

Best,
Christian

Bug#1002998: firejail-profiles: telegram-desktop not working with firejail

[Reiner Herrmann]

Hi,

On Sun, Jan 02, 2022 at 02:58:26PM +, piorunz wrote:
> Before upgrade to Testing, everything was working fine.
> Something is wrong with firejail profile?
> I request assistance. Thank you.

This sounds similar to this upstream issue:
 https://github.com/netblue30/firejail/issues/4488

This was fixed by adding "whitelist /usr/share/TelegramDesktop"
to the telegram.profile.
Can you please check if that also works for you?

Thanks.

Kind regards,
  Reiner


signature.asc
Description: PGP signature

Bug#998244: lists.debian.org: request for debian-math mailing list

[Nilesh Patra]

Hi Listmasters,

Gentle ping on this?

Since it has been a while now, and there are interested people, enabling a list 
will help us.
Could you please consider processing the request whenever you have time?

Regards,
Nilesh

On Tue, 14 Dec 2021 15:43:50 + Tobias Hansen  wrote:
> Hi Cord,
> 
> I am also in favor of the creation of this list. I think we could then close 
> down debian-science-sagem...@alioth-lists.debian.net and move these 
> discussions to debian-math.
> 
> Best,
> Tobias
> 
> On Sat, 13 Nov 2021 16:45:48 +0530 "Nilesh Patra"  wrote:
> > Dear list masters,
> > 
> > Since a few people already responded on this bug, and other folks
> > already showed interest in joining the team[1], would you please consider to
> > process this mailing list request now?
> > 
> > [1]: https://lists.debian.org/debian-science/2021/10/msg00034.html
> > 
> > Thanks a lot for your work,
> > Nilesh
> > 
> > 
> 
> 


signature.asc
Description: PGP signature

Bug#1003005: elkcode FTBFS with libxc 5.1.7

[Adrian Bunk]

Source: elkcode
Version: 6.3.2-2
Severity: serious
Tags: ftbfs bookworm sid
Control: close -1 7.2.42-1

https://buildd.debian.org/status/package.php?p=elkcode=sid

...
mpif90 `dpkg-buildflags --get FFLAGS` `dpkg-buildflags --get CPPFLAGS` -Wall 
-ffast-math -funroll-loops -fopenmp -fallow-argument-mismatch `dpkg-buildflags 
--get LDFLAGS` -o elk modmain.o modmpi.o libxc_funcs.o libxc.o libxcifc.o 
modxcifc.o modfxcifc.o moddftu.o modrdm.o modphonon.o modscdft.o modtest.o 
modrandom.o modstore.o modpw.o modvars.o modtddft.o modgw.o modulr.o modjx.o 
modomp.o mkl_stub.o mkl_init.o oblas_stub.o oblas_init.o blis_stub.o 
blis_init.o w90_stub.o modw90.o zfftifc_fftw.o elk.o zbsht.o zfsht.o rbsht.o 
rfsht.o projsbf.o fsmooth.o nfftifc.o rfinp.o splint.o spline.o wsplint.o 
wsplintp.o splintwp.o sphcover.o r3frac.o genvsig.o gencfun.o zfpack.o 
addlorbcnd.o rfint.o sortidx.o gengkvec.o pade.o pades.o rfint0.o zfinp.o 
symrvf.o genapwfr.o rfcopy.o rhomagsh.o genylmg.o olpaa.o readfermi.o factr.o 
writechg.o zflmconj.o rminv.o zminv.o rlmrot.o rotrflm.o ztorflm.o rotzflm.o 
rfmtlm.o genzrm.o gensfacgp.o zmctmu.o zmctm.o hmlfv.o olpfv.o axangsu2.o 
checkmt.o symrf.o z2mm.o z2mctm.o z2mmct.o writefermi.o findnjcmax.o findscq.o 
plot1d.o plot2d.o plot3d.o hmllolo.o olprad.o occupy.o findkpt.o zfmtint.o 
rotrfmt.o forcek.o eveqnfvr.o findsym.o genvbmatk.o wigner3jf.o wigner6j.o 
mixbroyden.o zftrf.o gensocfr.o getcfgq.o wigner3j.o moke.o sfacinit.o 
sfacrho.o sfacmag.o gradwfcr2.o symrvfmt.o oepmain.o oepresk.o oepvcl.o 
oepvclk.o dbxcplot.o writehmlbse.o hmldbse.o hmldbsek.o dielectric_bse.o 
genidxbse.o writeevbse.o genwfpw.o writewfpw.o getwfpw.o genexpmat.o elnes.o 
potefield.o eulerrot.o fermisurfbxsf.o symmetry.o findsymcrys.o findsymsite.o 
plotpt1d.o writedos.o findprimcell.o proj2d.o nonlinopt.o vecplot.o wfcrplot.o 
energykncr.o eveqnss.o gendmatk.o gensdmat.o ggamt_1.o ggair_1.o ggamt_sp_1.o 
ggair_sp_1.o ggamt_2a.o ggair_2a.o ggamt_2b.o ggair_2b.o ggamt_sp_2a.o 
ggair_sp_2a.o ggamt_sp_2b.o ggair_sp_2b.o genspecies.o writeemd.o writeexpmat.o 
rotdmat.o hrmdmat.o reademd.o emdplot.o rfhkintp.o emdplot3d.o emdplot2d.o 
emdplot1d.o plotpt3d.o plotpt2d.o writeevsp.o torque.o ssfsmjx.o wxcplot.o 
effmass.o genlmirep.o ssfext.o sstask.o spiralsc.o genscss.o genfspecies.o 
writespecies.o exxengy.o exxengyk.o xc_c_tb09.o elfplot.o potplot.o mae.o 
writestate.o readstate.o rotaxang.o axangrot.o dmatls.o gendmat.o numlist.o 
sbesseldm.o genvchi0.o genspchi0.o vclcore.o hmlxbse.o hmlxbsek.o genvmatk.o 
writeepsinv.o putepsinv.o curden.o curdenk.o hflocal.o dielectric.o bdipole.o 
roteuler.o lopzflm.o eveqnfvz.o rhomag.o hmlaa.o hmlalo.o gencore.o gentau.o 
gentauk.o hmlistl.o olpistl.o gengclg.o hmlrad.o rhonorm.o rfmtsm.o olplolo.o 
genshtmat.o allatoms.o rtozflm.o rtozfmt.o gauntyry.o fderiv.o moment.o 
sctovec.o match.o writeinfo.o rfpack.o gaunt.o readinput.o ztorfmt.o 
putevecfv.o zfmtinp.o zfcmtinp.o writelinen.o writekpts.o rfmtinp.o brzint.o 
rhocore.o writelat.o mtdmin.o atpstep.o potcoul.o zfmtconj.o symrfmt.o 
putpmat.o eveqnz.o olpalo.o checkfsm.o rhoplot.o potnucl.o potxc.o erf.o 
gradzf.o writegeom.o linengy.o bandstr.o gengvc.o gengclq.o closefiles.o 
writefsm.o eveqn.o rhomagk.o factnm.o atom.o radnucl.o charge.o genrmesh.o 
genapwlofr.o wavefmt.o genzrho.o potks.o sbessel.o clebgor.o hermite.o 
findband.o genbs.o gencfrc.o genws.o chargemt.o gndstate.o addbfsm.o initoep.o 
orthevsv.o fermisurf.o findswidth.o gradrf.o dos.o gradzfmt.o nuclei.o 
writesym.o zftzf.o polynm.o rdirac.o zfmtftoc.o rfmtftoc.o gradrfmt.o 
genzvclmt.o getevalfv.o mixlinear.o gengvec.o putevalfv.o rfmtpack.o zfmtpack.o 
writestrain.o writeforces.o r3mv.o r3mtv.o r3cross.o r3minv.o r3mdet.o r3mm.o 
r3mtm.o r3mmt.o r3vo.o symvec.o curdenplot.o hartfock.o eveqnhf.o zpotclmt.o 
genlofr.o rfinpc.o eveqnit.o genzfrm.o gengqrf.o writepmat.o genwfsv.o 
writelsj.o writesf.o rzfinp.o genjlgprmt.o gridsize.o sphcrd.o writeiad.o 
readspecies.o i3mtv.o writeeval.o i3minv.o i3mdet.o genevfsv.o getpmat.o 
timesec.o mixpack.o mixerifc.o symmat.o rhoinit.o maginit.o rvfcross.o 
eveqnfv.o energynn.o rfinterp.o rfplot.o geomopt.o ylmroty.o ylmrot.o gcd.o 
sdelta.o stheta.o sdelta_mp.o stheta_mp.o sdelta_fd.o stheta_fd.o sdelta_sq.o 
stheta_sq.o sdelta_lr.o stheta_lr.o mossbauer.o gentpmae.o symveca.o massnucl.o 
wavefcr.o gradwf2.o geomplot.o findngkmax.o reciplat.o genrlmv.o genvmat.o 
putoccsv.o getoccsv.o curlrvf.o latvstep.o energy.o delevec.o rdiracint.o 
rzfmtinp.o genstrain.o genstress.o writestress.o rschrodint.o mixadapt.o 
genffacgp.o genidxlo.o writeengy.o genpmatk.o putevecsv.o getevecsv.o 
writegclq.o putevalsv.o genppts.o force.o vecfbz.o rfirsm.o gengclgq.o 
findsymlat.o grad2rfmt.o findqpt.o zftwfir.o symrfir.o symrvfir.o getevalsv.o 
genjlgpr.o init0.o init1.o init2.o init3.o init4.o genpmat.o putkmat.o 
getkmat.o genkmat.o genexpmt.o epsinv.o getevecfv.o zfmtctof.o wfplot.o 
straingkq.o symdmat.o genylmv.o nesting.o eveqnsv.o 

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

[Moritz Muehlenhoff]

On Sun, Jan 02, 2022 at 06:53:51PM +0100, Mattia Rizzolo wrote:
> Correlated, do you know how long do they plan on keeping using python2?
> That's plainly unsuitable, it really is not going to last much longer in
> debian.

Current state of the Python 3 upstream migration can be found here:
https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/python3_migration.md

So it sounds like it's almost ready except tests. But the migration
doesn't seem like a top priority either, 
https://bugs.chromium.org/p/chromium/issues/detail?id=941669
dates back to March 2019...

Cheers,
Moritz

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Matthias Andree]

Am 02.01.22 um 17:11 schrieb Karsten:

Basically you can install the self-signed certificate (if you or a
trusted party signed it, and you have transmitted it over a secure
channel, for instance, via SFTP or SCP) into the trust store (assuming
it suits both the TLS server and the signing CA roles - which was set
when you created it).

Just for understanding - the installation is the public certificate of the 
server,
or must be a special file derived from the private certificate?


"It depends" - on how you exactly you generated it - even if you only
created it with "openssl req -x509 ...", the openssl configuration files
matter.

Normally, 1. the client's trust store (OpenSSL on the fetchmail
computer) needs the CA certificate, i. e. one with the CA flag set to
true in the basicConstraints, or basicContraints missing, see the
x509(1ssl) manual page under CERTIFICATE EXTENSIONS. 2. Then, the server
needs to present a certificate that is suitable as "SSL Server"
(extendedKeyUsage = serverAuth) role.

See the x509v3_config(5ssl) manual page for details.

If your server's certificate does not fulfill both criteria, you better
start over and set up a ca (and store its private key password-protected
in a safe place, as you seldomly need it), and a separate server cert
signed by your own ca. easy-rsa may help with that. Check
/usr/share/doc/easy-rsa, easy-rsa has README files, but no manual page.

To check:

openssl x509 -noout -text -in whatever.crt    # or whatever.pem
shows you that, here for a CA certificate:

    X509v3 Basic Constraints:
    CA:TRUE
...
    X509v3 Key Usage:
    Certificate Sign, CRL Sign

The TLS  server has

    X509v3 Basic Constraints:
    CA:FALSE
...
   X509v3 Extended Key Usage:
    TLS Web Server Authentication

Some of this may not be enforced in currently shipping fetchmail
versions, but since a lot of public foot-shooting was involved in
third-party documentation that advised trust-on-first-use schemes
without warning people of the dangers involved, future versions might
actually tighten things even more, so, f.i. validate CA flags of all but
the server certificate.

I don't currently use Debian or derivatives as so you need to check
[update-]ca-certificates documentation and configuration to be sure that
your certificate is (a) put in the right place where
update-ca-certificate finds it, (b) "enabled" in configuration and
processed into the output trust store, and (c) not in a place where it
will be removed on system upgrades. dpkg-reconfigure ca-certificates -
possibly with some modified priority option - might be required.

That stackexchange link in the earlier message hints that there were
changes somewhen in the past, and also be sure to re-check documentation
since the answer there is older than Debian 11.



No, where does that access happen? The trust store is local to your
computer and fetchmail might use your system's DNS resolver (which can
have privacy implications) and will connect to the servers you point it to.

First you send your certificate to the public CA to sign it.
Then an client must connect the CA to proove that the public certificate is 
correct signed.

Correct or wrong?


If I am my own CA, I am not sending something anywhere. I install the ca
certificate on my clients' trust stores, put its (the CA) private keys
on a CD or USB key so it's not left on my computer (let alone on my
server), and that's it. I've been doing that for more than a dozen
years; for public services however Let's Encrypt is a viable alternative.

Bug#1003016: node-chart.js breaks cacti autopkgtest: did Chart.js just got renamed to chart.js?

[Paul Gevers]

Source: node-chart.js
Control: found -1 node-chart.js/3.7.0+~0.1.9-1
Severity: serious
Tags: sid bookworm
User: debian...@lists.debian.org
Usertags: breaks needs-update
Control: affects -1 cacti python3-ontospy

[X-Debbugs-CC: debian...@lists.debian.org 
python3-onto...@packages.debian.org]


Dear maintainer(s),

[I'm also the maintainer of the cacti package in Debian]

With a recent upload of node-chart.js the autopkgtest of cacti fails in 
testing when that autopkgtest is run with the binary packages of 
node-chart.js from unstable. It passes when run with only packages from 
testing. In tabular form:


   passfail
node-chart.js  from testing3.7.0+~0.1.9-1
cacti  from testing1.2.19+ds1-2
all others from testingfrom testing

I copied some of the output at the bottom of this report. The cacti 
autopkgtest is a simple recursive web crawl of the web app. The test 
fails because it can't find Chart.js while it expect it to be there. 
Chart.js used to be linked in from libjs-chart.js. There is a chart.js 
in the new version, is that just the renamed version of Chart.js? If 
that's the case, can a symlink be provided to enable reverse 
dependencies to just keep on working? (Same for other files that got 
renamed)


Currently this regression is blocking the migration of node-chart.js to 
testing [1]. Can you please investigate the situation? If you think that 
reverse Depends should just move on, please clone and reassign the bug 
to all reverse dependencies that use Chart.js (or other files that got 
renamed/dropped).


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=node-chart.js

https://ci.debian.net/data/autopkgtest/testing/amd64/c/cacti/17997504/log.gz

2022-01-01 21:11:48 - ERROR PHP WARNING: 
md5_file(/usr/share/cacti/site/lib/../include/js/Chart.js): failed to 
open stream: No such file or directory in file: 
/usr/share/cacti/site/lib/functions.php  on line: 6072
2022-01-01 21:11:48 - CMDPHP PHP ERROR WARNING Backtrace: 
(/automation_tree_rules.php[68]:top_header(), 
/lib/functions.php[4155]:include_once(), 
/include/top_header.php[34]:html_common_header(), 
/lib/html.php[2566]:get_md5_include_js(), 
/lib/functions.php[6089]:get_md5_hash(), 
/lib/functions.php[6072]:md5_file(), CactiErrorHandler())


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002986: libguestfs-tools: Depends on guestfs-tools that is not in the archive

[Hilko Bengen]

* Laurent Bigonville:

> It looks like libguestfs-tools version 1:1.46.2-1 in depending on
> guestfs-tools that is not in the archive making the package uninstalable
>
> guestfs-tools is currently stuck in the new queue

Right. Let's  just wait. (Or do you know of a way to speed this up?)

Cheers,
-Hilko

Bug#904233: RFA: persp-projectile

[Sean Whitton]

control: title -1 O: persp-projectile -- integrate perspective.el with 
projectile

Hello,

On Sun 22 Jul 2018 at 01:31PM +08, Sean Whitton wrote:

> Package: wnpp
> Severity: normal
>
> I request an adoptor for the persp-projectile package.
>
> This package is no longer in my ~/.emacs.d/init.el and it would be
> better if someone who actually uses the package maintains it.
>
> This is a team-maintained package, so the adoptor should either replace
> me in Uploaders:, or alternatively take the package out of the team's
> hands.
>
> The package description is:
>  With this library, Emacs will create a separate perspective for each
>  Projectile project.
>  .
>  See the documentation for elpa-persp and elpa-projectile for more
>  details.

I hereby orphan persp-projectile.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#952807: RFA: cider

[Sean Whitton]

control: retitle -1 O: cider -- Clojure IDE for Emacs

Hello,

On Sat 29 Feb 2020 at 08:28AM -07, Sean Whitton wrote:

> Package: wnpp
> Severity: normal
>
> I request an adoptor for CIDER.
>
> Updating CIDER to new upstream releases is more work than typical Emacs
> addons, because it is tightly coupled to Clojure.  The current upstream
> release, in particular, requires a lot of work to get the -doc packages
> to include the new docs.
>
> This is a team-maintained package, so the adoptor should either replace
> me in Uploaders:, or alternatively take the package out of the team's
> hands.
>
> The package description is:
>  CIDER is the Clojure(Script) Interactive Development Environment that Rocks
>  .
>  While clojure-mode provides Emacs support for editing Clojure source files,
>  CIDER's cider-mode provides support for interacting with a running Clojure
>  process for compilation, debugging, looking up definitions and more.

I hereby orphan cider.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1003031: RFA: projectile

[Sean Whitton]

Package: wnpp
Severity: normal
X-Debbugs-Cc: debian-emac...@lists.debian.org
Control: affects -1 src:projectile

I request an adoptor for the projectile package.  I haven't used it for
some time, as I'm now using the built-in package.el for everything for
which I used to use projectile.

This is a team-maintained package, so the adoptor should either replace
me in Uploaders:, or alternatively take the package out of the team's
hands.

The package is maintained using git-debrebase, using the workflow
described in dgit-maint-debrebase(7).  That's been working well, so I'd
encourage any adopter to continue using the tool.

The package description is:
 This library enhances Emacs with easy project management and
 navigation. The concept of a project is simple: just a folder
 containing a special file.  Currently git, mercurial, darcs and
 bazaar repos are considered projects by default.  So are lein, maven,
 sbt, scons, rebar and bundler projects.  If you want to mark a folder
 manually as a project just create an empty .projectile file in it.
 .
 Some of Projectile's features:
 .
   * jump to a file in project
   * jump to files at point in project
   * jump to a directory in project
   * jump to a file in a directory
   * jump to a project buffer
   * jump to a test in project
   * toggle between files with same names but different extensions
 (e.g. `.h` <-> `.c/.cpp`, `Gemfile` <-> `Gemfile.lock`)
   * toggle between code and its test (e.g. `main.service.js` <->
 `main.service.spec.js`)
   * jump to recently visited files in the project
   * switch between projects you have worked on
   * kill all project buffers
   * replace in project
   * multi-occur in project buffers
   * grep in project
   * regenerate project etags or gtags
   * visit project in dired
   * run make in a project with a single key chord

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#952808: Interest in helping maintain clojure-mode

[Sean Whitton]

Hello Michael Platt,

On Mon 21 Sep 2020 at 08:30AM -04, Michael Platt wrote:

> Hi Mr. Whitton,
>
> I'm looking to do some work to start getting into helping maintain Debian.
> I use the OS and very much enjoy it as my everyday development system.  I
> am also a fan of Emacs and use it for personal development applications,
> and Clojure and was looking through the Debian list of packages requesting
> maintainers.  Obviously I've never done something like this before but I
> would be happy to come on board and help out in any way possible with the
> packaging.  Let me know if you still need someone and don't mind me coming
> on to help.

I'm sorry you never got a reply to this.  Debian's bug tracking system
does not copy bug submitters on follow-up messages by default.

Are you still interested?

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1003032: debootstrap: harden signature checking

[Philippe Cerfon]

Package: debootstrap
Version: 1.0.126+nmu1
Severity: normal
Tags: security


Hey there.

As far as I understood it, debootstrap defaults neither to
--no-check-gpg nor to --force-check-gpg, but instead, if a
keyring is speicified for some distribution and if that file
is available, it uses (and verifies) these (and hopefully
fails if anything fails later on).

However, it also:
- falls back to https (?)
- correct me if I'm wrong, falls back to no verification if
  no key file was specified for the distribution or the file
  wasn't found


That seems to make to too easy to accidentally install
untrusted code.

https is generally questionable, given the broken CA-model.
There are some 150 CAs in the Mozilla CA bundle, and on top
of these thousands of intermediate CAs. It seems far too
easy for an attacker to fake a certificate if that's really
desired.


So my suggestion would be:
- defaut to --force-check-gpg
- add some --check-gpg-but-fallback-to-https option
  that is the current behaviour
- if either the /usr/share/debootstrap/scripts/ for some
  distro doesn't name a keyring file or that file isn't
  readable, fail unless --no-check-gpg is given.
  Yes, that also includes failure if
  --check-gpg-but-fallback-to-https was given because likely
  the keyring file should be just there.


Cheers,
Philippe

Bug#1003033: cowdancer: harden package verification

[Philippe Cerfon]

Source: cowdancer
Version: 0.89
Severity: wishlist
Tags: security


Hey.

I was looking a bit through the code of cowbuilder and qemubuilder.

E.g. for qemubuilder, the manpage already says:
"The possible configuration options are as follows.  Others are ignored."

Altough, it seemed in the code it would in fact respect ALLOWUNTRUSTED.

However, it doesn't seem to respect DEBOOTSTRAPOPTS? Taking just these
instead:
debootstrap_command_line[1] = "--arch";
debootstrap_command_line[2] = pc->arch;
debootstrap_command_line[3] = "--foreign";
DEBOOTSTRAP_ADD_PARAM(pc->distribution);
DEBOOTSTRAP_ADD_PARAM(pc->buildplace);
DEBOOTSTRAP_ADD_PARAM(pc->mirror);
DEBOOTSTRAP_ADD_PARAM(NULL);

Especially if one has set something like:
DEBOOTSTRAPOPTS=('--force-check-gpg'
'--keyring=/usr/share/keyrings/debian-archive-keyring.gpg'
'--variant=buildd')
to make sure that gpg signatures with the keyring are really always
used (as far as I understand, debootstrap allows fallback to just
https otherwise).

Does it consider APTKEYRINGS? Or at least just copy the host systems
APT keyrings safely into the VM and use only these?

I haven't checked so much, whether it's already done properly for cowbuilder.

Thanks,
Philippe

Bug#1003003: libqalculate FTBFS on architectures where char is unsigned

[Adrian Bunk]

Source: libqalculate
Version: 3.22.0-1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/package.php?p=libqalculate

...
FAIL: unittest
==


./tests/variables.batch - 11 tests passed


./tests/units.batch - 13 tests passed


Mismatch detected at line 42
char(0xD8)
expected ''Ø''
received '"Ø"'

Running all unit tests

Running unit tests from 'variables.batch'
Running unit tests from 'units.batch'
Running unit tests from 'strings.batch'
FAIL unittest (exit status: 1)


Testsuite summary for libqalculate 3.22.0

# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

See src/test-suite.log

make[4]: *** [Makefile:835: test-suite.log] Error 1

Bug#1002376: python-aiosqlite: FTBFS: AttributeError: module 'mistune' has no attribute 'BlockGrammar'

[Benjamin Hof]

On Sunday, 02 January 2022, 13:15 +0100, Benjamin Hof wrote:
> compatible to mistune v2

At the moment this is not the case.

Bug#1003006: graphviz: please migrate Recommends fonts-liberation to fonts-liberation2

[Martin-Éric Racine]

Package: graphviz
Version: 2.42.2-5
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please migrate the Recommends on fonts-liberation to fonts-liberation2.

Thanks!

- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/8 CPU threads)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages graphviz depends on:
ii  libc6  2.33-1
pn  libcdt5
pn  libcgraph6 
ii  libexpat1  2.4.2-1
ii  libgd3 2.3.0-2
ii  libglib2.0-0   2.70.2-1
pn  libgts-0.7-5   
pn  libgvc6
pn  libgvpr2   
pn  liblab-gamut1  
ii  libx11-6   2:1.7.2-2+b1
pn  libxaw7
pn  libxmu6
pn  libxt6 

Versions of packages graphviz recommends:
pn  fonts-liberation  

Versions of packages graphviz suggests:
pn  graphviz-doc  
pn  gsfonts   

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmHR6LsACgkQrh+Cd8S0
17bY7BAAhD+QAUuA4J+RbMonwWzR7srTapAgZlLz0YMqTevLE8cXuW+aKJPXVsj7
nCz1CVzCwjt77tuvalN2ZZjSDfs081+fQ82bq4oS5aQC3rfviy38r+/J8ljYBzoS
e5ZtlMv11UCrSBy1A/71w4jFA+LVi8sTuxQ7yYX0uhNtxIca9vnnsQ5RyQkjXeZj
5chXAuMe9VsqmGOPF/8K1+HKnRQN7hfNizRGWN2KcqAO7PD/M+dp5mHymV+3f5oK
mSuJAXz85/OPEL6zB502TSCe2GpBapSMCAMbJj+aCtbWTKc0FZ3080NywMaFjQQq
rp5bILv/2ePitPnS4YsVmS2eo4a+m+P2TXB/YpFppw4YXf62ojyM/FwTWDcZo6fC
1z/7GPJ3J31SNDFuqV5gBLbV7IBmw4vCrCQNysMe4jlKCrZcj5AU4MXDnrKngkwk
1qjRrNdsGrX8YJmjxemR6XyWnwf67UGGYevdf5AR4bC4lG6oUSG2e+ZIVEKPxqFG
vrfUrk+nUa0iHRYEnxiVzWfc/QkAPPlHnbZuK4XK0T2QDGyDAVDiO/Lx6LlNuXFP
RxgJ8W4W5ERjPoikYOwERclfChuvtKUU3TzKQ6vlv/iSCazHrbpSpreO0JezwrkM
VEiTyuR3voUPTrMSlI5vOwGAubGc+8/yfuXAcVBqjmx7lTLEfW8=
=exER
-END PGP SIGNATURE-

Bug#992649: run-parts in /usr/bin breaks systemd-cron

[Alexandre Detiste]

Hi,

I found this bug by luck.
I miss the context (why ? UsrMerge ?)

I can build systemd-cron like this during the transition:

./configure --runparts="/usr/bin/env run-parts"

Greetings,

Alexandre Detiste

Bug#1003008: Error 134633601: Error while parsing number"

[Eugene Berdnikov]

Package: grub-legacy
Version: 0.97-79
Severity: Normal

 After upgrade grub-legacy from 0.97-78 to 0.97-79 installation fails
 with message "Error 134633601: Error while parsing number":

-
grub> root (hd0,0)
root (hd0,0)
 Filesystem type is ext2fs, partition type 0x8065e03
grub> setup (hd0)
setup (hd0)
 Checking if "/boot/grub/stage1" exists... no
 Checking if "/grub/stage1" exists... yes
 Checking if "/grub/stage2" exists... yes
 Checking if "/grub/e2fs_stage1_5" exists... yes
 Running "embed /grub/e2fs_stage1_5 (hd-141250989)"... failed (this is not 
fatal)
 Running "embed /grub/e2fs_stage1_5 (hd-141250989,-"... failed (this is not 
fatal)
 Running "install /grub/stage1 (hd-141250989) /grub/stage2 p /grub/menu.lst 
"... failed

Error 134633601: Error while parsing number
-

 Observed on all updated hosts (about ten in my own). Rollback to 0.97-78
 resolves the problem (with the same config files).

 Package versions:

ii  grub-legacy0.97-79  amd64GRand Unified Bootloader (Legacy 
version)
ii  grub-common2.04-20  amd64GRand Unified Bootloader (common 
files)
ii  libc6-i386 2.33-1   amd64GNU C Library: 32-bit shared 
libraries for AMD64

 Debian version: Debian GNU/Linux bookworm/sid (64bit)
-- 
 Eugene Berdnikov

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

[Andres Salomon]

On 1/2/22 12:53 PM, Mattia Rizzolo wrote:

On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:

I've got 96.0.4664.110 building on both bullseye and sid

Trying it, I see it still build-depends on python-jinja2.  That package
is now gone, so it's not actually buildable in sid anymore.

Correlated, do you know how long do they plan on keeping using python2?
That's plainly unsuitable, it really is not going to last much longer in
debian.



Sorry, I hadn't pushed the commits yet. I just did, but like I said I 
still need to clean 'em up.

Bug#1003012: bash: Corrupted multibyte characters in command substitutions

[Frank Heckenbach]

Package: bash
Version: 5.1-2+b3
Severity: critical
Justification: breaks unrelated software
Tags: patch upstream l10n

I've reported this bug on bug-bash:
https://lists.gnu.org/archive/html/bug-bash/2022-01/msg0.html

only to learn that it's known and not fixed for months (it was known
before bullseye was released, so a timely fix would have prevented
the bug ever reaching stable):
https://savannah.gnu.org/patch/?10035

I'm reporting it as critical because it causes silent data
corruption and potentially affects each bash script in the system.

Since the bash developers don't seem to take that seriously, I'm
asking the Debian maintainers to put out a fixed version ASAP to
prevent further damage -- hopefully as a security patch. (I'm no
expert in writing exploits, but I think it's quite possible such a
bug can be exploited. I hope you don't have to wait for an actual
exploit in order to fix the bug.)

Both reports listed above contain a patch. They're different, but
either one will fix the immediate problem.

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-9-amd64 (SMP w/24 CPU threads)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bash depends on:
ii  base-files   11.1+deb11u2
ii  debianutils  4.11.2
ii  libc62.31-13+deb11u2
ii  libtinfo66.2+20201114-2

Versions of packages bash recommends:
ii  bash-completion  1:2.11-2

Versions of packages bash suggests:
pn  bash-doc  

-- no debconf information

Bug#1003020: openblas breaks hypre autopkgtest on armhf: test times out after 2:47h

[Paul Gevers]

Source: openblas, hypre
Control: found -1 openblas/0.3.19+ds-1
Control: found -1 hypre/2.22.1-3
Severity: serious
Tags: sid bookworm
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of openblas the autopkgtest of hypre fails in 
testing when that autopkgtest is run with the binary packages of 
openblas from unstable on armhf due to a timeout after 2:47 h. It passes 
when run with only packages from testing in about 9-12 minutes. In 
tabular form:


   passfail
openblas   from testing0.3.19+ds-1
hypre  from testing2.22.1-3
all others from testingfrom testing

I copied some of the output at the bottom of this report, but as the 
test times out, I suspect it just hangs and there's not much useful to see.


Currently this regression is blocking the migration of openblas to 
testing [1]. Due to the nature of this issue, I filed this bug report 
against both packages. Can you please investigate the situation and 
reassign the bug to the right package?


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=openblas

https://ci.debian.net/data/autopkgtest/testing/armhf/h/hypre/17988587/log.gz

Building tests for HYPRE
rm -f *.o *.obj
rm -rf pchdir tca.map *inslog*
mpicc -I/usr/include/hypre -I/usr/include/superlu 
-I/usr/include/superlu-dist -pthread 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o ij.o ij.c
Building ij ... mpicc -o ij ij.o -L/lib -lHYPRE -Wl,-rpath,/lib 
 -L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
ij_assembly.o ij_assembly.c
Building ij_assembly ... mpicc -o ij_assembly ij_assembly.o -L/lib 
-lHYPRE -Wl,-rpath,/lib 
-L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
sstruct.o sstruct.c
Building sstruct ... mpicc -o sstruct sstruct.o -L/lib -lHYPRE 
-Wl,-rpath,/lib  -L/usr/lib/arm-linux-gnueabihf/openmpi/lib 
-lmpi -lm mpicc -I/usr/include/hypre -I/usr/include/superlu 
-I/usr/include/superlu-dist -pthread 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o struct.o 
struct.c
Building struct ... mpicc -o struct struct.o -L/lib -lHYPRE 
-Wl,-rpath,/lib  -L/usr/lib/arm-linux-gnueabihf/openmpi/lib 
-lmpi -lm mpicc -I/usr/include/hypre -I/usr/include/superlu 
-I/usr/include/superlu-dist -pthread 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
ams_driver.o ams_driver.c
Building ams_driver ... mpicc -o ams_driver ams_driver.o -L/lib -lHYPRE 
-Wl,-rpath,/lib  -L/usr/lib/arm-linux-gnueabihf/openmpi/lib 
-lmpi -lm mpicc -I/usr/include/hypre -I/usr/include/superlu 
-I/usr/include/superlu-dist -pthread 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
maxwell_unscaled.o maxwell_unscaled.c
Building maxwell_unscaled ... mpicc -o maxwell_unscaled 
maxwell_unscaled.o -L/lib -lHYPRE -Wl,-rpath,/lib 
-L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
struct_migrate.o struct_migrate.c
Building struct_migrate ... mpicc -o struct_migrate struct_migrate.o 
-L/lib -lHYPRE -Wl,-rpath,/lib 
-L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o 
sstruct_fac.o sstruct_fac.c
Building sstruct_fac ... mpicc -o sstruct_fac sstruct_fac.o -L/lib 
-lHYPRE -Wl,-rpath,/lib 
-L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 
-I/usr/lib/arm-linux-gnueabihf/openmpi/include/openmpi-c -o ij_mv.o 
ij_mv.c
Building ij_mv ... mpicc -o ij_mv ij_mv.o -L/lib -lHYPRE -Wl,-rpath,/lib 
 -L/usr/lib/arm-linux-gnueabihf/openmpi/lib -lmpi -lm mpicc 
-I/usr/include/hypre -I/usr/include/superlu -I/usr/include/superlu-dist 
-pthread -I/usr/lib/arm-linux-gnueabihf/openmpi/include 

Bug#1002993: systemd: Setting access ACL: invalid argument (Upgrade to 247.3-6 from buster to bullseye in container)

[Tobias Frost]

On Sun, Jan 02, 2022 at 04:31:01PM +0100, Michael Biebl wrote:
> On 02.01.22 16:12, Tobias Frost wrote:
> 
> > Filesystem ia an ext4 on a lvm, backed by a raid1.
> 
> Does the file system support xattr and acl?

I guess so, but ACLs are nothing I use normally, so I cant tell if I use them
correctly... 

root@thecus:/var/log/journal# touch test.txt
root@thecus:/var/log/journal# setfattr -n user.test -v "xattr test string" 
test.txt
root@thecus:/var/log/journal# getfattr test.txt
# file: test.txt
user.test


root@thecus:/var/log/journal# getfacl test.txt
# file: test.txt
# owner: root
# group: systemd-journal
user::rw-
group::r-x  #effective:r--
group:adm:r-x   #effective:r--
group:4294967295:r-x#effective:r--
mask::r--
other::r--


Albeith, I cannot set ACLs in /var/log/journal:

setfacl --modify="u:unifi:rw" test.txt
setfacl: test.txt: Malformed access ACL 
`user::rw-,user:unifi:rw-,group::r-x,group:adm:r-x,group:4294967295:r-x,mask::rwx,other::r--':
 Duplicate entries at entry 5

Same command in /var/log works:

root@thecus:/var/log# touch test.txt ; setfacl --modify="u:unifi:rw" test.txt 
root@thecus:/var/log# getfacl test.txt 
# file: test.txt
# owner: root
# group: root
user::rw-
user:unifi:rw-
group::r--
mask::rw-
other::r--


root@thecus:/var/log# 
root@thecus:/var/log# ls -lad journal/
drwxr-sr-x+ 3 root systemd-journal 4096 Jan  2 21:33 journal/
root@thecus:/var/log# getfacl journal/
# file: journal/
# owner: root
# group: systemd-journal
# flags: -s-
user::rwx
group::r-x
group:adm:r-x
group:4294967295:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:adm:r-x
default:group:4294967295:r-x
default:mask::r-x
default:other::r-x

root@thecus:/var/log# mount | grep journal
root@thecus:/var/log# 

Bug#1002998: firejail-profiles: telegram-desktop not working with firejail

[piorunz]

Yes, that worked! Thank you!


On 02/01/2022 15:48, Reiner Herrmann wrote:

Hi,

On Sun, Jan 02, 2022 at 02:58:26PM +, piorunz wrote:

Before upgrade to Testing, everything was working fine.
Something is wrong with firejail profile?
I request assistance. Thank you.


This sounds similar to this upstream issue:
  https://github.com/netblue30/firejail/issues/4488

This was fixed by adding "whitelist /usr/share/TelegramDesktop"
to the telegram.profile.
Can you please check if that also works for you?

Thanks.

Kind regards,
   Reiner



--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Bug#1003035: ITP: python-clevercsv -- Mutable set data type that remembers the order of its entries

[Louis-Philippe Véronneau]

Package: wnpp
Severity: wishlist
Owner: Louis-Philippe Véronneau 

Package name: python-clevercsv
Version : 0.7.1
URL : https://github.com/alan-turing-institute/CleverCSV
License : Expat
Programming Lang: Python
Description : Drop-in replacement for the Python csv package with
improved dialect detection

CleverCSV provides a drop-in replacement for the Python csv package with
improved dialect detection for messy CSV files. It also provides a handy
command line tool that can standardize a messy file or generate Python
code to import it.

This package is required to upload deepdiff version 5.6.0.

I'm planning to maintain this package in the Python Team.

-- 
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002978: Another GPU hang

[CJ Fearnley]

I rebooted with the GRUB options intel_idle.max_cstate=1
i915.disable_power_well=1 i915.enable_dc=0 which my research shows
sometimes helps with these kinds of GPU hangs.

For quite some time performance was acceptable, but less than 20 hours
later I triggered a GPU hang by switching desktops rapidly in fvwm.
I was executing my keyboard equivalents for fvwm's 'Desk 0 9' followed by
'Scroll +0   +100' followed by 'Scroll +0   -100' followed by 'Desk 0 11'
in repeated cycling when the system hung.

Before the hang, the dmesg output reports three lines with 'perf:
interrupt took too long'. These were minor hiccups/freezes that failed to
trigger a crash/CPU hang error in the logs. But I consider them related to
the problem. I was again changing desktops and moving around my desktops
using my keyboard shortcuts mentioned above and the i915 driver could
not cope. Back in Jessie this kind of work was routine for me with no
fear of triggering kernel stack dumps. The i915 driver appears to have
developed major bugs at least with my chipset.

I have attached dmesg output capturing boot messages and
the crash/hang. The other file contains the output of 'cat
/sys/class/drm/card0/error'.

I am planning to reboot soon to try another test, since daily GPU hangs
will slow my productivity unacceptibly. I need to keep debugging in the
hopes that I can find a solution.

-- 
CJ Fearnley |   LinuxForce Inc.
c...@linuxforce.net  |   Hosting and Linux Consulting
https://www.LinuxForce.net  |   https://blog.LinuxForce.net
[0.00] Linux version 5.10.0-10-amd64 (debian-ker...@lists.debian.org) 
(gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 
2.35.2) #1 SMP Debian 5.10.84-1 (2021-12-08)
[0.00] Command line: BOOT_IMAGE=/boot/vmlinuz-5.10.0-10-amd64 
root=/dev/mapper/precession-root ro quiet pcie_aspm=force 
intel_idle.max_cstate=1 i915.disable_power_well=1 i915.enable_dc=0
[0.00] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point 
registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[0.00] x86/fpu: Enabled xstate features 0x3, context size is 576 bytes, 
using 'standard' format.
[0.00] BIOS-provided physical RAM map:
[0.00] BIOS-e820: [mem 0x-0x0009d7ff] usable
[0.00] BIOS-e820: [mem 0x0009d800-0x0009] reserved
[0.00] BIOS-e820: [mem 0x000e-0x000f] reserved
[0.00] BIOS-e820: [mem 0x0010-0x1fff] usable
[0.00] BIOS-e820: [mem 0x2000-0x201f] reserved
[0.00] BIOS-e820: [mem 0x2020-0x3fff] usable
[0.00] BIOS-e820: [mem 0x4000-0x401f] reserved
[0.00] BIOS-e820: [mem 0x4020-0xbad92fff] usable
[0.00] BIOS-e820: [mem 0xbad93000-0xbadd9fff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbadda000-0xbade0fff] ACPI data
[0.00] BIOS-e820: [mem 0xbade1000-0xbade1fff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbade2000-0xbae04fff] reserved
[0.00] BIOS-e820: [mem 0xbae05000-0xbae05fff] usable
[0.00] BIOS-e820: [mem 0xbae06000-0xbae17fff] reserved
[0.00] BIOS-e820: [mem 0xbae18000-0xbae24fff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbae25000-0xbae48fff] reserved
[0.00] BIOS-e820: [mem 0xbae49000-0xbae8bfff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbae8c000-0xbaff] usable
[0.00] BIOS-e820: [mem 0xbb80-0xbf9f] reserved
[0.00] BIOS-e820: [mem 0xfed1c000-0xfed1] reserved
[0.00] BIOS-e820: [mem 0xff00-0x] reserved
[0.00] BIOS-e820: [mem 0x0001-0x00023fdf] usable
[0.00] NX (Execute Disable) protection: active
[0.00] SMBIOS 2.7 present.
[0.00] DMI: BIOSTAR Group H61MU3/H61MU3, BIOS 4.6.4 04/07/2011
[0.00] tsc: Fast TSC calibration using PIT
[0.00] tsc: Detected 2394.344 MHz processor
[0.000831] e820: update [mem 0x-0x0fff] usable ==> reserved
[0.000834] e820: remove [mem 0x000a-0x000f] usable
[0.000843] last_pfn = 0x23fe00 max_arch_pfn = 0x4
[0.000847] MTRR default type: uncachable
[0.000848] MTRR fixed ranges enabled:
[0.000850]   0-9 write-back
[0.000851]   A-B uncachable
[0.000852]   C-C write-protect
[0.000853]   D-E7FFF uncachable
[0.000854]   E8000-F write-protect
[0.000854] MTRR variable ranges enabled:
[0.000856]   0 base 0 mask E write-back
[0.000857]   1 base 2 mask FC000 write-back
[0.000859]   2 base 0BB80 mask FFF80 uncachable
[0.000860]   3 base 

Bug#1003017: dulwich: autopkgtest regression: src/debian/tests/testsuite3: 10: -m: not found

[Paul Gevers]

Source: dulwich
Version: 0.20.26-1
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent upload of dulwich the autopkgtest of dulwich fails in 
testing when that autopkgtest is run with the binary packages of dulwich 
from unstable. It passes when run with only packages from testing. In 
tabular form:


   passfail
dulwichfrom testing0.20.26-1
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration to testing [1]. Can 
you please investigate the situation and fix it?


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=dulwich

https://ci.debian.net/data/autopkgtest/testing/amd64/d/dulwich/17999494/log.gz

= Running tests with python3.9 ==
/tmp/autopkgtest-lxc.n4tqfogv/downtmp/build.r97/src/debian/tests/testsuite3: 
10: -m: not found

autopkgtest [23:08:36]: test testsuite3



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002591: misdetects socket activated ssh

[Thomas Liske]

Hi Marc,


On Sat, 2022-01-01 at 20:55 +0100, Marc Haber wrote:
> Sure:
> 1 [1/4996]mh@torres:~ $ pgrep ssh
> 315675
> 315738
> [2/4997]mh@torres:~ $ sudo cat /proc/315675/cgroup
> [sudo] password for mh on torres: 
> 0::/user.slice/user-1001.slice/session-296.scope
> [3/4998]mh@torres:~ $ sudo cat /proc/315738/cgroup
> 0::/user.slice/user-1001.slice/session-296.scope
> [4/4999]mh@torres:~ $ 
> 

thanks! Needrestart should ignore those ssh instances since there is a
user slice cgroup. It does not work due to this check[1] in
needrestart.

[1] https://github.com/liske/needrestart/blob/v3.5/needrestart#L637

Looks like a systemd/cgroup related change in bullseye, buster seems
not to be affected.


Regards,
Thomas


> > As a workaround you might blacklist sshd in needrestart but I think
> > a
> > generic approach handling socket activation services in needrestart
> > would be better. Therefore needrestart need a way to detect if the
> > process belongs to a socket activated service.
> 
> It is also possible to mask ssh.service entirely in systemd. But of
> couse having the heuristic fixed would be better.
> 
> Greetings
> Marc
> 

Bug#908941: unarchiving 908941, reopening 908941

[Andreas Beckmann]

rpyc | 5.0.1-1   | new| source

Bug#1003022: websocketpp: FTBFS with SCons 4.2.0+

[GCS]

Source: websocketpp
Version: 0.8.2-3
Severity: important
Tags: patch

Hi,

SCons 4.3.0 was released some time ago. I've packaged it and would
like to upload it in the next day or so. Your package FTBFS with that,
for which a patch is attached to fix it.

Regards,
Laszlo/GCS
Description: SCons 4.2.0 no longer has env_cpp11.has_key()
 Check env_cpp11 as an array.
Author: Laszlo Boszormenyi (GCS) 
Forwarded: no
Last-Update: 2022-01-02

---

--- websocketpp-0.8.2.orig/examples/broadcast_server/SConscript
+++ websocketpp-0.8.2/examples/broadcast_server/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs]
prgs += env_cpp11.Program('broadcast_server', ["broadcast_server.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/debug_client/SConscript
+++ websocketpp-0.8.2/examples/debug_client/SConscript
@@ -14,7 +14,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs] + [tls_libs]
prgs += env_cpp11.Program('debug_client', ["debug_client.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/debug_server/SConscript
+++ websocketpp-0.8.2/examples/debug_server/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs]
prgs += env_cpp11.Program('debug_server', ["debug_server.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/dev/SConscript
+++ websocketpp-0.8.2/examples/dev/SConscript
@@ -11,7 +11,7 @@ env_cpp11 = env_cpp11.Clone ()
 
 prgs = []
 
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
BOOST_LIBS_CPP11 = boostlibs(['unit_test_framework','system','timer','chrono'],env_cpp11) + [platform_libs] + [polyfill_libs]
prgs += env_cpp11.Program('main', ["main.cpp"], LIBS = BOOST_LIBS_CPP11)
 
--- websocketpp-0.8.2.orig/examples/echo_client/SConscript
+++ websocketpp-0.8.2/examples/echo_client/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs] + ['z']
prgs += env_cpp11.Program('echo_client', ["echo_client.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/echo_server/SConscript
+++ websocketpp-0.8.2/examples/echo_server/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs]
prgs += env_cpp11.Program('echo_server', ["echo_server.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/echo_server_both/SConscript
+++ websocketpp-0.8.2/examples/echo_server_both/SConscript
@@ -14,7 +14,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs] + [tls_libs]
prgs += env_cpp11.Program('echo_server_both', ["echo_server_both.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/echo_server_tls/SConscript
+++ websocketpp-0.8.2/examples/echo_server_tls/SConscript
@@ -14,7 +14,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + [polyfill_libs] + [tls_libs]
prgs += env_cpp11.Program('echo_server_tls', ["echo_server_tls.cpp"], LIBS = ALL_LIBS)
 else:
--- websocketpp-0.8.2.orig/examples/external_io_service/SConscript
+++ websocketpp-0.8.2/examples/external_io_service/SConscript
@@ -13,7 +13,7 @@ env_cpp11 = env_cpp11.Clone ()
 prgs = []
 
 # if a C++11 environment is available build using that, otherwise use boost
-if env_cpp11.has_key('WSPP_CPP11_ENABLED'):
+if 'WSPP_CPP11_ENABLED' in env_cpp11:
ALL_LIBS = boostlibs(['system'],env_cpp11) + [platform_libs] + 

Bug#1003023: ITP: python-django-pint -- Django Quantity Field

[Michael Fladischer]

Package: wnpp
Severity: wishlist
Owner: Michael Fladischer 
X-Debbugs-Cc: debian-de...@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-django-pint
  Version : 0.6.3
  Upstream Author : Ben Harling 
* URL : https://github.com/CarliJoy/django-pint/
* License : Expat
  Programming Lang: Python
  Description : Django Quantity Field

 A small Django field extension allowing you to store quantities in certain
 units and perform conversions easily. Uses pint behind the scenes. Also
 contains a form field class and form widget that allows a user to choose
 alternative units to input data. The cleaned_data will output the value in the
 base_units defined for the field, eg: you specify you want to store a value in
 grams but will allow users to input either grams or ounces.

I intend to maintain this as part of the DPT.

-BEGIN PGP SIGNATURE-

iQFFBAEBCgAvFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAmHSFtIRHGZsYWRpQGRl
Ymlhbi5vcmcACgkQ/9PIi5l90WrHBAf/RmsRWUfCu8mewsdh+Kiep+Bhd/bCFwxr
Lygt22KUY/cHlS8/JjB9MPADqck1Uj8PsauU9WZcuZM0gFa+B7gA3fX0RoBWsten
8rm2k8TSo8am2im7yKjLFx+WXRkaNQ88VJXaiCT9hGQf67TOV2RD+6QjsPkGLZ7L
BuTblYpF3NY5I1VpfwZYN41GACNEFTjGOg/LN2whnEkAY1udRIAbT+eX43yrvW5+
FKqpU1rZhGH6DlpeXtaluKYSJ/gFJWv3tvdqAxE1FDiDVprBAXPSAGqC0DfgYeUM
cP0mUTkOmWf7i8XY3cUR46wndq7T1cmW/nGpQTv2o4fzloJ4fMAvPQ==
=QhJl
-END PGP SIGNATURE-

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

[Guilhem Moulin]

Package: roundcube
Severity: important
Tags: security
Control: found -1 1.3.17+dfsg.1-1~deb10u1
Control: found -1 1.4.12+dfsg.1-1~deb11u1
Control: fixed -1 1.5.1+dfsg-1

In a recent post roundcube webmail upstream has announced a fix for a
cross-site scripting (XSS) vulnerability via HTML messages with
malicious CSS content.

Upstream fix for the 1.4 LTS branch:
https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8

There was no new 1.3 LTS release but AFAICT 1.3 is affected as well and
the same fix applies.

-- 
Guilhem.

[0] https://roundcube.net/news/2021/12/30/security-update-1.4.13-released
https://roundcube.net/news/2021/12/30/update-1.5.2-released


signature.asc
Description: PGP signature

Bug#1001308: license clarification

[Gürkan Myczko]

thank you for your rfp, however there's this:

Assets (graphics, levels, etc.) are available under 
Attribution-NonCommercial-ShareAlike 4.0 International therefore the 
game may not be sold without permission with these intact.

Bug#998485: gjiten: FTBFS: configure.in:8: error: AM_INIT_AUTOMAKE expanded multiple times

[Adrian Bunk]

Hi Ludovic,

are you still maintaining this package, or should it be moved to QA 
maintainance?

The FTBFS is trivial to fix, but there is a point that someone should 
also upgrade to new upstream code (assuming the new upstream is usable).

Thanks
Adrian


On Fri, Nov 05, 2021 at 11:59:03AM +0900, notebook wrote:
> Hi,
> 
> maybe it's a good chance to change to the new updated version of gjiten at
> https://github.com/DarkTrick/gjiten
> 
> The new version might also encounter packaging problems, but it uses more 
> recent technology and updates; It's probably more worthful to spend time 
> there than in the 10 year old package*
> 
> 
> Regards
> Chris - DarkTrick
> 
> 
> * Yes, I'm trying to promote my updates here :)

Bug#1003037: astra-toolbox: FTBFS: error: parameter packs not expanded with '...'

[Andreas Beckmann]

Source: astra-toolbox
Version: 1.8.3-10
Severity: serious
Tags: ftbfs
Justification: fails to build from source

Hi,

astra-toolbox recently started to FTBFS, probably due to some updated
toolchain package or build dependency.:

/usr/bin/nvcc -gencode=arch=compute_35,code=sm_35 
-gencode=arch=compute_50,code=sm_50 -gencode=arch=compute_60,code=sm_60 
-gencode=arch=compute_60,code=compute_60  -I../build/linux/../.. 
-I../build/linux/../../include -DASTRA_CUDA -c ../build/linux/../../cuda
/3d/mem3d.cu -Xcompiler -fPIC -DPIC -o cuda/3d/.libs/mem3d.o

/usr/include/c++/11/bits/std_function.h:435:145: error: parameter packs not 
expanded with '...':
  435 | function(_Functor&& __f)
  | 
^ 
/usr/include/c++/11/bits/std_function.h:435:145: note: '_ArgTypes'
/usr/include/c++/11/bits/std_function.h:530:146: error: parameter packs not 
expanded with '...':
  530 | operator=(_Functor&& __f)
  | 
 ^ 
/usr/include/c++/11/bits/std_function.h:530:146: note: '_ArgTypes'
make[2]: *** [Makefile:361: cuda/3d/mem3d.lo] Error 1


Andreas


astra-toolbox_1.8.3-10.log.gz
Description: application/gzip

Bug#1003038: mkfs.hfs does not respect the -v option when creating an HFS volume

[Glenn Washburn]

Package: hfsprogs
Version: 540.1.linux3-4

Hello Maintainers,

Creating an HFS volume with a volume name other than the default of
"untitled" is currently not possible. It does appear that it should be
possible. Here is output exhibiting this issue:

==
# mkfs.hfs -b 512 -v 'grub' -h /tmp/hfs.img 
Initialized /tmp/hfs.img as a 5120 MB HFS volume
# fsck.hfs /tmp/hfs.img

** /tmp/hfs.img

   Executing fsck_hfs (version 540.1-Linux).

** Checking HFS volume.

   The volume name is untitled
** Checking extents overflow file.
** Checking catalog file.
** Checking catalog hierarchy.
** Checking volume bitmap.
** Checking volume information.
** The volume untitled appears to be OK.
==

Using -N to print the parameters shows that at least the option parsing
allows this:

==
# mkfs.hfs -N -b 512b -v 'grub' -h /tmp/hfs.img
0 sectors at 512 bytes per sector
HFS format parameters:
volume name: "grub"
block-size: 262144
total blocks: 20480
first free catalog node id: 16
initial catalog file size: 1048576
initial extents file size: 1048576
file clump size: 1048576
==

Looking at the package source, I see that HFS volume creation is added
as a debian package patch and not part of the upstream source in patch
file 
debian/patches/0005-Re-add-support-for-creating-legacy-HFS-filesystems.patch.
The issue appears to be that the volume name passed in as the -v option
argument and being written to the hfs parameters struct is being
unconditionally overritten in line 325 of the patch file with the
default volume name. This can be fixed by swapping the first two
aruments to bcopy on that line, however, the comment and the lines
directly above it lead me to believe there's potentially more to it.

This is causing GRUB HFS tests to fail and it would be nice to get them
passing again without disabling the failing test.

Thanks,
Glenn

Bug#811294: ITP: tabview -- curses command-line CSV and list (tabular data) viewer

[Louis-Philippe Véronneau]

On Sun, 17 Jan 2016 18:55:20 +0100 Yuri D'Elia  wrote:
> Package: wnpp
> Severity: wishlist
> Owner: "Yuri D'Elia" 
> 
> * Package name: tabview
>   Version : 1.4.1
>   Upstream Author : Scott Hansen 
> * URL : https://github.com/firecat53/tabview
> * License : MIT
>   Programming Lang: Python
>   Description : curses command-line CSV and list (tabular data) viewer
> 
> tabview is both a minimal, stand-alone curses command-line CSV/tabular-data
> viewer and a Python module that can be used to view basic Python types 
> directly
> in an interactive spreadsheet.
> 
> The curses interface offers VIM-like keyboard bindings, sorting and full-text
> incremental search.
> 
> ---
> 
> There are currently very few alternatives to tabview in debian. I've used "sc"
> and "teapot" (not in Debian) to the same extent, however both are complete
> spreadsheet programs (with sc requiring an extra "import" step), whereas
> tabview allows to just view a csv/tsv file easily.
> 
> tabview is both helpful stand-alone, but also works greatly when used in
> combination with ipython or any interactive python session, allowing one to
> browse through a large data table visually. To this extent, I'm using tabview
> heavily with the scipy stack.
> 
> I'm planning to maintain this package in the python-modules team.
> 
> 

Hello!

I see that you've done some work packaging this module in Debian already:

https://salsa.debian.org/python-team/packages/tabview/

I'm currently packaging CleverCSV and tabview is an optional dependency.
I was wondering if you were planning on finishing the work for tabview.

For what it's worth, I'd be happy to mentor you and sponsor this package
if you commit to maintaining it in Debian :)

Cheers,

-- 
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Am 02.01.22 um 16:07 schrieb Matthias Andree:
> Am 02.01.22 um 14:03 schrieb Karsten:
>> Am 02.01.22 um 12:15 schrieb Matthias Andree:
 I am the owner of the domain so nobody is hijacked!
>>> Are you the owner of "mydomain.de" or of the unnamed domain you intended
>>> not to show to the public?
>> Do you want to help with this new certificate issue or discuss the ownership 
>> of domains?
> 
> In this case, the latter. There are dedicated domain names for everyone
> to use for documentation and test purposes,
> https://datatracker.ietf.org/doc/html/rfc6761#section-6.5

Aha - O.K.

>> With the search "install OpenSSL trust store" i could find this article:
>> https://support.code42.com/CP/Admin/On-premises/6/Configuring/Use_OpenSSL_to_install_a_keystore
>> that explains much of the stuff, but not how to use an self-signed 
>> certificate.
> 
> https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list/
> but check the fine print and lower rated comments, too -- for recent
> ca-certificates packages.

Thank you - that is very helpful.

> Basically you can install the self-signed certificate (if you or a
> trusted party signed it, and you have transmitted it over a secure
> channel, for instance, via SFTP or SCP) into the trust store (assuming
> it suits both the TLS server and the signing CA roles - which was set
> when you created it).

Just for understanding - the installation is the public certificate of the 
server,
or must be a special file derived from the private certificate?

>>
>> This worked for more then 5 years with TLS1.2 without any problem.
>> Why this must be a problem now?
> 
> Because "working" does not imply "working safely and securely".

Yes - but the connection was still encrypted and not plain text.
The connection was just not secure against all forms of attacks.

>> Take the example Mozilla and please explain why it works without an "OpenSSL 
>> trust store" ?
> 
> 
> Mozilla applications ship with their own trust store and do not use
> OpenSSL, but incorporate their own TLS library called NSS.

O.K. But how this helps to connect to a server with self-signed certificates?

>> O.K. Then you have no request to this CA-servers for every connect to a 
>> server with a certificate, but every private
>> server is registered there and every client will request the "trust" once to 
>> access the server.
>> So you can made a profil who is using a server. That's the simple goal of it.
> 
> 
> No, where does that access happen? The trust store is local to your
> computer and fetchmail might use your system's DNS resolver (which can
> have privacy implications) and will connect to the servers you point it to.

First you send your certificate to the public CA to sign it.
Then an client must connect the CA to proove that the public certificate is 
correct signed.

Correct or wrong?

> It uses OpenSSL's unless you override that (see man fetchmail for
> --ssl... options).

I promise to take the time to learn this part about using OpenSSL.

> I understand, but too many variables involved and neither of us has time
> for guesswork. I don't know how your CA (even if only implied for that
> certificate) is set up or whatever else is needed, and I don't intend to
> do consulting.

I only used this silly OpenSSL command to generate the self-signed certificate 
and filled the questions OpenSSL asked.
It should not be much more complicate to use a local trust store.

> Figuratively speaking, you need to learn how to fish, not be given the fish.

Fishing get's more and more complex.
But it's true and i must learn it.

>> When this is a standard procedure, why it is not possible to find existing 
>> examples how to handle it?
>> Why it is still possible to fetch Data with TLS1.2 from the FTP-Server 
>> without similar problems?
> 
> fetchmail doesn't do FTP, and FTP is being phased out because it's hard
> to get right with its two connections, active/passive mode,
> firewalls/NAT/conntrack, TLS being added afterwards and I guess it was
> superseded by many other protocols that either tunnel through SSH or use
> one TLS connection, for instance, DAV.

That's the way i thought it is working.
TLS is used to establish a secure encrypted connection and afterwards the rest 
is tunneled through it?
Then it is not crucial how complex the protocol is.
when two or more ports are needed then more secure connections must be 
established.

> It is probably not about TLS version numbers anyways, but generally
> tightened security. You upgraded the entire client system, and that
> brought a lot of changes.
> https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1
> might also be involved.

I have to go through each different service that uses encryption, email, ftp, 
xmpp, etc.
Maybe i will find a general better way to manage the certificates for 
encryption.

Thank you for your invested time!
karsten

Bug#1002738: Info received (Bug#1002738: redis-server: Default systemd unit file system protection settings prevent writing of logfiles, crashing redis)

[Chris Lamb]

Hi Johannes,

> TLDR, if you want, feel free to close this ticket, I'll reopen it if
> something changes downstream.

Thanks for your mail. I'm happy to keep this bug open in case
something comes up, but I'm not sure what I would do if we could
definitively demonstrate a bug in Redis' unit file.

That is to say, the only solution (whatever the cause might turn out
to be) would seem to be to remove all of the hardening features from
the unit file... hardly the right solution here. :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#1003011: xkb-data: character infinity bepo AFNOR variant

[Guillonneau Jean-Paul]

Package: xkb-data
Version: 2.29-2
Severity: minor

Dear Maintainer,

the code for the character "∞" for the "French (Bepo, ergonomic, Dvorak way,
AFNOR)"
(line 630 in the file /usr/share/X11/xkb/symbols/fr) seems wrong. Should be
U221E,
not UFDD7.

Regards.

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

[Moritz Muehlenhoff]

On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> How should I handle this? NMU to sid, let people try it out, and then
> deal with buster/bullseye?

Yeah, let's proceed with unstable first in any case.

> Upload everything all at once? I'm also
> going to try building for buster, unless the security team doesn't
> think I should bother.

I saw
https://salsa.debian.org/dilinger/chromium/-/commit/5c05f430e192961527ec9a64bbaa64401dc14d95
 ,
but buster now also includes LLVM/clang 11 (it was introduced to support a more 
recent Rust
toolchain needed for Firefox), so you might be reduce complexity here further:
https://tracker.debian.org/pkg/llvm-toolchain-11

It's in buster-proposed-updates since there hasn't been a point release since, 
but for
the purposes of buster-security builds, it doesn't matter (they chroots have 
been modified
to includen buster-proposed-updates temporarily):

I'd say if it works out without additional overhead, let's also update 
buster-security,
but it's also important not to overstretch the time/resources, so focusing on 
bullseye and
EOLing buster is also an option for sure.

Cheers,
Moritz

Bug#1003024: ITP: libimage-scale-perl -- fast, high-quality fixed-point image resizing

[Paul Gevers]

Package: wnpp
Severity: wishlist
Owner: Paul Gevers 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libimage-scale-perl
  Version : 0.14
  Upstream Author : Andy Grundman 
* URL : https://metacpan.org/release/Image-Scale
* License : GPL2+
  Programming Lang: Perl
  Description : fast, high-quality fixed-point image resizing

Image::Scale implements several resizing algorithms with a focus on low
overhead, speed and minimal features. Algorithms available are:

GD's copyResampled (floating-point)

GD's copyResampled fixed-point (useful on embedded devices/NAS devices)

GraphicsMagick's assortment of resize filters (floating-point)

GraphicsMagick's Triangle filter in fixed-point

Supported image formats include JPEG, GIF, PNG, and BMP for input, and JPEG
and PNG for output.

This module came about because the need to improve the very slow
performance of floating-point resizing algorithms on platforms without
a floating-point unit, such as ARM devices like the SheevaPlug, and
the Sparc-based ReadyNAS Duo. Previously it would take many seconds to
resize using GD on the ReadyNAS but the conversion to fixed-point with
a little assembly code brings this down to the range of well under 1
second.

I intent to maintain this package under the Perl Team umbrella. This
package is a dependency of Logitech Squeezebox which I also ITP.

Bug#1003026: linux-image-5.15.0-2-amd64: iwlwifi fails to initialize AX201 due to firmware error

[Abhijit Hoskeri]

Package: src:linux
Version: 5.15.5-2
Severity: important
Tags: upstream
X-Debbugs-Cc: abhijithosk...@gmail.com

On the 5.15 and newer kernels (I have tried 5.16-rc7 from experimental),
iwlwifi fails to start up, complaining of a firmware error:

5.10.0 kernel works as expected. However, it loads 
iwlwifi-QuZ-a0-hr-b0-59.ucode.

I attempted to force 5.15 to load the above, but that leads to the same
result.


Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: enabling device (0100 
-> 0102)
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: failed to 
load iwlwifi-QuZ-a0-hr-b0-66.ucode (-2)
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: Direct firmware load 
for iwlwifi-QuZ-a0-hr-b0-66.ucode failed with error -2
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: failed to 
load iwlwifi-QuZ-a0-hr-b0-65.ucode (-2)
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: Direct firmware load 
for iwlwifi-QuZ-a0-hr-b0-65.ucode failed with error -2
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: failed to 
load iwlwifi-QuZ-a0-hr-b0-64.ucode (-2)
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: Direct firmware load 
for iwlwifi-QuZ-a0-hr-b0-64.ucode failed with error -2
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: 
direct-loading firmware iwlwifi-QuZ-a0-hr-b0-63.ucode
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: api flags index 2 
larger than supported by driver
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: TLV_FW_FSEQ_VERSION: 
FSEQ Version: 89.3.35.37
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: loaded firmware version 
63.c04f3485.0 QuZ-a0-hr-b0-63.ucode op_mode iwlmvm
Jan 02 13:04:11 littlebox kernel: iwlwifi :00:14.3: firmware: failed to 
load iwl-debug-yoyo.bin (-2)
Jan 02 13:04:12 littlebox kernel: iwlwifi :00:14.3: Detected Intel(R) Wi-Fi 
6 AX201 160MHz, REV=0x354
Jan 02 13:04:12 littlebox kernel: iwlwifi :00:14.3: Detected RF HR B3, 
rfid=0x10a100
Jan 02 13:04:12 littlebox kernel: iwlwifi :00:14.3: base HW address: 
64:79:f0:c8:dc:5a
Jan 02 13:04:12 littlebox kernel: iwlwifi :00:14.3 wlo1: renamed from wlan0

...

Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: Microcode SW error 
detected. Restarting 0x0.
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: Start IWL Error Log 
Dump:
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: Transport status: 
0x004B, valid: 6
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: Loaded firmware 
version: 63.c04f3485.0 QuZ-a0-hr-b0-63.ucode
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0071 | 
NMI_INTERRUPT_UMAC_FATAL
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x22F0 | 
trm_hw_status0
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | 
trm_hw_status1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004CAD42 | branchlink2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004C2DBC | 
interruptlink1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004C2DBC | 
interruptlink2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004C2F1C | data1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x1000 | data2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | data3
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | beacon time
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x00025B0E | tsf low
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | tsf hi
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | time gp1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0002B8A5 | time gp2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0001 | uCode 
revision type
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x003F | uCode 
version major
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0xC04F3485 | uCode 
version minor
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0351 | hw version
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x18C89004 | board 
version
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x8037FD22 | hcmd
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x0002 | isr0
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | isr1
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x08F04002 | isr2
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x00C37FCC | isr3
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | isr4
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | last cmd Id
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x004C2F1C | wait_event
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | l2p_control
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | 
l2p_duration
Jan 02 13:04:14 littlebox kernel: iwlwifi :00:14.3: 0x | 

Bug#715900: Bug fixed in fact!

[Hu Zheng]

https://gitee.com/huzheng/stardict-3.0.7/commit/d9d480bdae9c6a95df1662f4a4a34d9de57d78f4




=

不带参数运行这个程序啊！要有正确的输入！
=












Hu Zheng


13017203...@139.com







电子名片新出VIP模板啦，快来体验>>




扫一扫,


快速添加名片到手机

Bug#1003009: notcurses FTBFS: notcurses-ffi exists in debian/tmp but is not installed to anywhere

[Adrian Bunk]

Source: notcurses
Version: 3.0.3+dfsg.1-1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=notcurses=3.0.3%2Bdfsg.1-1

...
   dh_missing -a -O--buildsystem=cmake
dh_missing: warning: usr/lib/x86_64-linux-gnu/libnotcurses-ffi.so exists in 
debian/tmp but is not installed to anywhere 
dh_missing: warning: usr/lib/x86_64-linux-gnu/libnotcurses-ffi.so.3 exists in 
debian/tmp but is not installed to anywhere 
dh_missing: warning: usr/lib/x86_64-linux-gnu/libnotcurses-ffi.so.3.0.3 exists 
in debian/tmp but is not installed to anywhere 
dh_missing: warning: usr/lib/x86_64-linux-gnu/pkgconfig/notcurses-ffi.pc exists 
in debian/tmp but is not installed to anywhere 
dh_missing: error: missing files, aborting
The following debhelper tools have reported what they installed (with 
files per package)
 * dh_install: libnotcurses++-dev (6), libnotcurses++3 (2), 
libnotcurses-core-dev (45), libnotcurses-core3 (4), libnotcurses-dev (5), 
libnotcurses3 (2), notcurses-bin (18), notcurses-data (10), python3-notcurses 
(0)
 * dh_installdocs: libnotcurses++-dev (0), libnotcurses++3 (0), 
libnotcurses-core-dev (0), libnotcurses-core3 (0), libnotcurses-dev (0), 
libnotcurses3 (0), notcurses-bin (0), notcurses-data (0), python3-notcurses (0)
 * dh_installman: libnotcurses++-dev (0), libnotcurses++3 (0), 
libnotcurses-core-dev (0), libnotcurses-core3 (0), libnotcurses-dev (0), 
libnotcurses3 (0), notcurses-bin (0), notcurses-data (0), python3-notcurses (0)
If the missing files are installed by another tool, please file a bug 
against it.
When filing the report, if the tool is not part of debhelper itself, 
please reference the
"Logging helpers and dh_missing" section from the "PROGRAMMING" guide 
for debhelper (10.6.3+).
  (in the debhelper package: /usr/share/doc/debhelper/PROGRAMMING.gz)
Be sure to test with dpkg-buildpackage -A/-B as the results may vary 
when only a subset is built
If the omission is intentional or no other helper can take care of this 
consider adding the
paths to debian/not-installed.

Remember to be careful with paths containing "x86_64-linux-gnu", where 
you might need to
use a wildcard or (assuming compat 13+) e.g. ${DEB_HOST_MULTIARCH} in 
debian/not-installed
to ensure it works on all architectures (see #961104).
make: *** [debian/rules:14: binary-arch] Error 25

Bug#1003015: Makefile creates a symlink testing/buster -> unstable/sid, while it should be testing/bookworm -> unstable/sid

[Daniel Leidert]

Package: debian-cd
Version: 3.1.35
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The Makefile contains this code:

# Make sure unstable/sid points to testing/buster, as there is no build
# rule for unstable/sid.
unstable-map:
$(Q)if [ ! -d $(BASEDIR)/data/sid ] ; then \
ln -s buster $(BASEDIR)/data/sid ; \
fi
$(Q)if [ ! -d $(BASEDIR)/tools/boot/sid ] ; then \
ln -s buster $(BASEDIR)/tools/boot/sid ; \
fi

This clearly needs to be updated to "bookworm".

Regards, Daniel



- -- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debian-cd depends on:
ii  apt2.3.13
ii  bc 1.07.1-3+b1
ii  bzip2  1.0.8-5
ii  cpp4:11.2.0-2
ii  curl   7.80.0-3
ii  dctrl-tools [grep-dctrl]   2.24-3+b1
ii  dpkg-dev   1.21.1
ii  genisoimage9:1.1.11-3.2
pn  libcompress-zlib-perl  
pn  libdigest-md5-perl 
ii  libdpkg-perl   1.21.1
ii  libfile-slurp-perl .32-1
ii  libyaml-libyaml-perl   0.83+ds-1
ii  lynx   2.9.0dev.10-1
ii  make   4.3-4.1
ii  perl [libdigest-sha-perl]  5.32.1-6
ii  tofrodos   1.7.13+ds-5
ii  wget   1.21.2-2+b1
ii  xorriso1.5.4-2

Versions of packages debian-cd recommends:
ii  dosfstools   4.2-1
ii  hfsutils 3.2.6-15
ii  isolinux 3:6.04~git20190206.bf6db5b4+dfsg1-3
ii  mtools   4.0.33-1+really4.0.32-1
ii  syslinux-common  3:6.04~git20190206.bf6db5b4+dfsg1-3

debian-cd suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmHR/eIACgkQS80FZ8KW
0F13VQ/+LLRXQP6vVxion6boTgg9LEEEnaUPHeprePLNoe5hA0S0wFnIyt3fU/w/
+/QVs4csEpZkLK397gAqR3/au5I/UGzW24lYwMwCtnRdZlwMeYnsRoQx1MPhWerb
oX53/kfbesUDT8TOT3TZnNtZg2d2wZlH7+KUA6BrHjlRNFLxYrh7CBYzQ14CxVz0
pCxtyub1RQKUFGhfJ/Sv+C70sStiooECpMoLPmQhvC0XWoZU0E+ZJPkUJTFzeIvJ
a3hclib2BNzFTTduPKG8SYgytfTyHKrkZx81J1s9955ZDEMxqoc+QnpuaNFqW2yJ
dqyJorijFYki5rnw4p70zzWtX3VDaQkVxtrDPmTmKa9V+HB57/Vw7nk8Jw0KnKxC
vdRWYH5WVobeNLdJ5rzgZRhlaeqf99DHFcUhTp7oK9kxheqxlnvKskGdCPvlG+2b
ocIx7okMxTWRQYXuzUW0x6U+oQq+2hrTW8Ia9894APNswdsbYw6aNkAydWs2WsOs
z/c1wE7M1WdDpYCTGLewIo6kdzaD5NXg4ACwZozJPRjjrdjWvEL/tX7QANbkHxbY
G1TRv8I+sWb2uEYRqPEhBX6BA555QJo6srYUuzyYROG/fvOX3moR3AIVY8N+RWiU
qKHt63FXf7ClQxY92tq3kpk+jmhIVEaGE2axZ+KBpx0dtcwny9s=
=eDGz
-END PGP SIGNATURE-

Bug#1002252: [Pkg-electronics-devel] Bug#1002252: pcb-rnd: FTBFS: dh_auto_test: error: make -j4 test VERBOSE=1 returned exit code 2

[Bdale Garbee]

severity 1002252 important
thanks

Lucas Nussbaum  writes:

> During a rebuild of all packages in sid, your package failed to build
> on amd64.

It looks like noise from the latest librnd version is causing a pcb-rnd
test failure.  There is no operational bug in either the library or the
application pcb-rnd.

Upstream reports this is already fixed in their tree, and will
apparently be in the next librnd release due in March.  Upstream really
hates when I pull patches out of his tree to make off-cycle updates, so
unless this actually causes someone an operational problem with the
existing binary packages, my intent is to just package the next librnd
release as soon as possible.

Bdale


signature.asc
Description: PGP signature

Bug#1003021: x11-utils: luit - please upgrade

[Thomas Dickey]

Package: x11-utils
Version: 7.7+5
Severity: normal

Dear Maintainer,

   * The version of luit in x11-utils is very old, and its nominal upstream
 is defunct.

 https://lists.x.org/archives/xorg-devel/2018-August/057386.html

 See this for a summary of the relationship of "xorg luit" to luit:

 https://invisible-island.net/luit/#metrics

   * Prior discussion with the package maintainers had no effect.

   * To remedy the situation, I propose to
   
 a) modify x11-utils, making its copy of luit configurable via
the alternatives feature (renaming it to "luit1", accessed as "luit")

 b) to provide an up-to-date package for luit as "luit2", also
of course configurable via the alternatives feature.

 c) After some time, the copy in x11-utils can be replaced by a
"recommends".

 Incidentally, doing this would fix #816289

The point of this bug report is to get feedback on "a" (modify x11-utils).

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages x11-utils depends on:
ii  libc6   2.33-1
ii  libfontconfig1  2.13.1-4.2
ii  libfontenc1 1:1.1.4-1
ii  libgl1  1.3.4-2+b1
ii  libx11-62:1.7.2-2+b1
ii  libx11-xcb1 2:1.7.2-2+b1
ii  libxaw7 2:1.0.13.1-20191125
ii  libxcb-shape0   1.14-3
ii  libxcb1 1.14-3
ii  libxcomposite1  1:0.4.5-1
ii  libxext62:1.3.4-1
ii  libxft2 2.3.2-2
ii  libxi6  2:1.8-1
ii  libxinerama12:1.1.4-2
ii  libxkbfile1 1:1.1.0-1
ii  libxmu6 2:1.1.2-2+b3
ii  libxmuu12:1.1.2-2+b3
ii  libxrandr2  2:1.5.2-1
ii  libxrender1 1:0.9.10-1
hi  libxt6  1:1.2.0-20190617
ii  libxtst62:1.2.3-1
ii  libxv1  2:1.0.11-1
ii  libxxf86dga12:1.1.4-1+b3
ii  libxxf86vm1 1:1.1.4-1+b2

x11-utils recommends no packages.

Versions of packages x11-utils suggests:
ii  mesa-utils  8.4.0-1+b2

-- no debconf information

Bug#1003025: gr-iio prevents import of python3-libiio

[Balbir Thomas]

Package: gr-iio
Version: 0.3-9+b4
Severity: normal

Dear Maintainer,

The gr-iio package installs
/usr/lib/python3/dist-packages/iio/__init__.py.

As a result when any application evaluates

   import iio 

The above listed file is evaluated. However this is usually
not what is intended. Instead most applications expect
to evaluate the file

/usr/lib/python3/dist-packages/iio.py

installed by python3-libiio

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/6 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gr-iio depends on:
ii  libc6 2.31-13+deb11u2
ii  libgcc-s1 10.2.1-6
ii  libgnuradio-iio1  0.3-9+b4
ii  libgnuradio-pmt3.8.2  3.8.2.0-14
ii  libgnuradio-runtime3.8.2  3.8.2.0-14
ii  liblog4cpp5v5 1.1.3-3
ii  libpython3.9  3.9.2-1
ii  libstdc++610.2.1-6
ii  python3   3.9.2-3

gr-iio recommends no packages.

gr-iio suggests no packages.

-- no debconf information

Bug#1002992: sub...@bugs.debian.org

[Alec Leamas]

Made a new upload to mentors after syncing my git tree with salsa. 
Basically means that the VCS headers which was broken now should be OK


--alec

Bug#967275: Bug#967582: libgtkdatabox: depends on deprecated GTK 2

[Felipe Castro]

Hi Graham, nice to hear all this!

Klavaro is again linking against the library externally, from release 3.12,
see:

https://sourceforge.net/p/klavaro/news/2021/04/release-312/


Em dom., 2 de jan. de 2022 às 10:11, Graham Inggs 
escreveu:

> Control: tags -1 + pending fixed-in-experimental
> Control: block 967275 by -1
> Control: severity 967275 important
> Control: block 967831 by -1
> Control: severity 967831 important
>
> Hi Felipe
>
> On Sun, 6 Jun 2021 at 23:42, Felipe Castro  wrote:
> > Hi, I'm the new upstream maintainer of GtkDatabox and we have released
> version 1.0.0 this year, which depends now on GTK3, please update it on
> Debian.
> > The packages which depend on it are klavaro, xoscope and brp-pacu.
> > From those, the only upstream which still depends on old gtkdatabox is
> brp-pacu, but there is a fork which has done the upgrade to use the new
> GTK3 version at GitHub, see: https://github.com/matthew-dews/brp-pacu
> > The problem is that they have not released this new version yet, but I
> could provide another fork and release, if that is the case.
>
> Thanks for your work on these packages!
>
> I've uploaded libtgkdatabox 1.0.0 to experimental. Once it clears NEW
> [1], I will prepare uploads of xoscope and brp-pacu which I have
> already tested.  klavaro seems to be using an embedded copy of
> libgtkdatabox.
>
> Regards
> Graham
>
>
> [1] https://ftp-master.debian.org/new.html
>

Bug#1002979: FTBFS with camlp5 8.00.02

[Guillaume Brochu]

Dear Stéphane,


Many thanks for this report.

This link gives more details about this specific problem with the old
geneweb 6.08:
https://issueexplorer.com/issue/camlp5/camlp5/82

The solution would be to migrate to geneweb 7 (see also bug #986285 about
the expected migration to geneweb 7).

However, this will require a lot of time to implement & test, since geneweb
7 is very different from geneweb 6.

As a result, geneweb might be removed from testing for some weeks or months
following the landing of the new ocaml/camlp5 in unstable.

With best regards,


Guillaume Brochu


Le dim. 2 janv. 2022 à 00:12, Stéphane Glondu  a écrit :

> Source: geneweb
> Version: 6.08+git20181019+dfsg-3
> Severity: important
> Tags: ftbfs
>
> Dear Maintainer,
>
> Your package FTBFS with camlp5 8.00.02 with the following error:
> > camlp5r pa_extend.cmo q_MLast.cmo -o pa_macro5.ppo pa_macro5.ml
> > File "pa_macro5.ml", line 162, characters 51-52:
> > While expanding quotation "patt":
> > Parse error: end of input expected after [patt] (in [patt_eoi])
>
> This was discovered while preparing the transition to OCaml 4.13.1.
>
> Packages rebuilt with OCaml 4.13.1 are available at:
>
>   https://ocaml.debian.net/transitions/ocaml-4.13.1/
>
>
> Cheers,
>
> --
> Stéphane
>
> -- System Information:
> Debian Release: bookworm/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE
> not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>

Bug#978040: Warning: (9034) "crtbeginS.o" not found (on non-intel architectures)

[Paul Gevers]

Hi,

On 02-01-2022 14:29, Abou Al Montacir wrote:
If you check on a porter box for ARM or power PC, you will find only arm 
or ppc related ifdefs.

So it works for all architectures, but not multiarch.


Isn't multiarch only properly working on some combinations anyways? E.g. 
i386 can be multiarch on an amd64 capable computer. And armhf (and 
sometimes armel) can be multiarch on (most) arm64 capable hosts? I 
understood not all combinations currently (or ever) make sense.


I just checked the configuration on armhf and there wasn't a path to gcc 
in the configuration. Shortly after I realized that's probably because 
gcc wasn't installed. So while I checked armel, I installed gcc 
alongside and after dpkg-reconfigure I got this on armel:

"""
#ifdef cpuaarch64
-Fl/usr/lib/gcc/arm-linux-gnueabi/11
#endif
"""
The cpuaarch64 bit part doesn't look correct, maybe that's because this 
is inside an lxc on an arm64 host, so maybe the detection goes wrong.


And then on armel I got:
#ifdef cpuaarch64
-Fl/usr/lib/gcc/arm-linux-gnueabihf/11
#endif

On arm64
#ifdef cpuaarch64
-Fl/usr/lib/gcc/aarch64-linux-gnu/11
#endif

If we can safely suppose that all Debian architectures are using the 
very same GCC version and path, then we can remove the ifdef and have a 
generic path that works for mutiarch with a minimal effort.


But shouldn't the path depend on for which architecture your building?


However, it is true that if a new gcc version is installed after FPC
then the logic will fall down.


Can't we use a wildcard for the version number? I mean, after 11 comes
12 and 13 and ...
The wildcards work but only for one directory level. This means 
/path/to/* and /path/to/prefix*  will work, but not /path/to/*/* or 
/path/to/prefix*/*


Ack.


If this is judged OK, I propose to close this ticket


As long as we have a new fpc in every Debian release, we're fine in
Debian, but e.g. Ubuntu users may experience issues when they carry the
same fpc over to a new version of Ubuntu that comes with a new gcc
version. So I don't think it's nice.
If we can add a trigger then we can run dpkg-reconfigure 
fp-compiler-${VERSION} and get it updated.
I'm not sure your allowed to run dpkg-reconfigure on a trigger as that 
requires admin interaction. That sounds weird. As an admin I wouldn't 
expect my configuration to get updated (when installing an "unrelated" 
package). And we would want to have a trigger on gcc upgrade? I don't 
know how triggers work exactly, but wouldn't gcc need to provide the 
trigger then?


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#715859: Bug fixed!

[肖盛文]

Control: tags -1 pending


Thanks you for fix this bug in upstream!


在 2022/1/2 16:14, Hu Zheng 写道:

See:
https://gitee.com/huzheng/stardict-3.0.7/commit/d9d480bdae9c6a95df1662f4a4a34d9de57d78f4





Hu Zheng

13017203...@139.com

电子名片新出VIP模板啦，快来体验>> 

扫描二维码添加名片到手机

扫一扫,

快速添加名片到手机


--
肖盛文 xiao sheng wen Faris Xiao
微信(wechat)：atzlinux
《铜豌豆 Linux》https://www.atzlinux.com
基于 Debian 的 Linux 中文 桌面 操作系统
Debian QA page:https://qa.debian.org/developer.php?login=atzlinux%40sina.com
GnuPG Public Key: 0x00186602339240CB



OpenPGP_0x00186602339240CB.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002975: capnproto: please migrate capnproto 0.8.0 from experimental to unstable -> testing

[tony mancill]

On Sat, Jan 01, 2022 at 05:12:15PM -0800, tony mancill wrote:

Transition request is #1003004.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003004

Bug#995212: chromium: Update to version 94.0.4606.61 (security-fixes)

[Mattia Rizzolo]

On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> > I've got 96.0.4664.110 building on both bullseye and sid

Trying it, I see it still build-depends on python-jinja2.  That package
is now gone, so it's not actually buildable in sid anymore.

Correlated, do you know how long do they plan on keeping using python2?
That's plainly unsuitable, it really is not going to last much longer in
debian.

> > the v96 branch of https://salsa.debian.org/dilinger/chromium

FWIW, I'm trying to build it myself as well (after injecting an old
python-jinja2 and an old python-markupsafe).

> Alright, crashes are solved and the packages are now usable. After some
> cleanups (listing CVEs in changelogs,

This doesn't seem to be done as of the current tip of you v96 branch.

> merging/pushing a bunch of
> commits in my branch, possibly dropping strong stack protection from
> builds to silence warnings from older clang versions, and going through
> lintian errors/warnings), it should be ready to upload.

TBH, I don't think I am able to judge the appropriateness of most of
those changes...
Though I suspect I could close most of my eyes and upload it to
unstable: can't be much worse than what we have...

> How should I handle this? NMU to sid, let people try it out, and then
> deal with buster/bullseye? Upload everything all at once?

Procedure would be NMU to unstable first, IMHO.

> I also haven't heard from anyone on the chromium team yet - should I
> add myself as an uploader and do a normal (non-NMU) upload? Do any of
> them care?

Without hearing from them, adding yourself to Uploaders would be
inappropriate.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#959407: Not needed for Debian Python Packages

[Scott Kitterman]

We now have a more general solution for PEP 517/518 (and PEP 621) based 
packages in pybuild using a different approach.  This package is not needed to 
support Deiban Python package building.

Scott K

signature.asc
Description: This is a digitally signed message part.

Bug#1000572: fix

[Thomas Lange]

This is now fixed in the master branch

https://github.com/faiproject/fai/commit/2726525da7fbcd73ff5e949516890fa80ffb6783

-- 
viele Grüße Thomas

Bug#1003029: xboxdrv: FTBFS with SCons 4.2.0+

[GCS]

Source: xboxdrv
Version: 0.8.8-2
Severity: important
Tags: patch

Hi,

SCons 4.3.0 was released some time ago. I've packaged it and would
like to upload it in the next day or so. Your package FTBFS with that,
for which a patch is attached to fix it.

Regards,
Laszlo/GCS
Description: SCons 4.2.0 no longer has env.has_key()
 Check env as an array.
Author: Laszlo Boszormenyi (GCS) 
Forwarded: no
Last-Update: 2022-01-02

---

--- xboxdrv-0.8.8.orig/SConstruct
+++ xboxdrv-0.8.8/SConstruct
@@ -41,7 +41,7 @@ def build_bin2h(target, source, env):
 with open(target[0].get_path(), "w") as fout:
 fout.write("// autogenerated by scons Bin2H builder, do not edit by hand!\n\n")
 
-if env.has_key("BIN2H_NAMESPACE"):
+if "BIN2H_NAMESPACE" in env:
 fout.write("namespace %s {\n\n" % env["BIN2H_NAMESPACE"])
 
 # write down data
@@ -67,7 +67,7 @@ def build_bin2h(target, source, env):
 for src in source], ",\n"))
 fout.write("\n}\n\n")
 
-if env.has_key("BIN2H_NAMESPACE"):
+if "BIN2H_NAMESPACE" in env:
 fout.write("} // namespace %s\n\n" % env["BIN2H_NAMESPACE"])
 
 fout.write("/* EOF */\n")

Bug#1002982: elpa-org: post-installation script subprocess returned error exit status 1

[Gregory Mounie]

Package: elpa-org
Version: 9.5.2+dfsh-1
Followup-For: Bug #1002982

Dear Maintainer,

After installation, org-version.el is missing (not auto-generated ?) in 
/usr/share/emacs/site-lisp/elpa-src/org-9.5.2/ and soft-linked in 
/usr/share/emacs/site-lisp/elpa/org-9.5.2/

Then the elpa-org 9.5.2 loads the org-version.el from default org 9.3 from 
emacs 27.1 ( /usr/share/emacs/27.1/lisp/org/org-version.el )
 
To reproduce the loading of the wrong file:
emacs -q

then in emacs

M-x org-reload

give the following message:
Successfully reloaded Org
Org mode version N/A (N/A !!check installation!! @ 
/usr/share/emacs/site-lisp/elpa/org-9.5.2/)


The full text of the *Messages* buffer at the org-reload execution. Note the 
directory of the loading of org-version (last previous last loading)

Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-comint...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-core...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-emacs-lisp...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-eval...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-exp...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-lob...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-ref...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-table...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/ob-tangle...done
Loading /usr/share/emacs/27.1/lisp/obarray...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-compat...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-entities...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-faces...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-footnote...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-keys...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-list...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-macro...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-macs...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-pcomplete...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-src...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org-table...done
Loading /usr/share/emacs/27.1/lisp/org/org-version.el (source)...done
Loading /usr/share/emacs/site-lisp/elpa/org-9.5.2/org...done
The following features were found in load-path, please check if that’s correct:
(obarray org-version)
Successfully reloaded Org
Org mode version N/A (N/A !!check installation!! @ 
/usr/share/emacs/site-lisp/elpa/org-9.5.2/)


*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages elpa-org depends on:
ii  dh-elpa-helper  2.0.10
ii  elpa-htmlize1.56-1
ii  emacsen-common  3.0.4

Versions of packages elpa-org recommends:
ii  emacs  1:27.1+1-3.1
ii  emacs-gtk [emacs]  1:27.1+1-3.1+b1

Versions of packages elpa-org suggests:
ii  ditaa  0.10+ds1-1.2
ii  org-mode-doc   9.4.0-2
ii  texinfo6.8-3
ii  texlive-fonts-recommended  2021.20211217-1
ii  texlive-latex-extra2021.20211217-1

-- debconf-show failed

Bug#712979: debbugs: get_bug_log can incorrectly return an e-mail body with xsi:type="xsd:long"

[Don Armstrong]

On Sun, 02 Jan 2022, Bastian Venthur wrote:
> On 01.01.22 22:05, Don Armstrong wrote:
> > I'm currently working on it, but my available time is so minimal,
> > that additional help would be welcome.
> 
> Awesome news! Is there some repository to check out? I'd love to help if I
> can.

Not publicly yet; I need to get more of the architecture in place before
it can be reasonably collaborated on.

But I hope to have it in a place that others can collaborate with me in
the next 6 months or so.

-- 
Don Armstrong  https://www.donarmstrong.com

Our days are precious, but we gladly see them going
If in their place we find a thing more precious growing
A rare, exotic plant, our gardener's heart delighting
A child whom we are teaching, a booklet we are writing
 -- Frederick Rükert _Wisdom of the Brahmans_ 
 [Hermann Hesse _Glass Bead Game_]

Bug#1003034: ITP: obs-scene-collection-manager -- plugin for OBS Studio to generate sets of scenes

[Joao Eriberto Mota Filho]

Package: wnpp
Severity: wishlist
Owner: Joao Eriberto Mota Filho 
X-Debbugs-Cc: debian-de...@lists.debian.org, Exeldro 

* Package name: obs-scene-collection-manager
  Version : 0.0.2
  Upstream Author : Exeldro 
* URL : 
https://obsproject.com/forum/resources/scene-collection-manager.1434/
* License : GPL-2
  Programming Lang: C++
  Description : plugin for OBS Studio to generate sets of scenes

 This plugin allows the user to generate several sets of scenes to use
 in different scenarios. To choose and use a set of scenes, just click
 over a name in a menu. Also is possible to filter, backup and restore
 scene collections.
 .
 The Scene Collection Manager will appear on the main menu and on the
 Tools menu when installed.
 .
 This plugin is compatible with OBS 26 or higher.

Bug#715900: Bug fixed!

[肖盛文]

在 2022/1/2 16:21, Hu Zheng 写道:

See:
https://gitee.com/huzheng/stardict-3.0.7/commit/d9d480bdae9c6a95df1662f4a4a34d9de57d78f4


The bug still partly exist:

atzlinux@debian:/tmp/ec50-report/crash$ 
/usr/lib/stardict-tools/fest2dict asdfasd

Segmentation fault
atzlinux@debian:/tmp/ec50-report/crash$ echo $?
139


This is fixed:

atzlinux@debian:/tmp/ec50-report/crash$ echo asdasdf > /tmp/a
atzlinux@debian:/tmp/ec50-report/crash$ 
/usr/lib/stardict-tools/fest2dict /tmp/a

atzlinux@debian:/tmp/ec50-report/crash$ echo $?
0

also see: 
https://gitee.com/huzheng/stardict-3.0.7/commit/d9d480bdae9c6a95df1662f4a4a34d9de57d78f4#note_8137981




OpenPGP_0x00186602339240CB.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002591: misdetects socket activated ssh

[Marc Haber]

On Sun, Jan 02, 2022 at 09:25:49PM +0100, Thomas Liske wrote:
> Looks like a systemd/cgroup related change in bullseye, buster seems
> not to be affected.

That sounds correct, I had attributed this behavior to some ssh updates
in the past.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Bug#998383: nheko: nheko/{armel,armhf} has unsatisfiable dependency

[Gilles Filippini]

On Wed, 3 Nov 2021 14:25:41 +0200 Adrian Bunk  wrote:

Control: reassign -1 src:gst-plugins-good1.0 1.18.5-1
Control: retitle -1 gstreamer1.0-qt5 should again be built on armel/armhf
Control: affects -1 nheko

On Wed, Nov 03, 2021 at 12:03:20PM +0100, Sebastian Ramacher wrote:
> Source: nheko
> Version: 0.8.2-2
> Severity: serious
> X-Debbugs-Cc: sramac...@debian.org
> 
> nheko fails to migrate to testing since it depends on gstreamer1.0-qt5.

> This package is not available on armel and armhf.

With #894076 fixed, gstreamer1.0-qt5 builds again on armel/armhf.

I'll submit a MR for that.


Hi Adrian,
Any progress on this topic?
Thanks,
_g.



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1003008: Error 134633601: Error while parsing number"

[Colin Watson]

Control: severity -1 critical

On Sun, Jan 02, 2022 at 09:14:54PM +0300, Eugene Berdnikov wrote:
>  After upgrade grub-legacy from 0.97-78 to 0.97-79 installation fails
>  with message "Error 134633601: Error while parsing number":
> 
> -
> grub> root (hd0,0)
> root (hd0,0)
>  Filesystem type is ext2fs, partition type 0x8065e03
> grub> setup (hd0)
> setup (hd0)
>  Checking if "/boot/grub/stage1" exists... no
>  Checking if "/grub/stage1" exists... yes
>  Checking if "/grub/stage2" exists... yes
>  Checking if "/grub/e2fs_stage1_5" exists... yes
>  Running "embed /grub/e2fs_stage1_5 (hd-141250989)"... failed (this is not 
> fatal)
>  Running "embed /grub/e2fs_stage1_5 (hd-141250989,-"... failed (this is not 
> fatal)
>  Running "install /grub/stage1 (hd-141250989) /grub/stage2 p /grub/menu.lst 
> "... failed
> 
> Error 134633601: Error while parsing number
> -
> 
>  Observed on all updated hosts (about ten in my own). Rollback to 0.97-78
>  resolves the problem (with the same config files).

Ugh, sorry about this.  I didn't actually change any patches against the
upstream code in 0.97-79, so this must have been broken by the mere act
of rebuilding it, I think.  I'll see if I can construct a suitable test
environment.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#1003040: ITP: asdf-astropy -- ASDF serialization support for astropy

[Ole Streicher]

Package: wnpp
Severity: wishlist
Owner: Ole Streicher 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-pyt...@lists.debian.org, 
debian-as...@lists.debian.org

* Package name: asdf-astropy
  Version : 0.1.2
  Upstream Author : The ASDF Developers
* URL : https://github.com/astropy/asdf-astropy
* License : BSD-3-Clause
  Programming Lang: Python
  Description : ASDF serialization support for astropy

This package includes plugins that provide ASDF serialization support
for astropy objects. The plugins are automatically enabled when the
package is installed. ASDF (Advanced Scientific Data Format) is a
proposed next generation interchange format for scientific data,
mainly used by the Space Telescope Science Institude (STScI).

It is a new build dependency of the gwcs package. I will
maintain it within the Debian Astro team in Salsa:

https://salsa.debian.org/debian-astro-team/asdf-astropy

Best regards

Ole

Bug#1003041: krita: Krita 4.4.2 on bullseye crashes most of the time when I try to apply filters on a transparency layer.

[Safi ud Din Khan]

Package: krita
Version: 1:4.4.2+dfsg-1: amd64

Dear Maintainer,

Krita 4.4.2 on Bullseye crashes most of the time when I try to apply
Gaussian Blur or any other filter on a transparency mask unless I disable
the preview option. It happens when I try to apply other filters as well.
I have tested it by installing Krita on a fresh Debian Bullseye on a
virtual machine as well and it happens there as well.

Here is the console output of Krita when the crash occurs.

safi@safi-pc:~$ krita

(process:12176): Gtk-WARNING **: 12:27:33.157: Locale not supported by C
library.
Using the fallback 'C' locale.
Invalid profile :  "/usr/share/color/icc/colord/Crayons.icc" "Crayon Colors"
Invalid profile :  "/usr/share/color/icc/colord/x11-colors.icc" "X11 Colors"
Could not set current file 0 "brushes/rake_sparse.png"
krita.general: Bundle is broken. File "brushes/rake_sparse.png" is missing
Could not set current file 0 "brushes/rock_pitted.gih"
krita.general: Bundle is broken. File "brushes/rock_pitted.gih" is missing
Could not set current file 0 "brushes/square_rough.png"
krita.general: Bundle is broken. File "brushes/square_rough.png" is missing
krita.general: Due to missing files and wrong entries in the manifest,
 "/usr/share/krita/bundles/RGBA_brushes.bundle"  will be recreated.
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/Craig_02.png" 0
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/DA_RGBA bluegreen_small.png" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/DA_RGBA bluegreen_small1.png" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/DA_Triangle grain.png" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/Mountain_Brush_01.png" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "brushes/RGBA anim 01.gih" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
Could not set current file 0 "brushes/rake_sparse.png"
Could not set current file 0 "brushes/rock_pitted.gih"
Could not set current file 0 "brushes/square_rough.png"
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_01_Thick-dry.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_02_Thickpaint.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_03_Rake.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_04_Impasto.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_05_Impasto-details.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "paintoppresets/m)_RGBA_06_Rock.kpp" 0
QBuffer::setBuffer: Buffer is open
krita.lib.store: KoStore: You must open before writing

krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "preview.png" 0
QBuffer::setBuffer: Buffer is open
krita.general: Could not open preview.png
krita.lib.store: KoStore: You must open before writing

krita.general: Could not write preview.png
krita.lib.store: You must open before closing
QuaZipFile::open(): file open mode 2 incompatible with ZIP open mode 0
Could not open "META-INF/manifest.xml" 0

Bug#990128: libcurl4-gnutls-dev: Un-installable in multiarch environment again in version 7.80.0-3: /usr/bin/curl-config differs

[Michael Schmeing]

Hello,

a quite similar bug has been reintroduced in version 7.80.0-3 of 
libcurl4-gnutls-dev:
The package is again unistallable in multiarch environments due to 
differences in libcurl4-gnutls-dev. This time, it is the -L linker 
options that contain the architecture triplet (e.g. amd64-linux-gnu, see 
attached diff file).


Should this new difference in curl-config be handled by re-opening this 
bug report or should I create a new one?


Best regards
Michael Schmeing

--
Michael Schmeing
Kahlhorststraße 36A
23562 Lübeck
E-Mail: mich...@michael-schmeing.de
Tel.: +49 451 30406604
Mobil: +49 176 22961510
--- amd64/usr/bin/curl-config	2021-12-26 17:22:18.0 +0100
+++ i386/usr/bin/curl-config	2021-12-26 17:22:18.0 +0100
@@ -152,7 +152,7 @@
 --libs)
 CURLLIBDIR=""
 if test "Xyes" = "Xno"; then
-  echo ${CURLLIBDIR}-lcurl -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lpsl -lnettle -lgnutls -L/usr/lib/x86_64-linux-gnu/mit-krb5 -lgssapi_krb5 -llber -lldap -llber -lzstd -lbrotlidec -lz -pthread
+  echo ${CURLLIBDIR}-lcurl -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lpsl -lnettle -lgnutls -L/usr/lib/i386-linux-gnu/mit-krb5 -lgssapi_krb5 -llber -lldap -llber -lzstd -lbrotlidec -lz -pthread
 else
   echo ${CURLLIBDIR}-lcurl
 fi
@@ -163,7 +163,7 @@
 
 --static-libs)
 if test "Xyes" != "Xno" ; then
-  echo -Wl,-Bstatic -lcurl -Wl,-Bdynamic -Wl,-z,relro -Wl,-z,now -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lpsl -lnettle -lgnutls -L/usr/lib/x86_64-linux-gnu/mit-krb5 -lgssapi_krb5 -llber -lldap -llber -lzstd -lbrotlidec -lz -pthread
+  echo -Wl,-Bstatic -lcurl -Wl,-Bdynamic -Wl,-z,relro -Wl,-z,now -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lpsl -lnettle -lgnutls -L/usr/lib/i386-linux-gnu/mit-krb5 -lgssapi_krb5 -llber -lldap -llber -lzstd -lbrotlidec -lz -pthread
 else
   echo "curl was built with static libraries disabled" >&2
   exit 1

Bug#1003039: node-terser: Please update node-commander dependency to version 8

[Yadd]

Package: node-terser
Version: 4.1.2-9
Severity: important
Tags: patch

Hi,

node-commander 8 changed option parsing. Here is a proposed patch to be
used in replacement of 1001_use_commander_4.patch
Description: support node module commander release 8
 same patch than uglifyjs
Author: Yadd 
Forwarded: no
Last-Update: 2022-01-03

--- a/bin/uglifyjs
+++ b/bin/uglifyjs
@@ -28,6 +28,15 @@
 program.version(info.name + " " + info.version);
 program.parseArgv = program.parse;
 program.parse = undefined;
+var argv = [];
+process.argv.forEach(function(arg){
+  if(arg.match(/^-([pcmbode]+)$/)) {
+argv = argv.concat(RegExp.$1.split('').map(s => { return '-'+s }));
+  }
+  else argv.push(arg);
+});
+process.argv = argv;
+
 if (process.argv.includes("ast")) program.helpInformation = describe_ast;
 else if (process.argv.includes("options")) program.helpInformation = 
function() {
 var text = [];
@@ -65,10 +74,11 @@
 program.option("--warn", "Print warning messages.");
 program.option("--wrap ", "Embed everything as a function with “exports” 
corresponding to “name” globally.");
 program.arguments("[files...]").parseArgv(process.argv);
-if (program.configFile) {
-options = JSON.parse(read_file(program.configFile));
+const opts = program.opts();
+if (opts.configFile) {
+options = JSON.parse(read_file(opts.configFile));
 }
-if (!program.output && program.sourceMap && program.sourceMap.url != "inline") 
{
+if (!opts.output && opts.sourceMap && opts.sourceMap.url != "inline") {
 fatal("ERROR: cannot write source map to STDOUT");
 }
 [
@@ -82,83 +92,83 @@
 "toplevel",
 "wrap"
 ].forEach(function(name) {
-if (name in program) {
-options[name] = program[name];
+if (name in opts) {
+options[name] = opts[name];
 }
 });
-if ("ecma" in program) {
-if (program.ecma != (program.ecma | 0)) fatal("ERROR: ecma must be an 
integer");
-options.ecma = program.ecma | 0;
+if ("ecma" in opts) {
+if (opts.ecma != (opts.ecma | 0)) fatal("ERROR: ecma must be an integer");
+options.ecma = opts.ecma | 0;
 }
-if (program.beautify) {
-options.output = typeof program.beautify == "object" ? program.beautify : 
{};
+if (opts.beautify) {
+options.output = typeof opts.beautify == "object" ? opts.beautify : {};
 if (!("beautify" in options.output)) {
 options.output.beautify = true;
 }
 }
-if (program.comments) {
+if (opts.comments) {
 if (typeof options.output != "object") options.output = {};
-options.output.comments = typeof program.comments == "string" ? 
program.comments : "some";
+options.output.comments = typeof opts.comments == "string" ? opts.comments 
: "some";
 }
-if (program.define) {
+if (opts.define) {
 if (typeof options.compress != "object") options.compress = {};
 if (typeof options.compress.global_defs != "object") 
options.compress.global_defs = {};
-for (var expr in program.define) {
-options.compress.global_defs[expr] = program.define[expr];
+for (var expr in opts.define) {
+options.compress.global_defs[expr] = opts.define[expr];
 }
 }
-if (program.keepClassnames) {
+if (opts.keepClassnames) {
 options.keep_classnames = true;
 }
-if (program.keepFnames) {
+if (opts.keepFnames) {
 options.keep_fnames = true;
 }
-if (program.mangleProps) {
-if (program.mangleProps.domprops) {
-delete program.mangleProps.domprops;
+if (opts.mangleProps) {
+if (opts.mangleProps.domprops) {
+delete opts.mangleProps.domprops;
 } else {
-if (typeof program.mangleProps != "object") program.mangleProps = {};
-if (!Array.isArray(program.mangleProps.reserved)) 
program.mangleProps.reserved = [];
+if (typeof opts.mangleProps != "object") opts.mangleProps = {};
+if (!Array.isArray(opts.mangleProps.reserved)) 
opts.mangleProps.reserved = [];
 }
 if (typeof options.mangle != "object") options.mangle = {};
-options.mangle.properties = program.mangleProps;
+options.mangle.properties = opts.mangleProps;
 }
-if (program.nameCache) {
-options.nameCache = JSON.parse(read_file(program.nameCache, "{}"));
+if (opts.nameCache) {
+options.nameCache = JSON.parse(read_file(opts.nameCache, "{}"));
 }
-if (program.output == "ast") {
+if (opts.output == "ast") {
 options.output = {
 ast: true,
 code: false
 };
 }
-if (program.parse) {
-if (!program.parse.acorn && !program.parse.spidermonkey) {
-options.parse = program.parse;
-} else if (program.sourceMap && program.sourceMap.content == "inline") {
+if (opts.parse) {
+if (!opts.parse.acorn && !opts.parse.spidermonkey) {
+options.parse = opts.parse;
+} else if (opts.sourceMap && opts.sourceMap.content == "inline") {
 fatal("ERROR: inline source map only works with built-in parser");
 }
 }
 if (~program.rawArgs.indexOf("--rename")) {
 options.rename = true;
-} else if (!program.rename) {
+} else if (!opts.rename) {
 

Bug#1003004: transition: capnproto

[tony mancill]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi Release Team,

capnproto 0.8.0 has been in experimental for over a year now [1], so
there is already an auto-transition page [2].

All of the reverse dependencies *except* for clickhouse should smoothly.
clickhouse [3] is FTBFS against 0.8.0, but the package has already been
removed from testing due to FTBFS against gcc 11 [4].  Given that
clickhouse isn't receiving much attention and we have received requests
to update captnproto, we would like to proceed with the transition.

Thank you,
tony

[1] https://tracker.debian.org/pkg/capnproto
[2] https://release.debian.org/transitions/html/auto-capnproto.html
[3] https://tracker.debian.org/pkg/clickhouse
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996130

Ben file:

title = "capnproto";
is_affected = .depends ~ "libcapnp-0.7.0" | .depends ~ "libcapnp-0.8.0";
is_good = .depends ~ "libcapnp-0.8.0";
is_bad = .depends ~ "libcapnp-0.7.0";


signature.asc
Description: PGP signature

Bug#916749: systemd-cron: Tries to launch unreachable commands

[Alexandre Detiste]

control: reassign -1 dma

Hi,

This looks more like normal behaviour.

tchet@brix ~ $ [ -x /usr/sbin/dma ] && /usr/sbin/dma -q1
tchet@brix ~ $ echo $?
1

The crontab should maybe have been written this way, to always return "true".

[ -x /usr/sbin/dma ] && /usr/sbin/dma -q1 || true


I'm assigningg the bug to "dma".
dma maintainers can close it if they feel so.

Greetings,


Package: systemd-cron
Version: 1.5.14-2
Severity: important

Dear Maintainer,

I just switched from cron to systemd cron. I now have every 5 mintes
following email :

* cron-dma-root-0.service - [Cron] "*/5 * * * * root [ -x
/usr/sbin/dma ] && /usr/sbin/dma -q1"
   Loaded: loaded (/etc/cron.d/dma; generated)
   Active: failed (Result: exit-code) since Tue 2018-12-18 09:10:03
CET; 74ms ago
 Docs: man:systemd-crontab-generator(8)
  Process: 8569 ExecStart=/bin/sh
/run/systemd/generator/cron-dma-root-0.sh (code=exited,
status=1/FAILURE)
 Main PID: 8569 (code=exited, status=1/FAILURE)

Dec 18 09:10:03 ot-fixe-008 systemd[1]: Starting [Cron] "*/5 * * * *
root [ -x /usr/sbin/dma ] && /usr/sbin/dma -q1"...
Dec 18 09:10:03 ot-fixe-008 systemd[1]: cron-dma-root-0.service: Main
process exited, code=exited, status=1/FAILURE
Dec 18 09:10:03 ot-fixe-008 systemd[1]: cron-dma-root-0.service:
Failed with result 'exit-code'.
Dec 18 09:10:03 ot-fixe-008 systemd[1]: Failed to start [Cron] "*/5 *
* * * root [ -x /usr/sbin/dma ] && /usr/sbin/dma -q1".
Dec 18 09:10:03 ot-fixe-008 systemd[1]: cron-dma-root-0.service:
Triggering OnFailure= dependencies.

/usr/sbin/dma does not exist, thus the action should not be executed.

Bug#1003007: libvirt-php FTBFS with PHP 8.1

[Adrian Bunk]

Source: libvirt-php
Version: 0.5.5-3
Severity: serious
Tags: ftbfs bookworm sid

https://buildd.debian.org/status/fetch.php?pkg=libvirt-php=amd64=0.5.5-3%2Bb1=1641147267=0

...
In file included from ../../src/libvirt-php.c:19:
../../src/libvirt-php.h:161:26: error: expected ‘;’, ‘,’ or ‘)’ before 
‘TSRMLS_DC’
  161 | void set_error(char *msg TSRMLS_DC);
  |  ^
../../src/libvirt-php.h:162:35: error: expected ‘;’, ‘,’ or ‘)’ before 
‘TSRMLS_DC’
  162 | void set_error_if_unset(char *msg TSRMLS_DC);
  |   ^
../../src/libvirt-php.h:163:1: warning: parameter names (without types) in 
function declaration
  163 | void reset_error(TSRMLS_D);
  | ^~~~
...