Bug#1033820: node-snapdragon: autopkgtest regression: Cannot find module 'snapdragon-node'

[Yadd]

On 4/4/23 07:08, Yadd wrote:

On 4/3/23 21:55, Paul Gevers wrote:

Hi yadd,

On 03-04-2023 05:42, Yadd wrote:
I'm unable to reproduce this issue: there is a link that provides 
snapdragon-node inside snapdragon-capture-set:


I could by running the following on my laptop:
paul@mulciber ~ $ autopkgtest --no-built-binaries node-snapdragon -- 
lxc --sudo autopkgtest-unstable-amd64


What did you try?


$ debc|grep '> '
lrwxrwxrwx root/root 0 2022-12-01 17:20 
./usr/share/nodejs/snapdragon-capture-set/node_modules -> 
../snapdragon/node_modules


and snamdragon has snapdragon/node_modules/snapdragon-node


To avoid confusion, I assume you mean node-snapdragon.

https://packages.debian.org/sid/all/node-snapdragon/filelist
confirms
/usr/share/nodejs/snapdragon/node_modules/snapdragon-node/

In a failing testbed:
root@autopkgtest-lxc-xulhyp:/ # ls -al 
/usr/share/nodejs/snapdragon-capture-set

total 20
drwxr-xr-x  2 root root 4096 Apr  3 19:50 .
drwxr-xr-x 52 root root 4096 Apr  3 19:50 ..
-rw-r--r--  1 root root 4283 Nov 28 20:25 index.js
-rw-r--r--  1 root root 1460 Nov 28 20:25 package.json

Am I missing something?

Paul


Hi,

then the bug is in the build, not in the test itself. Found: the fix was 
rejected (maybe a md5 mismatch?). Let's repush it.


For the record, the submodule snapdragon-capture-set was broken for a 
long time, except when node-snapdragon-node was installed. The test 
started to fail when pkg-js-autopkgtest started to test all submodules 
(version 0.14.11, 2022-02-25). I fixed node-snapdragon on december but 
didn't see that upload was rejected. Fixed now.


Cheers,
Yadd

Bug#1032984:

[Stefan Schippers]

On Sun, Mar 26, 2023 at 22:03:25 +0200, Stefan Schippers wrote:


I have closed upstream bug:
https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/186
since i got no feedback at all and it seems affecting only the specific
libX11 1.8.4 - fvwm2 combination that very few people use, I think.


Expecting a response within a few days was probably unrealistic in the
first place...



You are right, but it seems the bug is very specific to the libX11 1.8.4 + 
fvwm2 combination
There is basically no other report about this, all other applications for me 
work fine with 1.8.4,
so at the end of the day I don't want to waste developers time with something 
that is probably not
a libX11 bug. Switching from fvwm2 (frozen project) to fvwm3 (active project) 
solved the
issue for me.

Bug#1033929: unblock: node-interpret/2.2.0-3

[Yadd]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-interp...@packages.debian.org
Control: affects -1 + src:node-interpret

Please unblock package node-interpret

[ Reason ]
node-interpret uses network for its autopkgtest. Due to upstream changes
in some old transpilers, autopkgtest started to fail. The proposed patch
only change things in node-interpret test.

BTS: #1033816

[ Impact ]
No change in installed files, patch changes only node-interpret test.

[ Tests ]
Broken test on deprecated transpiler are now disabled.

[ Risks ]
No risk, even if patch is a little big, there is no change in installed
files.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Changes ]
 * don't test babel/register and buble/register (Debian uses
   @babel/register, no more babel/register)
 * test modules: drop embedded "expect" and add patch to use
   Debian's node-expect (provided by jest)
 * lintian-brush:
   * update lintian tags
   * update metadata
 * update debian/watch

Cheers,
Yadd

unblock node-interpret/2.2.0-3
diff --git a/debian/changelog b/debian/changelog
index b38fa5c..b5bca67 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+node-interpret (2.2.0-3) unstable; urgency=medium
+
+  * Team upload
+
+  [ lintian-brush ]
+  * Update lintian override info format in d/source/lintian-overrides
+on line 2-4
+  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse
+  * Update standards version to 4.6.2, no changes needed
+
+  [ Yadd ]
+  * Fix filenamemangle
+  * Add fix for expect 28 and drop embedded "expect"
+  * Set upstream metadata fields: Repository.
+  * Drop test on deprecated transpilers (Closes: #1033816)
+
+ -- Yadd   Mon, 03 Apr 2023 08:10:46 +0400
+
 node-interpret (2.2.0-2) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/control b/debian/control
index 2b09242..510057d 100644
--- a/debian/control
+++ b/debian/control
@@ -20,7 +20,7 @@ Build-Depends: debhelper-compat (= 13)
  , node-parse-node-version 
  , node-which-boxed-primitive 
  , node-which-collection 
-Standards-Version: 4.6.0
+Standards-Version: 4.6.2
 Vcs-Browser: https://salsa.debian.org/js-team/node-interpret
 Vcs-Git: https://salsa.debian.org/js-team/node-interpret.git
 Homepage: https://github.com/tkellen/node-interpret
diff --git a/debian/copyright b/debian/copyright
index e9d0fe5..b5809a0 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -16,10 +16,6 @@ Files: debian/tests/test_modules/*
 Copyright: 1014-2020 Jordan Harband
 License: Expat
 
-Files: debian/tests/test_modules/expect/*
-Copyright: 2015 Michael Jackson
-License: Expat
-
 Files: debian/tests/test_modules/*/node_modules/isarray/*
 Copyright: 2013 Julian Gruber 
 License: Expat
diff --git a/debian/patches/drop-test-on-deprecated-transpilers.patch 
b/debian/patches/drop-test-on-deprecated-transpilers.patch
new file mode 100644
index 000..d9a7cea
--- /dev/null
+++ b/debian/patches/drop-test-on-deprecated-transpilers.patch
@@ -0,0 +1,24 @@
+Description: drop test on deprecated transpilers
+Author: Yadd 
+Bug-Debian: https://bugs.debian.org/1033816
+Forwarded: not-needed
+Last-Update: 2023-04-03
+
+--- a/test/index.js
 b/test/index.js
+@@ -126,6 +126,7 @@
+ var fixtureDir = path.dirname(fixture);
+ var idx = attempt.index;
+ 
++if( name !== 'babel/register' && name !== 'buble/register' ) {
+ it('can require ' + extension + ' using ' + name + ' (' + idx + ')', 
function(done) {
+   var minVersion = minVersions[module];
+ 
+@@ -232,6 +233,7 @@
+   }
+   done();
+ });
++}
+   });
+ 
+   it('does not error with the .mjs extension', function(done) {
diff --git a/debian/patches/fix-for-expect-28.patch 
b/debian/patches/fix-for-expect-28.patch
new file mode 100644
index 000..af3bf26
--- /dev/null
+++ b/debian/patches/fix-for-expect-28.patch
@@ -0,0 +1,15 @@
+Description: add fix for expect 28 (jest)
+Author: Yadd 
+Forwarded: not-needed
+Last-Update: 2022-12-01
+
+--- a/test/index.js
 b/test/index.js
+@@ -1,6 +1,6 @@
+ 'use strict';
+ 
+-var expect = require('expect');
++var {expect} = require('expect');
+ 
+ var path = require('path');
+ var Module = require('module');
diff --git a/debian/patches/series b/debian/patches/series
index 0312c9a..7e124d8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,3 @@
 fix-test.diff
+fix-for-expect-28.patch
+drop-test-on-deprecated-transpilers.patch
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index 5c71dbd..792e152 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -1,4 +1,4 @@
 # Test files used only during autopkgtest
-source-is-missing debian/tests/test_modules/expect/lib/Expectation.js
-source-contains-prebuilt-javascript-object 

Bug#1033932: unblock: calamares-settings-debian/10.0.5-2

[Jonathan Carter]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: calamares-settings-deb...@packages.debian.org
Control: affects -1 + src:calamares-settings-debian

Please unblock package calamares-settings-debian

This addresses serious bug #1033930. At least on the KDE live image, pkexec
is no longer supplied by default. There may be other images that are affected 
too.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

Debdiff:

"""
diff -Nru calamares-settings-debian-12.0.5/debian/changelog 
calamares-settings-debian-12.0.5/debian/changelog
--- calamares-settings-debian-12.0.5/debian/changelog   2023-03-06 
19:24:55.0 +0200
+++ calamares-settings-debian-12.0.5/debian/changelog   2023-04-04 
09:51:03.0 +0200
@@ -1,3 +1,9 @@
+calamares-settings-debian (12.0.5-2) unstable; urgency=medium
+
+  * Depend on pkexec (Closes: #1033930)
+
+ -- Jonathan Carter   Tue, 04 Apr 2023 09:51:03 +0200
+
 calamares-settings-debian (12.0.5-1) unstable; urgency=medium

   * New upstream release
diff -Nru calamares-settings-debian-12.0.5/debian/control 
calamares-settings-debian-12.0.5/debian/control
--- calamares-settings-debian-12.0.5/debian/control 2022-05-09 
12:00:25.0 +0200
+++ calamares-settings-debian-12.0.5/debian/control 2023-04-04 
09:51:00.0 +0200
@@ -14,6 +14,7 @@
 Depends: calamares,
  cryptsetup,
  keyutils,
+ pkexec,
  qml-module-qtquick-window2,
  qml-module-qtquick2,
  ${misc:Depends}
"""

unblock calamares-settings-debian/10.0.5-2

thanks,

-Jonathan

Bug#1033902: ulogd2 debian package missing PCAP output plugin from upstream

[Harald Welte]

On Tue, Apr 04, 2023 at 08:31:42AM +0100, Chris Boot wrote:
> On 03/04/2023 19:37, Harald Welte wrote:
> > However, I was surprised to see that the ulogd2 package both in Debian 
> > stable as well
> > as unstable doesn't contain the PCAP output plugin.  Is that a conscious 
> > decision? I would
> > think it's a rather useful feature to have.
> 
> It's included in the ulogd2-pcap package, which is separate in order to
> avoid the dependency on libpcap. It was this way even with ulogd 1.x.

ugh.  Somehow that was too obvious. Sorry for the noise.

-- 
- Harald Welte   https://laforge.gnumonks.org/

"Privacy in residential applications is a desirable marketing option."
  (ETSI EN 300 175-7 Ch. A6)

Bug#1033492: unblock: php8.2/8.2.4-1 ????

[Ondřej Surý]

Hi Paul, Salvatore,

I've finally got some time here.

In all honesty, I thought that the pre-negotiated exception for PHP
does apply to all future Debian releases, so it did come as surprise
that I have to explain this again.

The quality of PHP in Debian has increased since we started using
upstream versions to fix security bugs.

The basic release policy is described here:
https://www.php.net/supported-versions.php

> Each release branch of PHP is fully supported for two years from its initial 
> stable release. During this period, bugs and security issues that have been 
> reported are fixed and are released in regular point releases.
> 
> After this two year period of active support, each branch is then supported 
> for an additional year for critical security issues only. Releases during 
> this period are made on an as-needed basis: there may be multiple point 
> releases, or none, depending on the number of reports.
> 
> Once the three years of support are completed, the branch reaches its end of 
> life and is no longer supported. A table of end-of-life branches is available.

There's also a process for introducing new features to the **major** releases: 
https://wiki.php.net/rfc, but that doesn't apply here as we are sticking with a 
single **major** release branch (PHP 8.2); no new features are introduced to 
the single release track.

Upstream makes a new release every four weeks 
(https://www.php.net/ChangeLog-8.php#8.2.4), but we generally only update to 
the releases that contain security fixes, and I don't use PU process to lighten 
the strain on the release team.

Apart from the upstream release process, all the PHP releases are regularly 
tested via external repositories that I maintain, so even the intermediate 
releases are thoroughly tested by hundreds of thousands or more - the Debian 
repository has 5+ TB of traffic and 150M+ hits; I have no statistics from the 
deployment, but any breakages are very quickly reported.

When the upstream security support ceases, I generally use Remi Collet's 
php-security repository to pull the security fixes for the last upstream 
release, as he's usually swift in preparing those.

Unblocking the latest php8.2 (8.2.4-1 and 8.2.5-1 next week) would be 
appreciated so the next Debian stable releases with the current PHP version.

Cheers,
Ondrej

On Tue, Mar 28, 2023, at 20:46, Salvatore Bonaccorso wrote:
Hi Paul,

On Sun, Mar 26, 2023 at 01:40:10PM +0200, Paul Gevers wrote:
> Hi Ondřej,
> 
> On 26-03-2023 08:36, Ondřej Surý wrote:
> > just a quick reply - PHP already has a security (and if I remember 
> > correctly release) team exception from the last time. So, we already had 
> > this talk about upstream policies.
> 
> I *suspect* the same, but because of the shear amount of work ongoing for
> the release team at the moment, I hope people can help point to the relevant
> information instead of us needing to find it.
> 
> It can obviously wait a couple of days, we're not *that* close to releasing
> yet.

if this helps on the decision: We would, similarly as done for
bullseye already, want to follow the upstream releases until supported
by upstream and then switch to cherry-pick security fixes only on top.

Ondrej can give a more detailed input, so please wait for his reply.

Regards,
Salvatore


--
Ondřej Surý (He/Him)
ond...@sury.org

Bug#1033927: unblock: node-sinon/14.0.2+ds+~cs74.13.25-2

[Yadd]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-si...@packages.debian.org
Control: affects -1 + src:node-sinon

Please unblock package node-sinon

[ Reason ]
node-sinon is a package used during JS tests. In Debian JS Team we
choose to launch autopkgtest with `--disable-proto=throw` to ensure
that JS packages don't used this old way to access to prototype for
security reasons.
This change started in September 2022 (pkg-js-autopkgtest 0.15.x).

node-sinon currently parses all object properties without avoid
__proto__. This breaks (at least) node-nock autopkgtest.

[ Impact ]
No change, the patch just avoid parsing __proto__

[ Tests ]
No change in test, still pass (autopkgtest + build). This fixed also
node-nock test.

[ Risks ]
No risk here, patch is trivial

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
This debdiff adds also some tips from lintian-brush (lintian tags and
metadata update)

Cheers,
Yadd

unblock node-sinon/14.0.2+ds+~cs74.13.25-2
diff --git a/debian/changelog b/debian/changelog
index aaace48..111c526 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+node-sinon (14.0.2+ds+~cs74.13.25-2) unstable; urgency=medium
+
+  * Team upload
+  * Update lintian override info format in d/source/lintian-overrides
+on line 2-3
+  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse
+  * Update standards version to 4.6.2, no changes needed
+  * Drop calls to __proto__ (Closes: #1033818)
+
+ -- Yadd   Mon, 03 Apr 2023 07:26:51 +0400
+
 node-sinon (14.0.2+ds+~cs74.13.25-1) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/control b/debian/control
index 1a73a29..c60cd62 100644
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,7 @@ Build-Depends:
  , node-supports-color
  , node-type-detect
  , node-util 
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
 Vcs-Browser: https://salsa.debian.org/js-team/node-sinon
 Vcs-Git: https://salsa.debian.org/js-team/node-sinon.git
 Homepage: https://sinonjs.org/
diff --git a/debian/patches/dont-try-to-access-to-__proto__.patch 
b/debian/patches/dont-try-to-access-to-__proto__.patch
new file mode 100644
index 000..5973750
--- /dev/null
+++ b/debian/patches/dont-try-to-access-to-__proto__.patch
@@ -0,0 +1,16 @@
+Description: don't try to access to __proto__
+Author: Yadd 
+Forwarded: no
+Last-Update: 2023-04-03
+
+--- a/lib/sinon/util/core/walk.js
 b/lib/sinon/util/core/walk.js
+@@ -17,7 +17,7 @@
+ }
+ 
+ forEach(Object.getOwnPropertyNames(obj), function (k) {
+-if (seen[k] !== true) {
++if (k !== '__proto__' && seen[k] !== true) {
+ seen[k] = true;
+ var target =
+ typeof Object.getOwnPropertyDescriptor(obj, k).get ===
diff --git a/debian/patches/series b/debian/patches/series
index ffb3e1f..b2b7689 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ fix-sinonjsreferee-sinon-test.diff
 reproducible.patch
 fix-for-path-to-regexp-6.patch
 drop-unstable-test.patch
+dont-try-to-access-to-__proto__.patch
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index 3f4d9d6..05b110e 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -1,6 +1,6 @@
 # False positive: data
-source-is-missing *sinonjstext-encoding/lib/encoding-indexes.js*
-source-contains-prebuilt-javascript-object 
*sinonjstext-encoding/lib/encoding-indexes.js*
+source-is-missing [*sinonjstext-encoding/lib/encoding-indexes.js*]
+source-contains-prebuilt-javascript-object 
[*sinonjstext-encoding/lib/encoding-indexes.js*]
 very-long-line-length-in-source-file *sinonjsfake-timers/LICENSE*
 very-long-line-length-in-source-file 
*sinonjstext-encoding/lib/encoding-indexes.js*
 very-long-line-length-in-source-file *.md*
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
index 6d85d64..c5adee0 100644
--- a/debian/upstream/metadata
+++ b/debian/upstream/metadata
@@ -1,6 +1,6 @@
 ---
 Archive: GitHub
-Bug-Database: https://github.com/cjohansen/Sinon.JS/issues
-Bug-Submit: https://github.com/cjohansen/Sinon.JS/issues/new
+Bug-Database: https://github.com/sinonjs/sinon/issues
+Bug-Submit: https://github.com/sinonjs/sinon/issues/new
 Repository: https://github.com/cjohansen/Sinon.JS.git
-Repository-Browse: https://github.com/cjohansen/Sinon.JS
+Repository-Browse: https://github.com/sinonjs/sinon

Bug#1033931: UB: memcmp is not atomic in C11 either

[Mathieu Malaterre]

The bugzilla thread is rather long. But I took the liberty to report
the issue as grave following the comment:

https://sourceware.org/bugzilla/show_bug.cgi?id=29863#c11

Feel free to downgrade severity if my understanding is incorrect.

Thanks

Bug#1033928: debian-security-support: [INTL:tr] turkish translation of debconf messages

[Atila KOÇ]

Package: debian-security-support
Severity: wishlist
Tags: l10n patch

Hello,

Find attached the updated Turkish translation of the 
debian-security-support debconf messages.

It has been submitted for review to the debian-l10n-turkish mailing list.
Please include it in your next upload.

Regards,
Atila KOÇ

--- YASAL UYARI ---

# Turkish debconf translation of debian-security-support
# This file is distributed under the same license as the debian-security-support package.
# Mert Dirik , 2014.
# Atila KOÇ , 2023.
#
msgid ""
msgstr ""
"Project-Id-Version: debian-security-support\n"
"Report-Msgid-Bugs-To: debian-security-supp...@packages.debian.org\n"
"POT-Creation-Date: 2016-05-12 09:42+0200\n"
"PO-Revision-Date: 2023-03-04 22:32+0300\n"
"Last-Translator: Atila KOÇ \n"
"Language-Team: Debian L10n Turkish \n"
"Language: tr\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 2.4.2\n"

#. Type: text
#. Description
#: ../debian-security-support.templates:2001
msgid "Ended security support for one or more packages"
msgstr "Bir ya da daha fazla pakete verilen güvenlik desteği sona erdi"

#. Type: text
#. Description
#: ../debian-security-support.templates:2001
msgid ""
"Unfortunately, it has been necessary to end security support for some "
"packages before the end of the regular security maintenance life cycle."
msgstr ""
"Bazı paketlerin güvenlik desteğine, dağıtım için öngörülen güvenlik desteği "
"süresi dolmadan önce son vermek gerekti."

#. Type: text
#. Description
#. Type: text
#. Description
#. Type: text
#. Description
#: ../debian-security-support.templates:2001
#: ../debian-security-support.templates:3001
#: ../debian-security-support.templates:4001
msgid "The following packages found on this system are affected by this:"
msgstr "Sisteminizde bu durumdan etkilenen şu paketler bulundu:"

#. Type: text
#. Description
#: ../debian-security-support.templates:3001
msgid "Limited security support for one or more packages"
msgstr ""
"Bir ya da daha fazla pakete yalnızca sınırlı güvenlik desteği verilebilecek"

#. Type: text
#. Description
#: ../debian-security-support.templates:3001
msgid ""
"Unfortunately, it has been necessary to limit security support for some "
"packages."
msgstr "Bazı paketlere verilen güvenlik desteğini sınırlandırmak gerekti."

#. Type: text
#. Description
#: ../debian-security-support.templates:4001
msgid "Future end of support for one or more packages"
msgstr ""
"Gelecekte, bir ya da daha fazla pakete yalnızca sınırlı güvenlik desteği "
"verilebilecek"

#. Type: text
#. Description
#: ../debian-security-support.templates:4001
msgid ""
"Unfortunately, it will be necessary to end security support for some "
"packages before the end of the regular security maintenance life cycle."
msgstr ""
"Bazı paketlerin güvenlik desteğine, dağıtım için öngörülen güvenlik desteği "
"süresi dolmadan önce son vermek gerekecek."

Bug#1033902: ulogd2 debian package missing PCAP output plugin from upstream

[Chris Boot]

On 03/04/2023 19:37, Harald Welte wrote:

However, I was surprised to see that the ulogd2 package both in Debian stable 
as well
as unstable doesn't contain the PCAP output plugin.  Is that a conscious 
decision? I would
think it's a rather useful feature to have.


It's included in the ulogd2-pcap package, which is separate in order to 
avoid the dependency on libpcap. It was this way even with ulogd 1.x.


Cheers,
Chris

--
Chris Boot
bo...@debian.org

Bug#1033930: calamares-settings-debian: needs dependency on pkexec (which is no longer provided on KDE iso images)

[Jonathan Carter]

Package: calamares-settings-debian
Severity: important

During testing of the RC1 live images, it was found that Calamares doesn't 
start on the KDE images.

This was due to a missing pkexec, which was previously supplied on the KDE 
plasma desktop image.

On the Debian configuration for Calamares, we should depend on pkexec.


-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_ZA.UTF-8, LC_CTYPE=en_ZA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_ZA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages calamares-settings-debian depends on:
pn  calamares
ii  cryptsetup   2:2.6.1-3
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
pn  keyutils 
ii  qml-module-qtquick-window2   5.15.8+dfsg-3
ii  qml-module-qtquick2  5.15.8+dfsg-3

calamares-settings-debian recommends no packages.

calamares-settings-debian suggests no packages.

Bug#1033921: debian-installer: Weekly build of d-i fails to find ipw2x00 firmware package

[Pascal Hambourg]

On 04/04/2023 at 01:46, Cyril Brulebois wrote:


Everything seems to be working as intended…


Yes. The package is found but rejected because of licence issue. This is 
the expected effect of "Fix files removal for non-accepted firmware 
packages (#1032377)", although it might be seen by users as a regression.



Arguably check-missing-firmware could be more verbose about what happens
around license accepting.


Yes, at the least.

Bug#1033931: Fwd: Novice needs help submitting a bug report

[Mathieu Malaterre]

Package: libc-bin
Version: 2.36-8
Severity: grave
Justification: renders package unusable

Dear Maintainer,

There is a bug in glibc 2.36 that has been fixed in 2.37. The two
links below detail the original bug report and the fix.

- Upstream bug report - https://sourceware.org/bugzilla/show_bug.cgi?id=29863

- Upstream commit fixing said bug report –
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=b712be52645282c706a5faa038242504feb06db5



This bug causes fis-gtm to randomly crash on a SIGSEGV. Depending upon
process activity, the crash could result in database damage.

Bug#1005368: xserver-xorg-core: Won’t upgrade

[Alban Browaeys]

Are you still unable to install xserver-xorg-core without having to
remove all your drivers packages?

Mind you were on unstable and unstable is supposed to have upgrade path
breakages from time to time. Have you waited a few days to confirm the
issue was not a transistion in progress?

Can you close the issue if the issue is gone now?

Cheers,
Alban

On Sat, 12 Feb 2022 09:14:19 +0100 Nicolas Patrois
 wrote:
> Package: xserver-xorg-core
> Version: 2:1.20.14-1
> Severity: normal
> 
> Dear Maintainer,
> 
> The package won’t upgrade because it needs to remove driver packages
(nearly
> every driver packages), including the driver that I’m currently
using.
> Here is the list of the packages that won’t upgrade:
> xserver-xorg-core xserver-xorg-input-libinput xserver-xorg-video-
amdgpu
> xserver-xorg-video-ati xserver-xorg-video-dummy xserver-xorg-video-
fbdev
> xserver-xorg-video-intel xserver-xorg-video-qxl xserver-xorg-video-
radeon
> xserver-xorg-video-vesa xserver-xorg-video-vmware
> 
> Yours,
> n.
> 
> 
> -- Package-specific info:
> X server symlink status:
> 
> lrwxrwxrwx 1 root root 13 Oct 16  2009 /etc/X11/X -> /usr/bin/Xorg
> -rwxr-xr-x 1 root root 274 Jan 11 15:21 /usr/bin/Xorg
> 
> Diversions concerning libGL are in place
> 
> diversion of /usr/lib/arm-linux-gnueabihf/libGL.so.1.2.0 to
/usr/lib/mesa-diverted/arm-linux-gnueabihf/libGL.so.1.2.0 by glx-
diversions
> diversion of /usr/lib/powerpc64le-linux-gnu/libGLESv2.so.2 to
/usr/lib/mesa-diverted/powerpc64le-linux-gnu/libGLESv2.so.2 by glx-
diversions
> diversion of /usr/lib/libGL.so.1 to /usr/lib/mesa-diverted/libGL.so.1
by glx-diversions
> diversion of /usr/lib/arm-linux-gnueabihf/libGLESv2.so.2.0.0 to
/usr/lib/mesa-diverted/arm-linux-gnueabihf/libGLESv2.so.2.0.0 by glx-
diversions
> diversion of /usr/lib/libGLESv2.so.2 to /usr/lib/mesa-
diverted/libGLESv2.so.2 by glx-diversions
> diversion of /usr/lib/arm-linux-gnueabihf/libGL.so to /usr/lib/mesa-
diverted/arm-linux-gnueabihf/libGL.so by glx-diversions
> diversion of /usr/lib/i386-linux-gnu/libGLX_indirect.so.0 to
/usr/lib/mesa-diverted/i386-linux-gnu/libGLX_indirect.so.0 by glx-
diversions
> diversion of /usr/lib/x86_64-linux-gnu/libGLESv1_CM.so.1.1.0 to
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGLESv1_CM.so.1.1.0 by glx-
diversions
> diversion of /usr/lib/arm-linux-gnueabihf/libGLESv1_CM.so to
/usr/lib/mesa-diverted/arm-linux-gnueabihf/libGLESv1_CM.so by glx-
diversions
> diversion of /usr/lib/i386-linux-gnu/libGLESv2.so.2 to /usr/lib/mesa-
diverted/i386-linux-gnu/libGLESv2.so.2 by glx-diversions
> diversion of /usr/lib/arm-linux-gnueabihf/libGLESv2.so.2.1.0 to
/usr/lib/mesa-diverted/arm-linux-gnueabihf/libGLESv2.so.2.1.0 by glx-
diversions
> diversion of /usr/lib/i386-linux-gnu/libGLESv2.so.2.1.0 to
/usr/lib/mesa-diverted/i386-linux-gnu/libGLESv2.so.2.1.0 by glx-
diversions
> diversion of /usr/lib/x86_64-linux-gnu/libGLESv2.so.2 to
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGLESv2.so.2 by glx-
diversions
> diversion of /usr/lib/x86_64-linux-gnu/libGLX_indirect.so.0 to
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGLX_indirect.so.0 by glx-
diversions
> diversion of /usr/lib/arm-linux-gnueabihf/libGL.so.1.2 to
/usr/lib/mesa-diverted/arm-linux-gnueabihf/libGL.so.1.2 by glx-
diversions
> diversion of /usr/lib/x86_64-linux-gnu/libGLESv2.so.2.1.0 to
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGLESv2.so.2.1.0 by glx-
diversions
> diversion of /usr/lib/powerpc64le-linux-gnu/libGLESv1_CM.so to
/usr/lib/mesa-diverted/powerpc64le-linux-gnu/libGLESv1_CM.so by glx-
diversions
> diversion of /usr/lib/aarch64-linux-gnu/libGLESv1_CM.so.1.1.0 to
/usr/lib/mesa-diverted/aarch64-linux-gnu/libGLESv1_CM.so.1.1.0 by glx-
diversions
> diversion of /usr/lib/powerpc64le-linux-gnu/libGL.so.1.2.0 to
/usr/lib/mesa-diverted/powerpc64le-linux-gnu/libGL.so.1.2.0 by glx-
diversions
> diversion of /usr/lib/libGLESv1_CM.so.1.1.0 to /usr/lib/mesa-
diverted/libGLESv1_CM.so.1.1.0 by glx-diversions
> diversion of /usr/lib/powerpc64le-linux-gnu/libGLESv2.so to
/usr/lib/mesa-diverted/powerpc64le-linux-gnu/libGLESv2.so by glx-
diversions
> diversion of /usr/lib/i386-linux-gnu/libGLESv1_CM.so.1 to
/usr/lib/mesa-diverted/i386-linux-gnu/libGLESv1_CM.so.1 by glx-
diversions
> diversion of /usr/lib/aarch64-linux-gnu/libGL.so.1.2.0 to
/usr/lib/mesa-diverted/aarch64-linux-gnu/libGL.so.1.2.0 by glx-
diversions
> diversion of /usr/lib/x86_64-linux-gnu/libGLESv1_CM.so to
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGLESv1_CM.so by glx-
diversions
> diversion of /usr/lib/arm-linux-gnueabihf/libGLESv1_CM.so.1.2.0 to
/usr/lib/mesa-diverted/arm-linux-gnueabihf/libGLESv1_CM.so.1.2.0 by
glx-diversions
> diversion of /usr/lib/arm-linux-gnueabihf/libGLESv1_CM.so.1.1.0 to
/usr/lib/mesa-diverted/arm-linux-gnueabihf/libGLESv1_CM.so.1.1.0 by
glx-diversions
> diversion of /usr/lib/libGL.so.1.2.0 to /usr/lib/mesa-
diverted/libGL.so.1.2.0 by glx-diversions
> diversion of 

Bug#1033942: nmu: ppl_1:1.2-8.1

[Paul Gevers]

Control: tags -1 moreinfo

Hi Lev,

On 04-04-2023 15:05, Lev Lamberov wrote:

Please, rebuild ppl against swi-prolog 9.0.4+dfsg-2 in unstable. The
ppl package in unstable and testing was build against the older
swi-prolog version, containing older library. For more information,
please see this swi-prolog [bug].

[bug] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033636


It's a shame we discussed this in bug 1022253 [1]. Do you know what was 
flawed in our assessment?


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022253#24

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1033492: unblock: php8.2/8.2.4-1 ????

[Moritz Mühlenhoff]

Am Tue, Apr 04, 2023 at 09:14:36PM +0200 schrieb Paul Gevers:
> On 04-04-2023 20:07, Moritz Mühlenhoff wrote:
> > If we would add the list of source packages which are following micro
> releases
> > in stable-security to a machine-parseable list (e.g. somewhere in the
> > Security Tracker repo), would that be useful to enhance release
> > management tooling (e.g. by automatically annotating unblock requests
> > or similar?)
> 
> Do you have any idea how many packages are in that set. Yes if that were
> public that would help.

My gut feeling is "less than 20", I'll try to compile a list in the next days.

Cheers,
Moritz

Bug#1033945: unblock: pdns-recursor/4.8.4-1 [pre-approval]

[Sebastian Ramacher]

On 2023-04-04 15:33:01 +0200, Chris Hofstaedtler wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: Debian Security Team 
> 
> Please unblock package pdns-recursor
> 
> [ Reason ]
> 
> I would like to update pdns-recursor 4.8.2 to 4.8.4, to:
> - fix CVE-2023-26437, sole change in 4.8.4
> - get the fixes for the resolving/validation logic from 4.8.3.
> 
> While this is a new upstream release, there are no new features, and
> only bugfixes.
> 
> In previous Debian releases applying security fixes to pdns-recursor was
> often problematic when the resolve/validation logic had to change. This
> part of the code is long and complicated, only understood by DNS experts,
> and also very relevant on the Internet and under flux of the living
> Internet.
> Security fixes have to change this code, and applying patches on top of
> each other touching the same code parts often does not work without
> importing all the changes.
> We are certainly not in a better position to judge these code parts than
> upstream is.
> 
> [ Impact ]
> Security bug is fixed; applying future security patches will be easier.
> 
> [ Tests ]
> Resolve/validation logic is tested by a build-time test suite.
> I have manually tested it as well, but obviously I cannot reproduce the
> security problem easily.
> 
> [ Risks ]
> Open security bug in bookworm.
> Applying future security patches will be harder or impossible.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> Another fix upstream included in 4.8.3 involves log levels of common log
> messages, to spam journal less with "error" severity.
> 
> debdiff is produced using the following command to ignore generated
> files and the publicsuffixlist, which our packages do not use by default
> at runtime:
> debdiff pdns-recursor_4.8.2-1.dsc pdns-recursor_4.8.4-1.dsc| filterdiff -x 
> '*/pubsuffix.cc' -x '*/effective_tld_names.dat' -x '*/*.1' -x '*/configure'
> 
> This is a pre-approval request, I have not uploaded yet.

Please go ahead

Cheers

> 
> 
> unblock pdns-recursor/4.8.4-1

> diff -Nru pdns-recursor-4.8.2/configure.ac pdns-recursor-4.8.4/configure.ac
> --- pdns-recursor-4.8.2/configure.ac  2023-01-30 09:58:04.0 +
> +++ pdns-recursor-4.8.4/configure.ac  2023-03-27 15:09:19.0 +
> @@ -1,6 +1,6 @@
>  AC_PREREQ([2.69])
>  
> -AC_INIT([pdns-recursor], [4.8.2])
> +AC_INIT([pdns-recursor], [4.8.4])
>  AC_CONFIG_AUX_DIR([build-aux])
>  AM_INIT_AUTOMAKE([foreign dist-bzip2 no-dist-gzip tar-ustar -Wno-portability 
> subdir-objects parallel-tests 1.11])
>  AM_SILENT_RULES([yes])
> diff -Nru pdns-recursor-4.8.2/debian/changelog 
> pdns-recursor-4.8.4/debian/changelog
> --- pdns-recursor-4.8.2/debian/changelog  2023-01-31 16:46:42.0 
> +
> +++ pdns-recursor-4.8.4/debian/changelog  2023-04-04 11:10:26.0 
> +
> @@ -1,3 +1,16 @@
> +pdns-recursor (4.8.4-1) unstable; urgency=medium
> +
> +  * New upstream version 4.8.4
> +* Fixes CVE-2023-26437, see
> +  
> https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html
> +  (Closes: #1033941)
> +* Fixes high CPU usage caused by serve-stale logic.
> +* Fixes DNSSEC validation issues for some domains served by popular
> +  DNS software by F5.
> +* Downgrades severity for a few log messages.
> +
> + -- Chris Hofstaedtler   Tue, 04 Apr 2023 11:10:26 +
> +
>  pdns-recursor (4.8.2-1) unstable; urgency=medium
>  
>* New upstream version 4.8.2
> diff -Nru pdns-recursor-4.8.2/negcache.cc pdns-recursor-4.8.4/negcache.cc
> --- pdns-recursor-4.8.2/negcache.cc   2023-01-30 09:57:23.0 +
> +++ pdns-recursor-4.8.4/negcache.cc   2023-03-27 15:08:37.0 +
> @@ -119,27 +119,32 @@
>  
>const auto& idx = content->d_map.get();
>auto range = idx.equal_range(qname);
> -  auto ni = range.first;
>  
> -  while (ni != range.second) {
> +  for (auto ni = range.first; ni != range.second; ++ni) {
>  // We have an entry
>  if ((!typeMustMatch && ni->d_qtype == QType::ENT) || ni->d_qtype == 
> qtype) {
>// We match the QType or the whole name is denied
>auto firstIndexIterator = content->d_map.project(ni);
>  
> -  if (!refresh && (serveStale || ni->d_servedStale > 0) && ni->d_ttd <= 
> now.tv_sec && ni->d_servedStale < s_maxServedStaleExtensions) {
> +  // this checks ttd, but also takes into account serve-stale
> +  if (!ni->isEntryUsable(now.tv_sec, serveStale)) {
> +// Outdated
> +moveCacheItemToFront(content->d_map, 
> firstIndexIterator);
> +continue;
> +  }
> +  // If we are serving this record stale (or *should*) and the ttd has 
> passed increase ttd to
> +  // the future and remember that we did. Also push a refresh task.
> +  if 

Bug#1033885: unblock: pydevd/2.9.5+ds-4

[Sebastian Ramacher]

On 2023-04-03 14:35:35 +0100, Julian Gilbey wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: pyd...@packages.debian.org
> Control: affects -1 + src:pydevd
> 
> Please unblock package pydevd
> 
> [ Reason ]
> This is a small tweak to the autopkgtests to prevent them from failing
> on a number of architectures not in the released architectures.  It
> closes #1029718, but I don't know whether it is appropriate for
> transitioning to testing (it not being an RC bug).
> 
> [ Impact ]
> It is not currently buildable on those architectures.
> 
> [ Tests ]
> The autopkgtests cover everything; this patch just excludes some which
> fail with Python 3.11.
> 
> [ Risks ]
> Code is trivial and only in the autopkgtest code.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> None
> 
> unblock pydevd/2.9.5+ds-4

> diff -Nru pydevd-2.9.5+ds/debian/changelog pydevd-2.9.5+ds/debian/changelog
> --- pydevd-2.9.5+ds/debian/changelog  2023-02-11 21:30:07.0 +
> +++ pydevd-2.9.5+ds/debian/changelog  2023-03-12 12:36:38.0 +
> @@ -1,3 +1,10 @@
> +pydevd (2.9.5+ds-4) unstable; urgency=medium
> +
> +  * Exclude failing tests on a wider variety of architectures
> +(closes: #1029718)
> +
> + -- Julian Gilbey   Sun, 12 Mar 2023 12:36:38 +
> +
>  pydevd (2.9.5+ds-3) unstable; urgency=medium
>  
>* Update README.Debian
> diff -Nru pydevd-2.9.5+ds/debian/get_test_exclusions 
> pydevd-2.9.5+ds/debian/get_test_exclusions
> --- pydevd-2.9.5+ds/debian/get_test_exclusions2023-02-11 
> 21:30:07.0 +
> +++ pydevd-2.9.5+ds/debian/get_test_exclusions2023-03-12 
> 12:36:38.0 +
> @@ -91,10 +91,25 @@
>  tests_python/test_debugger_json.py::test_function_breakpoints_async
>  )
>  
> -# s390x fails even more disastrously
> -if [ $arch = s390x ]
> +# failing tests on 32-bit big-endian targets and riscv64
> +if [ $arch = hppa -o $arch = m68k -o $arch = powerpc -o $arch = riscv64 ]
>  then
> - EXCLUDES+=(
> +EXCLUDES+=(
> +tests_python/test_debugger.py::test_gevent
> +tests_python/test_debugger.py::test_gevent_remote
> +tests_python/test_debugger_json.py::test_wait_for_attach_gevent
> +
> tests_python/test_debugger_json.py::test_gevent_show_paused_greenlets
> +
> tests_python/test_debugger_json.py::test_gevent_subprocess_not_python
> +tests_python/test_debugger_json.py::test_gevent_subprocess_python
> +tests_python/test_debugger_json.py::test_notify_gevent
> +tests_python/test_utilities.py::test_gevent_notify
> +)
> +fi
> +
> +# failing tests on 64-bit big-endian targets
> +if [ $arch = s390x -o $arch = s390x -o $arch = sparc64 ]

That's s390x twice.

Cheers

> +then
> +EXCLUDES+=(
>  tests_python/test_debugger.py::test_case_13
>  tests_python/test_debugger.py::test_check_tracer_with_exceptions
>  tests_python/test_debugger.py::test_unhandled_exceptions_basic
> @@ -106,7 +121,19 @@
>  
> tests_python/test_debugger_json.py::test_case_unhandled_exception[_debugger_case_unhandled_exceptions.py]
>  
> tests_python/test_debugger_json.py::test_case_unhandled_exception[_debugger_case_unhandled_exceptions_custom.py]
>  tests_python/test_utilities.py::test_tracing_basic
> - )
> +)
> +fi
> +
> +# Further failing tests on riscv64 (see bug#1024680)
> +if [ $arch = riscv64 ]
> +then
> +EXCLUDES+=(
> +
> tests_python/test_debugger.py::test_attach_to_pid_no_threads[False]
> +tests_python/test_debugger.py::test_attach_to_pid_halted
> +tests_python/test_debugger.py::test_case_16_resolve_numpy_array
> +
> tests_python/test_debugger.py::test_gevent_show_paused_greenlets[False]
> +tests_python/test_debugger_json.py::test_attach_to_pid[False]
> +)
>  fi
>  fi
>  
> @@ -127,7 +154,7 @@
>  
> tests_python/test_debugger.py::test_case_django_template_inherits_no_exception
>  tests_python/test_debugger.py::test_case_flask
>  tests_python/test_debugger_json.py::test_attach_to_pid[True]
> - tests_python/test_debugger_json.py::test_case_django_line_validation
> +tests_python/test_debugger_json.py::test_case_django_line_validation
>  
> tests_python/test_debugger_json.py::test_case_django_no_attribute_exception_breakpoint
>  tests_python/test_debugger_json.py::test_case_flask_line_validation
>  tests_python/test_debugger_json.py::test_code_reload
> @@ -138,30 +165,10 @@
>  )
>  fi
>  
> -# Further failing tests on riscv64 (see bug#1024680)
> -if [ $arch = riscv64 ]
> 

Bug#1033867: cloud.debian.org: Please add Amazon hibernation agent to EC2 AMIs

[Noah Meyerhans]

On 4/4/2023 9:26 AM, Noah Meyerhans wrote:

Hi Dirk.  Since we don't have this in the archive yet, I've refiled this
as an RFP.  Once it's packaged, we can add it to the AMIs.
Well, *now* I've refiled it as an RFP, now that I can correctly spell 
"wnpp" :)


noah

Bug#1033492: unblock: php8.2/8.2.4-1 ????

[Paul Gevers]

Hi Ondřej, Moritz,

On 04-04-2023 08:58, Ondřej Surý wrote:

In all honesty, I thought that the pre-negotiated exception for PHP
does apply to all future Debian releases, so it did come as surprise
that I have to explain this again.


Sorry, that wasn't my intention. Maybe I should try to keep a better 
log, as there's not many things "pre-negotiated". My memory isn't great. 
If you would have pointed me at the earlier discussion, all would have 
been well I assume.


Anyways, Sebastian already unblocked on 31 Mar when he closed this bug.

On 04-04-2023 20:07, Moritz Mühlenhoff wrote:
> If we would add the list of source packages which are following micro 
releases

> in stable-security to a machine-parseable list (e.g. somewhere in the
> Security Tracker repo), would that be useful to enhance release
> management tooling (e.g. by automatically annotating unblock requests
> or similar?)

Do you have any idea how many packages are in that set. Yes if that were 
public that would help. In this case, I only created the unblock bug 
myself to have a place for this discussion, because I noticed RC bugs 
fixed in unstable in a key package (which was thus blocked). As the 
upload had much more than the RC bug fix, I was unsure what to due, 
hence the question. *I* normally use udd bug views [1,2] to do my 
regular checking, so if we can get this information in udd, at least in 
*my* workflow it could be included.


Paul

[1] https://udd.debian.org/dev/cgi-bin/rcblog7.cgi (top paragraph 
linking "blocked (freeze)" to [2])
[2] 

Bug#1032948: linux-image-6.1.0-5-amd64: oops in ucsi_acpi_notify

[Diederik de Haas]

On Tuesday, 4 April 2023 13:11:16 CEST Julien Cristau wrote:
> On Mon, Apr  3, 2023 at 15:16:42 +0200, Diederik de Haas wrote:
> > On Saturday, 18 March 2023 23:10:39 CEST Diederik de Haas wrote:
> > 
> > On Monday, 3 April 2023 14:57:02 CEST Julien Cristau wrote:
> > > > Not sure why patchwork still shows v2 of the patch as v4 is available
> > > > here:
> > > > https://lore.kernel.org/all/20230308154244.722337-1-hdego...@redhat.com/
> > > 
> > > I'll give the patch series you linked in the other reply a go now.
> > 
> > FTR: 2 out of the 3 patches have landed in 6.1.22
> 
> Thanks for letting me know.  I've built 6.1.22 from upstream and it
> doesn't seem to crash.

That's awesome :-) Let's hope it stays that way now ;-)

You may have seen it on IRC already, but could you test a
Debian 6.1.20-1 kernel with (only) those patches applied?
These are the URLs:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y=1c5abcb13491da8c049f20462189c12c753ba978
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y=1e8525f37871741a52370627633962f8bdcab15a

If you need help with that, feel free to ask :-)

If we know that fixes the issue too, then we have the option of going for
a 6.1.20-2 release with just those 2 patches (and what's already in -2 now).

TIA,
  Diederik

signature.asc
Description: This is a digitally signed message part.

Bug#1032234: cryptsetup-initramfs: libargon2 0~20190702-0.1 no longer links against libpthread which breaks cryptsetup-initramfs

[Bastian Germann]

Hi Ondřej,

Please use the original bug. I have changed the BTS address.

Am 04.04.23 um 22:25 schrieb Ondřej Surý:

I went through the upstream changes between 20171227..20190702
and as far as I can tell, there's nothing important in there:

...
Out of these, there are only two commits that might be of interest:

cfa4385e728116989ad88b4be7c23b4868422778 Wait for already running threads if a 
thread creation failed.
fea3943adadf6527d1e839a2953e9591896e628d Use explicit_bzero() on recent glibc 
versions

But it's not like the world will be on fire if those were not backported to 
2017 version.


I do not think you need any upstream changes to fix #1032234 in the 2017 
version. Just apply this commit to it:
https://salsa.debian.org/debian/argon2/-/commit/c2152a2766fc73dd88a7d9e88bb9887cf31f1b1b

Cheers,
Bastian

Bug#1020475: Ready to Implement

[Soren Stoutner]

The dependencies are finally in place so this can be implemented.

To make things simpler for dictionary packagers, we are using a virtual package 
and an 
unversioned path for the conversion tool so that dictionary packagers don’t 
have to make 
modifications to their packages when the versions of Qt change in Debian.

All you should need to do is the following:

1.  Build-depend on `convert-bdic`.
2.  Use /usr/bin/convert-bdic to do the dictionary conversion.
3.  Place the .bdic files in /usr/share/hunspell-bdic.

More detailed information can be found in the dictionary packager documentation 
at:

file:///usr/share/doc/dictionaries-common-dev/dsdt-policy.html#hunspell-bdic

Thanks,

Soren

-- 
Soren Stoutner
so...@stoutner.com


signature.asc
Description: This is a digitally signed message part.

Bug#1033608: Exception: ModuleNotFoundError: No module named 'core.pe.photo'

[Eriberto Mota]

Control: severity 1033608 important

After several checks and tests, I got the following conclusions:

- The symlinks are present in the packages provided via Debian repositories.
- The package, when installed via APT on Sid and Bookworm, is working
  correctly.
- Building the package in a fresh jail generates the symlinks.

A single test:

eriberto@canopus:/tmp$ apt download dupeguru
Get:1 http://deb.debian.org/debian bookworm/main amd64 dupeguru amd64 
4.3.1-3+b1 [439 kB]
Fetched 439 kB in 0s (39.9 MB/s)

eriberto@canopus:/tmp$ dpkg -c dupeguru_4.3.1-3+b1_amd64.deb | egrep '\->'
lrwxrwxrwx root/root 0 2023-01-04 10:05 ./usr/bin/dupeguru -> 
../share/dupeguru/run.py
lrwxrwxrwx root/root 0 2023-01-04 10:05 ./usr/share/dupeguru/core/pe -> 
../../../lib/dupeguru/core/pe
lrwxrwxrwx root/root 0 2023-01-04 10:05 ./usr/share/dupeguru/qt/pe -> 
../../../lib/dupeguru/qt/pe
lrwxrwxrwx root/root 0 2023-01-04 10:05 
./usr/share/pixmaps/dupeguru.png -> ../dupeguru/dgse_logo_128.png


I can't see any issue with this package. Considering that an RC bug over this
package affects forensics-extra, I am decreasing the severity from grave to 
important.

Ionut, are you installing this package via APT?

Best regards,

Eriberto

Bug#1005369: xserver-xorg-core: Breaks middle button trackpoint scrolling

[Alban Browaeys]

Try removing 
xserver-xorg-input-synaptics
then restart xorg.

xserver-xorg-input-synaptics i sno longer supported by GNOME as far as
know.
xserver-xorg-input-libinput is the replacment.

Cheers,
Alban

On Sat, 12 Feb 2022 09:53:16 +0100 "Salvo \"LtWorf\" Tomaselli"
 wrote:
> Package: xserver-xorg-core
> Version: 2:21.1.3-2
> Severity: critical
> Tags: upstream
> Justification: breaks unrelated software
> X-Debbugs-Cc: tipos...@tiscali.it
> 
> Dear Maintainer,
> 
> on thinkpads it is common to scroll by holding down the middle button
and
> pushing the trackpoint up or down.
> 
> After upgrading, this feature is broken.
> 
> Reverting to the version found in testing makes it work again.
> 
> In a wayland session it works (but my keyboard layout doesn't exist
in wayland
> so using it permanently is not a viable solution).
> 
> It is strange because the input drivers have not received an update,
so I'm not
> really sure of what the interaction is here.
> 
> Anyway, I'm creating this issue with a high priority in order to stop
the package
> from migrating and make scrolling suddenly unavailable to other
people as well.
> 
> -- Package-specific info:
> /etc/X11/X does not exist.
> /etc/X11/X is not a symlink.
> /etc/X11/X is not executable.
> 
> VGA-compatible devices on PCI bus:
> --
> 00:02.0 VGA compatible controller [0300]: Intel Corporation
TigerLake-LP GT2 [Iris Xe Graphics] [8086:9a49] (rev 01)
> 
> /etc/X11/xorg.conf does not exist.
> 
> Contents of /etc/X11/xorg.conf.d:
> -
> total 0
> 
> /etc/modprobe.d contains no KMS configuration files.
> 
> Kernel version (/proc/version):
> ---
> Linux version 5.16.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-11
(Debian 11.2.0-16) 11.2.0, GNU ld (GNU Binutils for Debian)
2.37.90.20220130) #1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09)
> 
> Xorg X server log files on system:
> --
> -rw-r--r-- 1 root root 50312 Feb 12 09:43 /var/log/Xorg.0.log
> 
> Contents of most recent Xorg X server log file (/var/log/Xorg.0.log):
> -
> [ 2.949] (--) Log file renamed from "/var/log/Xorg.pid-579.log"
to "/var/log/Xorg.0.log"
> [ 2.951] 
> X.Org X Server 1.21.1.3
> X Protocol Version 11, Revision 0
> [ 2.951] Current Operating System: Linux galatea 5.16.0-1-amd64
#1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09) x86_64
> [ 2.951] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.16.0-1-
amd64 root=UUID=2e600d3e-5bd5-43cd-b826-9213b7bafb99 ro quiet
> [ 2.951] xorg-server 2:21.1.3-2 (https://www.debian.org/support) 
> [ 2.951] Current version of pixman: 0.40.0

Bug#1033867: cloud.debian.org: Please add Amazon hibernation agent to EC2 AMIs

[Noah Meyerhans]

Control: reassign -1 wnpp.debian.org
Control: retitle -1 RFP: amazon-ec2-hibinit-agent -- Amazon EC2 instance 
hibernation support

> So the request is to also ship the agent preinstalled in the Debian AMIs. See
> https://packages.ubuntu.com/search?keywords=ec2-hibinit-agent=names
> for Ubuntu (source) packages or 
> https://github.com/aws/amazon-ec2-hibinit-agent
> for latest sources.
> 
> I've already verified that it works on Debian with a local rebuild of
> the latest Ubuntu source deb.

Hi Dirk.  Since we don't have this in the archive yet, I've refiled this
as an RFP.  Once it's packaged, we can add it to the AMIs.

I've also verified in the past that it works on newer instance types,
though I believe hibernation of the older generation Xen based instance
types requires kernel patches that we don't have.  However, I think it's
fine to ignore those old instance types and focus on making things work
with modern ones.

noah

Bug#1005368: Re : xserver-xorg-core: Won’t upgrade

[nicolas . patrois]

On 04/04/2023 18:50:15, Alban Browaeys wrote:

Hi

> Are you still unable to install xserver-xorg-core without having to
> remove all your drivers packages?

Yes.

> Can you close the issue if the issue is gone now?

You can close the bug now, I upgraded the package (the bug seems to have been 
solved with no other action).

Yours,
nicolas patrois : pts noir asocial
-- 
RÉALISME

M : Qu'est-ce qu'il nous faudrait pour qu'on nous considère comme des humains ? 
Un cerveau plus gros ?
P : Non... Une carte bleue suffirait...

Bug#1033949:

[Lev Borodin]

Control: block 1006561 by -1

Bug#1033492: unblock: php8.2/8.2.4-1 ????

[Moritz Mühlenhoff]

Am Tue, Apr 04, 2023 at 08:58:37AM +0200 schrieb Ondřej Surý:
> Hi Paul, Salvatore,
> 
> In all honesty, I thought that the pre-negotiated exception for PHP
> does apply to all future Debian releases, so it did come as surprise
> that I have to explain this again.

Question to the release team:
If we would add the list of source packages which are following micro releases
in stable-security to a machine-parseable list (e.g. somewhere in the
Security Tracker repo), would that be useful to enhance release
management tooling (e.g. by automatically annotating unblock requests
or similar?)

Cheers,
Moritz

Bug#1033756: wireshark: CVE-2023-1161

[Salvatore Bonaccorso]

Hi Bálint,

On Tue, Apr 04, 2023 at 06:22:09PM +0200, Bálint Réczey wrote:
> Control: tags -1 pending fixed-upstream
> 
> Hi Salvatore,
> 
> Salvatore Bonaccorso  ezt írta (időpont: 2023.
> márc. 31., P, 21:01):
> >
> > Source: wireshark
> > Version: 4.0.3-1
> > Severity: important
> > Tags: security upstream
> > Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/18839
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> > 
> >
> > Hi,
> >
> > The following vulnerability was published for wireshark.
> >
> > CVE-2023-1161[0]:
> > | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3
> > | and 3.6.0 to 3.6.11 allows denial of service via packet injection or
> > | crafted capture file
> >
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> I have committed the fix to the packaging repository with the new
> upstream release.
> I plan uploading it when the freeze is over, unless the Security Team
> finds the issue severe enough to warrant an earlier upload.

Agreed!

Regards,
Salvatore

Bug#941980: pod2man: Please convert zero-width space (u200B) to \:

[Diederik de Haas]

Hi Russ,

On Sat, 26 Nov 2022 08:47:59 -0800 Russ Allbery  wrote:
> Russ Allbery  writes:
> > Jean-Michel Vourgère  writes:
> 
> >> I'm using pod to generate man files in package rrdtool.
> 
> >> I expected pod2man to generate the corect \: escape sequence, but it
> >> did not.
> 
> [...]
> 
> > Unfortunately, \: appears to be a groff extension as far as I can tell.
> > It's at least not mentioned in CSTR 54, nor in other older documentation
> > I can find for the *roff language.  That means this gets entangled in
> > the general design constraint that pod2man tries to produce portable
> > *roff output that's not specific to groff.
> 
> > I'm not certain this is fully correct because unfortunately it's very
> > difficult to search for \: to get more data.
> 
> Many years later, I have incorporated this change in podlators 5.00, just
> now released.  It will still be a bit before that's incorporated into Perl
> and thus into the Debian Perl packages, but I wanted to let you know that
> this fix is properly in progress.
> 
> I went ahead and did the conversion to \: unconditionally since it's
> documented in the mandoc roff reference as well as groff.  That covers
> nearly all modern platforms.  It may still not work on a few older nroff
> implementations like Solaris or AIX, but this case is obscure enough and
> enough other things related to Unicode don't work there anyway that I
> don't think it should cause any serious problems.

$ aptitude show podlators-perl
No candidate version found for podlators-perl
Package: podlators-perl
State: not a real package
Provided by: perl (5.32.1-4+deb11u1), perl (5.32.1-4+deb11u2), perl (5.36.0-7)

Does this mean that this bug is fixed in Stable and Testing/Unstable now?

Cheers,
  Diederik

signature.asc
Description: This is a digitally signed message part.

Bug#1033949: RFP: rust-peg -- Simple yet flexible parser generator that makes it easy to write robust parsers

[Lev Borodin]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: debian-r...@lists.debian.org
Control: control block 1006561 by -1

* Package name: rust-peg
  Version : 0.8.1
  Upstream Contact: Kevin Mehall 
* URL : https://docs.rs/peg/latest/peg/
* License : MIT
  Programming Lang: Rust
  Description : Simple yet flexible parser generator that makes it easy to 
write robust parsers

 Based on the Parsing Expression Grammar formalism, it provides a Rust
 macro that builds a recursive descent parser from a concise definition
 of the grammar.



signature.asc
Description: Message signed with OpenPGP

Bug#1032990: podman: user containers are completely broken with sssd: insufficient UIDs or GIDs available in user namespace

[Martin Pitt]

Control: reassign -1 sssd-common 2.8.2-3
Control: affects -1 podman
Control: retitle -1 sssd-common" subids nsswitch.conf entry breaks user 
sub[ug]ids
Control: severity -1 serious

Matej Marusak [2023-04-03 14:00 +]:
> This is easily reproducible by:
> - Download newest image, e.g. 
> https://cloud.debian.org/images/cloud/bullseye/daily/20230403-1339/debian-11-genericcloud-amd64-daily-20230403-1339.qcow2
> - Install podman and sssd-tools and sssd-dbus. It works fine without sssd
> - Login as 'admin' user
> - podman pull debian
>
> This command fails with:
> ERRO[0004] While applying layer: ApplyLayer stdout:  stderr: potentially 
> insufficient UIDs or GIDs available in user namespace (requested 0:42 for 
> /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and 
> run podman-system-migrate: lchown /etc/gshadow: invalid argument exit status 1
> Error: copying system image from manifest list: writing blob: adding layer 
> with blob 
> "sha256:3e440a7045683e27f8e2fa04000e0e078d8dfac0c971358ae0f8c65c13321c8e": 
> ApplyLayer stdout:  stderr: potentially insufficient UIDs or GIDs available 
> in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and 
> /etc/subgid if configured locally and run podman-system-migrate: lchown 
> /etc/gshadow: invalid argument exit status 1

Indeed this is a regression in sssd-common. Its postinst now does

| # Automatically added by dh_installnss/1.7
| if [ "$1" = "configure" ] && [ -f 
"${DPKG_ROOT}/etc/nsswitch.conf.nss.${DPKG_MAINTSCRIPT_PACKAGE}-will-install" ] 
&& [ -e "${DPKG_ROOT}/etc/nsswitch.conf" ] ; then
| if ! grep -q -E  -e '^subid:[^#]*\s(sss)(\s|#|$)' 
"${DPKG_ROOT}/etc/nsswitch.conf" ; then
| # Installing subid/sss from sssd-common in position last
| sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e 
'/^subid:\s[^#]*$/ s/$/ sss/' -e '/^subid:\s.*#/ s/#/ sss #/'
| fi
| rm 
"${DPKG_ROOT}/etc/nsswitch.conf.nss.${DPKG_MAINTSCRIPT_PACKAGE}-will-install"
| fi

Which the previous version didn't do. This causes this entry in
/etc/nsswitch.conf:

   subid:  sss

... which is broken:

   # getsubids admin
   Error fetching ranges

It works with "subuid: files sss" or with dropping that line altogether, so
that it goes back to reading /etc/sub[ug]id:

   # getsubids admin
   0: admin 10 65536

Either this postinst snippet forgets to add "files" or it forgets to systemctl
enable whichever service is supposed to respond to the "sss" service for
"subid".

Raising to RC, as this breaks unrelated software, and this change happened
during freeze already.

Thanks,

Martin

Bug#1005359: xserver-xorg-core: Intel HD Graphics 610: blank screen

[Alban Browaeys]

Your logs shows:
[70.057] (EE) dbus-core: error connecting to system bus: 
org.freedesktop.DBus.Error.FileNotFound (Failed to connect to socket 
/run/dbus/system_bus_socket: No such file or directory)
Do you have dbus-daemon installed and its server running (systemctl status 
dbus.service)?

You also have:
[70.087] (EE) Failed to load module "fbdev" (module does not exist, 0)
and
[70.087] (EE) Failed to load module "vesa" (module does not exist, 0)

you could try installing:
xserver-xorg-video-vesa
and
xserver-xorg-video-fbdev




On Mon, 21 Nov 2022 11:56:44 +0100 Jakub Wilk  wrote:
> Control: found -1 2:21.1.4-3
> 
> * Jakub Wilk , 2022-02-11 23:17:
> >the X server no longer works for me: I get only blank screen. Worse,
> >the blankness remains even after I zap the server.
> 
> I've bisected this; the first bad commit is 4e670f1281ad75c5 
> ("modesetting: Add CTM RandR property").
> 
> Reverting this commit (on top of 2:21.1.4-3) fixes the bug for me.
You should really open an issue in the upstream bug tracker and give
its url here if so.

By the way how do you proceed to bisect (out of the git workflow, ie to
test than on your Debian setup each bisected version works)?

Cheers,
Alban

Bug#1033862: nouveau: watchdog: BUG: soft lockup - CPU#0 stuck for 548s! [kscreenlocker_g:19260]

[Salvatore Bonaccorso]

Control: severity -1 important
Control: tags -1 + moreinfo

Hi,

On Sun, Apr 02, 2023 at 09:56:52PM -0400, A. F. Cano wrote:
> Package: src:linux
> Version: 6.1.20-1
> Severity: critical
> File: nouveau
> Justification: breaks the whole system
> X-Debbugs-Cc: af...@comcast.net
>
> When the above message occurs, the system becomes totally unresponsive and 
> the only way to recover is
> a hard power-off via the power button held for about 5 seconds.  Upon boot, 
> the sddm login screen appears
> but at 1024x768, which is much less than the monitor is capable of: 1920x1200.
> 
> xrandr
> Screen 0: minimum 16 x 16, current 1024 x 768, maximum 32767 x 32767
> XWAYLAND0 connected primary 1024x768+0+0 (normal left inverted right x axis y 
> axis) 0mm x 0mm
>1024x768  59.92*+
>800x600   59.86  
>640x480   59.38  
>320x240   59.52  
>720x480   59.71  
>640x400   59.95  
>320x200   58.96  
>1024x576  59.90  
>864x486   59.92  
>720x400   59.55  
>640x350   59.77
> 
> After login sometimes the screen goes blank (but the backlight remains on). 
> Hard power off required.
> Sometimes the gear wheel stops turning and the system freezes.  Hard power 
> off required.
> 
> I have tried to install the nvidia proprietary driver 304 
> (NVIDIA-Linux-x86_64-304.117.run) which is what
> this old chip needs but it fails to install.  No matter what I do the nouveau 
> driver is in use and
> cannot be removed.
> 
> If it were possible for nouveau and/or X/Wayland to access the whole set of 
> resolutions of the system
> without hard freezes, I'd be happy.  Any tricks?  Any specific things I could 
> try to figure out the issue?
> 
> Obviously, in this particular boot the hard freeze did not happen.
> 
> These lines seem to be relevant (from the logs below):
> 
> [   47.892652] nouveau :00:0
> d.0: bus: MMIO write of 00340001 FAULT at 00b000
> [   64.113759] nouveau :00:0d.0: bus: MMIO write of 00640001 FAULT at 
> 00b010
> [   64.114792] nouveau :00:0d.0: bus: MMIO write of 00310001 FAULT at 
> 00b020
> [   69.614326] nouveau :00:0d.0: bus: MMIO write of  FAULT at 
> 00b020
> [   69.614542] nouveau :00:0d.0: bus: MMIO write of 00640001 FAULT at 
> 00b010
> [   69.615432] nouveau :00:0d.0: bus: MMIO write of 00310001 FAULT at 
> 00b020
> [   70.336843] nouveau :00:0d.0: bus: MMIO write of  FAULT at 
> 00b020
> [   70.337057] nouveau :00:0d.0: bus: MMIO write of 00640001 FAULT at 
> 00b010
> [   70.337684] nouveau :00:0d.0: bus: MMIO write of 00660001 FAULT at 
> 00b020
> [   70.357387] nouveau :00:0d.0: bus: MMIO write of  FAULT at 
> 00b010
> [   89.666120] nouveau :00:0d.0: bus: MMIO write of 00ca0001 FAULT at 
> 00b010
> [   97.330127] nouveau :00:0d.0: bus: MMIO write of  FAULT at 
> 00b010
> [  104.590842] traps: light-locker[4745] trap int3 ip:7f59b65be7d7 
> sp:7fff472f8690 error:0 in libglib-2.0.so.0.7400.6[7f59b658+8d000]

Can you clarify, is this a regression from 6.1.15-1 previously in
testing, and now happening first with 6.1.20-1? 

Looking for reports about the same and similar effects, it looks
issues with nouveau and the old eForce 6150SE nForce 430 goes way back
several years. 

Can you please clarify if this is a new regression though between
6.1.15 and 6.1.20.

Regards,
Salvatore

Bug#1033951: unblock: libxt/1:1.2.1-1.1

[Bastian Germann]

Package: release.debian.org
Control: affects -1 + src:libxt
X-Debbugs-Cc: li...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package libxt.

[ Reason ]
Fixes RC bug #1005272.

[ Impact ]
Missing license.

[ Risks ]
None; only d/changelog and d/copyright are touched.

[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing

unblock libxt/1:1.2.1-1.1diff -u libxt-1.2.1/debian/changelog libxt-1.2.1/debian/changelog
--- libxt-1.2.1/debian/changelog
+++ libxt-1.2.1/debian/changelog
@@ -1,3 +1,12 @@
+libxt (1:1.2.1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Timo Aaltonen ]
+  * copyright: Synced with upstream. (Closes: #1005272)
+
+ -- Bastian Germann   Mon, 03 Apr 2023 15:51:04 +0200
+
 libxt (1:1.2.1-1) unstable; urgency=medium
 
   * New upstream release.
diff -u libxt-1.2.1/debian/copyright libxt-1.2.1/debian/copyright
--- libxt-1.2.1/debian/copyright
+++ libxt-1.2.1/debian/copyright
@@ -1,6 +1,25 @@
 This package was downloaded from
 http://xorg.freedesktop.org/releases/individual/lib/
 
+Copyright © 2003,2019 Thomas E. Dickey
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+ABOVE LISTED COPYRIGHT HOLDER(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
 
 Copyright © 2001,2003 Keith Packard
 

Bug#1025789: bullseye-pu: wolfssl/4.6.0+p1-0+deb11u1_4.6.0+p1-0+deb11u2.debdiff

[Bastian Germann]

Control: tag -1 - moreinfo
X-Debbugs-Cc: sirkilam...@msn.com

On Wed, 15 Mar 2023 21:28:46 + Jonathan Wiltshire  wrote:

On Thu, Dec 08, 2022 at 08:07:09PM -0800, Felix Lechner wrote:
> diff -Nru wolfssl-4.6.0+p1/debian/changelog.dch 
wolfssl-4.6.0+p1/debian/changelog.dch
> --- wolfssl-4.6.0+p1/debian/changelog.dch  1970-01-01 00:00:00.0 +
> +++ wolfssl-4.6.0+p1/debian/changelog.dch  2022-12-06 08:25:30.0 +
[...]

Stray file?

> diff -Nru 
wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch 
wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch
> --- wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch  
 1970-01-01 00:00:00.0 +
> +++ wolfssl-4.6.0+p1/debian/patches/add-WOLFSSL_CHECK_SIG_FAULTS-macro.patch  
 2022-12-06 08:25:30.0 +
> @@ -0,0 +1,154 @@
> +Description: PR 5498: CVE-2022-42961
> +Author: Jacob Barthelmeh 
> +Origin: backport

Origin would typically be a URL, and a description of what the patch fixes
(not just a bare CVE number) would be nice.

I have addressed the concerns with the attached debdiff.

wolfssl_4.6.0+p1-0+deb11u2.debdiff.xz
Description: application/xz

Bug#1033492: unblock: php8.2/8.2.4-1 ????

[Ondřej Surý]

> On 4. 4. 2023, at 21:14, Paul Gevers  wrote:
> 
> Sorry, that wasn't my intention. Maybe I should try to keep a better log, as 
> there's not many things "pre-negotiated". My memory isn't great. If you would 
> have pointed me at the earlier discussion, all would have been well I assume.

No need to apologise, we all do what we can. If there's anything I can do to 
help with the load, I am happy to do whatever I would have energy and time for. 
(I don't want to promise unicorns and rainbows :)).

On my side it's src:bind9 for both buster and bookworm and src:php7.4 for 
buster and src:php8.2 for bookworm.

Ondrej
--
Ondřej Surý (He/Him)
ond...@sury.org



signature.asc
Description: Message signed with OpenPGP

Bug#1033921: debian-installer: Weekly build of d-i fails to find ipw2x00 firmware package

[Cyril Brulebois]

Charles Curley  (2023-04-04):
> I believe that this approach contravenes the spirit if not the letter
> of the vote to include proprietary blobs in the Debian Installer.

I'm not sure whether you're purposefully trying to demotivate people who
have worked a lot to make that happen; if that's the case, good job.
You're entitled to being upset because your particular use case doesn't
work or no longer works. But you're not the only Debian user. And no,
the GR doesn't say or imply we have to support each and every bit of
hardware out there.

Now, if we could concentrate on understanding and fixing the bug, that
would be nice.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1005369: xserver-xorg-core: Breaks middle button trackpoint scrolling

[Salvo Tomaselli]

No the libinput one is bad.

libinput's author doesn't want options, so there is no way to have
usable input that feels good on thinkpads.

I'm using the xserver-xorg-input-evdev one. I guess when Xorg will be
kicked out of debian, I will need to move to devuan or something like
that, just to avoid libinput's opinions on how my input should work.

Il giorno mar 4 apr 2023 alle ore 18:45 Alban Browaeys
 ha scritto:
>
> Try removing
> xserver-xorg-input-synaptics
> then restart xorg.
>
> xserver-xorg-input-synaptics i sno longer supported by GNOME as far as
> know.
> xserver-xorg-input-libinput is the replacment.
>
> Cheers,
> Alban
>
> On Sat, 12 Feb 2022 09:53:16 +0100 "Salvo \"LtWorf\" Tomaselli"
>  wrote:
> > Package: xserver-xorg-core
> > Version: 2:21.1.3-2
> > Severity: critical
> > Tags: upstream
> > Justification: breaks unrelated software
> > X-Debbugs-Cc: tipos...@tiscali.it
> >
> > Dear Maintainer,
> >
> > on thinkpads it is common to scroll by holding down the middle button
> and
> > pushing the trackpoint up or down.
> >
> > After upgrading, this feature is broken.
> >
> > Reverting to the version found in testing makes it work again.
> >
> > In a wayland session it works (but my keyboard layout doesn't exist
> in wayland
> > so using it permanently is not a viable solution).
> >
> > It is strange because the input drivers have not received an update,
> so I'm not
> > really sure of what the interaction is here.
> >
> > Anyway, I'm creating this issue with a high priority in order to stop
> the package
> > from migrating and make scrolling suddenly unavailable to other
> people as well.
> >
> > -- Package-specific info:
> > /etc/X11/X does not exist.
> > /etc/X11/X is not a symlink.
> > /etc/X11/X is not executable.
> >
> > VGA-compatible devices on PCI bus:
> > --
> > 00:02.0 VGA compatible controller [0300]: Intel Corporation
> TigerLake-LP GT2 [Iris Xe Graphics] [8086:9a49] (rev 01)
> >
> > /etc/X11/xorg.conf does not exist.
> >
> > Contents of /etc/X11/xorg.conf.d:
> > -
> > total 0
> >
> > /etc/modprobe.d contains no KMS configuration files.
> >
> > Kernel version (/proc/version):
> > ---
> > Linux version 5.16.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-11
> (Debian 11.2.0-16) 11.2.0, GNU ld (GNU Binutils for Debian)
> 2.37.90.20220130) #1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09)
> >
> > Xorg X server log files on system:
> > --
> > -rw-r--r-- 1 root root 50312 Feb 12 09:43 /var/log/Xorg.0.log
> >
> > Contents of most recent Xorg X server log file (/var/log/Xorg.0.log):
> > -
> > [ 2.949] (--) Log file renamed from "/var/log/Xorg.pid-579.log"
> to "/var/log/Xorg.0.log"
> > [ 2.951]
> > X.Org X Server 1.21.1.3
> > X Protocol Version 11, Revision 0
> > [ 2.951] Current Operating System: Linux galatea 5.16.0-1-amd64
> #1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09) x86_64
> > [ 2.951] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.16.0-1-
> amd64 root=UUID=2e600d3e-5bd5-43cd-b826-9213b7bafb99 ro quiet
> > [ 2.951] xorg-server 2:21.1.3-2 (https://www.debian.org/support)
> > [ 2.951] Current version of pixman: 0.40.0
>


-- 
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di
senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei

http://ltworf.github.io/ltworf/

Bug#1033952: unblock: osgi-core/8.0.0-2

[Jochen Sprickerhof]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: osgi-c...@packages.debian.org
Control: affects -1 + src:osgi-core

Please unblock package osgi-core

[ Reason ]
The LoggerFactory and LogEntry interface definitions where added to
osgi-core in version 8.0.0 duplication those in osgi-compendium.
osgi-compendium carries a Debian patch to adopt the APIs to be backward
compatible that was missing from osgi-core resulting in src:bnd FTBFS
(#1026606). 8.0.0-2 copies this patch so both packages provide the same
API.

[ Impact ]
src:bnd can not be build without this patch.

[ Tests ]
I did a test rebuild of src:bnd to make sure it compiles again:
https://tests.reproducible-builds.org/debian/rb-pkg/bnd.html

[ Risks ]
Given that the patch is already in osgi-compendium since 2020 and it
only provides default implementations for the added API methods I don't
see a risk.

Alternative solutions I looked into:

- Adopting src:bnd to implement the new API. I tried this but the diff
  was rather large with no added value. Also I assume there are other
  packages depending on the old API.

- removing LoggerFactory and LogEntry from osgi-core again which would
  result in a diff to the upstream source and probably other packages
  failing.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock osgi-core/8.0.0-2
diff --git a/debian/changelog b/debian/changelog
index 0f8c8cf..ee0ef4a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+osgi-core (8.0.0-2) unstable; urgency=medium
+
+  * Team upload.
+  * Preserve backward compatibility in logging interface.
+Turned the new interface methods into default methods to preserve the
+backward compatibility. Taken from osgi-compendium. (Closes: #1026606)
+
+ -- Jochen Sprickerhof   Mon, 03 Apr 2023 14:57:28 +0200
+
 osgi-core (8.0.0-1) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/01-backward-compatibility.patch 
b/debian/patches/01-backward-compatibility.patch
new file mode 100644
index 000..a45e721
--- /dev/null
+++ b/debian/patches/01-backward-compatibility.patch
@@ -0,0 +1,95 @@
+Description: Preserves the source compatibility with older versions of the API
+Author: Emmanuel Bourg 
+Forwarded: not-needed
+--- a/org/osgi/service/log/LoggerFactory.java
 b/org/osgi/service/log/LoggerFactory.java
+@@ -61,7 +61,7 @@
+* parameter is equal to {@link Logger#ROOT_LOGGER_NAME}, then 
the
+* root logger is returned.
+*/
+-  Logger getLogger(String name);
++  default Logger getLogger(String name) { throw new 
UnsupportedOperationException(); }
+ 
+   /**
+* Return the {@link Logger} named with the specified class.
+@@ -70,7 +70,7 @@
+*{@code null}.
+* @return The {@link Logger} named with the name of the specified 
class.
+*/
+-  Logger getLogger(Class< ? > clazz);
++  default Logger getLogger(Class< ? > clazz) { throw new 
UnsupportedOperationException(); }
+ 
+   /**
+* Return the {@link Logger} of the specified type named with the 
specified
+@@ -88,7 +88,7 @@
+* @throws IllegalArgumentException If the specified type is not a 
supported
+* Logger type.
+*/
+-   L getLogger(String name, Class loggerType);
++  default  L getLogger(String name, Class 
loggerType) { throw new UnsupportedOperationException(); }
+ 
+   /**
+* Return the {@link Logger} of the specified type named with the 
specified
+@@ -104,7 +104,7 @@
+* @throws IllegalArgumentException If the specified type is not a 
supported
+* Logger type.
+*/
+-   L getLogger(Class< ? > clazz, Class loggerType);
++  default  L getLogger(Class< ? > clazz, Class 
loggerType) {throw new UnsupportedOperationException(); }
+ 
+   /**
+* Return the {@link Logger} of the specified type named with the 
specified
+@@ -130,6 +130,6 @@
+* @throws IllegalArgumentException If the specified type is not a 
supported
+* Logger type or the specified Bundle is not a resolved 
bundle.
+*/
+-   L getLogger(Bundle bundle, String name,
+-  Class loggerType);
++  default  L getLogger(Bundle bundle, String name,
++  Class loggerType) { throw new 
UnsupportedOperationException(); }
+ }
+--- a/org/osgi/service/log/LogEntry.java
 b/org/osgi/service/log/LogEntry.java
+@@ -111,7 +111,7 @@
+* @return The level of this {@code LogEntry} object.
+* @since 1.4
+*/
+-  LogLevel getLogLevel();
++  default LogLevel getLogLevel() { throw new 
UnsupportedOperationException(); }
+ 
+   /**
+* Returns the name of the {@link Logger} object used to create this
+@@ -121,7 +121,7 

Bug#1033958: binutils: reproducible builds: files in source tarball in arbitrary order

[Vagrant Cascadian]

Source: binutils
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The files in the binutils tarball appear to be in arbitrary order,
possibly affected by locale or filesystem differences:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/armhf/diffoscope-results/binutils.html

  /usr/src/binutils/binutils-2.40.tar.xz

  e.g. the first file in the bfd directory listed in these two builds are:

  
hrw-r--r--···0000·2023-01-14·00:00:00.00·binutils-2.40/bfd/elf32-m68hc1x.h
  vs.
  
hrw-r--r--···0000·2023-01-14·00:00:00.00·binutils-2.40/bfd/elf32-score7.c


The attached patch to debian/rules fixes this by passing the --sort=name
argument to tar.


Unfortunately, this patch alone does not solve all reproducibility
issues with binutils, but applying this patch should significantly reduce
the differences, making it easier to debug remaining issues.


Thanks for maintaining binutils!


live well,
  vagrant
From 6dce3b6b223419c31fb1aaa59b658652b0fe953d Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Tue, 4 Apr 2023 16:10:53 -0700
Subject: [PATCH 1/2] debian/rules: Pass argument to tar to sort the files in
 the binutils source tarball.

Locale or filesystem differences may result in the generated tarball
embedding files in arbitrary order.

https://reproducible-builds.org/docs/archives/
https://tests.reproducible-builds.org/debian/issues/unstable/random_order_in_tarball_issue.html
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 0a3ff6ec..a697df43 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1484,7 +1484,7 @@ endif # ifndef BACKPORT
 		xargs -0r touch --no-dereference --date='$(BUILD_DATE)' && \
 		find $(source_files) -type f -print0 | LC_ALL=C sort -z | \
 		XZ_OPT=-9 tar --null -T - -c --xz --mode=go=rX,u+rw,a-s \
-		--owner=0 --group=0 --numeric-owner \
+		--owner=0 --group=0 --numeric-owner --sort=name \
 		--xform='s=^[^/]*\/=binutils-$(VERSION)/=' \
 		-f $(pwd)/$(d_src)/$(PF)/src/binutils/binutils-$(VERSION).tar.xz \
 		$(source_files)
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1033955: pike8.0: reproducible builds: kernel version affects buildid

[Vagrant Cascadian]

Source: pike8.0
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build directory includes the running kernel version if PIKE_BUILD_OS
is not set, as upstream the Makefile uses "uname -s -r -m" set this
valu... resulting in a different build path during the build, which
indirectly changes the buildid of various binaries.

The attached patch to debian/rules fixes this by setting PIKE_BUILD_OS
to the value of DEB_HOST_GNU_TYPE, although any number of other
DEB_HOST_* variables could be used instead while still remaining
reproducible.

Unfortunately, this patch alone does not solve all reproducibility
issues with pike8.0, but applying this patch should significantly reduce
the differences, making it easier to debug remaining issues.

Thanks for maintaining pike8.0!

live well,
  vagrant
From 3f2aa4467cbc2fe5c9b87b712b3847d75e3e8bce Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 3 Apr 2023 15:44:33 -0700
Subject: [PATCH 2/9] debian/rules: export PIKE_BUILD_OS to avoid embedding
 kernel version.

https://tests.reproducible-builds.org/debian/issues/unstable/captures_kernel_version_issue.html
---
 debian/rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/rules b/debian/rules
index a6bb6d7..8ee2748 100755
--- a/debian/rules
+++ b/debian/rules
@@ -20,6 +20,7 @@ endif
 
 export DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+export PIKE_BUILD_OS ?= $(DEB_HOST_GNU_TYPE)
 
 CFARGSEXTRA := --with-cdebug
 
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1031352: Chromium on Wayland: Cannot join a Microsoft Teams enterprise meeting

[Andres Salomon]

Sorry, I've been fighting with chromium 112 not building on bullseye, 
but this is still on my todo list!


On Fri, Mar 31 2023 at 01:02:10 AM +02:00:00, Amr Ibrahim 
 wrote:

Info:

Microsoft has already phased out the Microsoft Teams Linux desktop 
clients in favour of the web app. Meaning that I can no longer 
download the Teams DEB package from here:

https://www.microsoft.com/en/microsoft-teams/download-app

The Teams progressive web app is now the only way to go for Linux on 
Edge and Chrome browsers:

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-teams-progressive-web-app-now-available-on-linux/ba-p/3669846

Bug#941980: pod2man: Please convert zero-width space (u200B) to \:

[Russ Allbery]

Diederik de Haas  writes:

> $ aptitude show podlators-perl
> No candidate version found for podlators-perl
> Package: podlators-perl
> State: not a real package
> Provided by: perl (5.32.1-4+deb11u1), perl (5.32.1-4+deb11u2), perl (5.36.0-7)

> Does this mean that this bug is fixed in Stable and Testing/Unstable now?

No, the change isn't in 5.32 (or 5.34 or 5.36).  I expect it will probably
be in 5.38.

podlators is not separately packaged in Debian; Debian just uses the
version that comes with Perl.  This is usually simpler, but it means that
the time lag between a change and having it show up in Debian is fairly
long.  It has to make its way into Perl and then Perl has to make a new
stable release and Debian has to incorporate that stable release.  In
terms of stable releases, it won't be until the next Debian stable release
after the upcoming one, since Perl 5.38 isn't out yet.

In the interim, you would need to install Pod::Man directly from CPAN,
vian cpanm for example, to get the new behavior.

-- 
Russ Allbery (r...@debian.org)  

Bug#1033963: curl: 7.88 breaks --unix connection

[Martin Pitt]

Package: curl
Version: 7.88.1-7
Severity: important
Tags: upstream fixed-upstream

Upstream version 7.88 broke the `--unix` option. When doing something like

curl -k --unix /run/cockpit/sock https://dummy

it now fails with

curl: (7) Failed to connect to dummy port 443 after 0 ms: Couldn't connect 
to server

i.e. it tries to connect to the TCP port 443, instead of the Unix socket. This
was reported [1] and fixed [2] upstream over a month ago.

Filing severity important, as I wouldn't want to see bookworm released with
this regression -- curl is an important debugging and scripting tool, and this
has the potential to cause quite a lot of frustration and breakage. So feel
free to raise to "serious" even.

This is fixed in curl 8.0.0. Upstream says "curl8 is fully compatible to 7.88
and introduces no new features", so it may even be appropriate for
unstable→testing at this point. Or you backport the fix [2], which is fairly
confined.

Thanks for considering,

Martin

[1] https://github.com/curl/curl/issues/10633
[2] https://github.com/curl/curl/pull/10641

Bug#1033954: pike8.0: reproducible builds: timestamp embedded in .html documentation

[Vagrant Cascadian]

On 2023-04-04, Vagrant Cascadian wrote:
> A build timestamp is embedded in the data-timestamp field in various
> .html documentation files:

This additional patch is also needed to avoid additional timestamps in
some of the rest of the documentation:

From c8d7e168779597eb36cad22b051dea372179c7e5 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 3 Apr 2023 17:52:43 -0700
Subject: [PATCH 4/5] Avoid embedding timestamp in documentation.

https://reproducible-builds.org/docs/timestamps/
---
 .../Tools.pmod/Standalone.pmod/autodoc_to_split_html.pike   | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/modules/Tools.pmod/Standalone.pmod/autodoc_to_split_html.pike b/lib/modules/Tools.pmod/Standalone.pmod/autodoc_to_split_html.pike
index f8b1b63..dd4a2c4 100644
--- a/lib/modules/Tools.pmod/Standalone.pmod/autodoc_to_split_html.pike
+++ b/lib/modules/Tools.pmod/Standalone.pmod/autodoc_to_split_html.pike
@@ -1503,11 +1503,9 @@ int low_main(string doc_file, string template_file, string outdir,
 
   string js_constants = sprintf(
 "PikeDoc.VERSION = '%s';\n"
-"PikeDoc.PUBDATE = '%s';\n"
-"PikeDoc.GENERATED = %d;\n",
+"PikeDoc.PUBDATE = '%s';\n",
 top->pike_version,
-top->timestamp,
-time());
+top->timestamp);
 
   if (exporter) {
 exporter->filemodify(Git.MODE_FILE, outdir + "/constants.js");
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1033959: binutils: reproducible builds: build paths embedded in debug symbols

[Vagrant Cascadian]

Source: binutils
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build path is embedded in debugging symbols:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/armhf/diffoscope-results/binutils.html

  /usr/lib/debug/.dwz/arm-linux-gnueabihf/binutils-arm-linux-gnueabihf.debug

  /build/1st/binutils-2.40/builddir-single/binutils
  vs.
  /build/2/binutils-2.40/2nd/builddir-single/binutils

The attached patch to debian/rules fixes this by passing the
-ffile-prefix-map in CFLAGS and CXXFLAGS, which strips the build path
from occurences of __FILE__ and in debug symbols.

Unfortunately, this patch alone does not solve all reproducibility
issues, but applying this patch should significantly reduce the
differences, making it easier to debug remaining issues.


Thanks for maintaining binutils!


live well,
  vagrant
From 50a1fd550c04ed9656df87e95477187f693e6954 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Tue, 4 Apr 2023 16:16:37 -0700
Subject: [PATCH 2/2] debian/rules: Add -ffile-prefix-map to CFLAGS and
 CXXFLAGS.

This avoids embedding the full paths to files used in the __FILE__
macro and and in debug symbols.

https://tests.reproducible-builds.org/debian/issues/unstable/gcc_captures_build_path_issue.html
---
 debian/rules | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/rules b/debian/rules
index a697df43..a681e3da 100755
--- a/debian/rules
+++ b/debian/rules
@@ -289,8 +289,8 @@ ifneq (,$(filter $(DEB_HOST_ARCH), $(gold_targets)))
   gold_provides = -Vgold:Provides=binutils-gold
 endif
 
-CFLAGS = -g -O2
-CXXFLAGS = -g -O2
+CFLAGS = -g -O2 -ffile-prefix-map=$(CURDIR)=.
+CXXFLAGS = -g -O2 -ffile-prefix-map=$(CURDIR)=.
 LDFLAGS =
 CROSS := $(DEB_HOST_GNU_TYPE)-
 CC = $(CROSS)gcc
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1033862: nouveau: watchdog: BUG: soft lockup - CPU#0 stuck for 548s! [kscreenlocker_g:19260]

[A. F. Cano]

On Tue, Apr 04, 2023 at 10:20:11PM +0200, Salvatore Bonaccorso wrote:
> Control: severity -1 important
> Control: tags -1 + moreinfo
> 
> Hi,
> 
> On Sun, Apr 02, 2023 at 09:56:52PM -0400, A. F. Cano wrote:
> > Package: src:linux
> > Version: 6.1.20-1
> > Severity: critical
> > File: nouveau
> > Justification: breaks the whole system
> > X-Debbugs-Cc: af...@comcast.net
> >
> > When the above message occurs, the system becomes totally unresponsive and 
> > the only way to recover is
> > a hard power-off via the power button held for about 5 seconds.  Upon boot, 
> > the sddm login screen appears
> > but at 1024x768, which is much less than the monitor is capable of: 
> > 1920x1200.
> > 
> > xrandr
> > Screen 0: minimum 16 x 16, current 1024 x 768, maximum 32767 x 32767
> > XWAYLAND0 connected primary 1024x768+0+0 (normal left inverted right x axis 
> > y axis) 0mm x 0mm
> >1024x768  59.92*+
> >800x600   59.86  
> >640x480   59.38  
> >320x240   59.52  
> >720x480   59.71  
> >640x400   59.95  
> >320x200   58.96  
> >1024x576  59.90  
> >864x486   59.92  
> >720x400   59.55  
> >640x350   59.77
> > 
> > After login sometimes the screen goes blank (but the backlight remains on). 
> > Hard power off required.
> > Sometimes the gear wheel stops turning and the system freezes.  Hard power 
> > off required.
> > 
> > I have tried to install the nvidia proprietary driver 304 
> > (NVIDIA-Linux-x86_64-304.117.run) which is what
> > this old chip needs but it fails to install.  No matter what I do the 
> > nouveau driver is in use and
> > cannot be removed.
> > 
> > If it were possible for nouveau and/or X/Wayland to access the whole set of 
> > resolutions of the system
> > without hard freezes, I'd be happy.  Any tricks?  Any specific things I 
> > could try to figure out the issue?
> > 
> > Obviously, in this particular boot the hard freeze did not happen.
> > 
> > These lines seem to be relevant (from the logs below):
> > 
> > [   47.892652] nouveau :00:0
> > d.0: bus: MMIO write of 00340001 FAULT at 00b000
> > [   64.113759] nouveau :00:0d.0: bus: MMIO write of 00640001 FAULT at 
> > 00b010
> > [   64.114792] nouveau :00:0d.0: bus: MMIO write of 00310001 FAULT at 
> > 00b020
> > [   69.614326] nouveau :00:0d.0: bus: MMIO write of  FAULT at 
> > 00b020
> > [   69.614542] nouveau :00:0d.0: bus: MMIO write of 00640001 FAULT at 
> > 00b010
> > [   69.615432] nouveau :00:0d.0: bus: MMIO write of 00310001 FAULT at 
> > 00b020
> > [   70.336843] nouveau :00:0d.0: bus: MMIO write of  FAULT at 
> > 00b020
> > [   70.337057] nouveau :00:0d.0: bus: MMIO write of 00640001 FAULT at 
> > 00b010
> > [   70.337684] nouveau :00:0d.0: bus: MMIO write of 00660001 FAULT at 
> > 00b020
> > [   70.357387] nouveau :00:0d.0: bus: MMIO write of  FAULT at 
> > 00b010
> > [   89.666120] nouveau :00:0d.0: bus: MMIO write of 00ca0001 FAULT at 
> > 00b010
> > [   97.330127] nouveau :00:0d.0: bus: MMIO write of  FAULT at 
> > 00b010
> > [  104.590842] traps: light-locker[4745] trap int3 ip:7f59b65be7d7 
> > sp:7fff472f8690 error:0 in libglib-2.0.so.0.7400.6[7f59b658+8d000]
> 
> Can you clarify, is this a regression from 6.1.15-1 previously in
> testing, and now happening first with 6.1.20-1? 

This was a new install about 3 weeks ago.  The kernel at the time was
6.1.0-6.  It was upgraded recently and now it is 6.1.0-7 (6.1.20-1 as
reported by cat /proc/version).

In 6.1.0-6 there were other problems (like video artifacts) but the same
bug/lockup occurred even then.

> Looking for reports about the same and similar effects, it looks
> issues with nouveau and the old eForce 6150SE nForce 430 goes way back
> several years. 

I've had trouble with nouveau on many machines going back years, that's
why the quickest solution has always been to install the proprietary
nvidia driver, but it appears that nouveau handles so much hardware on this
computer and is always in use for something that it appears it can't
be easily removed.

> Can you please clarify if this is a new regression though between
> 6.1.15 and 6.1.20.

Assuming that 6.1.15 was the version previous to 6.1.20-1, in the 6.1.0-6
package, the peoblem was present there too.

The lock-ups happen whenever any software apparently accesses the parts
of hardware that the driver is not handling correctly.  the most recent
lock-up and message I've experienced was caused by using systemsettings.

But I've had lock-ups and other video problems.  For instance, at the
moment, starting a konsole does nothing, but it doesn't lock up the
system.

the last line in dmesg after the last reboot is:

[  157.616946] nouveau :00:0d.0: gr: intr 0010 [ERROR] nsource 0002 
[DATA_ERROR] nstatus 0200 [BAD_ARGUMENT] ch 3 [00056000 
systemd-logind[449]] subc 7 class 4497 mthd 0208 data 03000248

> Regards,
> Salvatore

Thanks for 

Bug#1033960: RFP: btrfs-diff-go -- analyze differences between two BTRFS snapshots (like GNU diff for directories)

[Christoph Anton Mitterer]

Package: wnpp
Severity: wishlist

* Package name: btrfs-diff-go
  Version : git
  Upstream Contact: Michael Bideau 
* URL : https://github.com/mbideau/btrfs-diff-go
* License : GPL 3
  Programming Lang: Go
  Description : analyze differences between two BTRFS snapshots (like GNU 
diff for directories)

The idea is basically to have a fast diff (using btrfs' features)
between snapshots.

Bug#1005369: xserver-xorg-core: Breaks middle button trackpoint scrolling

[Alban Browaeys]

I am on a thinkapd (the Yoga S1) and xorg libinput driver works fine (I
configure it through gnome-control-center).

I really do not know what you mean by "avoid libinput's opinions on how
my input should work". Could you give example?

https://www.mankier.com/4/libinput
these do not count as configuration options?

Cheers,

Alban


Le mardi 04 avril 2023 à 21:21 +0200, Salvo Tomaselli a écrit :
> No the libinput one is bad.
> 
> libinput's author doesn't want options, so there is no way to have
> usable input that feels good on thinkpads.
> 
> I'm using the xserver-xorg-input-evdev one. I guess when Xorg will be
> kicked out of debian, I will need to move to devuan or something like
> that, just to avoid libinput's opinions on how my input should work.
> 
> Il giorno mar 4 apr 2023 alle ore 18:45 Alban Browaeys
>  ha scritto:
> > 
> > Try removing
> > xserver-xorg-input-synaptics
> > then restart xorg.
> > 
> > xserver-xorg-input-synaptics i sno longer supported by GNOME as far
> > as
> > know.
> > xserver-xorg-input-libinput is the replacment.
> > 
> > Cheers,
> > Alban
> > 
> > On Sat, 12 Feb 2022 09:53:16 +0100 "Salvo \"LtWorf\" Tomaselli"
> >  wrote:
> > > Package: xserver-xorg-core
> > > Version: 2:21.1.3-2
> > > Severity: critical
> > > Tags: upstream
> > > Justification: breaks unrelated software
> > > X-Debbugs-Cc: tipos...@tiscali.it
> > > 
> > > Dear Maintainer,
> > > 
> > > on thinkpads it is common to scroll by holding down the middle
> > > button
> > and
> > > pushing the trackpoint up or down.
> > > 
> > > After upgrading, this feature is broken.
> > > 
> > > Reverting to the version found in testing makes it work again.
> > > 
> > > In a wayland session it works (but my keyboard layout doesn't
> > > exist
> > in wayland
> > > so using it permanently is not a viable solution).
> > > 
> > > It is strange because the input drivers have not received an
> > > update,
> > so I'm not
> > > really sure of what the interaction is here.
> > > 
> > > Anyway, I'm creating this issue with a high priority in order to
> > > stop
> > the package
> > > from migrating and make scrolling suddenly unavailable to other
> > people as well.
> > > 
> > > -- Package-specific info:
> > > /etc/X11/X does not exist.
> > > /etc/X11/X is not a symlink.
> > > /etc/X11/X is not executable.
> > > 
> > > VGA-compatible devices on PCI bus:
> > > --
> > > 00:02.0 VGA compatible controller [0300]: Intel Corporation
> > TigerLake-LP GT2 [Iris Xe Graphics] [8086:9a49] (rev 01)
> > > 
> > > /etc/X11/xorg.conf does not exist.
> > > 
> > > Contents of /etc/X11/xorg.conf.d:
> > > -
> > > total 0
> > > 
> > > /etc/modprobe.d contains no KMS configuration files.
> > > 
> > > Kernel version (/proc/version):
> > > ---
> > > Linux version 5.16.0-1-amd64 (debian-ker...@lists.debian.org)
> > > (gcc-11
> > (Debian 11.2.0-16) 11.2.0, GNU ld (GNU Binutils for Debian)
> > 2.37.90.20220130) #1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09)
> > > 
> > > Xorg X server log files on system:
> > > --
> > > -rw-r--r-- 1 root root 50312 Feb 12 09:43 /var/log/Xorg.0.log
> > > 
> > > Contents of most recent Xorg X server log file
> > > (/var/log/Xorg.0.log):
> > > -
> > > 
> > > [ 2.949] (--) Log file renamed from "/var/log/Xorg.pid-
> > > 579.log"
> > to "/var/log/Xorg.0.log"
> > > [ 2.951]
> > > X.Org X Server 1.21.1.3
> > > X Protocol Version 11, Revision 0
> > > [ 2.951] Current Operating System: Linux galatea 5.16.0-1-
> > > amd64
> > #1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09) x86_64
> > > [ 2.951] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-
> > > 5.16.0-1-
> > amd64 root=UUID=2e600d3e-5bd5-43cd-b826-9213b7bafb99 ro quiet
> > > [ 2.951] xorg-server 2:21.1.3-2
> > > (https://www.debian.org/support)
> > > [ 2.951] Current version of pixman: 0.40.0
> > 
> 
> 

Bug#1032642: iproute2: ip tunnel change ip6gre to gre crashes with stack smash

[Stephen Hemminger]

On Mon, 3 Apr 2023 20:47:01 -0600
David Ahern  wrote:

> On 4/3/23 9:24 AM, Stephen Hemminger wrote:
> > ted  
> >>
> >> This happens because iproute2 just assumes the tunnel is ipv4, but the
> >> kernel "knows" it's actually ip6gre so when calling the SIOCGETTUNNEL
> >> ioctl it writes back a struct ip6_tnl_parm2 into the struct
> >> ip_tunnel_parm which is smaller, so the stack gets overwritten. Is
> >> there any way to tell from userspace whether a gre is v4 or v6 before
> >> doing an ioctl? The ioctls don't take/return a size parameter as far
> >> as I can see...  
> > 
> > Ip uses and IPv4 UDP socket when it thinks it is talking to GRE.
> > And a IPv6 UDP socket when it is talking to GRE6.
> > 
> > So the kernel could check and error out?
> >   
> 
> Does seem like a kernel bug and a well known design flaw in ioctl
> interface (assuming buffer of a specific size). The best iproute2 can do
> is have `old_p` be a larger size (e.g., ip6_tnl_parm2) to avoid the
> overrun, but then the result is nonsense with no way for it no an ipv6
> struct was passed back. The crash at least indicates something is off.

Actually any change tunnel can have similar issues where the tunnel
is of one type and the request wants to change parameters.
The two structs (ip_param and ip6_tunnel_param) are different enough
that getting the incorrect type will be complete garbage.

There doesn't seem to be a good way to identify the tunnel type.
The only way I can see is to look at the link type (ifi_type)
but this is ARPHRD_XXX value and not the ip protocol.

The other way would be to query link info (with netlink)
and make sure that IFLA_INFO_KIND (in IFLA_LINKINFO) matches when
changing.

Or maybe get rid of the ip tunnel command and just use ip link
which is all netlink based.  The iptunnel stuff was introduced long ago
when the only way to make tunnels was with ioctl.  Now you can do
same operations with ip link.

to 

Bug#1033942: nmu: ppl_1:1.2-8.1

[Lev Lamberov]

Hi Paul,

Вт 04 апр 2023 @ 21:42 Paul Gevers :

> Control: tags -1 moreinfo
>
> Hi Lev,
>
> On 04-04-2023 15:05, Lev Lamberov wrote:
>> Please, rebuild ppl against swi-prolog 9.0.4+dfsg-2 in unstable. The
>> ppl package in unstable and testing was build against the older
>> swi-prolog version, containing older library. For more information,
>> please see this swi-prolog [bug].
>> 
>> [bug] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033636
>
> It's a shame we discussed this in bug 1022253 [1]. Do you know what was 
> flawed in our assessment?
>
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022253#24

Yes, turns out I was wrong.

Regards,
Lev

Bug#1033956: Support for zcfan

[Klaus Ethgen]

Package: orphan-sysvinit-scripts
Version: 0.14
Severity: normal

I was thinking to set this as wishlist but as the main functionality is
to support broken packages I set the severity to normal.

The zcfan daemon comes with only a systemd startup file which makes it
unusable with sysv init.

Please provide a init.d script for it. (I have a pretty simple one but
it is not complete right now. Will send it when I made it better.)

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (400, 'unstable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.12 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_CPU_OUT_OF_SPEC, 
TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages orphan-sysvinit-scripts depends on:
ii  ucf  3.0043+nmu1

orphan-sysvinit-scripts recommends no packages.

orphan-sysvinit-scripts suggests no packages.

-- no debconf information

-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature

Bug#1033957: pike8.0: reproducible builds: timestamp embedded in .html documentation

[Vagrant Cascadian]

Source: pike8.0
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

A non-deterministic value is set in /usr/include/pike8.0/pike/machine.h
based on some build time tests from configure:

  #define FB_CPU_TIME_IS_THREAD_LOCAL PIKE_UNKNOWN
vs.
  #define FB_CPU_TIME_IS_THREAD_LOCAL PIKE_NO

I have attached a workaround patch to debian/rules which disables
threading, which does not trigger this codepath...

Understandably, threading may be highly desired and so this may not be
an appropriate way to fix the issue.

I am not familiar with the pike8.0 codebase, but maybe someone who is
would have a better idea of a proper fix.

Ideally, these tests should be done at runtime instead of relying on the
build machine's cpu characteristics, timing and possibly system load at
the time of the build, or maybe the appropriate
lowest-common-denominator value should be forced in the Debian
packaging.


Unfortunately, this patch alone does not solve all reproducibility
issues with pike8.0, but applying this patch should reduce the
differences, making it easier to debug remaining issues.


Thanks for maintaining pike8.0!

live well,
  vagrant
From 172263254eb9de34f1c5ceface9d8cad9e92cbde Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 3 Apr 2023 15:46:15 -0700
Subject: [PATCH 3/9] debian/rules: Pass --without-threads to configure to
 avoid embedding cpu timing differences...

Otherwise, FB_CPU_TIME_IS_THREAD_LOCAL in
/usr/include/pike8.0/pike/machine.h is non-deterministically set to
either PIKE_NO or PIKE_UNKNOWN.

---
 debian/rules | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debian/rules b/debian/rules
index 8ee2748..bc56cf6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -90,6 +90,8 @@ ifneq ($(VERSION),$(DEBVERSION))
 $(error Version mismatch; buildid.txt: $(VERSION), debian/changelog: $(DEBVERSION))
 endif
 
+CFARGSEXTRA += --without-threads
+
 # --with-lib-path is just to stop configure from adding all the
 # standard library directories with -L as well as -R to LDFLAGS
 CFARGS=$(CFARGSEXTRA) \
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1033917: [pkg-lxc-devel] Bug#1033917: lxc: apparmor profile no longer allows unprivileged guest systemd-logind to start (since bookworm)

[Forest]

>What's weird is that the problem was already happening in buster and
>bullseye.

That doesn't seem to be true, AFAICT.  Bullseye (both my usual Bullseye
guest and a freshly installed one) does not exhibit the 25 second hang.  A
freshly installed Buster guest doesn't, either.  Not even with the default
config instead of nesting.conf.

To be precise:  Although Bullseye and Buster do generate apparmor mount
errors in the host's syslog, the 25 second hang is new with Bookworm guests.
Maybe multiple problems are in play here?

>I guess it is plausible that /etc/lxc/default.conf has been updated in
>your upgrade, resetting the lxc-apparmor-profile to something that won't
>work for unprivileged containers.

Nope. I haven't upgraded the Bullseye host machine on which I discovered the
hang, and it occurs on both that host and a newly installed Bookworm host.
Also, I checked default.conf on both hosts just now, and it matches the one
in lxc_5.0.2-1_amd64.deb.

>The missing lines in apparmor rules have been added in
>lxc-default-with-nesting rules of apparmor for lxc 5.

My fresh Bookworm VM has lxc 5, and those four additional lines are present
in /etc/apparmor.d/lxc/lxc-default-with-nesting.  The contents of
/usr/share/lxc/config/nesting.conf are also identical.  Even when including
it in my container config, the 25 second hang persists.

>the solution lies either within LXD
>(which generates custom profiles for each containers), or with creating
>a dedicated apparmor profile that you use only on unprivileged
>containers.

I tried LXD as a workaround.  Turns out it is not a suitable replacement in
my case.

I would be happy to try a modified apparmor profile.  Ideally even get it
added into Bookworm's lxc package, or accepted upstream, so Bookworm doesn't
arrive in this broken state for lxc users.

I tried modifying the apparmor profile based on the host's syslog messages.
Despite using exactly the same mount options that appeared in the logs, the
errors and the 25 second hang persisted.  (And I did remember to reload the
profile with apparmor_parser -r.)  I wonder if the info="failed flags match"
in those syslog messages is supposed to hint that something more is needed.

It seems like we're missing some information here.

Bug#1033962: ITP: node-react-paginate -- ReactJS component to render a pagination

[Yadd]

Package: wnpp
Severity: wishlist
Owner: Yadd 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: node-react-paginate
  Version : 8.1.5
  Upstream Contact: https://github.com/AdeleD/react-paginate/issues
* URL : https://github.com/AdeleD/react-paginate
* License : Expat
  Programming Lang: JavaScript
  Description : ReactJS component to render a pagination

node-react-paginate provides a simple component to display long list
using pagination.

It is a reverse dependency of JupyterLab.

This package will be maintained under JS Team umbrella

Bug#1033964: smarty3: CVE-2023-28447: Cross site scripting vulnerability in Javascript escaping

[Salvatore Bonaccorso]

Source: smarty3
Version: 3.1.47-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: clone -1 -2
Control: reassign -2 src:smarty4 4.3.0-1
Control: retitle -2 smarty4: CVE-2023-28447: Cross site scripting vulnerability 
in Javascript escaping

Hi,

The following vulnerability was published for smarty.

CVE-2023-28447[0]:
| Smarty is a template engine for PHP. In affected versions smarty did
| not properly escape javascript code. An attacker could exploit this
| vulnerability to execute arbitrary JavaScript code in the context of
| the user's browser session. This may lead to unauthorized access to
| sensitive user data, manipulation of the web application's behavior,
| or unauthorized actions performed on behalf of the user. Users are
| advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve
| this issue. There are no known workarounds for this vulnerability.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-28447
https://www.cve.org/CVERecord?id=CVE-2023-28447
[1] https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1033953: unblock: gimp-help/2.10.34-1

[Jordi Mallach]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: gimp-h...@packages.debian.org
Control: affects -1 + src:gimp-help

This is a pre-upload request to unblock package gimp-help.

[ Reason ]

The GIMP manual has been stale for many years. The current version
in the archive was released as a "test release" in 2020, but it was
incomplete and didn't even cover all the new functionality in the
GIMP 2.10 branch which was shipped in Debian buster.

A few weeks ago, the GIMP maintainers finally released an updated
version, which matches the current GIMP functionality and is translated
to a number of extra languages.

I'm asking for a pre-approval of this documentation-only source package.
If approved, I would update this bug with the relevant parts of the
diff, seek a final ack, and upload within the next week.

I also plan to do an experimental upload first, in order to see the
results.

[ Impact ]

Shipped documentation will be outdated.

[ Tests ]

There is no code involved, just a build system and documentation data.

[ Risks ]

The risk is low, as this is a documentation-only package, and its
current state is pretty poor.

[ Checklist ]
  [ ] all changes are documented in the d/changelog
  [ ] I reviewed all changes and I approve them
  [ ] attach debdiff against the package in testing

[ Other info ]

unblock gimp-help/2.10.34-1

Bug#1033954: pike8.0: reproducible builds: timestamp embedded in .html documentation

[Vagrant Cascadian]

Source: pike8.0
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

A build timestamp is embedded in the data-timestamp field in various
.html documentation files:

  /usr/share/doc/pike8.0-doc/html/reference/ex/7.4_3A_3A/hash.html

  Extracted from Pike v8.0 
release 1738 as of 2023-04-01.
vs.
  Extracted from Pike v8.0 
release 1738 as of 2023-04-01.


The attached patch to refdoc/structure/modref.html fixes this by
removing the generation date and timestamp entirely.

If this is not an appropriate fix, another more complicated option would
be to explore using SOURCE_DATE_EPOCH to specify the date and timestamp:

  https://reproducible-builds.org/docs/source-date-epoch/


Unfortunately, this patch alone does not solve all reproducibility
issues with pike8.0, but applying this patch should significantly reduce
the differences, making it easier to debug remaining issues.


Thanks for maintaining pike8.0!


live well,
  vagrant
From fdd481d745b79559d995d8fa23253a25698c347e Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 3 Apr 2023 15:43:44 -0700
Subject: [PATCH 1/9] refdoc/structure/modref.html: Remove date and timestamp
 from generated documentation.

https://reproducible-builds.org/docs/timestamps/

---
 refdoc/structure/modref.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/refdoc/structure/modref.html b/refdoc/structure/modref.html
index 79bb1f9..5fd884e 100644
--- a/refdoc/structure/modref.html
+++ b/refdoc/structure/modref.html
@@ -54,7 +54,7 @@
   
 
 
-  Extracted from $version$ as of $date$.
+  Extracted from $version$.
 
 $extra_footer$
 

Bug#1033961: dpkg: Please add support for zstd (Zstandard) compressed packages (for stable/oldstable)

[theofficialgman]

Package: dpkg
Severity: wishlist

Dear debian developers,

Please backport these changes
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892664
https://git.dpkg.org/cgit/dpkg/dpkg.git/diff/?id=2c2f7066b) into
debian stable (bullseye) and debian oldstable (buster). The lack of
tar.zst support is critical for these releases as time goes on and
many popular CI systems only have Ubuntu builders. The lack of tar.zst
support means that for many projects providing packages for debian
distros is not possible or too difficult.

With the ease of which the backport is achievable I am politely
requesting that you include it in the mentioned distros at urnest.

Thanks

Bug#1033957: pike8.0: reproducible-builds: machine.h includes non-deterministic value for FB_CPU_TIME_IS_THREAD_LOCAL

[Vagrant Cascadian]

Control: retitle 1033957 pike8.0: reproducible-builds: machine.h includes 
non-deterministic value for FB_CPU_TIME_IS_THREAD_LOCAL

Sorry, forgot to fix the title for the new bug.

live well,
  vagrant

Bug#1033936: fwupd: FuEngine failed to get releases for UEFI dbx ... requires >= 1.8.14

[Daniel Lewart]

Package: fwupd
Version: 1.5.7-4
Severity: normal

Debian EFI Team,

Since Apr  1, 2023, new priority 6 (info) fwupd messages are being logged,
as shown below.

I think these may be caused by Linux Foundation (UEFI Revocation) Secure
Boot dbx Version 220 (Released: 2023-03-31 13:40:38):
https://fwupd.org/lvfs/devices/org.linuxfoundation.dbx.x64.firmware

Perhaps this situation is similar to the following:
  #961490 fwupd: version in stable too old, no updates possible:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961490

Please let me know if any additional information would be helpful.

Thank you!
Daniel Lewart
Urbana, Illinois
---
$ journalctl --no-hostname --no-pager _SYSTEMD_UNIT=fwupd.service
-- Journal begins at Thu 2021-11-25 17:09:56 CST, ends at Tue 2023-04-04 
02:29:53 CDT. --
Apr 01 11:21:51 fwupd[893544]: 16:21:51:0555 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 01 11:21:51 fwupd[893544]: 16:21:51:0602 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 02 04:42:24 fwupd[910736]: 09:42:24:0313 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 02 04:42:25 fwupd[910736]: 09:42:25:0227 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 02 10:44:49 fwupd[917415]: 15:44:49:0817 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 02 10:44:50 fwupd[917415]: 15:44:50:0752 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 02:30:24 fwupd[933315]: 07:30:24:0318 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 02:30:25 fwupd[933315]: 07:30:25:0247 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 09:09:49 fwupd[941008]: 14:09:49:0621 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 09:09:50 fwupd[941008]: 14:09:50:0544 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 16:19:24 fwupd[948519]: 21:19:24:0314 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 16:19:25 fwupd[948519]: 21:19:25:0244 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 16:19:25 fwupd[948519]: 21:19:25:0986 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14
Apr 03 16:19:26 fwupd[948519]: 21:19:26:0032 FuEngine failed to get 
releases for UEFI dbx: No releases found: Not compatible with 
org.freedesktop.fwupd version 1.5.7, requires >= 1.8.14

###

Bug#1033938: wayfire: Insufficient deps

[Patrick McFarland]

Package: wayfire
Version: 0.7.4-2
Severity: important
X-Debbugs-Cc: diabl...@gmail.com

Dear Maintainer,

On a fresh Debian install that has no other desktop components
installed, Wayfire will not start unless a supplier of libglx-vendor
(eg, libglx-mesa0) is also installed; Wayfire does not give
a straigh-forward error allowing a typical user to understand the source
of the error (an otherwise cryptic mention of egl init failure).

libglx-vendor probably should be a Dep (and most likely not a Recommends).

In comparison, Weston pulls in libglx-vendor.


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (501, 'stable-updates'), (501, 'stable-security'), (501, 
'stable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wayfire depends on:
ii  libc62.36-8
ii  libcairo21.16.0-7
ii  libgcc-s112.2.0-14
ii  libgles2 1.6.0-1
ii  libglib2.0-0 2.74.6-1
ii  libinput10   1.16.4-3
ii  libjpeg62-turbo  1:2.0.6-4
ii  libpango-1.0-0   1.50.12+ds-1
ii  libpangocairo-1.0-0  1.50.12+ds-1
ii  libpixman-1-00.40.0-1.1~deb11u1
ii  libpng16-16  1.6.37-3
ii  libstdc++6   12.2.0-14
ii  libwayland-server0   1.21.0-1
ii  libwf-config10.7.1-3
ii  libwf-utils0 0.7.4-2
ii  libwlroots10 0.15.1-6
ii  libxcb1  1.14-3
ii  libxkbcommon01.0.3-2

wayfire recommends no packages.

wayfire suggests no packages.

-- no debconf information

Bug#1032948: linux-image-6.1.0-5-amd64: oops in ucsi_acpi_notify

[Julien Cristau]

On Mon, Apr  3, 2023 at 15:16:42 +0200, Diederik de Haas wrote:

> On Saturday, 18 March 2023 23:10:39 CEST Diederik de Haas wrote:
> On Monday, 3 April 2023 14:57:02 CEST Julien Cristau wrote:
> > > Not sure why patchwork still shows v2 of the patch as v4 is available
> > > here:
> > > https://lore.kernel.org/all/20230308154244.722337-1-hdego...@redhat.com/
> > I'll give the patch series you linked in the other reply a go now.
> 
> FTR: 2 out of the 3 patches have landed in 6.1.22

Thanks for letting me know.  I've built 6.1.22 from upstream and it
doesn't seem to crash.

Cheers,
Julien

Bug#1033933: llvm-16-dev: cmake findpackage(LLVM) fails due to missing /usr/lib/llvm-16/lib/libomptarget.so.16

[Andreas Beckmann]

Package: llvm-16-dev
Version: 1:16.0.0-1~exp5
Severity: serious

cmake llvm detection is broken due to missing dependencies:

The following minimal CMakeLists.txt

project(foo)
find_package(LLVM 16 REQUIRED)

fails with

CMake Error at /usr/lib/llvm-16/lib/cmake/llvm/LLVMExports.cmake:1809 (message):
  The imported target "omptarget" references the file

 "/usr/lib/llvm-16/lib/libomptarget.so.16"

  but this file does not exist.  Possible reasons include:

  * The file was deleted, renamed, or moved to another location.

  * An install or uninstall procedure did not complete successfully.

  * The installation package was faulty and contained

 "/usr/lib/llvm-16/lib/cmake/llvm/LLVMExports.cmake"

  but not all the files it references.

Call Stack (most recent call first):
  /usr/lib/llvm-16/cmake/LLVMConfig.cmake:359 (include)
  CMakeLists.txt:2 (find_package)


-- Configuring incomplete, errors occurred!


This blocks the packaging of spirv-llvm-translator-16.


Andreas

Bug#1033024: lios hangs when opening Preferences

[Gunnar Hjalmarsson]

Nice fix in 2.7.2-5, Samuel. :) (Why didn't I try that?) That version 
ought to be fine for both Debian 12 and Ubuntu 23.04, and you will be 
able to consider the 'full upstream approach' in experimental later.


--
Cheers,
Gunnar

Bug#1033917: [pkg-lxc-devel] Bug#1033917: lxc: apparmor profile no longer allows unprivileged guest systemd-logind to start (since bookworm)

[Pierre-Elliott Bécue]

Forest  wrote on 03/04/2023 at 23:18:10+0200:

> Package: lxc
> Version: 1:5.0.2-1
> Severity: normal
> X-Debbugs-Cc: fores...@sonic.net
>
> Dear Maintainer,
>
> After upgrading an unprivileged container from bullseye to bookworm, LXC's
> AppArmor profiles are no longer sufficient for the guest's systemd-logind.
>
> This manifests as a 25 second hang when running certain commands (notably
> sudo -i and su -) in the container. It also produces a lot of errors in the
> host & guest logs.
>
> Before the upgrade to bookworm, the hangs did not occur, and systemd-logind
> started without trouble.
>
>
> -- Host journal:
>
> Apr 02 18:30:01 debtesting CRON[6361]: pam_unix(cron:session): session opened 
> for user root(uid=0) by (uid=0)
> Apr 02 18:30:01 debtesting CRON[6362]: (root) CMD ([ -x /etc/init.d/anacron ] 
> && if [ ! -d /run/systemd/system ]; then /usr/sbin/invoke-rc.d anacron start 
> >/dev/null; fi)
> Apr 02 18:30:01 debtesting CRON[6361]: pam_unix(cron:session): session closed 
> for user root
> Apr 02 18:30:16 debtesting audit[6365]: AVC apparmor="DENIED" 
> operation="mount" info="failed flags match" error=-13 
> profile="lxc-container-default-cgns" name="/" pid=6365 comm="(d-logind)" 
> flags="rw, rslave"
> Apr 02 18:30:16 debtesting kernel: kauditd_printk_skb: 13 callbacks suppressed
> Apr 02 18:30:16 debtesting kernel: audit: type=1400 
> audit(1680485416.414:324): apparmor="DENIED" operation="mount" info="failed 
> flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=6365 
> comm="(d-logind)" flags="rw, rslave"
> Apr 02 18:30:16 debtesting audit[6369]: AVC apparmor="DENIED" 
> operation="mount" info="failed flags match" error=-13 
> profile="lxc-container-default-cgns" name="/" pid=6369 comm="(d-logind)" 
> flags="rw, rslave"
> Apr 02 18:30:16 debtesting kernel: audit: type=1400 
> audit(1680485416.426:325): apparmor="DENIED" operation="mount" info="failed 
> flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=6369 
> comm="(d-logind)" flags="rw, rslave"
> Apr 02 18:30:16 debtesting audit[6373]: AVC apparmor="DENIED" 
> operation="mount" info="failed flags match" error=-13 
> profile="lxc-container-default-cgns" name="/" pid=6373 comm="(d-logind)" 
> flags="rw, rslave"
> Apr 02 18:30:16 debtesting kernel: audit: type=1400 
> audit(1680485416.450:326): apparmor="DENIED" operation="mount" info="failed 
> flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=6373 
> comm="(d-logind)" flags="rw, rslave"
> Apr 02 18:30:16 debtesting audit[6377]: AVC apparmor="DENIED" 
> operation="mount" info="failed flags match" error=-13 
> profile="lxc-container-default-cgns" name="/" pid=6377 comm="(d-logind)" 
> flags="rw, rslave"
> Apr 02 18:30:16 debtesting kernel: audit: type=1400 
> audit(1680485416.522:327): apparmor="DENIED" operation="mount" info="failed 
> flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=6377 
> comm="(d-logind)" flags="rw, rslave"
> Apr 02 18:30:16 debtesting audit[6381]: AVC apparmor="DENIED" 
> operation="mount" info="failed flags match" error=-13 
> profile="lxc-container-default-cgns" name="/" pid=6381 comm="(d-logind)" 
> flags="rw, rslave"
> Apr 02 18:30:16 debtesting kernel: audit: type=1400 
> audit(1680485416.534:328): apparmor="DENIED" operation="mount" info="failed 
> flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=6381 
> comm="(d-logind)" flags="rw, rslave"
>
>
> -- Guest journal:
>
> Apr 02 18:30:16 lxbox sudo[136]: root : TTY=pts/7 ; PWD=/root ; USER=root 
> ; COMMAND=/bin/bash
> Apr 02 18:30:16 lxbox sudo[136]: pam_limits(sudo-i:session): Could not set 
> limit for 'core' to soft=0, hard=-1: Operation not permitted; uid=0,euid=0
> Apr 02 18:30:16 lxbox sudo[136]: pam_unix(sudo-i:session): session opened for 
> user root(uid=0) by (uid=0)
> Apr 02 18:30:16 lxbox dbus-daemon[97]: [system] Activating via systemd: 
> service name='org.freedesktop.login1' 
> unit='dbus-org.freedesktop.login1.service' requested by ':1.2' (uid=0 pid=136 
> comm="sudo -i")
> Apr 02 18:30:16 lxbox systemd[1]: Starting modprobe@drm.service - Load Kernel 
> Module drm...
> Apr 02 18:30:16 lxbox (modprobe)[137]: modprobe@drm.service: Executable 
> /sbin/modprobe missing, skipping: No such file or directory
> Apr 02 18:30:16 lxbox systemd[1]: modprobe@drm.service: Deactivated 
> successfully.
> Apr 02 18:30:16 lxbox systemd[1]: Finished modprobe@drm.service - Load Kernel 
> Module drm.
> Apr 02 18:30:16 lxbox systemd[1]: Starting systemd-logind.service - User 
> Login Management...
> Apr 02 18:30:16 lxbox (d-logind)[138]: systemd-logind.service: Failed to set 
> up mount namespacing: Permission denied
> Apr 02 18:30:16 lxbox (d-logind)[138]: systemd-logind.service: Failed at step 
> NAMESPACE spawning /lib/systemd/systemd-logind: Permission denied
> Apr 02 18:30:16 lxbox systemd[1]: systemd-logind.service: Main process 
> exited, code=exited, status=226/NAMESPACE
> Apr 02 18:30:16 lxbox 

Bug#1033901: Acknowledgement (unblock: castle-game-engine/7.0~alpha.2+dfsg1-4)

[Abou Al Montacir]

Control: retitle -1 unblock: castle-game-engine/7.0~alpha.2+dfsg1-5

On Mon, 2023-04-03 at 20:22 +0200, Abou Al Montacir wrote:
> This ticket should be seen as an add
> on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033840 which was
> accepted.
Unfortunately, I forgot to add the patch of 7.0~alpha.2+dfsg1-3 to the series
file.So the patch was not applied.

Also the rm line was done after the package was built.

This time I verified that the files inside the .deb are really patched and those
to be removed were really missing. Sorry for inconvenience.
PS: debdiff against 7.0~alpha.2+dfsg1-4
-- 
Cheers,
Abou Al Montacir

diff -Nru castle-game-engine-7.0~alpha.2+dfsg1/debian/changelog castle-game-engine-7.0~alpha.2+dfsg1/debian/changelog
--- castle-game-engine-7.0~alpha.2+dfsg1/debian/changelog	2023-04-03 15:07:29.0 +0200
+++ castle-game-engine-7.0~alpha.2+dfsg1/debian/changelog	2023-04-04 11:08:10.0 +0200
@@ -1,3 +1,10 @@
+castle-game-engine (7.0~alpha.2+dfsg1-5) unstable; urgency=medium
+
+  * Applied patch to use local jquery version instead of web based one.
+  * Remove statically linked libraries and object files from source package.
+
+ -- Abou Al Montacir   Tue, 04 Apr 2023 11:08:10 +0200
+
 castle-game-engine (7.0~alpha.2+dfsg1-4) unstable; urgency=medium
 
   * Fixed compilation on mipsel.
diff -Nru castle-game-engine-7.0~alpha.2+dfsg1/debian/patches/series castle-game-engine-7.0~alpha.2+dfsg1/debian/patches/series
--- castle-game-engine-7.0~alpha.2+dfsg1/debian/patches/series	2023-04-03 08:43:08.0 +0200
+++ castle-game-engine-7.0~alpha.2+dfsg1/debian/patches/series	2023-04-04 09:40:52.0 +0200
@@ -8,3 +8,4 @@
 Fix-UTF-8-BOM.patch
 f0fe0583dded3d0c27ae46fde59a00f58a777e46.patch
 Fixed-compilation-on-mipsel.patch
+Replaced-web-baseed-jquery-by-local-version.patch
diff -Nru castle-game-engine-7.0~alpha.2+dfsg1/debian/rules castle-game-engine-7.0~alpha.2+dfsg1/debian/rules
--- castle-game-engine-7.0~alpha.2+dfsg1/debian/rules	2023-04-02 16:37:28.0 +0200
+++ castle-game-engine-7.0~alpha.2+dfsg1/debian/rules	2023-04-04 11:06:47.0 +0200
@@ -105,7 +105,11 @@
 	${MKDIR} ${SRC_DIR}
 	${CP} -t ${SRC_DIR} \
 		$(CURDIR)/src/*
+	# Remove statically linked libraries and object files from source packages
+	find ${SRC_DIR} -name '*.a' -o -name '*.o' -o -name '*.obj' -delete
+	# Fix files permission
 	find $(SRC_DIR) -name '*.bmp' -o -name '*.pas' -exec chmod 644 '{}' ';'
+	# Remove empty directories
 	find ${SRC_DIR} -empty -delete
 	touch install-source-stamp
 
@@ -142,9 +146,6 @@
 	${RM} doc/reference/tipuesearch/jquery.min.js
 	# Remove .npmignore file as Lintian complains about it.
 	${RM} doc/reference/castle-engine-website-base/node_modules/slick-carousel/.npmignore
-	# Remove statically linked libraries from source packages as Lintian
-	# complains about it.
-	${RM} src/vampyre_imaginglib/src/Extensions/*/*.a
 	# Remove windows executable files as Lintian complains about them.
 	${RM} tools/contrib/x86_64-win64
 


signature.asc
Description: This is a digitally signed message part

Bug#1033935: unblock: ausweisapp2/1.26.3-1

[John Paul Adrian Glaubitz]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ausweisa...@packages.debian.org,aklitz...@gmail.com
Control: affects -1 + src:ausweisapp2

Hello!

I would like to ask for the package ausweisapp2 to be unblocked for
testing. While the debdiff is rather large (about 1.8 MB), the package
itself is just a leaf package and used for a very specific purpose only
which is providing the official ID card authentication app of the German
government, so I think the risk conveyed by this update is rather low.

The changes between the testing (1.26.2-1) and unstable (1.26.3-1)
version are mostly fixes and improvements and do not include any
breaking changes:

- Improvement of help and tutorial texts.
- Improvements in diagnostics.
- Fix an error in the NFC dialog on iOS.
- Improved accessibility when entering PIN, CAN and PUK.
- Introduction of unique FailureCodes in SDK.
- Added the environment variable AUSWEISAPP2_AUTOMATIC_DEVELOPERMODE
  in the fully automated SDK.
- Fixed incorrect progress display in SDK for iOS.
- Added SECURESCREENKEYBOARD for corporate environments.
- Bumped TargetSDK to 33 in SDK for Android.
- Update of OpenSSL to version 3.0.8.

Changes list translated from [1]. I have used the new version 1.26.3 for a while
now myself and didn't run into any regressions. I'm maintaining the package both
in Debian and openSUSE and have not received any reports about regressions in
the upstream release 1.26.3, so I think it should be safe to update the version
in testing to the version in unstable.

My reasoning for asking for this unblock is to ensure we're shipping a version
of ausweisapp2 in Debian Bookworm that is as recent as possible. I only missed
the hard freeze for Debian Bookworm by a few days when I uploaded the new
version in unstable.

I am CC'ing one of the upstream developers who can give some more details on the
changes if requested by the release team.

unblock ausweisapp2/1.26.3-1

Kind Regards,
Adrian

> [1] https://github.com/Governikus/AusweisApp2/releases

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1033939: unblock: python-tz/2022.7.1-3

[Benjamin Drung]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: bdr...@debian.org

Please unblock package python-tz

[ Reason ]

python-tz contains a hard-coded list of timezones. This causes problems
on updates to tzdata. Last example: tzdata 2021a-1+deb11u9 added
America/Ciudad_Juarez but due to the hard-coded list, this timezone is
not selectable. Following code will fail with `UnknownTimeZoneError`:

```
#!/usr/bin/python3
import pytz
pytz.timezone("America/Ciudad_Juarez")
```

See also https://github.com/stub42/pytz/issues/91

[ Impact ]
Newly added timezones from tzdata will be availble to python3-tz.

[ Tests ]
I added autopkgtest cases to ensure that updates to tzdata do not
introduce regressions.

[ Risks ]

Several Python projects use python3-tz. The autopkgtest should reduce
the risk of regressions of dynamically determine the list of timezones.
python3-tz can fail in case they system has problems or tzdata is not
properly set-up. Python 3.9 ships the zoneinfo module which can be used
as replacement.

[ Checklist ]
  [x] all changes are documented in the d/changelog (except the
  formatting change by wrap-and-sort)
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock python-tz/2022.7.1-3
diff -Nru python-tz-2022.7.1/debian/changelog 
python-tz-2022.7.1/debian/changelog
--- python-tz-2022.7.1/debian/changelog 2023-01-15 11:24:50.0 +0100
+++ python-tz-2022.7.1/debian/changelog 2023-03-27 17:17:53.0 +0200
@@ -1,3 +1,21 @@
+python-tz (2022.7.1-3) unstable; urgency=medium
+
+  * Team upload.
+  * Fix testVersion to not complain about the now dynamic Olson version
+
+ -- Benjamin Drung   Mon, 27 Mar 2023 17:17:53 +0200
+
+python-tz (2022.7.1-2) unstable; urgency=medium
+
+  * Team upload.
+  * Dynamically determine list of available and common timezones (LP: #207604)
+  * Determine IANA (nee Olson) database version dynamically
+  * Add autopkgtests to run unittest and own regression tests
+  * Update homepage URL
+  * Bump Standards-Version to 4.6.2
+
+ -- Benjamin Drung   Tue, 21 Mar 2023 11:21:11 +0100
+
 python-tz (2022.7.1-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru python-tz-2022.7.1/debian/control python-tz-2022.7.1/debian/control
--- python-tz-2022.7.1/debian/control   2023-01-15 11:24:50.0 +0100
+++ python-tz-2022.7.1/debian/control   2023-03-27 17:12:30.0 +0200
@@ -6,19 +6,19 @@
Debian/Ubuntu Zope Team 
,
Fabio Tranchitella 
 Build-Depends: debhelper-compat (= 13),
-  dh-sequence-python3,
+   dh-sequence-python3,
python3-all,
-   python3-setuptools,
python3-pytest,
-   tzdata,
-Standards-Version: 4.6.1
-Homepage: https://pypi.python.org/pypi/pytz/
+   python3-setuptools,
+   tzdata
+Standards-Version: 4.6.2
+Homepage: https://pythonhosted.org/pytz/
 Vcs-Browser: https://salsa.debian.org/python-team/packages/python-tz
 Vcs-Git: https://salsa.debian.org/python-team/packages/python-tz.git -b 
debian/latest
 
 Package: python3-tz
 Architecture: all
-Depends: tzdata, ${python3:Depends}, ${misc:Depends}
+Depends: tzdata, ${misc:Depends}, ${python3:Depends}
 Description: Python3 version of the Olson timezone database
  python-tz brings the Olson tz database into Python. This library allows
  accurate and cross platform timezone calculations using Python 2.3 or higher.
diff -Nru 
python-tz-2022.7.1/debian/patches/Determine-IANA-nee-Olson-database-version-dynamically.patch
 
python-tz-2022.7.1/debian/patches/Determine-IANA-nee-Olson-database-version-dynamically.patch
--- 
python-tz-2022.7.1/debian/patches/Determine-IANA-nee-Olson-database-version-dynamically.patch
   1970-01-01 01:00:00.0 +0100
+++ 
python-tz-2022.7.1/debian/patches/Determine-IANA-nee-Olson-database-version-dynamically.patch
   2023-03-27 17:14:42.0 +0200
@@ -0,0 +1,69 @@
+From: Benjamin Drung 
+Date: Mon, 27 Mar 2023 17:14:22 +0200
+Subject: Determine IANA (nee Olson) database version dynamically
+
+Forwarded: not-needed
+Signed-off-by: Benjamin Drung 
+---
+ pytz/__init__.py  | 13 -
+ pytz/tests/test_tzinfo.py |  8 
+ 2 files changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/pytz/__init__.py b/pytz/__init__.py
+index 8b2fa1b..da2f206 100644
+--- a/pytz/__init__.py
 b/pytz/__init__.py
+@@ -12,6 +12,7 @@ import sys
+ import datetime
+ import os.path
+ import pathlib
++import re
+ import zoneinfo
+ 
+ from pytz.exceptions import AmbiguousTimeError
+@@ -23,8 +24,18 @@ from pytz.tzinfo import unpickler, BaseTzInfo
+ from pytz.tzfile import build_tzinfo
+ 
+ 
++def _read_olson_version() -> str:
++tzdata_zi = pathlib.Path("/usr/share/zoneinfo/tzdata.zi")
++with tzdata_zi.open(encoding="utf-8") as tzdata_zi_file:
++line = tzdata_zi_file.readline()
++match = 

Bug#1033940: ITP: sphinx-lint -- sphinx-lint is a reStructuredText linter for sphinx-doc

[Julien Palard]

Package: wnpp
Severity: wishlist
Owner: Julien Palard 
X-Debbugs-Cc: debian-de...@lists.debian.org, jul...@palard.fr

* Package name: sphinx-lint
  Version : 0.6.7
  Upstream Contact: Julien Palard 
* URL : https://sphinx-contrib/sphinx-lint/
* License : Python Software Foundation Licence Version 2
  Programming Lang: Python
  Description : sphinx-lint is a reStructuredText linter for sphinx-doc

sphinx-lint search for errors in documentation written in
reStructuredText for Sphinx. It's the child of cpython's rstlint.py
used for years in the cpython repository.

It's used by cpython on multiple repos (main doc, peps, devguide,
documentation translations, ...), pandas, the sphinx-doc
documentation, sympy and a few other projects.

I'll gladly package it myself, or help to do so, but I'll definitely
need guidance on the process (last time I packaged something for
Debian was 10 years ago, I packaged a single package (logtop), so my
memory won't help much here).

I'm already a member of the Python team (IIRC), but the link in the
page [1]: « For the full list, see
https://salsa.debian.org/groups/python-team/modules/-/group_members »
gives a 404 ☹.

[1]: https://wiki.debian.org/Teams/PythonTeam

Bug#1033934: ITP: puppet-module-voxpupuli-kmod -- Puppet module for manipulating modprobe and kernel modules

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: puppet-module-voxpupuli-kmod
  Version : 3.2.0
  Upstream Author : Voxpupuli
* URL : https://github.com/voxpupuli/puppet-kmod
* License : Apache-2.0
  Programming Lang: Puppet
  Description : Puppet module for manipulating modprobe and kernel modules

 Puppet lets you centrally manage every important aspect of your system using a
 cross-platform specification language that manages all the separate elements
 normally aggregated in different files, like users, cron jobs, and hosts,
 along with obviously discrete elements like packages, services, and files.
 .
 This module manages kernel module loading and options.

Bug#1033937: system does a poweroff instead of reboot

[Peter Palfrader]

Source: linux-signed-amd64
Version: 6.1.12+1~bpo11+1
Severity: normal

Hi!

While running linux-image-6.1.0-0.deb11.5-amd64 on bullseye (with stable
systemd or with backports systemd), when I type reboot, the system goes
down for reboot but then powers off.

This issue is not present in the stable kernel, but I have also observed
it in linux-image-6.0.0-0.deb11.6-amd64.

The system is a ProLiant DL360 Gen10 Plus (P28948-B21).

| Starting virtual serial port.
| Press 'ESC (' to return to the CLI Session.
| 
| [1203707.236892] watchdog: watchdog0: watchdog did not stop!
| [1203707.766484] systemd-shutdown[1]: Failed to finalize DM devices, ignoring.
| [1203708.709332] reboot: Restarting system
[several seconds later]
|  The server is not powered on.  The Virtual Serial Port is not available.

and:

| hpiLO-> power
|
| status=0
| status_tag=COMMAND COMPLETED
| Tue Apr  4 10:45:22 2023
|
|
|
| power: server power is currently: Off

It'd be nice if the system actually rebooted on a reboot :)

Cheers,
weasel
-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#950920: [3dprinter-general] trimesh_3.5.25-1_amd64.changes REJECTED

[Gregor Riepl]

E   TypeError: Cannot cast array data from dtype('int64') to 
dtype('int32') according to the rule 'safe'


Tracked it down to incorrect usage of numpy.bincount: This function 
requires the native index type, which is int32 on i686 (and probably all 
other 32-bit architectures).


I submitted a documentation change request to numpy: 
https://github.com/numpy/numpy/issues/23526


I'll try to fix the issue in trimesh and submit an upstream patch.

Bug#1033941: pdns-recursor: CVE-2023-26437: Deterred spoofing attempts can lead to authoritative servers being marked unavailable

[Chris Hofstaedtler]

Source: pdns-recursor
Version: 4.8.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team 

The following vulnerability was published for pdns-recursor.

CVE-2023-26437:
| Deterred spoofing attempts can lead to authoritative servers being
| marked unavailable.
| When the recursor detects and deters a spoofing attempt or receives
| certain malformed DNS packets, it throttles the server that was the
| target of the impersonation attempt so that other authoritative servers
| for the same zone will be more likely to be used in the future, in case
| the attacker controls the path to one server only. Unfortunately this
| mechanism can be used by an attacker with the ability to send queries to
| the recursor, guess the correct source port of the corresponding
| outgoing query and inject packets with a spoofed IP address to force the
| recursor to mark specific authoritative servers as not available,
| leading a denial of service for the zones served by those servers.

Additional information:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html

Chris

PS: unclear to me if 4.4.x in stable is also affected.

Bug#1033943: swupdate: SURICATTA_LUA replaces SURICATTA_HAWKBIT

[Bastian Germann]

Package: swupdate
Severity: important
Version: 2022.12+dfsg-2
X-Debbugs-Cc: quirin.gylsto...@siemens.com

The change in 
https://salsa.debian.org/debian/swupdate/-/commit/086ed5b5dbc71f90767f6ca09d9529046c60b324
does not only add the lua backend for suricatta but replaces the default 
hawkBit backend.

This breaks hawkBit support.

Bug#1033944: sptag: build loops until the disk fills up

[Julien Cristau]

Source: sptag
Version: 0.0~git20230323.0341c33+ds-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: jcris...@debian.org

The latest sptag upload to experimental broke one of our buildds after
its log took up 70G disk space.

It goes like this, and then repeats that last line forever:

> 1: [1] Setting MaxCheckForRefineGraph with value 8192
> 1: [1] Setting RNGFactor with value 1.00
> 1: [1] Setting GPUGraphType with value 2
> 1: [1] Setting GPURefineSteps with value 0
> 1: [1] Setting GPURefineDepth with value 30
> 1: [1] Setting GPULeafSize with value 500
> 1: [1] Setting HeadNumGPUs with value 1
> 1: [1] Setting TPTBalanceFactor with value 2
> 1: [1] Setting NumberOfThreads with value 2
> 1: [1] Setting DistCalcMethod with value L2
> 1: [1] Setting DeletePercentageForRefine with value 0.40
> 1: [1] Setting AddCountForRebuild with value 1000
> 1: [1] Setting MaxCheck with value 8192
> 1: [1] Setting ThresholdOfNumberOfContinuousNoBetterPropagation with value 3
> 1: [1] Setting NumberOfInitialDynamicPivots with value 50
> 1: [1] Setting NumberOfOtherDynamicPivots with value 4
> 1: [1] Setting HashTableExponent with value 2
> 1: [1] Setting DataBlockSize with value 1048576
> 1: [1] Setting DataCapacity with value 2147483647
> 1: [1] Setting MetaRecordSize with value 10
> 1: [1] Load Vector (205,100) Finish!
> 1: [1] Load BKT (1,207) Finish!
> 1: [1] Load RNG (205,32) Finish!
> 1: [1] Load DeleteID (205,1) Finish!
> 1: [1] Setting NumberOfThreads with value 2
> 1: [1] Setting MaxCheck with value 2048
> 1: [1] Setting HashTableExponent with value 4
> 1: [1] Finish reading header info, list count 205, total doc count 1000, 
> dimension 100, list page offset 1.
> 1: [1] Big page (>4K): list count 126, total element count 2147.
> 1: [1] Total Element Count: 2678
> 1: [1] Page Count Dist: 0 1
> 1: [1] Page Count Dist: 1 78
> 1: [1] Page Count Dist: 2 126
> 1: [1] select head time: 0.00s build head time: 0.00s build ssd time: 0.00s
> 1: [1] Start generating truth. It's maybe a long time.
> 1: [1] Load Vector(1000,100)
> 1: [1] Load Vector(10,100)
> 1: [1] Begin to generate truth for query(10,100) and doc(1000,100)...
> 1: [1] Start to write truth file...
> 1: [1] End generating truth.
> 1: [1] Start loading warmup query set...
> 1: [1] Load Vector(10,100)
> 1: [1] Start warmup...
> 1: [1] Searching: numThread: 2, numQueries: 10.
> 1: [1] Sent 0.00%...
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted
> 1: [4] fid:0 channel 2, to submit:64, submitted:Operation not permitted

Cheers,
Julien

Bug#1033942: nmu: ppl_1:1.2-8.1

[Lev Lamberov]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
X-Debbugs-Cc: p...@packages.debian.org
Control: affects -1 + src:ppl

Hi,

Please, rebuild ppl against swi-prolog 9.0.4+dfsg-2 in unstable. The
ppl package in unstable and testing was build against the older
swi-prolog version, containing older library. For more information,
please see this swi-prolog [bug].

[bug] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033636

The command is as follows:

nmu ppl_1:1.2-8.1 . ANY . unstable . -m "Rebuild against swi-prolog 
9.0.4+dfsg-2"

With regards,
Lev Lamberov

Bug#1033945: unblock: pdns-recursor/4.8.4-1 [pre-approval]

[Chris Hofstaedtler]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: Debian Security Team 

Please unblock package pdns-recursor

[ Reason ]

I would like to update pdns-recursor 4.8.2 to 4.8.4, to:
- fix CVE-2023-26437, sole change in 4.8.4
- get the fixes for the resolving/validation logic from 4.8.3.

While this is a new upstream release, there are no new features, and
only bugfixes.

In previous Debian releases applying security fixes to pdns-recursor was
often problematic when the resolve/validation logic had to change. This
part of the code is long and complicated, only understood by DNS experts,
and also very relevant on the Internet and under flux of the living
Internet.
Security fixes have to change this code, and applying patches on top of
each other touching the same code parts often does not work without
importing all the changes.
We are certainly not in a better position to judge these code parts than
upstream is.

[ Impact ]
Security bug is fixed; applying future security patches will be easier.

[ Tests ]
Resolve/validation logic is tested by a build-time test suite.
I have manually tested it as well, but obviously I cannot reproduce the
security problem easily.

[ Risks ]
Open security bug in bookworm.
Applying future security patches will be harder or impossible.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
Another fix upstream included in 4.8.3 involves log levels of common log
messages, to spam journal less with "error" severity.

debdiff is produced using the following command to ignore generated
files and the publicsuffixlist, which our packages do not use by default
at runtime:
debdiff pdns-recursor_4.8.2-1.dsc pdns-recursor_4.8.4-1.dsc| filterdiff -x 
'*/pubsuffix.cc' -x '*/effective_tld_names.dat' -x '*/*.1' -x '*/configure'

This is a pre-approval request, I have not uploaded yet.


unblock pdns-recursor/4.8.4-1
diff -Nru pdns-recursor-4.8.2/configure.ac pdns-recursor-4.8.4/configure.ac
--- pdns-recursor-4.8.2/configure.ac2023-01-30 09:58:04.0 +
+++ pdns-recursor-4.8.4/configure.ac2023-03-27 15:09:19.0 +
@@ -1,6 +1,6 @@
 AC_PREREQ([2.69])
 
-AC_INIT([pdns-recursor], [4.8.2])
+AC_INIT([pdns-recursor], [4.8.4])
 AC_CONFIG_AUX_DIR([build-aux])
 AM_INIT_AUTOMAKE([foreign dist-bzip2 no-dist-gzip tar-ustar -Wno-portability 
subdir-objects parallel-tests 1.11])
 AM_SILENT_RULES([yes])
diff -Nru pdns-recursor-4.8.2/debian/changelog 
pdns-recursor-4.8.4/debian/changelog
--- pdns-recursor-4.8.2/debian/changelog2023-01-31 16:46:42.0 
+
+++ pdns-recursor-4.8.4/debian/changelog2023-04-04 11:10:26.0 
+
@@ -1,3 +1,16 @@
+pdns-recursor (4.8.4-1) unstable; urgency=medium
+
+  * New upstream version 4.8.4
+* Fixes CVE-2023-26437, see
+  
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html
+  (Closes: #1033941)
+* Fixes high CPU usage caused by serve-stale logic.
+* Fixes DNSSEC validation issues for some domains served by popular
+  DNS software by F5.
+* Downgrades severity for a few log messages.
+
+ -- Chris Hofstaedtler   Tue, 04 Apr 2023 11:10:26 +
+
 pdns-recursor (4.8.2-1) unstable; urgency=medium
 
   * New upstream version 4.8.2
diff -Nru pdns-recursor-4.8.2/negcache.cc pdns-recursor-4.8.4/negcache.cc
--- pdns-recursor-4.8.2/negcache.cc 2023-01-30 09:57:23.0 +
+++ pdns-recursor-4.8.4/negcache.cc 2023-03-27 15:08:37.0 +
@@ -119,27 +119,32 @@
 
   const auto& idx = content->d_map.get();
   auto range = idx.equal_range(qname);
-  auto ni = range.first;
 
-  while (ni != range.second) {
+  for (auto ni = range.first; ni != range.second; ++ni) {
 // We have an entry
 if ((!typeMustMatch && ni->d_qtype == QType::ENT) || ni->d_qtype == qtype) 
{
   // We match the QType or the whole name is denied
   auto firstIndexIterator = content->d_map.project(ni);
 
-  if (!refresh && (serveStale || ni->d_servedStale > 0) && ni->d_ttd <= 
now.tv_sec && ni->d_servedStale < s_maxServedStaleExtensions) {
+  // this checks ttd, but also takes into account serve-stale
+  if (!ni->isEntryUsable(now.tv_sec, serveStale)) {
+// Outdated
+moveCacheItemToFront(content->d_map, firstIndexIterator);
+continue;
+  }
+  // If we are serving this record stale (or *should*) and the ttd has 
passed increase ttd to
+  // the future and remember that we did. Also push a refresh task.
+  if ((serveStale || ni->d_servedStale > 0) && ni->d_ttd <= now.tv_sec && 
ni->d_servedStale < s_maxServedStaleExtensions) {
 updateStaleEntry(now.tv_sec, firstIndexIterator, qtype);
   }
-  if (now.tv_sec < ni->d_ttd && !(refresh && ni->d_servedStale > 0)) {
+  if (now.tv_sec < ni->d_ttd) {
 // Not 

Bug#1032990: podman: Better reproducer

[Martin Pitt]

Control: retitle -1 podman: user containers are completely broken with sssd: 
insufficient UIDs or GIDs available in user namespace

Matej Marusak [2023-04-03 14:00 +]:
> The original reproducer was not clear how important this failure is. It
> efectively means that rootless podman is unusable on any system with
> sssd.

Thanks Matej, retitling accordingly to make this easier to find. The original
title is too obscure.

Martin

Bug#1029218: dkms should perform reproducible build of modules

[Andreas Beckmann]

Thanks for checking further.

On 02/04/2023 07.31, Daniel Richard G. wrote:

   │┄ Format-specific differences are supported for ELF binaries but no 
file-specific differences were detected; falling back to a binary diff. file(1) 
reports: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), 
BuildID[sha1]=5ed23a6ee7417643717766d7b5307da88409fe5a, not stripped
   │┄ File has been modified after NT_GNU_BUILD_ID has been applied.
We should probably file a bug against diffoscope to make it aware of 
this file "modification"



   │ @@ -55695,29 +55695,29 @@
   │  000d98e0:     3082 0199 0609 2a86  0.*.
   │  000d98f0: 4886 f70d 0107 02a0 8201 8a30 8201 8602  H..0
   │  000d9900: 0101 310d 300b 0609 6086 4801 6503 0402  ..1.0...`.H.e...
   │  000d9910: 0130 0b06 092a 8648 86f7 0d01 0701 3182  .0...*.H..1.
   │  000d9920: 0163 3082 015f 0201 0130 3a30 2231 2030  .c0.._...0:0"1 0
   │  000d9930: 1e06 0355 0403 0c17 444b 4d53 206d 6f64  ...UDKMS mod
   │  000d9940: 756c 6520 7369 676e 696e 6720 6b65 7902  ule signing key.

...

   │  000d9a90: 9d7e 4d6f 6475 6c65 2073 6967 6e61 7475  .~Module signatu
   │  000d9aa0: 7265 2061 7070 656e 6465 647e 0a re appended~.

Is a unique signature being added to the modules? I noticed that
/var/lib/dkms/mok.{key,pub} differ between the two systems.


That's probably the reason. Not sure if something could/should be done 
about that difference. We should probably take this to the reproducible 
builds people https://wiki.debian.org/ReproducibleBuilds ...



(No secure-boot configuration has been performed on these systems;
everything was debootstrap'ed and installed from scratch in chroots)



Andreas

Bug#1033756: wireshark: CVE-2023-1161

[Bálint Réczey]

Control: tags -1 pending fixed-upstream

Hi Salvatore,

Salvatore Bonaccorso  ezt írta (időpont: 2023.
márc. 31., P, 21:01):
>
> Source: wireshark
> Version: 4.0.3-1
> Severity: important
> Tags: security upstream
> Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/18839
> X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> 
>
> Hi,
>
> The following vulnerability was published for wireshark.
>
> CVE-2023-1161[0]:
> | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3
> | and 3.6.0 to 3.6.11 allows denial of service via packet injection or
> | crafted capture file
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

I have committed the fix to the packaging repository with the new
upstream release.
I plan uploading it when the freeze is over, unless the Security Team
finds the issue severe enough to warrant an earlier upload.

Cheers,
Balint

Bug#1033947: unblock: widelands/2:1.1-3

[Tobias Frost]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: widela...@packages.debian.org
Control: affects -1 + src:widelands

Please unblock package widelands

The upload fixes the version constraint in widelands-data.maintscript for
symlink_to_dir.

The original version constraint was 1:21-2~, the last version that had
the directory. However, the symlink_to_dir was only introduced in
2:1.0-3, so if a user upgraded from a version later than 1:21-2~,
the migration would not be triggered as maintscript would believe
it is not needed anymore.

In such cases the game would crash as reported in #1033879.

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Risks ]
The game is a leaf package.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock widelands/2:1.1-3

Cheers,
-- 
tobi
diff -Nru widelands-1.1/debian/changelog widelands-1.1/debian/changelog
--- widelands-1.1/debian/changelog  2022-12-27 23:29:29.0 +0100
+++ widelands-1.1/debian/changelog  2023-04-04 16:15:53.0 +0200
@@ -1,3 +1,10 @@
+widelands (2:1.1-3) unstable; urgency=medium
+
+  * Team upload.
+  * Fix version constraint in dir_to_symlink. (Closes: #1033879)
+
+ -- Tobias Frost   Tue, 04 Apr 2023 16:15:53 +0200
+
 widelands (2:1.1-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru widelands-1.1/debian/widelands-data.maintscript 
widelands-1.1/debian/widelands-data.maintscript
--- widelands-1.1/debian/widelands-data.maintscript 2022-12-27 
23:29:29.0 +0100
+++ widelands-1.1/debian/widelands-data.maintscript 2023-04-04 
16:15:49.0 +0200
@@ -1,2 +1 @@
-dir_to_symlink /usr/share/games/widelands/data/i18n/fonts/Culmus 
../../../../../fonts/truetype/culmus-fancy 1:21-2~
-
+dir_to_symlink /usr/share/games/widelands/data/i18n/fonts/Culmus 
../../../../../fonts/truetype/culmus-fancy 2:1.1-3~

Bug#1033845: u-boot fails to boot on pinebook pro if installed on internal emmc

[Wolfgang Zarre]

From: Vagrant Cascadian 
To: Wolf , 1033...@bugs.debian.org
Date: Monday, 3 April 2023 at 21:48
Subject: Bug#1033845: u-boot fails to boot on pinebook pro if installed on 
internal emmc


However, the SPL settings are just precaution, because I have the intention to 
try again
installing u-boot in SPL if I find time enough to do so, also for brick/recover 
actions.


SPI?


Ah, sorry for that, I shouldn't do similar things at the very same time.

So, I have to correct myself, the SPL settings *are* necessary and yes, I
have the intention to install in SPI.



As a simple rule, sure, but it is always a judgement call. I do not
think we are patching anything hugely relevent in the Debian packaging
here (slight chance the rockchip USB related patches are relevent, but I
would guess very slight).
 >
If you are up to it, that can be helpful as it will eventually land in
Debian (and other distros) that way.

It can still be useful to file a bug with Debian in case it make sense
to backport a patch from upstream, too. This way we can track when the
issue is resolved.

So, in some cases, file bugs/patches/etc in both. :)



Ok, I agree, maybe then also mentioning the upstream report if done.



I have never had reboot work reliably on the pinebook-pro...



With the pre-installed system it was working so far, as far as I remember and
that is as well a reason for hunting, because if it was working ones then it
should be possible to get it working again.



Thanks for poking at all this!



You are welcome, but anyway, I am very happy that I can contribute a bit.

Further, I'll submit the upstream report here, so that you can close this
report.

Cheers,
Wolf

Bug#1033921: debian-installer: Weekly build of d-i fails to find ipw2x00 firmware package

[Charles Curley]

On Tue, 4 Apr 2023 07:57:34 +0200
Pascal Hambourg  wrote:

> On 04/04/2023 at 01:46, Cyril Brulebois wrote:
> > 
> > Everything seems to be working as intended…  
> 
> Yes. The package is found but rejected because of licence issue. This
> is the expected effect of "Fix files removal for non-accepted
> firmware packages (#1032377)", although it might be seen by users as
> a regression.

I agree, it is a regression, and silently eliding over the problem is
an unacceptable way to handle it. I believe that this approach
contravenes the spirit if not the letter of the vote to include
proprietary blobs in the Debian Installer.

It used to be possible to accept the license, use the firmware, and
continue. That should now be the approach.

> 
> > Arguably check-missing-firmware could be more verbose about what
> > happens around license accepting.  
> 
> Yes, at the least.

Agreed.



-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Bug#1033946: unblock: unknown-horizons/2019.1-6

[Tobias Frost]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: unknown-horiz...@packages.debian.org
Control: affects -1 + src:unknown-horizons

Please unblock package unknown-horizons

This updates fixes #1033833: the package font-unifont
dropped shipping unifont.ttf last summer, and this breaks
unknown-horizons/2019.1-5 as the symlink to the font is no
longer valid and the game fails to load.

The update fixes the symlink to the otf font, which works
with the game as well.

[ Impact ]
Game would be broken.

[ Risks ]
This game is a leaf package.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock unknown-horizons/2019.1-6
diff -Nru unknown-horizons-2019.1/debian/changelog 
unknown-horizons-2019.1/debian/changelog
--- unknown-horizons-2019.1/debian/changelog2022-08-28 13:16:18.0 
+0200
+++ unknown-horizons-2019.1/debian/changelog2023-04-03 19:23:41.0 
+0200
@@ -1,3 +1,11 @@
+unknown-horizons (2019.1-6) unstable; urgency=medium
+
+  * Team upload.
+  * add d/clean: enable building twice from source tree, delete created files.
+  * Replace link to unifont.ttf with unifont.otf. (Closes: #1033833)
+
+ -- Tobias Frost   Mon, 03 Apr 2023 19:23:41 +0200
+
 unknown-horizons (2019.1-5) unstable; urgency=medium
 
   * Team upload.
diff -Nru unknown-horizons-2019.1/debian/clean 
unknown-horizons-2019.1/debian/clean
--- unknown-horizons-2019.1/debian/clean1970-01-01 01:00:00.0 
+0100
+++ unknown-horizons-2019.1/debian/clean2023-04-03 19:08:30.0 
+0200
@@ -0,0 +1,6 @@
+content/gfx/atlas/*png
+.cache/
+content/actionsets.json
+content/tilesets.json
+UnknownHorizons.egg-info/
+content/atlas.sql
diff -Nru unknown-horizons-2019.1/debian/links 
unknown-horizons-2019.1/debian/links
--- unknown-horizons-2019.1/debian/links2022-08-27 15:26:54.0 
+0200
+++ unknown-horizons-2019.1/debian/links2023-04-03 19:13:03.0 
+0200
@@ -1 +1 @@
-/usr/share/fonts/truetype/unifont/unifont.ttf 
/usr/share/unknown-horizons/content/fonts/Unifont.ttf
+/usr/share/fonts/opentype/unifont/unifont.otf 
/usr/share/unknown-horizons/content/fonts/Unifont.ttf

Bug#1033608: Exception: ModuleNotFoundError: No module named 'core.pe.photo'

[Luca Falavigna]

tags 1033608 + moreinfo + unreproducible
thanks


Hi Ionuț,

Il giorno mar 28 mar 2023 alle ore 16:03 Ionuț Ciocîrlan
 ha scritto:
> In the debian package these symlinks are missing, and emptu directories
> are created instead (although the lib files are built and packaged).

I just checked in a fresh system and symlinks are correctly placed.
Also see latest amd64 build:
https://buildd.debian.org/status/fetch.php?pkg=dupeguru=amd64=4.3.1-3%2Bb1=1672837551=0
lrwxrwxrwx root/root 0 2023-01-04 13:05
./usr/share/dupeguru/core/pe -> ../../../lib/dupeguru/core/pe
lrwxrwxrwx root/root 0 2023-01-04 13:05
./usr/share/dupeguru/qt/pe -> ../../../lib/dupeguru/qt/pe

-- 
Cheers,
Luca

Bug#1033948: RFS: png2svg/1.5.2-1 [ITP] -- CLI utility for converting small PNG images to SVG Tiny 1.2

[肖盛文]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "png2svg":

* Package name : png2svg
Version : 1.5.2-1
Upstream contact : Alexander F. Rødseth 
* URL : https://github.com/xyproto/png2svg
* License : MIT, Unlicense
* Vcs : https://gitee.com/atzlinux/png2svg
Section : graphics

The source builds the following binary packages:

png2svg - CLI utility for converting small PNG images to SVG Tiny 1.2

To access further information about this package, please visit the 
following URL:


https://mentors.debian.net/package/png2svg/

Alternatively, you can download the package with 'dget' using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/p/png2svg/png2svg_1.5.2-1.dsc


Changes for the initial release:

png2svg (1.5.2-1) unstable; urgency=low
.
* Initial release (Closes: #1033925)

Regards,

--
肖盛文 xiao sheng wen
https://www.atzlinux.com 《铜豌豆 Linux》基于 Debian 的 Linux 中文 桌面 操作系统
Debian QA page: https://qa.debian.org/developer.php?login=atzlinux%40sina.com
Debian salsa: https://salsa.debian.org/atzlinux-guest
GnuPG Public Key: 0x00186602339240CB



OpenPGP_signature
Description: OpenPGP digital signature