Bug#1038863: Acknowledgement (coreutils: date : shows the wrong information, 24 hours before)

[Miquel Gual Torner]

I'm sorry

you can close the error

My mistake in the script.

Bug#1039939: librust-wyz-dev: impossible to install

[Jonas Smedegaard]

Quoting Jeremy Bícha (2023-06-29 21:48:18)
> Control: tags -1 pending
> 
> rust-typemap, the required dependency is awaiting review in the NEW queue.
> 
> https://ftp-master.debian.org/new/rust-typemap_0.3.3-1.html
> 
> By the way, have you seen this report? Hovering over the architecture
> provides a guess as to what dependency is missing.

Thanks for these status reports, they are helpful.

No, I did not trace the dependency tree to try second-guess *why* the
package got broken.

What I generally do is a) double-check that indeed the package it
completely impossible to install, then b) silently curse the Rust team
for flagging all autopkgtests as "skip-not-installable" so that this
class of bugs require manual reporting, then c) check if the package is
already lingering in NEW, and finally d) file a bugreport.

Sometimes I skip c), partly out of frustration as per b), and partly
because the bug is still a bug when in the process of getting fixed.

Kind regards,


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1033671: MD5File() goes into an unconditional infinite loop on bullseye

[Guillem Jover]

Hi!

On Fri, 2023-03-31 at 13:43:03 +0200, Guillem Jover wrote:
> Control: fixed -1 0.11.4-1
> Control: severity -1 serious
> 
> On Wed, 2023-03-29 at 20:51:07 +0200, Guillaume Morin wrote:
> > Package: libbsd0
> > Version: 0.11.3-1
> > Tags: patch,upstream,fixed-upstream,bullseye
> 
> > MD5File in bullseye is essentially an infinite loop. It just calls
> > itself.
> > 
> > The simplest fix is
> > 
> > --- a/src/md5.c
> > +++ b/src/md5.c
> > @@ -105,7 +105,7 @@
> >  MD5File(const char *filename, char *buf)
> >  {
> > libmd_wrapper(MD5File);
> > -   return MD5File(filename, buf);
> > +   return libmd_MD5File(filename, buf);
> >  }
> >  
> >  char *
> > 
> > This was fixed upstream by 
> > https://gitlab.freedesktop.org/libbsd/libbsd/-/commit/e7cf8c5785b14fc8fbd37bb665a5f9a4f28c7888
> 
> Ah, nice catch! I think I missed that during the switch. I'll be
> preparing a stable update later today to propose to the release team.

This was filed at the time as .
Adding for reference as I wondered now whether I had done so. :)

Thanks,
Guillem

Bug#1039958: autopkgtest-build-podman: Image creation fails with "sd-bus call: Permission denied"

[Gioele Barabucci]

Package: autopkgtest
Version: 5.28
Severity: important
X-Debbugs-Cc: gio...@svario.it

Running `autopkgtest-build-podman --image debian:sid` always fails
during the last step:

```
STEP 13/13: RUN sh -eux /opt/autopkgtest/setup-testbed /
error running container: from /usr/bin/crun creating container for 
[/bin/sh -c sh -eux /opt/autopkgtest/setup-testbed /]: sd-bus call: 
Permission denied: Permission denied

```

This happens on a normal Bookworm machine running systemd, while I'm
logged in via ssh.

Logs:

```
$ autopkgtest-build-podman --image debian:sid
INFO:autopkgtest-build-docker:['podman', 'build', 
'--build-arg=IMAGE=debian:sid', '--tag', 'autopkgtest/debian:sid', 
'--build-arg=AUTOPKGTEST_APT_PROXY=', '
--build-arg=AUTOPKGTEST_KEEP_APT_SOURCES=yes', 
'--build-arg=AUTOPKGTEST_SETUP_APT_PROXY=', 
'--build-arg=AUTOPKGTEST_SETUP_VM_POST_COMMAND=true', '--build-ar

g=RELEASE=sid', '/tmp/tmpc1ehvx3t']
WARN[] The cgroupv2 manager is set to systemd but there is no 
systemd user session available

WARN[] For using systemd, you may need to login using an user session
WARN[] Alternatively, you can enable lingering with: `loginctl 
enable-linger 1000` (possibly as root)

WARN[] Falling back to --cgroup-manager=cgroupfs
STEP 1/13: FROM debian:sid
Resolved "debian" as an alias 
(/etc/containers/registries.conf.d/shortnames.conf)

Trying to pull docker.io/library/debian:sid...
Getting image source signatures
Copying blob 2e79cba44192 done
WARN[0008] Trying to create a layer 
"e214315965a2b5ccbd42ab67539d5233dbde9a7019d784610da872bfbd7e9a79" while 
directory "/var/cache/podman/overlay/e214315965Copying blob 2e79cba44192 
done

Copying config 4b2de9ef18 done
Writing manifest to image destination
Storing signatures
STEP 2/13: ARG AUTOPKGTEST_BUILD_DOCKER=1
--> b22e8c1c457
STEP 3/13: ARG AUTOPKGTEST_APT_PROXY=
--> 0501b566487
STEP 4/13: ARG AUTOPKGTEST_APT_SOURCES=
--> 760aa90c960
STEP 5/13: ARG AUTOPKGTEST_KEEP_APT_SOURCES=
--> bd1b696354d
STEP 6/13: ARG AUTOPKGTEST_SETUP_APT_PROXY=
--> d8461af9d71
STEP 7/13: ARG AUTOPKGTEST_SETUP_INIT_SYSTEM=
--> 0da0d497018
STEP 8/13: ARG AUTOPKGTEST_SETUP_VM_POST_COMMAND=
--> 360f99c572b
STEP 9/13: ARG AUTOPKGTEST_SETUP_VM_UPGRADE=
--> 253b6c84909
STEP 10/13: ARG MIRROR=
--> 614b5909df4
STEP 11/13: ARG RELEASE=
--> 4a7e36a1d8a
STEP 12/13: COPY setup-testbed /opt/autopkgtest/setup-testbed
--> d614a626cb0
STEP 13/13: RUN sh -eux /opt/autopkgtest/setup-testbed /
error running container: from /usr/bin/crun creating container for 
[/bin/sh -c sh -eux /opt/autopkgtest/setup-testbed /]: sd-bus call: 
Permission denied: Permission denied

: exit status 1
Error: building at STEP "RUN sh -eux /opt/autopkgtest/setup-testbed /": 
while running runtime: exit status 1


$ loginctl list-sessions
SESSION  UID USER   SEAT TTY
  2 1000 gioele  pts/0

1 sessions listed.

$ loginctl user-status | head -n6
gioele (1000)
   Since: Fri 2023-06-30 08:40:27 CEST; 22min ago
   State: active
Sessions: *2
  Linger: yes
Unit: user-1000.slice
```


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-cloud-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages autopkgtest depends on:
ii  apt-utils   2.6.1
ii  libdpkg-perl1.21.22
ii  procps  2:4.0.2-3
ii  python3 3.11.2-1+b1
ii  python3-debian  0.1.49

Versions of packages autopkgtest recommends:
ii  autodep8  0.28
ii  fakeroot  1.31-1.2

Versions of packages autopkgtest suggests:
pn  docker.io
pn  fakemachine  
ii  lxc  1:5.0.2-1
pn  lxd  
pn  ovmf 
pn  ovmf-ia32
ii  podman   4.3.1+ds1-8+b1
ii  python3-distro-info  1.5
pn  qemu-efi-aarch64 
pn  qemu-efi-arm 
pn  qemu-system  
ii  qemu-utils   1:7.2+dfsg-7
pn  schroot  
ii  util-linux   2.38.1-5+b1
ii  vmdb20.27+really.0.26-1
ii  zerofree 1.1.1-1

-- no debconf information

Bug#1039959: protobuf: binary-any FTBFS

[Adrian Bunk]

Source: protobuf
Version: 3.21.12-4
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=protobuf&ver=3.21.12-4

...
 debian/rules clean
dh clean --with autoreconf,elpa,javahelper
dh: error: unable to load addon javahelper: Can't locate 
Debian/Debhelper/Sequence/javahelper.pm in @INC (you may need to install the 
Debian::Debhelper::Sequence::javahelper module) (@INC contains: /etc/perl 
/usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 
/usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 
/usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 
/usr/share/perl/5.36 /usr/local/lib/site_perl) at (eval 15) line 1.
BEGIN failed--compilation aborted at (eval 15) line 1.

make: *** [debian/rules:23: clean] Error 25

Bug#1039960: spamassassin-maint deprecated method; prefer $rr->rdstring

[Francois Mescam]

Package: spamassassin
Version: 4.0.0-6
Severity: normal

Dear Maintainer,

In the logs I've the message 
spamassassin-maint[1026416]: deprecated method; prefer $rr->rdstring() at 
/usr/bin/sa-update line 1460.

Regards

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages spamassassin depends on:
ii  adduser 3.134
ii  curl7.88.1-10
ii  libhtml-parser-perl 3.81-1
ii  libhttp-date-perl   6.05-2
ii  libio-string-perl   1.08-4
ii  libmail-dkim-perl   1.20230212-1
ii  libnet-dns-perl 1.39-2
ii  libnetaddr-ip-perl  4.079+dfsg-2+b1
ii  libsocket6-perl 0.29-3
ii  libsys-hostname-long-perl   1.5-3
ii  libwww-perl 6.71-1
ii  lsb-base11.6
ii  perl [libarchive-tar-perl]  5.36.0-7
ii  sysvinit-utils [lsb-base]   3.06-4
ii  w3m 0.5.3+git20230121-2

Versions of packages spamassassin recommends:
ii  gnupg  2.2.40-1.1
ii  libbsd-resource-perl   1.2911-2+b1
pn  libmail-dmarc-perl 
ii  libmail-spf-perl   2.9.0-5
ii  perl [libsys-syslog-perl]  5.36.0-7
ii  sa-compile 4.0.0-6
ii  spamc  4.0.0-6

Versions of packages spamassassin suggests:
ii  libdbi-perl   1.643-4
ii  libencode-detect-perl 1.01-6+b1
pn  libgeoip2-perl
ii  libio-socket-ssl-perl 2.083-1
ii  libnet-patricia-perl  1.22-2+b1
ii  perl [libcompress-zlib-perl]  5.36.0-7
ii  pyzor 1:1.0.0-6
ii  razor 1:2.85-9

-- Configuration Files:
/etc/spamassassin/local.cf changed:
dns_query_restriction deny multi.uribl.com
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
endif # Mail::SpamAssassin::Plugin::Shortcircuit


-- no debconf information

Bug#1039961: transition: libexecs

[Mattia Rizzolo]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: libex...@packages.debian.org
Control: affects -1 + src:libexecs
Control: submitter -1 Renzo Davoli 

Hi,

I'd like to ask for permission to carry out this small transition here:
https://release.debian.org/transitions/html/auto-libexecs.html

All the relevant rev-deps are OK and binNMUs would take care of them.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#1000003: (no subject)

[Sune Stolborg Vuorela]

forwarded -1 https://gitlab.com/pdfgrep/pdfgrep/-/issues/58
thanks

-- 
I didn’t stop pretending when I became an adult, it’s just that when I was a 
kid I was pretending that I fit into the rules and structures of this world. 
And now that I’m an adult, I pretend that those rules and structures exist.
   - zefrank

Bug#1038000: bookworm-pu: package texlive-bin/2022.20220321.62855-5.1+deb12u1

[Preuße]

On 30.06.2023 00:11, Hilmar Preuße wrote:

On 6/28/23 09:01, Jonathan Wiltshire wrote:


Hi Jonathan,


When do you expect the bugs to be closed in unstable?


I've pushed the new texlive-bin and the context package to unstable. >
The build fails on: i386. I guess I know the root cause and prepare a 
new package. Sorry for the noise!


5.1+deb12u1 needs to be updated too.

Hilmar
--
sigfault



OpenPGP_0x0C871C4C653C1F59.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1039859: (no subject)

[Christian Beier]

Same here,

Running GNOME 43.4 on Wayland, OpenGL renderer string: AMD Radeon 
Graphics (renoir, LLVM 15.0.6, DRM 3.49, 6.1.0-9-amd64).


Note that I can get at least the waveform display back if I switch from 
"RGB (GLSL)" to "RGB". The virtual turntable elements are still 
transparent and flickery.


Maybe a Qt issue?

--
Christian Beier

what is, is; what is not is possible.

Bug#1039962: libunwind-dev is not stripped

[Matthias Klose]

Package: src:libunwind
Version: 1.6.2-3

the packaging overrides dh_strip, not stripping the libunwind-dev package. Is 
there a reason for that?


Seen when building with LTO enabled, the LTO information still stays in the .a 
files.

Bug#1039963: texlive-bin FTBFS on i386

[Adrian Bunk]

Source: texlive-bin
Version: 2022.20220321.62855-6
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/fetch.php?pkg=texlive-bin&arch=i386&ver=2022.20220321.62855-6&stamp=1688079371&raw=0

...
dh_install --sourcedir=/<>/debian/tmp
dh_install: warning: Cannot find (any matches for) 
"usr/lib/*/libtexluajit.so.2.*.*" (tried in /<>/debian/tmp, 
debian/tmp)

dh_install: warning: libtexluajit2 missing files: 
usr/lib/*/libtexluajit.so.2.*.*
dh_install: warning: Cannot find (any matches for) 
"usr/lib/*/libtexluajit.so.2" (tried in /<>/debian/tmp, debian/tmp)

dh_install: warning: libtexluajit2 missing files: usr/lib/*/libtexluajit.so.2
dh_install: warning: Cannot find (any matches for) "usr/lib/*/libtexluajit.a" 
(tried in /<>/debian/tmp, debian/tmp)

dh_install: warning: libtexluajit-dev missing files: usr/lib/*/libtexluajit.a
dh_install: warning: Cannot find (any matches for) "usr/lib/*/libtexluajit.so" 
(tried in /<>/debian/tmp, debian/tmp)

dh_install: warning: libtexluajit-dev missing files: usr/lib/*/libtexluajit.so
dh_install: warning: Cannot find (any matches for) 
"usr/lib/*/pkgconfig/texluajit.pc" (tried in /<>/debian/tmp, 
debian/tmp)

dh_install: warning: libtexluajit-dev missing files: 
usr/lib/*/pkgconfig/texluajit.pc
dh_install: warning: Cannot find (any matches for) "usr/include/texluajit/*" 
(tried in /<>/debian/tmp, debian/tmp)

dh_install: warning: libtexluajit-dev missing files: usr/include/texluajit/*
dh_install: error: missing files, aborting
make[1]: *** [debian/rules:168: override_dh_install-arch] Error 25


The architecture list also has to be adjusted in debian/control.

Bug#1039964: Error: Could not get config object.

[Daniel Teichmann]

Package: gosa
Severity: normal

Instead of showing a blank page and telling the user to contact the system 
admin, we should
display the logging mask again, which fixes the issue in my tests.

This is not release critical imo..

Bug#1039965: linux-image-6.1.0-9-amd64: crash on boot

[Richard Rahl]

Package: src:linux
Version: 6.1.27-1
Severity: important
X-Debbugs-Cc: rra...@proton.me

Dear Maintainer,

When I installed Debian 12 (mostly default, except XFS as FS), I get a non-
bootable system. When I select the correct entry in Grub, and for a second text
flies by, and the second it tries to switch over to Plymouth (screen turns off
to switch to a different mode) the laptop (Dell Latitude 5490) crashes.

The only fix I can find is, to boot with nomodeset or blacklist i915. Running
6.3.0-1 from testing, fixes this issue.


-- Package-specific info:
** Version:
Linux version 6.1.0-9-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 
12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP 
PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08)

** Command line:
BOOT_IMAGE=/vmlinuz-6.1.0-9-amd64 
root=UUID=4afbd2ab-539b-41ae-83b8-0018512b415e ro quiet splash nomodeset

** Tainted: PO (4097)
 * proprietary module was loaded
 * externally-built ("out-of-tree") module was loaded

** Kernel log:
[   32.305256] Bluetooth: hci0: Bootloader revision 0.0 build 26 week 38 2015
[   32.306252] Bluetooth: hci0: Device revision is 16
[   32.306254] Bluetooth: hci0: Secure boot is enabled
[   32.306255] Bluetooth: hci0: OTP lock is enabled
[   32.306255] Bluetooth: hci0: API lock is enabled
[   32.306256] Bluetooth: hci0: Debug lock is disabled
[   32.306257] Bluetooth: hci0: Minimum firmware build 1 week 10 2014
[   32.307641] bluetooth hci0: firmware: direct-loading firmware 
intel/ibt-12-16.sfi
[   32.307645] Bluetooth: hci0: Found device firmware: intel/ibt-12-16.sfi
[   32.314605] iwlwifi :02:00.0 wlp2s0: renamed from wlan0
[   32.481849] XFS (nvme0n1p2): Mounting V5 Filesystem
[   32.496479] XFS (nvme0n1p2): Ending clean mount
[   32.599615] usb 1-7: USB disconnect, device number 3
[   32.599651] Bluetooth: hci0: sending frame failed (-19)
[   32.599703] Bluetooth: hci0: Failed to send firmware data (-19)
[   32.599713] Bluetooth: hci0: sending frame failed (-19)
[   32.599794] Bluetooth: hci0: FW download error recovery failed (-19)
[   34.829258] spl: loading out-of-tree module taints kernel.
[   34.848689] znvpair: module license 'CDDL' taints kernel.
[   34.848692] Disabling lock debugging due to kernel taint
[   35.399574] ZFS: Loaded module v2.1.11-1, ZFS pool version 5000, ZFS 
filesystem version 5
[   35.495277] audit: type=1400 audit(1688113194.854:4): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="/usr/bin/lxc-start" pid=783 
comm="apparmor_parser"
[   35.496962] audit: type=1400 audit(1688113194.858:5): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="libreoffice-oosplash" 
pid=785 comm="apparmor_parser"
[   35.497507] audit: type=1400 audit(1688113194.858:6): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="lsb_release" pid=778 
comm="apparmor_parser"
[   35.497772] audit: type=1400 audit(1688113194.858:7): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=784 
comm="apparmor_parser"
[   35.49] audit: type=1400 audit(1688113194.858:8): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="man_filter" pid=784 
comm="apparmor_parser"
[   35.497780] audit: type=1400 audit(1688113194.858:9): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="man_groff" pid=784 
comm="apparmor_parser"
[   35.498256] audit: type=1400 audit(1688113194.858:10): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="nvidia_modprobe" pid=780 
comm="apparmor_parser"
[   35.498262] audit: type=1400 audit(1688113194.858:11): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="nvidia_modprobe//kmod" 
pid=780 comm="apparmor_parser"
[   35.501263] audit: type=1400 audit(1688113194.862:12): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="libreoffice-senddoc" 
pid=787 comm="apparmor_parser"
[   35.502535] audit: type=1400 audit(1688113194.862:13): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="libreoffice-xpdfimport" 
pid=789 comm="apparmor_parser"
[   35.724680] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[   35.724683] Bluetooth: BNEP filters: protocol multicast
[   35.724687] Bluetooth: BNEP socket layer initialized
[   35.795035] loop0: detected capacity change from 0 to 8
[   35.810092] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[   35.817657] NET: Registered PF_QIPCRTR protocol family
[   36.387698] pcieport :00:1c.0: Intel SPT PCH root port ACS workaround 
enabled
[   47.666849] Lockdown: Xorg: raw io port access is restricted; see man 
kernel_lockdown.7
[   48.930635] Lockdown: systemd-logind: hibernation is restricted; see man 
kernel_lockdown.7
[   49.196704] rfkill: input handler disabled
[   52.905785] rfkill: input handler enabled
[   52.995910] Lockdown: Xorg: raw io port access is restricted; see man 
kernel_lockdown.7
[   54.618430] Lockdown: systemd-logind: hibernation i

Bug#1039966: isc-dhcp-server.service: Could not get Tjener LDAP object (but it exists).

[Daniel Teichmann]

Package: debian-edu-config
Severity: important

Error messages popping up in syslog on newly installed systems..

gber (Guido Berhörster) can reproduce this issue.

less /var/log/syslog: ```
2023-06-30T10:02:19.424921+02:00 tjener systemd[1]: Starting 
isc-dhcp-server.service - DHCP server...
2023-06-30T10:02:19.439804+02:00 tjener kernel: [158732.008135] audit: 
type=1400 audit(1688112139.433:56880): apparmor="DENIED" operation="open" 
profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" 
pid=138165 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2023-06-30T10:02:19.439829+02:00 tjener kernel: [158732.008359] audit: 
type=1400 audit(1688112139.433:56881): apparmor="DENIED" operation="open" 
profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" 
pid=138165 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2023-06-30T10:02:20.655827+02:00 tjener kernel: [158733.222839] audit: 
type=1400 audit(1688112140.649:56882): apparmor="DENIED" operation="open" 
profile="/usr/sbin/dhcpd" name="/etc/gss/mech.d/" pid=138165 comm="dhcpd" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2023-06-30T10:02:20.655852+02:00 tjener kernel: [158733.224031] audit: 
type=1400 audit(1688112140.649:56883): apparmor="DENIED" operation="open" 
profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" 
pid=138165 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2023-06-30T10:02:21.863147+02:00 tjener dhcpd[138165]: Cannot find host LDAP 
entry tjener (&(objectClass=dhcpServer)(cn=tjener))
2023-06-30T10:02:21.863502+02:00 tjener dhcpd[138165]: Configuration file 
errors encountered -- exiting
2023-06-30T10:02:21.863661+02:00 tjener dhcpd[138165]: 
2023-06-30T10:02:21.863791+02:00 tjener dhcpd[138165]: If you think you have 
received this message due to a bug rather
2023-06-30T10:02:21.863902+02:00 tjener dhcpd[138165]: than a configuration 
issue please read the section on submitting
2023-06-30T10:02:21.864040+02:00 tjener dhcpd[138165]: bugs on either our web 
page at www.isc.org or in the README file
2023-06-30T10:02:21.864147+02:00 tjener dhcpd[138165]: before submitting a bug. 
 These pages explain the proper
2023-06-30T10:02:21.864252+02:00 tjener dhcpd[138165]: process and the 
information we find helpful for debugging.
2023-06-30T10:02:21.864353+02:00 tjener dhcpd[138165]: 
2023-06-30T10:02:21.864450+02:00 tjener dhcpd[138165]: exiting.
2023-06-30T10:02:21.865527+02:00 tjener systemd[1]: isc-dhcp-server.service: 
Control process exited, code=exited, status=1/FAILURE
2023-06-30T10:02:21.865864+02:00 tjener systemd[1]: isc-dhcp-server.service: 
Failed with result 'exit-code'.
2023-06-30T10:02:21.866119+02:00 tjener systemd[1]: Failed to start 
isc-dhcp-server.service - DHCP server.
2023-06-30T10:02:23.893575+02:00 tjener systemd[1]: isc-dhcp-server.service: 
Scheduled restart job, restart counter is at 9475.
```

Bug#1008016: ITP: safe-network -- network routing and service daemon for the Safe Network

[Jonas Smedegaard]

0.85.6 draft 1 needs embedding 193 crates (148 missing, 2 broken, 1 unwanted, 
34 outdated, 8 ahead); runs but functionality not yet properly tested

Main tasks now are to keep package up-to-date with upstream releases, and
to package more of the crates currently embedded.

Here's how you can help:

As user running Debian, you can test this draft package: Either build it
yourself from source or tell (by posting to this bugreport) if you
prefer testing the binary packages I built - then I will share those.

As developer (but no need to be official member of Debian!), you can
join the Debian Rust team and help package these missing crates:
https://salsa.debian.org/debian/safe-network/-/blob/debian/latest/debian/TODO


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1038616: bookworm-pu: package network-manager-strongswan/1.6.0-1+deb12u1

[Harald Dunkel]

Thank you very much. Have a nice weekend

Harri

Bug#1036752: (no subject)

[robin]

Control: severity -1 important

Bug#1036752: [Pkg-rust-maintainers] Bug#1036752: (no subject)

[Sylvestre Ledru]

Please stop.
This isn't an important bug.
a bug which has a major effect on the usability of a package,
batcat --help provides similar information.

Sylvestre


Le 30/06/2023 à 12:23, ro...@gmail.com a écrit :

Control: severity -1 important

___
Pkg-rust-maintainers mailing list
pkg-rust-maintain...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-rust-maintainers

Bug#1036752: [Pkg-rust-maintainers] Bug#1036752: (no subject)

[Sylvestre Ledru]

Please stop.
This isn't an important bug.
a bug which has a major effect on the usability of a package,
batcat --help provides similar information.

Sylvestre


Le 30/06/2023 à 12:23, ro...@gmail.com a écrit :

Control: severity -1 important

___
Pkg-rust-maintainers mailing list
pkg-rust-maintain...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-rust-maintainers

Bug#1035431: desktop-base: leaves alternatives after purge:

[Andreas Beckmann]

Followup-For: Bug #1035431
Control: tag -1 pending

Hi,

I've just uploaded my patch as a NMU to DELAYED/10 with the intention to
get this fixed in bookworm, too.
Please let me know it I should delay it longer or cancel it.


Andreas

Bug#1039958: autopkgtest-build-podman: Image creation fails with "sd-bus call: Permission denied"

[Gioele Barabucci]

Control: block -1 by 1013344

autopkgtest-build-podman's failure is due to the issue reported in [1], 
i.e. the Debian setup of podman requires `dbus-user-session`, but none 
of the podman-related packages Depends on it.


[1] https://bugs.debian.org/1013344

--
Gioele Barabucci

Bug#1039967: [PATCH] autofs: Fix hang on kerberos authenticated ldap

[Christian Tacke]

Package: autofs
Version: 5.1.8-2
Tags: patch, fixed-upstream

Hi,

With kerberos authenticated ldap we experienced hangs
during startup of automount.

This has already been fixed in upstreams git [1].

Could you please fix this in a point release for bookworm
(and bullseye)?


Christian Tacke

[1]: 
https://git.kernel.org/pub/scm/linux/storage/autofs/autofs.git/commit/?id=b2571ed0df973a6dc6a8e661874655fa7cecdc37

-- 
www.gsi.de
commit d5d375b6386f493e2ebc3866805e6a52eb34a2ae
Author: Christian Tacke 
AuthorDate: Fri Jun 30 12:52:27 2023 +0200
Commit: Christian Tacke 
CommitDate: Fri Jun 30 12:52:27 2023 +0200

debian/patches: Add fix-missing-unlock-in-sasl_do_kinit_ext_cc.patch

Patch from upstream.

Do not hang in kerberos authenticated ldap.

diff --git a/debian/changelog b/debian/changelog
index 5ff4f1c..baf9910 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+autofs (5.1.8-3) UNRELEASED; urgency=medium
+
+  [ Christian Tacke ]
+  * debian/patches:
+* Add fix-missing-unlock-in-sasl_do_kinit_ext_cc.patch from upstream.
+  Do not hang in kerberos authenticated ldap.
+
+ -- Mike Gabriel   Fri, 30 Jun 2023 12:06:48 +0200
+
 autofs (5.1.8-2) unstable; urgency=medium
 
   [ Mike Gabriel ]
diff --git a/debian/patches/fix-missing-unlock-in-sasl_do_kinit_ext_cc.patch b/debian/patches/fix-missing-unlock-in-sasl_do_kinit_ext_cc.patch
new file mode 100644
index 000..7482240
--- /dev/null
+++ b/debian/patches/fix-missing-unlock-in-sasl_do_kinit_ext_cc.patch
@@ -0,0 +1,41 @@
+Origin: https://git.kernel.org/pub/scm/linux/storage/autofs/autofs.git/commit/?id=b2571ed0df973a6dc6a8e661874655fa7cecdc37
+
+commit b2571ed0df973a6dc6a8e661874655fa7cecdc37
+Author: James Dingwall 
+Date:   Wed Jul 20 13:22:38 2022 +0800
+
+autofs-5.1.8 - fix missing unlock in sasl_do_kinit_ext_cc()
+
+There is a missing mutex unlock in function sasl_do_kinit_ext_cc(),
+fix it.
+
+Signed-off-by: James Dingwall 
+Signed-off-by: Ian Kent 
+
+# diff --git a/CHANGELOG b/CHANGELOG
+# index 1f7c93a..e0b285d 100644
+# --- a/CHANGELOG
+# +++ b/CHANGELOG
+# @@ -27,6 +27,7 @@
+#  - add autofs_strerror_r() helper for musl.
+#  - update configure.
+#  - handle innetgr() not present in musl.
+# +- fix missing unlock in sasl_do_kinit_ext_cc().
+#  
+#  19/10/2021 autofs-5.1.8
+#  - add xdr_exports().
+diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
+index ae046e0..738e363 100644
+--- a/modules/cyrus-sasl.c
 b/modules/cyrus-sasl.c
+@@ -721,6 +721,10 @@ sasl_do_kinit_ext_cc(unsigned logopt, struct lookup_context *ctxt)
+ 
+ 	debug(logopt, "Kerberos authentication was successful!");
+ 
++	status = pthread_mutex_unlock(&krb5cc_mutex);
++	if (status)
++		fatal(status);
++
+ 	return 0;
+ 
+ out_cleanup_def_princ:
diff --git a/debian/patches/series b/debian/patches/series
index 932a3d3..929541a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ spelling-error-fixes.patch
 fix-lookup-ldap-crash.patch
 fix-nfs4-mounts-in-auto-net.patch
 fix-nfs4-only-mounts-should-not-use-rpcbind.patch
+fix-missing-unlock-in-sasl_do_kinit_ext_cc.patch

Bug#1039968: python3-tvdb-api: Incompatible with requests-cache version in repositories

[Bernat Arlandis]

Package: python3-tvdb-api
Version: 3.1-2
Severity: serious
Tags: upstream newcomer
Justification: Policy 2.2.1

Dear Maintainer,

This bug renders the package tvnamer completely useless. It always fails with
this error when trying to connect remotely to TVDB:

Traceback (most recent call last):
  File "/usr/bin/tvnamer", line 6, in 
tvnamer.main.main()
  File "/usr/share/tvnamer/main.py", line 474, in main
tvnamer(paths = sorted(args))
  File "/usr/share/tvnamer/main.py", line 370, in tvnamer
processFile(tvdb_instance, episode)
  File "/usr/share/tvnamer/main.py", line 175, in processFile
episode.populateFromTvdb(tvdb_instance, force_name=Config['force_name'],
series_id=Config['series_id'])
  File "/usr/share/tvnamer/utils.py", line 641, in populateFromTvdb
show = tvdb_instance[force_name or self.seriesname]
   ~^^^
  File "/usr/lib/python3/dist-packages/tvdb_api.py", line 1152, in __getitem__
sid = self._nameToSid(key)
  
  File "/usr/lib/python3/dist-packages/tvdb_api.py", line 1136, in _nameToSid
selected_series = self._getSeries(name)
  ^
  File "/usr/lib/python3/dist-packages/tvdb_api.py", line 935, in _getSeries
all_series = self.search(series)
 ^^^
  File "/usr/lib/python3/dist-packages/tvdb_api.py", line 914, in search
series_resp = self._getetsrc(self.config['url_getSeries'] % (series))
  ^^^
  File "/usr/lib/python3/dist-packages/tvdb_api.py", line 874, in _getetsrc
src = self._loadUrl(url, language=language)
  ^
  File "/usr/lib/python3/dist-packages/tvdb_api.py", line 811, in _loadUrl
self.authorize()
  File "/usr/lib/python3/dist-packages/tvdb_api.py", line 859, in authorize
r = self.session.post(
^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 635, in post
return self.request("POST", url, data=data, json=json, **kwargs)
   ^
  File "/usr/lib/python3/dist-packages/requests_cache/session.py", line 115, in
request
return super().request(method, url, *args, **kwargs)
   ^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 587, in
request
resp = self.send(prep, **send_kwargs)
   ^^
  File "/usr/lib/python3/dist-packages/requests_cache/session.py", line 127, in
send
cache_key = self.cache.create_key(request, **kwargs)

TypeError: create_key() got an unexpected keyword argument 'timeout'

This is due to changes in the API to requests-cache. It seems upstream isn't
updating the code anymore but I've created a PR anyway:
https://github.com/dbr/tvdb_api/pull/105

I've tried these changes in Debian Boookworm and they fix this issue and others
related to changes in requests-cache.

I hope someone can patch these changes into the Debian sources.

Thanks.
Cheers.


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-tvdb-api depends on:
ii  python3 3.11.2-1+b1
ii  python3-requests2.28.1+dfsg-1
ii  python3-requests-cache  0.9.8-1

python3-tvdb-api recommends no packages.

python3-tvdb-api suggests no packages.

-- no debconf information

Bug#1039969: aptitude: Use /run/lock/ instead of /var/lock/

[henrik]

Package: aptitude
Severity: normal

Dear Maintainer,

aptitude still uses /var/lock/ instead of /run/lock/

Please change.

Bug#1039970: xserver-xorg-video-amdgpu debian patch downgrades ChangeLog

[Chris Bainbridge]

Package: xserver-xorg-video-amdgpu
Version: 23.0.0-1

Small issue but I noticed that `apt-get source
xserver-xorg-video-amdgpu` applies a patch
(xserver-xorg-video-amdgpu_23.0.0-1.diff.gz) which downgrades the
original ChangeLog from 23.0.0 to 19.1.0, e.g.:

+++ xserver-xorg-video-amdgpu-23.0.0/ChangeLog
@@ -1,697 +1,3 @@
-commit 7025aefcdf9673665588cf291c5d71beb39cce89
-Author: Shashank Sharma 
-Date:   Wed Feb 22 18:00:23 2023 +0100
-
-Bump version for the 23.0.0 release
-
-This release includes some bug fixes.
-
-Signed-off-by: Shashank Sharma 
- ...

After the patch, is applied:

$ head -n5 ChangeLog
commit b467d2569a003da05ad222b0dc095bee5eec450a
Author: Michel Dänzer 
Date:   Fri Oct 11 17:10:10 2019 +0200

Bump version for the 19.1.0 release

Bug#1038616: network-manager-strongswan 1.6.0-1+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1038616 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: network-manager-strongswan
Version: 1.6.0-1+deb12u1

Explanation: build editor component with GTK 4 support

Bug#1038879: bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u1

[Jonathan Wiltshire]

On Tue, Jun 27, 2023 at 08:44:53PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
> 
> 
> This is much more palatable, thank you for persevering with it.
> 
> On Mon, Jun 26, 2023 at 08:18:35PM +0200, Francesco P. Lovergine wrote:
> > diff -Nru proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.NEWS 
> > proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.NEWS
> > --- proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.NEWS2023-03-13 
> > 12:24:28.0 +0100
> > +++ proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.NEWS2023-06-22 
> > 11:15:57.0 +0200
> > @@ -1,3 +1,16 @@
> > +proftpd-dfsg (1.3.8+dfsg-4+deb12u1) bookworm; urgency=medium
> > +
> > +If you upgrade from 1.3.8+dfsg-4 (i.e. th 12.0 edition of bookworm) 
> > note
> 
> Tiny typo at "the". Otherwise it looks fine, please go ahead.
> 

Can I have a source-only upload please? I'll reject the upload for now, you
can reuse the same version.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1038000: bookworm-pu: package texlive-bin/2022.20220321.62855-5.1+deb12u1

[Jonathan Wiltshire]

On Fri, Jun 30, 2023 at 09:56:03AM +0200, =?UTF-8?Q?Preu=C3=9Fe wrote:
> On 30.06.2023 00:11, Hilmar Preuße wrote:
> > On 6/28/23 09:01, Jonathan Wiltshire wrote:
> 
> Hi Jonathan,
> 
> > > When do you expect the bugs to be closed in unstable?
> > > 
> > I've pushed the new texlive-bin and the context package to unstable. >
> The build fails on: i386. I guess I know the root cause and prepare a new
> package. Sorry for the noise!
> 
> 5.1+deb12u1 needs to be updated too.

You also need to target bookwork, not bookworm-proposed-updates, so I'll
reject the uploads and you can re-use the same version number.

Thanks,



-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1039749: Add suport for phpunit 10

[Athos Ribeiro]

A salsa MR with a fix proposal to support phpunit 10 is available at
https://salsa.debian.org/php-team/pear/gregwar-captcha/-/merge_requests/1

--
Athos Ribeiro

Bug#1039926: Will file bug report for complete R transition (Was: Bug#1039926: svglite requires rebuild under R 4.3.*)

[Andreas Tille]

Hi Dirk,

Am Thu, Jun 29, 2023 at 05:52:34PM -0500 schrieb Dirk Eddelbuettel:
> This accidentally omitted
> 
> library(svglite)
> 
> The package loads fine, but like the others will not create a graphics device
> as it was built under the previous R 4.2.* series.

Thanks a lot for your specific bug reports to somehow heal the R
graphics ABI change issue.  I've got the impression there is no good
simple rule to detect the right set of packages that need rebuilt
against r-base 4.3.1 to fix this issue.  I also spotted that vdiffr
needs to be rebuilt to let ggplot2 passing its test suite (and so I
did).

Thus I think it is the best solution to ask the release team for
a full r-base transition (option 2 I suggested in [1]).

BTW, when I was running the autopkgtest of svglite I've spotted an issue
which was solved by Nilesh Patra and reported as #1039955.  I'd like to
make you remind this kind of situation if you might fall back into your
"do not test Debian packages, rather trust CRAN" pattern in future.  We
do not run tests against CRAN code (despite we had spotted mistakes even
there in the past) but we are testing Debian packages which is a
different thing.

I also spotted vdiffr because of the autopkgtest in ggplot2.  It makes
simply sense to test what we are shipping before we ship it to our
users (specifically if we as Debian maintainers like I am are not at
all R experts as I expressed several times).

Kind regards
Andreas.

[1] https://lists.debian.org/debian-r/2023/06/msg00025.html

-- 
http://fam-tille.de

Bug#1039971: ITP: ntpd-rs -- Full-featured implementation of NTP with NTS support in rust

[Sylvestre Ledru]

Package: wnpp
Severity: wishlist
Owner: Sylvestre Ledru 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: ntpd-rs
  Version : 0.3.5
* URL : https://github.com/pendulum-project/ntpd-rs
* License :  Apache-2.0, MIT licenses found 
  Programming Lang: Rust
  Description : Full-featured implementation of NTP with NTS support in rust



ntpd-rs is an NTP implementation written in Rust, with a focus on security and 
stability.
It includes client and server functionality and supports NTS.

Bug#1039967:

[Andreas Hasenack]

We have that patch[1] in Ubuntu, and also DEP8 tests that use autofs
with kerberos and sasl authentication mechanisms[2] (and patches for
problems in that area: autofs 5.1.8 was a bit disruptive). Note these
tests require a VM, like the other existing DEP8 tests, but I can
prepare a PR for this new one if the maintainer is willing to consider
it.

1. 
https://git.launchpad.net/ubuntu/+source/autofs/tree/debian/patches/autofs-5.1.8-ldap-kerberos-leads-to-automount-hang-p.patch
2. 
https://git.launchpad.net/ubuntu/+source/autofs/tree/debian/tests/ldap-map-sasl-auth

Bug#1039972: RFP: soju -- user friendly irc bouncer

[David Bremner]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: debian...@lists.debian.org

* Package name: soju
  Version : 0.6.2
  Upstream Contact: Simon Ser 
* URL : https://soju.org
* License : AGPL3
  Programming Lang: golang
  Description : soju

soju is a user-friendly IRC bouncer. soju connects to upstream IRC
servers on behalf of the user to provide extra functionality. soju
supports many features such as multiple users, numerous IRCv3
extensions, chat history playback and detached channels.

Bug#1038879: bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u1

[Francesco P. Lovergine]

On Fri, Jun 30, 2023 at 12:54:23PM +0100, Jonathan Wiltshire wrote:


Can I have a source-only upload please? I'll reject the upload for now, you
can reuse the same version.



Done.

--
Francesco P. Lovergine

Bug#1039973: base-files: /var/local is root:staff 2775 instead of root:root 0755

[henrik]

Package: base-files
Severity: normal

Dear Maintainer,

/var/local/ is currently created with user:group ownership as root:staff, and 
permission bits as 2775

It should instead be root:root 0755 to better align with other systems.

Please change.

Bug#1036530: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of system)

[Thorsten Leemhuis]

On 27.06.23 00:34, Nick Hastings wrote:
> * Linux regression tracking (Thorsten Leemhuis)  
> [230626 21:09]:
>> Hi, Thorsten here, the Linux kernel's regression tracker. Top-posting
>> for once, to make this easily accessible to everyone.
>>
>> Nick, what's the status/was there any progress? Did you do what Mario
>> suggested and file a nouveau bug?
> 
> It was not apparent that the suggestion to open "a Nouveau drm bug" was
> addressed to me.

I wish things were earlier for reporters, but from what I can see this
is the only way forward if you or some silent bystander cares.

>> I ask, as I still have this on my list of regressions and it seems there
>> was no progress in three+ weeks now.
> 
> I have not pursued this further since as far as I could tell I already
> provided all requested information and I don't actually use nouveau, so
> I blacklisted it.

I doubt any developer cares enough to take a closer look[1] without a
proper nouveau bug and some help & prodding from someone affected. And
looks to me like reverting the culprit now might create even bigger
problems for users.

Hence I guess then this won't be fixed in the end. In a ideal world this
would not happen, but we don't live in one and all have just 24 hours in
a day. :-/

Nevertheless: thx for your report your help through this thread.

[1] some points on the following page kinda explain this
https://linux-regtracking.leemhuis.info/post/frequent-reasons-why-linux-kernel-bug-reports-are-ignored/

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
If I did something stupid, please tell me, as explained on that page.

#regzbot inconclusive: reporting deadlock (see thread for details)



>> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
>> --
>> Everything you wanna know about Linux kernel regression tracking:
>> https://linux-regtracking.leemhuis.info/about/#tldr
>> If I did something stupid, please tell me, as explained on that page.
>>
>> #regzbot backburner: slow progress, likely just affects one machine
>> #regzbot poke
>>
>>
>> On 02.06.23 02:57, Limonciello, Mario wrote:
>>> [AMD Official Use Only - General]
>>>
 -Original Message-
 From: Nick Hastings 
 Sent: Thursday, June 1, 2023 7:02 PM
 To: Karol Herbst 
 Cc: Limonciello, Mario ; Lyude Paul
 ; Lukas Wunner ; Salvatore
 Bonaccorso ; 1036...@bugs.debian.org; Rafael J.
 Wysocki ; Len Brown ; linux-
 a...@vger.kernel.org; linux-ker...@vger.kernel.org;
 regressi...@lists.linux.dev
 Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI
 string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of system)

 Hi,

 * Karol Herbst  [230602 03:10]:
> On Thu, Jun 1, 2023 at 7:21 PM Limonciello, Mario
>  wrote:
>>> -Original Message-
>>> From: Karol Herbst 
>>> Sent: Thursday, June 1, 2023 12:19 PM
>>> To: Limonciello, Mario 
>>> Cc: Nick Hastings ; Lyude Paul
>>> ; Lukas Wunner ; Salvatore
>>> Bonaccorso ; 1036...@bugs.debian.org; Rafael J.
>>> Wysocki ; Len Brown ; linux-
>>> a...@vger.kernel.org; linux-ker...@vger.kernel.org;
>>> regressi...@lists.linux.dev
>>> Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI
>>> string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of
 system)
>>>
>>> On Thu, Jun 1, 2023 at 6:54 PM Limonciello, Mario
>>>  wrote:

 [AMD Official Use Only - General]

> -Original Message-
> From: Karol Herbst 
> Sent: Thursday, June 1, 2023 11:33 AM
> To: Limonciello, Mario 
> Cc: Nick Hastings ; Lyude Paul
> ; Lukas Wunner ; Salvatore
> Bonaccorso ; 1036...@bugs.debian.org; Rafael
 J.
> Wysocki ; Len Brown ; linux-
> a...@vger.kernel.org; linux-ker...@vger.kernel.org;
> regressi...@lists.linux.dev
> Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video
 _OSI
> string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of
>>> system)
>
> On Thu, Jun 1, 2023 at 6:18 PM Limonciello, Mario
>>
>> Lyude, Lukas, Karol
>>
>> This thread is in relation to this commit:
>>
>> 24867516f06d ("ACPI: OSI: Remove Linux-Dell-Video _OSI string")
>>
>> Nick has found that runtime PM is *not* working for nouveau.
>>
>
> keep in mind we have a list of PCIe controllers where we apply a
> workaround:
>
>>>
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers
> /gpu/drm/nouveau/nouveau_drm.c?h=v6.4-rc4#n682
>
> And I suspect there might be one or two more IDs we'll have to add
> there. Do we

Bug#1039974: tomcat10: tomcat user has wrong home "/var/lib/tomcat" directory in /etc/passwd

[Peter (Stone) Steiner]

Package: tomcat10
Version: 10.1.6-1
Severity: important

Dear Maintainer,

   * What led up to the situation?

deploy .war in tomcat10
got errors from tomcat10 in "journalctl -f"

   * What exactly did you do that was effective ?

change tomcat user home in /etc/passwd to /var/lib/tomcat10

   * What was the outcome of this action?

Problem solved


-- System Information:
Debian Release: 12.0 amd64

Bug#1037182: bmake 20200710-14+deb11u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1037182 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: bmake
Version: 20200710-14+deb11u1

Explanation: conflict with bsdowl (<< 2.2.2-1.2~) to ensure smooth upgrades

Bug#1036530: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of system)

[Karol Herbst]

On Fri, Jun 30, 2023 at 3:02 PM Thorsten Leemhuis
 wrote:
>
> On 27.06.23 00:34, Nick Hastings wrote:
> > * Linux regression tracking (Thorsten Leemhuis)  
> > [230626 21:09]:
> >> Hi, Thorsten here, the Linux kernel's regression tracker. Top-posting
> >> for once, to make this easily accessible to everyone.
> >>
> >> Nick, what's the status/was there any progress? Did you do what Mario
> >> suggested and file a nouveau bug?
> >
> > It was not apparent that the suggestion to open "a Nouveau drm bug" was
> > addressed to me.
>
> I wish things were earlier for reporters, but from what I can see this
> is the only way forward if you or some silent bystander cares.
>
> >> I ask, as I still have this on my list of regressions and it seems there
> >> was no progress in three+ weeks now.
> >
> > I have not pursued this further since as far as I could tell I already
> > provided all requested information and I don't actually use nouveau, so
> > I blacklisted it.
>
> I doubt any developer cares enough to take a closer look[1] without a
> proper nouveau bug and some help & prodding from someone affected. And
> looks to me like reverting the culprit now might create even bigger
> problems for users.
>
> Hence I guess then this won't be fixed in the end. In a ideal world this
> would not happen, but we don't live in one and all have just 24 hours in
> a day. :-/
>

We recently merged this commit:
https://gitlab.freedesktop.org/drm/nouveau/-/commit/11d24327c2d7ad7f24fcc44fb00e1fa91ebf6525

It might resolve the problem. Worth testing at least, but I can't
remember if this was a hybrid AMD/Nvidia system, but I think it was?

> Nevertheless: thx for your report your help through this thread.
>
> [1] some points on the following page kinda explain this
> https://linux-regtracking.leemhuis.info/post/frequent-reasons-why-linux-kernel-bug-reports-are-ignored/
>
> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> --
> Everything you wanna know about Linux kernel regression tracking:
> https://linux-regtracking.leemhuis.info/about/#tldr
> If I did something stupid, please tell me, as explained on that page.
>
> #regzbot inconclusive: reporting deadlock (see thread for details)
>
>
>
> >> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> >> --
> >> Everything you wanna know about Linux kernel regression tracking:
> >> https://linux-regtracking.leemhuis.info/about/#tldr
> >> If I did something stupid, please tell me, as explained on that page.
> >>
> >> #regzbot backburner: slow progress, likely just affects one machine
> >> #regzbot poke
> >>
> >>
> >> On 02.06.23 02:57, Limonciello, Mario wrote:
> >>> [AMD Official Use Only - General]
> >>>
>  -Original Message-
>  From: Nick Hastings 
>  Sent: Thursday, June 1, 2023 7:02 PM
>  To: Karol Herbst 
>  Cc: Limonciello, Mario ; Lyude Paul
>  ; Lukas Wunner ; Salvatore
>  Bonaccorso ; 1036...@bugs.debian.org; Rafael J.
>  Wysocki ; Len Brown ; linux-
>  a...@vger.kernel.org; linux-ker...@vger.kernel.org;
>  regressi...@lists.linux.dev
>  Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI
>  string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of 
>  system)
> 
>  Hi,
> 
>  * Karol Herbst  [230602 03:10]:
> > On Thu, Jun 1, 2023 at 7:21 PM Limonciello, Mario
> >  wrote:
> >>> -Original Message-
> >>> From: Karol Herbst 
> >>> Sent: Thursday, June 1, 2023 12:19 PM
> >>> To: Limonciello, Mario 
> >>> Cc: Nick Hastings ; Lyude Paul
> >>> ; Lukas Wunner ; Salvatore
> >>> Bonaccorso ; 1036...@bugs.debian.org; Rafael J.
> >>> Wysocki ; Len Brown ; linux-
> >>> a...@vger.kernel.org; linux-ker...@vger.kernel.org;
> >>> regressi...@lists.linux.dev
> >>> Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI
> >>> string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of
>  system)
> >>>
> >>> On Thu, Jun 1, 2023 at 6:54 PM Limonciello, Mario
> >>>  wrote:
> 
>  [AMD Official Use Only - General]
> 
> > -Original Message-
> > From: Karol Herbst 
> > Sent: Thursday, June 1, 2023 11:33 AM
> > To: Limonciello, Mario 
> > Cc: Nick Hastings ; Lyude Paul
> > ; Lukas Wunner ; Salvatore
> > Bonaccorso ; 1036...@bugs.debian.org; Rafael
>  J.
> > Wysocki ; Len Brown ; linux-
> > a...@vger.kernel.org; linux-ker...@vger.kernel.org;
> > regressi...@lists.linux.dev
> > Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video
>  _OSI
> > string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of
> >>> system)
> >
> > On Thu, Jun 1, 2023 at 6:18 PM Limonciello, Mario
> >>
> >> Lyude, Lukas, Karol
> >>
> >> This thread is in relation to this commit:
> >>

Bug#962420: /usr/local/share/fonts owned by group staff even if /etc/staff-group-for-usr-local not present

[henrik]

Package: fontconfig
Version: 2.14.1-4
Followup-For: Bug #962420

Dear Maintainer,

Is there any progress on this bug? It is present in stable release of bookworm 
too now.

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fontconfig depends on:
ii  fontconfig-config  2.14.1-4
ii  libc6  2.36-9
ii  libfontconfig1 2.14.1-4
ii  libfreetype6   2.12.1+dfsg-5

fontconfig recommends no packages.

fontconfig suggests no packages.

-- no debconf information

Bug#1039933: bepasty 1.0.0-1+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1039933 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: bepasty
Version: 1.0.0-1+deb12u1

Explanation: fix rendering of text uploads

Bug#1039714: gobject-introspection: dh_girepository does not fetch all symbols from GIR files

[Thomas Uhle]

On Fri, 30 Jun 2023, أحمد المحمودي wrote:


On Wed, Jun 28, 2023 at 05:00:10PM +0200, Thomas Uhle wrote:
> 2. dh_girepository does not fetch the 41 symbols from HarfBuzz-0.0.gir
>that are compiled into libharfbuzz-gobject.so.0.  I have attached a
>small patch for it, so that the missing symbols are also dumped into
>the dummy C file that is temporarily generated and compiled for
>dh_shlibdeps.
>This updated version of dh_girepository would also find another 245
>symbols in Gio-2.0.gir for instance.
---end quoted text---

But why doesn't this bug show itself on sparc64 arch ?
Both gir1.2-harfbuzz and gir1.2-freedesktop depend on their respective
library packages on sparc64 archs only.


This is because --as-needed is passed as linker flag since debhelper 13 
which is not working on sparc architectures.  So the temporarily generated 
dummy library would link to libharfbuzz-gobject.so.0 on sparc64 although 
it would not use any of its symbols.  You can see this from the minimal 
version that is annotated to libharfbuzz-gobject0 for instance which is 
0.9.20 (with unpatched dh_girepository).  That is the lowest version 
number in libharfbuzz-gobject0.symbols.  But correct would have been 
5.1.0 which is the minimal version you get with the patched 
dh_girepository because of hb_gobject_draw_funcs_get_type() which was 
introduzed in harfbuzz 4.0.0.  So version 5.1.0-1 was the very first 
version in Debian with that symbol.


Best regards,

Thomas Uhle

Bug#1039975: bibtex.original.1: some remarks and editorial fixes for the manual

[Bjarni Ingi Gislason]

Package: texlive-binaries
Version: 2022.20220321.62855-5.1
Severity: minor
Tags: patch

Dear Maintainer,

here are a few notes and fixes for the man page.

-.-.

The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

-.-.

Output from "mandoc -T lint bibtex.original.1":

mandoc: bibtex.original.1:67:26: STYLE: whitespace at end of input line
mandoc: bibtex.original.1:71:9: STYLE: whitespace at end of input line
mandoc: bibtex.original.1:85:2: WARNING: skipping paragraph macro: PP empty

-.-.

Use "\e" to print the escape character instead of "\\" (which gets
interpreted in copy mode).

43:files specified by the \\bibliography command,
44:the entries specified by the \\cite and \\nocite commands
49:file (specified by the \\bibliographystyle command,

-.-.

Wrong distance between sentences.

  Separate the sentences and subordinate clauses; each begins on a new
line.  See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").

  The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.

Remember coding: Only one command ("sentence") on each (logical) line.

E-mail: Easier to quote exactly the relevant lines.

Generally: Easier to edit the sentence.

Patches: Less unaffected text.

  The amount of space between sentences in the output can then be
controlled with the ".ss" request.


58:files. The `\*(BXing' document describes extensions and details of
91:files. If BSTINPUTS is not set, it uses the system default.

-.-.

Output from "test-nroff -man -b -ww -z -rCHECKSTYLE=3":


[ "test-groff" is a developmental version of "groff" ]

Input file is ./bibtex.original.1

Output from "test-groff -b -mandoc -dAD=l -rF0 -rHY=0 -t -w w -z 
-rSTYLECHECK=3":
troff: backtrace: file '':67
troff::67: warning: trailing space in the line

Bad use of \s0 in a string definition, the string could be resized.

8:.if t .ds BX \fRB\s-2IB\s0\fP\*(TX
11:.if t .ds LX 
\fRL\\h'-0.36m'\\v'-0.15v'\\s-2A\\s0\\h'-0.15m'\\v'0.15v'\fP\*(TX

-.-.

--- bibtex.original.1   2023-06-30 03:12:16.0 +
+++ bibtex.original.1.new   2023-06-30 03:20:30.0 +
@@ -5,10 +5,10 @@
 .ie t .ds OX \fIT\v'+0.25m'E\v'-0.25m'X\fP
 .el .ds OX TeX
 .\" BX definition must follow TX so BX can use TX
-.if t .ds BX \fRB\s-2IB\s0\fP\*(TX
+.if t .ds BX \fRB\s-2IB\s+2\fP\*(TX
 .if n .ds BX BibTeX
 .\" LX definition must follow TX so LX can use TX
-.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\\s-2A\\s0\\h'-0.15m'\\v'0.15v'\fP\*(TX
+.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\\s-2A\\s+2\\h'-0.15m'\\v'0.15v'\fP\*(TX
 .if n .ds LX LaTeX
 .\"=
 .SH NAME
@@ -40,13 +40,13 @@ file that will be incorporated into the
 .PP
 \*(BX looks up, in bibliographic database
 .RB ( .bib )
-files specified by the \\bibliography command,
-the entries specified by the \\cite and \\nocite commands
+files specified by the \ebibliography command,
+the entries specified by the \ecite and \enocite commands
 in the \*(LX or \*(TX source file.
 It formats the information from those entries
 according to instructions in a bibliography style
 .RB ( .bst )
-file (specified by the \\bibliographystyle command,
+file (specified by the \ebibliographystyle command,
 and it outputs the results to the
 .B .bbl
 file.
@@ -55,7 +55,8 @@ The \*(LX manual
 explains what a \*(LX source file must contain to work with \*(BX.
 Appendix B of the manual describes the format of the
 .B .bib
-files. The `\*(BXing' document describes extensions and details of
+files.
+The `\*(BXing' document describes extensions and details of
 this format, and it gives other useful hints for using \*(BX.
 .\"=
 .SH OPTIONS
@@ -64,11 +65,11 @@ The
 option defines the minimum number of
 .B crossref
 required for automatic inclusion of the crossref base entry in the citation
-list; the default is two. 
+list; the default is two.
 To avoid these automatic inclusions altogether, give this option
 a sufficiently large number, and be sure to remove any
 previous
-.B .aux 
+.B .aux
 and
 .B .bbl
 files.  Otherwise the option may
@@ -82,13 +83,14 @@ With the
 option, \*(BX operates silently.  Without it, a banner and progress
 reports are printed on
 .IR stdout .
-.PP
+.
 .\"=
 .SH ENVIRONMENT
 \*(BX searches the directories in the
 path defined by the BSTINPUTS environment variable for
 .B .bst
-files. If BSTINPUTS is not set, it uses the system default.
+files.
+If BSTINPUTS is not set, it uses the system default.
 For
 .B .bib
 files, it uses the BIBINPUTS environment variable if that is set,


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Bug#1039976: detex.1: some remarks and editorial fixes in a patch for the manual

[Bjarni Ingi Gislason]

Package: texlive-binaries
Version: 2022.20220321.62855-5.1
Severity: minor
Tags: patch

Dear Maintainer,

here are some notes and a patch for the manual.

-.-.

The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

-.-.

Output from "mandoc -T lint detex.1":

mandoc: detex.1:6:81: STYLE: input text line longer than 80 bytes: [ 
\fB\-clnstw\fR ] [...
mandoc: detex.1:89:4: STYLE: whitespace at end of input line
mandoc: detex.1:96:82: STYLE: input text line longer than 80 bytes: TEXINPUTS.  
It does ...
mandoc: detex.1:123:84: STYLE: input text line longer than 80 bytes: Originally 
written b...

-.-.

Use "\e" to print the escape character instead of "\\" (which gets
interpreted in copy mode).

16:follows \\input commands.
21:option is used, no \\input or \\include commands will be processed.
27:If the magic sequence ``\\begin{document}'' appears in the text,
35:These include the \\include and \\includeonly commands.
60:mode to have detex echo the arguments to \\cite,
61:\\ref, and \\pageref macros.  This can be useful when sending the output to
75:option tries to naively replace $..$, $$..$$, \\(..\\) and \\[..\\]
94:The TEXINPUTS environment variable is used to find \\input and \\include
101:\\aa, \\ae, \\oe, \\ss, \\o, \\l (and their upper-case
102:equivalents).  The special "dotless" characters \\i and \\j are also
118:Nesting of \\input is allowed but the number of opened files must not
134:source without a ``\\begin{document}''

-.-.

Name of a manual is set in bold, the section in roman.
See man-pages(7).

116:tex(1)

-.-.


--- detex.1 2023-06-29 22:54:43.0 +
+++ detex.1.new 2023-06-29 23:23:28.0 +
@@ -13,18 +13,18 @@ and writes the remainder on the standard
 All text in math mode and display mode is removed.
 By default,
 .I detex
-follows \\input commands.
+follows \einput commands.
 If a file cannot be opened, a warning message is
 printed and the command is ignored.
 If the
 .B \-n
-option is used, no \\input or \\include commands will be processed.
+option is used, no \einput or \einclude commands will be processed.
 This allows single file processing.
 If no input file is given on the command line,
 .I detex
 reads from standard input.
 .PP
-If the magic sequence ``\\begin{document}'' appears in the text,
+If the magic sequence ``\ebegin{document}'' appears in the text,
 .I detex
 assumes it is dealing with
 .I LaTeX
@@ -32,7 +32,7 @@ source and
 .I detex
 recognizes additional constructs used in
 .IR LaTeX .
-These include the \\include and \\includeonly commands.
+These include the \einclude and \eincludeonly commands.
 The
 .B \-l
 option can be used to force
@@ -57,8 +57,8 @@ The
 .B \-c
 option can be used in
 .I LaTeX
-mode to have detex echo the arguments to \\cite,
-\\ref, and \\pageref macros.  This can be useful when sending the output to
+mode to have detex echo the arguments to \ecite,
+\eref, and \epageref macros.  This can be useful when sending the output to
 a style checker.
 .PP
 .I Detex
@@ -72,7 +72,7 @@ environments.
 .PP
 The
 .B \-r
-option tries to naively replace $..$, $$..$$, \\(..\\) and \\[..\\]
+option tries to naively replace $..$, $$..$$, \e(..\e) and \e[..\e]
 with nouns and verbs (in particular, "noun" and "verbs")
 in a way that keeps sentences readable.
 .PP
@@ -86,20 +86,21 @@ with the deletions mentioned above.  New
 preserved where possible
 so that the lines of output match the input as closely as possible.
 .PP
-The 
+The
 .B \-1
 option will prefix each printed line with `filename:linenumber:` indicating
 where that line is coming from in terms of the original (La)TeX document.
 .PP
-The TEXINPUTS environment variable is used to find \\input and \\include
+The TEXINPUTS environment variable is used to find \einput and \einclude
 files.  Like \fITeX\fP, it interprets a leading or trailing `:' as the default
-TEXINPUTS.  It does \fInot\fP support the `//' directory expansion magic 
sequence.
+TEXINPUTS.
+It does \fInot\fP support the `//' directory expansion magic sequence.
 .PP
 Detex now handles the basic \fITeX\fP ligatures as a special case, replacing 
the
 ligatures with acceptable character substitutes.  This eliminates
 spelling errors introduced by merely removing them.  The ligatures are
-\\aa, \\ae, \\oe, \\ss, \\o, \\l (and their upper-case
-equivalents).  The special "dotless" characters \\i and \\j are also
+\eaa, \eae, \eoe, \ess, \eo, \el (and their upper-case
+equivalents).  The special "dotless" characters \ei and \ej are also
 replaced with i and j respectively.
 .PP
 Note that previous versions of
@@ -113,14 +114,15 @@ The old functionality can be essentially
 .B \-s
 option.
 .SH SEE ALSO
-tex(1)
+.BR tex (1)
 .SH DIAGNOSTICS
-Nesting of \\input is allowed but the number of opened files must not
+Nesting of \einput is allowed but the number of opened files must not
 exceed the system's limit o

Bug#1039977: kpsewhich.1: some remarks and editorial fixes for the manual

[Bjarni Ingi Gislason]

Package: texlive-binaries
Version: 2022.20220321.62855-5.1
Severity: minor
Tags: patch

Dear Maintainer,

here are some notes and a patch for the man page.

-.-.

The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

-.-.


Change a HYPHEN-MINUS (code 0x55, 2D) to a minus (\-), if in front of a
name for an option.

35:.B -format
45:.BI -debug \ num
48:.BI -D \ num
53:.BI -dpi \ num
55:.BR -D.
57:.BI -engine \ string
62:.BI -expand-braces \ string
66:.BI -expand-path \ string
70:.BI -expand-var \ string
74:.BI -format \ name
78:.B -help
81:.B -help
84:.B -interactive
87:.BI -mktex \ fmt
93:.BI -mode \ string
100:.B -must-exist
103:.BI -no-mktex \ fmt
109:.BI -path \ string
113:.BI -progname \ string
117:.\" .BI -separator \ string
121:.\" .B -path
126:.BI -show-path \ name
130:.B -help
133:.BI -var-value \ variable
137:.B -version

-.-.

Find a repeated word

! 20 --> and

-.-.

Split a punctuation mark from a single argument for a two-font macro

55:.BR -D.

-.-.

Output from "test-nroff -man -b -ww -z -rCHECKSTYLE=3":


[ "test-groff" is a developmental version of "groff" ]

Input file is ./kpsewhich.1

Output from "test-groff -b -mandoc -dAD=l -rF0 -rHY=0 -t -w w -z 
-rSTYLECHECK=3":
an.tmac::55: style: .BR expects at least 2 arguments, got 1

Bad use of \s0 in a string definition, the string could get resized.

6:.if t .ds MF M\s-2ETAFONT\s0
13:.if t .ds BX \fRB\s-2IB\s0\fP\*(TX
16:.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\s-2A\s0\\h'-0.15m'\\v'0.15v'\fP\*(TX

-.-.

--- kpsewhich.1 2023-06-30 01:03:17.0 +
+++ kpsewhich.1.new 2023-06-30 01:31:07.0 +
@@ -3,21 +3,21 @@
 .if n .ds MP MetaPost
 .if t .ds MP MetaPost
 .if n .ds MF Metafont
-.if t .ds MF M\s-2ETAFONT\s0
+.if t .ds MF M\s-2ETAFONT\s+2
 .if t .ds TX \fRT\\h'-0.1667m'\\v'0.20v'E\\v'-0.20v'\\h'-0.125m'X\fP
 .if n .ds TX TeX
 .ie t .ds OX \fIT\v'+0.25m'E\v'-0.25m'X\fP for troff
 .el .ds OX TeX for nroff
 .\" the same but obliqued
 .\" BX definition must follow TX so BX can use TX
-.if t .ds BX \fRB\s-2IB\s0\fP\*(TX
+.if t .ds BX \fRB\s-2IB\s+2\fP\*(TX
 .if n .ds BX BibTeX
 .\" LX definition must follow TX so LX can use TX
-.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\s-2A\s0\\h'-0.15m'\\v'0.15v'\fP\*(TX
+.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\s-2A\s+2\\h'-0.15m'\\v'0.15v'\fP\*(TX
 .if n .ds LX LaTeX
 .\"=
 .SH NAME
-kpsewhich \- standalone path lookup and and expansion for kpathsea
+kpsewhich \- standalone path lookup and expansion for kpathsea
 .SH SYNOPSIS
 .B kpsewhich
 .RI [ options ]
@@ -32,7 +32,7 @@ or manual
 .B kpsewhich
 is used as a standalone front-end of the kpathsea library that can be
 used to examine variables and find files.  When the
-.B -format
+.B \-format
 option is not given, the search path used when looking for a file is
 inferred from the name given, by looking for a known extension.  If
 no known extension is found, the search path for \*(TX source files is
@@ -42,99 +42,99 @@ used.
 .B kpsewhich
 accepts the following options:
 .TP
-.BI -debug \ num
+.BI \-debug \ num
 Set debugging flags.
 .TP
-.BI -D \ num
+.BI \-D \ num
 Use a base resolution of
 .IR num ;
 the default, set by the installer, is typically 600.
 .TP
-.BI -dpi \ num
+.BI \-dpi \ num
 As
-.BR -D.
+.BR \-D .
 .TP
-.BI -engine \ string
+.BI \-engine \ string
 Set
 .I $engine
 in the environment, which is used in some search paths.
 .TP
-.BI -expand-braces \ string
+.BI \-expand-braces \ string
 Print variable and brace expansion of
 .IR string .
 .TP
-.BI -expand-path \ string
+.BI \-expand-path \ string
 Print complete path expansion of
 .IR string .
 .TP
-.BI -expand-var \ string
+.BI \-expand-var \ string
 Print variable expansion of
 .IR string .
 .TP
-.BI -format \ name
+.BI \-format \ name
 Use file type
 .IR name .
 See the info manual for a list of valid names, or use the
-.B -help
+.B \-help
 option to print the list.
 .TP
-.B -help
+.B \-help
 Print help message and exit.
 .TP
-.B -interactive
+.B \-interactive
 Ask for additional filenames to look up.
 .TP
-.BI -mktex \ fmt
+.BI \-mktex \ fmt
 enable
 .RI mktex fmt
 generation.
 .RI ( fmt =pk/mf/tex/tfm)
 .TP
-.BI -mode \ string
+.BI \-mode \ string
 Set device name for
 .I $MAKETEX_MODE
 to
 .IR string ;
 no default.
 .TP
-.B -must-exist
+.B \-must-exist
 Search the disk as well as ls-R if necessary.
 .TP
-.BI -no-mktex \ fmt
+.BI \-no-mktex \ fmt
 disable
 .RI mktex fmt
 generation.
 .RI ( fmt =pk/mf/tex/tfm)
 .TP
-.BI -path \ string
+.BI \-path \ string
 Search in the path
 .IR string .
 .TP
-.BI -progname \ string
+.BI \-progname \ string
 Set program name to
 .IR string .
 .\" .TP
-.\" .BI -separator \ string
+.\" .BI \-separator \ string
 .\" .rb
 .\" .I string
 .\" separates components in
-.\" .B -path
+.\" .B \-path
 .\" output; default is
 .\" .I :
 .\" on UNIX systems.
 .TP
-.BI -sh

Bug#1039978: axohelp.1: some remarks and editorial fixes for the manual

[Bjarni Ingi Gislason]

Package: texlive-binaries
Version: 2022.20220321.62855-5.1
Severity: minor
Tags: patch

Dear Maintainer,

here are some notes and a patch for the manual.

-.-.

The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

-.-.

Output from "mandoc -T lint axohelp.1":

mandoc: axohelp.1:4:10: STYLE: whitespace at end of input line

-.-.

Change -- in x--y to \(em (em-dash), or, if an
option, to \-\-

31:.B -h, --help
35:.B -v, --version

-.-.

Increase type size of ~ (tilde) to make it more visible
in the output of "troff".

48:.

-.-.

Change a HYPHEN-MINUS (code 0x55, 2D) to a minus (\-), if in front of a
name for an option.

31:.B -h, --help
35:.B -v, --version
39:.B -V

-.-.

Wrong distance between sentences.

  Separate the sentences and subordinate clauses; each begins on a new
line.  See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").

  The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.

Remember coding: Only one command ("sentence") on each (logical) line.

E-mail: Easier to quote exactly the relevant lines.

Generally: Easier to edit the sentence.

Patches: Less unaffected text.

  The amount of space between sentences in the output can then be
controlled with the ".ss" request.

22:and the output file is file.ax2. If the filename on the command line
27:Options can be introduced by single or double hyphen characters. The

-.-.

Use \(en for a dash (en-dash) between space characters, not a minus
(\-) or a hyphen (-), except in the NAME section.

axohelp.1:3:axohelp - helper program for use of LaTeX package axodraw2 with

-.-.

--- axohelp.1   2023-06-29 23:48:04.0 +
+++ axohelp.1.new   2023-06-29 23:56:06.0 +
@@ -1,7 +1,7 @@
 .TH "axohelp" 1 "5 Mar 2021" ""
 .SH NAME
-axohelp - helper program for use of LaTeX package axodraw2 with
-pdflatex. 
+axohelp \- helper program for use of LaTeX package axodraw2 with
+pdflatex.
 .SH SYNOPSIS
 .B axohelp [options] [filename]
 .SH DESCRIPTION
@@ -19,24 +19,25 @@ draw the desired graphics.
 
 The files processed are specified as follows: When the filename on the
 command line is of the form file.ax1, then the input file is file.ax1
-and the output file is file.ax2. If the filename on the command line
-does not have extension .ax1, then this extension is appended.
+and the output file is file.ax2.
+If the filename on the command line does not have extension .ax1,
+then this extension is appended.
 
 
 .SH OPTIONS
-Options can be introduced by single or double hyphen characters. The
-possible options are:
+Options can be introduced by single or double hyphen characters.
+The possible options are:
 
 .TP
-.B -h, --help
+.B \-h, \-\-help
 Gives usage information
 
 .TP
-.B -v, --version
+.B \-v, \-\-version
 Gives version information
 
 .TP
-.B -V
+.B \-V
 NOT CURRENTLY IMPLEMENTED: Give information on each function used.
 
 .SH AUTHOR
@@ -45,4 +46,4 @@ Jos Vermaseren (username t68 at nikhef d
 
 The released version can be obtained from CTAN:
 , and an author's website
-.
+.


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.7-1 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages texlive-binaries depends on:
ii  libc6   2.36-9
ii  libcairo2   1.16.0-7
ii  libfontconfig1  2.14.1-4
ii  libfreetype62.12.1+dfsg-5
ii  libgcc-s1   13.1.0-6
ii  libgraphite2-3  1.3.14-1
ii  libharfbuzz0b   6.0.0+dfsg-3
ii  libicu7272.1-3
ii  libkpathsea62022.20220321.62855-5.1
ii  libmpfr64.2.0-1
ii  libpaper1   1.1.29
ii  libpixman-1-0   0.42.2-1
ii  libpng16-16 1.6.39-2
ii  libptexenc1 2022.20220321.62855-5.1
ii  libstdc++6  13.1.0-6
ii  libsynctex2 2022.20220321.62855-5.1
ii  libteckit0  2.5.11+ds1-1+b1
ii  libtexlua53-5   2022.20220321.62855-5.1
ii  libtexluajit2   2022.20220321.62855-5.1
ii  libx11-62:1.8.6-1
ii  libxaw7 2:1.0.14-1
ii  libxi6  2:1.8-1+b1
ii  libxmu6 2:1.1.3-3
ii  libxpm4 1:3.5.12-1.1
ii  libxt6  1:1.2.1-1.1
ii  libzzip-0-130.13.72+dfsg.1-1.1
ii  perl5.36.0-7
ii  t1utils 1.41-4
ii  tex-common  6.18
ii  zlib1g  1:1.2.13.dfsg-1

Versions of packages texlive-binaries recommends:
pn  dvisvgm   
ii  texlive-base  2022.20230122-3

texlive-binaries sugges

Bug#1039926: Will file bug report for complete R transition (Was: Bug#1039926: svglite requires rebuild under R 4.3.*)

[Johannes Ranke]

Hi,

I think option 1 from [1] is the way to go, i.e. make r-base provide a 
graphics API version according to the R changelog, and have the relevant 
packages depend on that graphics API version. How to identify them was 
discussed previously on this list [2]. Using the codesearch and github URLS 
provided in that email, the list given there could be updated.

Somehow Dirk is hesitant to do this, I think it is just a matter of "is this 
really necessary"? To me, it seems there is ample evidence by now that it is 
indeed necessary, for the mental sanity of everyone involved, and to avoid 
future discussions about a full R API bump just because of the graphics API on 
the one hand, and to avoid breaking things by just ignoring the issue on the 
other hand.

Kind regards,

Johannes


Am Freitag, 30. Juni 2023, 14:01:55 CEST schrieb Andreas Tille:
> Hi Dirk,
> 
> Am Thu, Jun 29, 2023 at 05:52:34PM -0500 schrieb Dirk Eddelbuettel:
> > This accidentally omitted
> > 
> > library(svglite)
> > 
> > The package loads fine, but like the others will not create a graphics
> > device as it was built under the previous R 4.2.* series.
> 
> Thanks a lot for your specific bug reports to somehow heal the R
> graphics ABI change issue.  I've got the impression there is no good
> simple rule to detect the right set of packages that need rebuilt
> against r-base 4.3.1 to fix this issue.  I also spotted that vdiffr
> needs to be rebuilt to let ggplot2 passing its test suite (and so I
> did).
> 
> Thus I think it is the best solution to ask the release team for
> a full r-base transition (option 2 I suggested in [1]).
> 
> BTW, when I was running the autopkgtest of svglite I've spotted an issue
> which was solved by Nilesh Patra and reported as #1039955.  I'd like to
> make you remind this kind of situation if you might fall back into your
> "do not test Debian packages, rather trust CRAN" pattern in future.  We
> do not run tests against CRAN code (despite we had spotted mistakes even
> there in the past) but we are testing Debian packages which is a
> different thing.
> 
> I also spotted vdiffr because of the autopkgtest in ggplot2.  It makes
> simply sense to test what we are shipping before we ship it to our
> users (specifically if we as Debian maintainers like I am are not at
> all R experts as I expressed several times).
> 
> Kind regards
> Andreas.
> 

[1] https://lists.debian.org/debian-r/2023/06/msg00025.html
[2] https://lists.debian.org/debian-r/2022/04/msg00018.html

Bug#964941: base-files: please maintain base-files in a VCS such as git on salsa.d.o

[Lee Garrett]

Bump.

I'm trying to understand why /var/local/ is root:staff (#1039973), and a VCS 
would really help with that. It would also make it easier for you to accept 
patches for bugs.

Bug#1039979: base-files: /var/run and /var/lock should not be absolute symlinks

[henrik]

Package: base-files
Version: 12.4
Severity: normal

Dear Maintainer,

/var/run is currently an absolute symlink to /run
/var/run should be a relative symlink to ../run
if /var/run is deleted, then /usr/lib/tmpfiles.d/var.conf recreates /var/run as 
relative symlink to ../run

/var/lock is currently an absolute symlink to /run/lock
/var/lock should be a relative symlink to ../run/lock
if /var/lock is deleted, then /usr/lib/tmpfiles.d/legacy.conf recreates 
/var/lock as a relative symlink to ../run/lock

Both of these symlinks are currently created in base-files postinst.

This is a problem because base-files currently deviates from the configuration 
files provided by debian in /usr/lib/tmpfiles.d/

Please fix.

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages base-files depends on:
ii  mawk [awk]  1.3.4.20200120-3.1

base-files recommends no packages.

base-files suggests no packages.

-- no debconf information

Bug#1029681: nvidia-legacy-340xx-driver: Qt5 apps fail to launch with a segfault

[Andreas Beckmann]

Control: reopen -1

On 29/06/2023 18.16, jim_p wrote:

So, can a patch like the one for kodi be applied to qt5? I am mentioning again
that arch does not have a seperate -gles package for qt5, so a single lib that
works everywhere should be possible.


It's unlikely to convince the Qt5 maintainers to change something just 
to support last century's technology (and therefore probably be unable 
to draw full power out of todays technology).


But if all that kodi did is linking against libGL instead of (the 
subset) libGLX, maybe we can just replace libGLX.so.1 with a link to 
libGL.so.1 s.t. we always end in the same implementation regardless of 
the entry point being used ...


Could you try

  ln -sf libGL.so.1 /usr/lib/x86_64-linux-gnu/libGLX.so.0

(assuming amd64) and see if that fixes Qt5 operation? Or breaks other stuff?

Note: this change is only active until you install/upgrade some package, 
i.e. something runs ldconfig. (You can also run ldconfig manually to 
restore the original link.)



Andreas

Bug#1039622: nvidia-cuda-toolkit 11.8.0-5~deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1039622 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-cuda-toolkit
Version: 11.8.0-5~deb12u1

Explanation: 

Bug#1039926: Will file bug report for complete R transition (Was: Bug#1039926: svglite requires rebuild under R 4.3.*)

[Charles Plessy]

Hi all,

pardon me the offence and the noise, but I asked ChatGPT...

--

Me:

In Debian, updates of the r-base package sometimes break backwards
compatibility with a small number of binary packages shipping CRAN
packages, which have in common to use R’s graphic API. We hesitate
between just bumping the version number of the r-base packages’ API, or
to create a new API version scheme just for the subset of packages that
are regularly broken. Which way would you recommend?

ChatGPT:

Creating a new API version scheme just for the subset of packages that
are regularly broken might be a more efficient solution. This way, you
can manage the updates for these specific packages separately without
affecting the entire r-base package. However, this approach might
require more maintenance work. Bumping the version number of the r-base
packages' API is a simpler solution, but it might cause unnecessary
updates for packages that are not affected by the compatibility issue.
It's a trade-off between complexity and efficiency, and the best choice
depends on the specific circumstances and resources available.

--

Sorry that it was not conclusive !

Charles

-- 
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med
Tooting from home  https://framapiaf.org/@charles_plessy
- You  do not have  my permission  to use  this email  to train  an AI -

Bug#1039980: puppet-module-puppetlabs-mysql sets password repeatedly on MariaDB 10.3

[Larsen]

Package: puppet-module-puppetlabs-mysql
Version: 8.1.0-7

Using this puppet module to create MariaDB users leads to Puppet wanting
to set a user's password again and again as it doesn't fetch the current
password/authentication string correctly: authentication string is always
empty (when the puppet client is running MariaDB 10.3 (Debian Buster,
Ubuntu Focal)).

A fix is available upstream:
https://tickets.puppetlabs.com/browse/MODULES-7487

The pull request fixing the problem:
https://github.com/puppetlabs/puppetlabs-mysql/commit/c7da5289129edc8efdf5471e43bb3f778b54c1ce

I am using Debian Bookworm (Puppetserver).

Bug#1037295: live-config: starting Calamares installer requires a password (which is 'live')

[Roland Clobus]

Hello Simon,

On 10/06/2023 19:14, Simon McVittie wrote:

On Sat, 10 Jun 2023 at 15:10:35 +0100, Simon McVittie wrote:

* Boot debian-live-12.0.0-amd64-gnome.iso (the version used for
   release-day testing)
   - KDE has a similar issue with slightly different steps to start the
 installer, probably all desktops' variants are affected


GNOME, KDE and LXQT are affected.


I've proposed a fix for Calamares in #1025552, which is based on your 
proposal in this ticket.

If it is accepted there, this ticket can be regarded as a duplicate.

With kind regards,
Roland Clobus


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1018106: re: sshd: pam_env(sshd:session): deprecated reading of user environment enabled

[Richard van den Berg]

On Wed, 1 Feb 2023 04:43:07 -0500 nick black  wrote:
> the cause of this output is the following line in /etc/pam.d/sshd:
>
> # In Debian 4.0 (etch), locale-related environment variables were 
moved to

> # /etc/default/locale, so read that as well.
> session required pam_env.so user_readenv=1 envfile=/etc/default/locale
>
> i'm guessing from the comment that user_readenv=1 is in place
> primarily to allow overrides of the default locale?

Indeed. Removing "user_readenv=1" from that line fixes the warning.

> etch was
> quite some time ago, possibly preceding support for SendEnv?
> that seems sufficient workaround if user_readenv is deprecated,
> but this is all speculative.

The comment for etch is about "envfile=/etc/default/locale" which is 
read regardless of the user_readenv setting. See the man page for pam_env.


Kind regards,

Richard van den Berg

Bug#1039450: ndctl: Split ndctl-monitor (and cxl-monitor?) into own package

[Adam Borowski]

Control: severity -1 wishlist

> I often use a custom livecd verision of Debian with various utilities
> pre-installed, so they can be easily used offline, or without needing to
> reinstall them after each reboot.

Such a livecd is a non-standard (but not non-important!) usage, and it
already customizes other facets of packages it includes.  What about
configuring that livecd to not start such daemons?

> But often, if I boot this same livecd on a machine that does not have cxl
> or nvm dimm devices, deamon will complain, and fail at boot (with big red
> warning), and sytemd will continue restarting it afaik (or maybe not, it
> looks like it tries to run it only once on my system, then gives up).

That's news to me.  I don't run systemd myself (heck, it's so buggy it even
fails to boot my main workstation, and I have a severe dislike of it for
other reasons), and I've included the .service from upstream as-is, after
very superficial testing.  The daemon is supposed to gracefully exit if
there's nothing to monitor:

2023-06-19T06:01:41.874004+02:00 valinor ndctl: ndctl monitor daemon started
2023-06-19T06:01:41.874062+02:00 valinor ndctl: no dimms to monitor, exiting

I had even suggested/implemented some improvements here to upstream, but not
surprisingly 99% of my testing was done with sysvinit and openrc.

Still, it's surprising the upstream would fail to notice what you report:

> root@debian:~# systemctl status ndctl-monitor.service 
> × ndctl-monitor.service - Ndctl Monitor Daemon
>  Loaded: loaded (/lib/systemd/system/ndctl-monitor.service; enabled; 
> preset: enabled)
>  Active: failed (Result: exit-code) since Wed 2023-06-28 22:11:35 UTC; 
> 25min ago
>Duration: 89ms
> Process: 2412 ExecStart=/usr/bin/ndctl monitor (code=exited, status=250)
>Main PID: 2412 (code=exited, status=250)
> CPU: 9ms
> 
> Jun 28 22:11:35 debian systemd[1]: Started ndctl-monitor.service - Ndctl 
> Monitor Daemon.
> Jun 28 22:11:35 debian ndctl[2412]: no dimms to monitor, exiting
> Jun 28 22:11:35 debian systemd[1]: ndctl-monitor.service: Main process 
> exited, code=exited, status=250/n/a
> Jun 28 22:11:35 debian systemd[1]: ndctl-monitor.service: Failed with result 
> 'exit-code'.

Maybe this redness is a regression?

> It is not a big deal, but something that is not perfect in my opinion.

Seems like something to investigate once tuits are more abundant.
 
> For my livecd, I can clearly modify some systemd unit files manually
> (using build scripts for live-build), but I wonder if defaulting to
> running a daemon by default is a good idea in general. Most of the time
> probably yes, but sometimes not.

The rule in Debian is to start a daemon if it's installed; eg. Red Hat has
the opposite custom.  There's usually no point in installing daemons that
are not needed; and it those rare cases you do, the admin can disable them
from starting.  This sounds like a good modification for the livecd.

> As of smartmontools you mentioned. I have exactly same issue. I need
> smartctl tools for troubleshooting various computers on my livecd, but I
> DO NOT WANT smartd to start. For very similar reason I opened a bug
> against smartmontools few days ago: https://bugs.debian.org/1039454

As their user count is many orders of magnitude larger than that of ndctl,
and so is diversity of supported hardware (NVDIMMs are found only in fat
servers), they also have far more collective brain cells.  I'd thus wait
for their decision then copy it.

> Feel free to downgrade to wishlist and think if this makes sense at all.

Done this for now.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ You should never, ever, degrade a human being by saying they're
⣾⠁⢠⠒⠀⣿⡁ a worthless waste of food and air.
⢿⡄⠘⠷⠚⠋⠀
⠈⠳⣄ You should also never anthropomorphize spammers and telemarketers.

Bug#1039573: cannot authenticate after lock: pam_unix(lightdm:auth): auth could not identify password

[Arturo Borrero Gonzalez]

On Wed, 28 Jun 2023 10:58:39 +0200 Arturo Borrero Gonzalez  
wrote:

Thanks for the follow up, I'll keep you updated in the next few days.


I have not experienced this problem again since the update.

Bug#1039981: graphviz: Please update fonts-liberation v2 dependency (follow-up of #1003006)

[Boyuan Yang]

Source: graphviz
Severity: minor
Version: 2.42.2-7
Tags: trixie sid

Dear Debian graphviz package maintainer,

Back in https://bugs.debian.org/1003006 , we replaced recommendation of
package font-liberation with font-liberation2.

Now after Bookworm release, the font maintainers decided to drop Liberation v1
font, and let binary package font-liberation to provide Liberation v2 font
[1]. Package font-liberation2 will be a transitional dummy package in Debian
Trixie and Debian Sid. This change has already taken place in Debian Sid [2].

As a result, please replace Recommends: fonts-liberation2 with Recommends:
font-liberation in the Trixie development cycle. It shall not affect packages
in Bookworm or older releases.

[1] https://lists.debian.org/debian-devel/2023/06/msg00220.html
[2] https://tracker.debian.org/pkg/fonts-liberation


Thanks,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#1036400: partman-jfs: JFS is on its way out, please remove from the installer

[Adam Borowski]

On Sun, May 21, 2023 at 07:35:36AM +0200, Cyril Brulebois wrote:
> Adam Borowski  (2023-05-20):
> > The JFS filesystem is deprecated in the kernel: on life support since 2009
> > and with talks of removal altogether.  Thus, we really shouldn't offer to
> > format new setups with it.  There are people who kind-of remember JFS being
> > the fastest back in the day, and it's irresponsible to set them for failed
> > upgrades past Bookworm.
> > 
> > Thus: please remove JFS from the installer.
> 
> It doesn't seem reasonable to do that weeks away from the release, without
> any kind of heads-up. That can be done during the Trixie release cycle,
> e.g. in Alpha 1.

Aye, sorry for having distracted you during the most busy time.  I filed the
bug when I learned about plans of giving JFS the axe.

> Feel free to ping this bug report a few weeks/months into the next release
> cycle

So... it might be a better time now.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ Ash nazg durbatulûk,
⣾⠁⢠⠒⠀⣿⡁   ash nazg gimbatul,
⢿⡄⠘⠷⠚⠋⠀ ash nazg thrakatulûk
⠈⠳⣄   agh burzum-ishi krimpatul.

Bug#1039480: [astroplan] Please update to 0.8 for astropy 5.3 compatibility

[Vincent Prat]

Dear Ole,

There is this long-running issue in astroplan 0.8: 
https://github.com/astropy/astroplan/issues/416.

It is claimed to be solved, but I just tried and it still fails.

I can try to patch the version currently in Debian so that it is 
compatible with astropy 5.3, or disable the problematic tests 
(potentially a lot) in astroplan 0.8.

What do you think is best?

Regards

Vincent

Bug#1039982: packages.debian.org: Cannot download package source files due to mixed content URL

[Boyuan Yang]

Package: www.debian.org
Severity: normal

Converting the email to a bug report.

Thanks,
Boyuan Yang


在 2023-06-26星期一的 17:45 -0700，John Horigan写道：
> I tried to download the the source files and debian files for source package
> agg, but Chrome blocked the downloads with this message on the error
> console:
> 
> > Mixed Content: The site at 'https://packages.debian.org/' was loaded over
> > a secure connection, but the file at
> > 'https://deb.debian.org/debian/pool/main/a/agg/agg_2.6.1-r134+dfsg1-2.debi
> > an.tar.xz' was redirected through an insecure connection. This file should
> > be served over HTTPS. This download has been blocked. See
> > https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for
> > more details.
> 
> 
> The problem appears to be that the download links at the bottom of the
> source page https://packages.debian.org/source/trixie/agg use http: instead
> of https:. Clicking on these insecure links results in a 307 temporary
> redirect to the corresponding secure link. Chrome seems to block secure
> pages with insecure links that redirect to secure locations. The source page
> should have secure links.
> 
> -- john



signature.asc
Description: This is a digitally signed message part

Bug#1039480: [astroplan] Please update to 0.8 for astropy 5.3 compatibility

[Ole Streicher]

Hi Vincent,

if there are only a few tests, I would disable them and update the 
package. The main goal for the tests in Debian are that the package 
works well in that environment - i.e. with the installed astropy etc. 
This can be tested also with a new tests disabled.


I usually just report failing tests upstream and then disable them is 
they are just a bug in the test (or if the problem looks minor to me).


Cheers

Ole

On 30.06.23 17:06, Vincent Prat wrote:

Dear Ole,

There is this long-running issue in astroplan 0.8: 
https://github.com/astropy/astroplan/issues/416.

It is claimed to be solved, but I just tried and it still fails.

I can try to patch the version currently in Debian so that it is 
compatible with astropy 5.3, or disable the problematic tests 
(potentially a lot) in astroplan 0.8.

What do you think is best?

Regards

Vincent

Bug#1036569: openvswitch-common: leaves alternatives after purge: /usr/sbin/ovs-vswitchd -> /etc/alternatives/ovs-vswitchd

[Andreas Beckmann]

Followup-For: Bug #1036569
Control: tag -1 patch

find attached a patch to reintroduce openvswictch-common.postinst which
clean up the forgotten alternative


Andreas
>From 082e6d3c316f32e203debc285fa1c20ba460c3b1 Mon Sep 17 00:00:00 2001
From: Andreas Beckmann 
Date: Fri, 30 Jun 2023 14:19:38 +0200
Subject: [PATCH] Remove obsolete alternative dating back to bullseye

Closes: #1036569
---
 debian/openvswitch-common.postinst | 10 ++
 1 file changed, 10 insertions(+)
 create mode 100644 debian/openvswitch-common.postinst

diff --git a/debian/openvswitch-common.postinst 
b/debian/openvswitch-common.postinst
new file mode 100644
index 0..3949d46df
--- /dev/null
+++ b/debian/openvswitch-common.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "configure" ] && dpkg --compare-versions "$2" lt-nl "3.1.2-2~"
+then
+   # remove obsolete alternative from bullseye
+   update-alternatives --remove ovs-vswitchd 
/usr/lib/openvswitch-common/ovs-vswitchd
+fi
+
+#DEBHELPER#
-- 
2.20.1

Bug#1036400: partman-jfs: JFS is on its way out, please remove from the installer

[Steve McIntyre]

On Fri, Jun 30, 2023 at 04:56:37PM +0200, Adam Borowski wrote:
>On Sun, May 21, 2023 at 07:35:36AM +0200, Cyril Brulebois wrote:
>> Adam Borowski  (2023-05-20):
>> > The JFS filesystem is deprecated in the kernel: on life support since 2009
>> > and with talks of removal altogether.  Thus, we really shouldn't offer to
>> > format new setups with it.  There are people who kind-of remember JFS being
>> > the fastest back in the day, and it's irresponsible to set them for failed
>> > upgrades past Bookworm.
>> > 
>> > Thus: please remove JFS from the installer.
>> 
>> It doesn't seem reasonable to do that weeks away from the release, without
>> any kind of heads-up. That can be done during the Trixie release cycle,
>> e.g. in Alpha 1.
>
>Aye, sorry for having distracted you during the most busy time.  I filed the
>bug when I learned about plans of giving JFS the axe.
>
>> Feel free to ping this bug report a few weeks/months into the next release
>> cycle
>
>So... it might be a better time now.

Agreed, we'll pick this up shortly.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"The whole problem with the world is that fools and fanatics are
 always so certain of themselves, and wiser people so full of doubts."
   -- Bertrand Russell

Bug#1039983: cups: Cannot change printer.conf to CMYK

[Kerstin Hoef-Emden]

Package: cups
Version: 2.4.2-3
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Upgrade from bullseye to bookworm

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
First of all, the printer drivers for my printer (Kyocera FS-C5250dn) were not
anymore available in the printers list. The original Kyocera PPD files were
still present in the file system. I chose them by browsing the file system.
Although the printer was now identified as capable of doing CMYK and it was set
to color in the cups browser interface. I also tried to change the setting in
printer.conf a) by hand to printer-color-mode CMYK and I tried the command
lpoptions -p Kyocera -o printer-colormode=CMYK.

   * What was the outcome of this action?
It did not work, the printer still prints only Black & White and I am not able
to change the setting in printer.conf.

   * What outcome did you expect instead?

For sure I want my color printer to print color again.


*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cups depends on:
ii  cups-client2.4.2-3
ii  cups-common2.4.2-3
ii  cups-core-drivers  2.4.2-3
ii  cups-daemon2.4.2-3
ii  cups-filters   1.28.17-3
ii  cups-ppdc  2.4.2-3
ii  cups-server-common 2.4.2-3
ii  debconf [debconf-2.0]  1.5.82
ii  ghostscript10.0.0~dfsg-11
ii  libavahi-client3   0.8-10
ii  libavahi-common3   0.8-10
ii  libc6  2.36-9
ii  libcups2   2.4.2-3
ii  libgcc-s1  12.2.0-14
ii  libstdc++6 12.2.0-14
ii  libusb-1.0-0   2:1.0.26-1
ii  poppler-utils  22.12.0-2+b1
ii  procps 2:4.0.2-3

Versions of packages cups recommends:
ii  avahi-daemon  0.8-10
ii  colord1.4.6-2.2

Versions of packages cups suggests:
ii  cups-bsd   2.4.2-3
pn  cups-pdf   
pn  foomatic-db-compressed-ppds | foomatic-db  
pn  smbclient  
ii  udev   252.6-1

-- debconf information:
  cupsys/raw-print: true
  cupsys/backend: lpd, socket, usb, snmp, dnssd


Kyocera.ppd
Description: application/vnd.cups-ppd
# Printer configuration file for CUPS v2.4.2
# Written by cupsd
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
NextPrinterId 2

PrinterId 1
UUID urn:uuid:80dbe96e-e1b1-33fd-69e1-dabf1d863644
Info Kyocera FS-C5250dn
Location 192.168.1.6
MakeModel Kyocera FS-C5350DN (KPDL)
DeviceURI socket://192.168.1.6
State Idle
StateTime 1688140313
ConfigTime 1688140297
Type 8425564
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy retry-job
Option print-color-mode monochrome
Attribute marker-colors \#00,#FF00FF,#00,#00,none
Attribute marker-levels 6,6,100,65,-1
Attribute marker-names TK-590C,TK-590M,TK-590Y,TK-590K,Waste Toner Box
Attribute marker-types toner,toner,toner,toner,waste-toner
Attribute marker-change-time 1688140313

Bug#1039984: yail: CVE-2023-33460: Memory leak in yajl 2.1.0 with use of yajl_tree_parse function

[Tobias Frost]

Source: yajl
Version: 2.1.0-2
Severity: important
Tags: security upstream patch
X-Debbugs-Cc: Debian Security Team 

The following CVE was published for yajl:

CVE-2023-33460[0]:
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which
will cause out-of-memory in server and cause crash.

Upstream Issue [1] links to a potential patch [2]

I'm filing this bug as I'm going to fix the issue for ELTS (stretch/jessie)
and then possibly also will NMU for sid, bookworm and bullseye and buster.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

[0] https://security-tracker.debian.org/tracker/CVE-2023-33460

[1] https://github.com/lloyd/yajl/issues/250

[2] 
https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698

-- 
Cheers,
tobi

-- System Information:
Debian Release: 12.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'oldstable-security'), (500, 
'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), (100, 
'bullseye-fasttrack'), (100, 'bullseye-backports-staging'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#1037086: dropbear-initramfs: /etc/dropbear/initramfs/dropbear_dss_host_key file not generated

[Michael Meier]

I've had the same problem. Took me quite some time to realize why 
nothing is working.

I'm using debian bookworm.

dropbear-initramfs:
  Installed: 2022.83-1

dropbear-bin:
  Installed: 2022.83-1

I had to edit the file /usr/share/initramfs-tools-hooks so it also 
copies the dss key:

< for keytype in dss rsa ecdsa ed25519; do
---
> for keytype in rsa ecdsa ed25519; do

then

dropbearkey -t dss -f /etc/dropbear/initramfs/dropbear_dss_host_key

update-initramfs -u

And finally. Dropbear could be started!

The option DROPBEAR_OPTIONS="-E" should be default, so the user gets 
some kind of error message if something is not working. Would have saved 
me an hour or so...

Bug#1039985: libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid

[Andreas Beckmann]

Package: libjson-smart-java
Version: 2.2-2
Severity: serious
Tags: bullseye bookworm trixie sid
User: debian...@lists.debian.org
Usertags: piuparts
X-Debbugs-Cc: Bastien Roucariès 

Hi,

during a test with piuparts I noticed your package cannot be upgraded
from buster-lts to any newer release since buster-lts has a version
newer than any later release:

 json-smart | 2.2-1 | stretch | source
 json-smart | 2.2-2 | buster  | source
 json-smart | 2.2-2 | bullseye| source
 json-smart | 2.2-2 | bookworm| source
 json-smart | 2.2-2 | trixie  | source
 json-smart | 2.2-2 | sid | source
 json-smart | 2.2-2+deb10u1 | buster-security | source


Andreas

Bug#897933: dhcp-client instead of isc-dhcp-client?

[Beolach]

Is there a reason libguestfs0 depends on isc-dhcp-client specifically, instead 
of the virtual dhcp-client?  I prefer dhcpcd over isc-dhcp-client, and there 
are several other dhcp-client implementations as well.

If it really does need something specifically from isc-dhcp-client, could it be 
moved to Recommends instead of Depends (i.e. is it really a universal 
dependency, or is it just some limited extra functionality)?


Thanks,
Beolach

publickey - Beolach@proton.me - 0x98F57C4E.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Bug#1039989: plantuml: CVE-2022-1231

[Salvatore Bonaccorso]

Source: plantuml
Version: 1:1.2020.2+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for plantuml.

CVE-2022-1231[0]:
| XSS via Embedded SVG in SVG Diagram Format in GitHub repository
| plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of
| the diagram embedder. Depending on the actual context, this ranges
| from stealing secrets to account hijacking or even to code execution
| for example in desktop applications. Web based applications are the
| ones most affected. Since the SVG format allows clickable links in
| diagrams, it is commonly used in plugins for web based projects
| (like the Confluence plugin, etc. see
| https://plantuml.com/de/running).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-1231
https://www.cve.org/CVERecord?id=CVE-2022-1231
[1] https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604/
[2] 
https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1039988: Please provide a python3-all-venv package to parallel the python3-all etc packages

[Julian Gilbey]

Package: python3-venv
Version: 3.11.2-1+b1
Severity: wishlist

I have a package whose test suite builds a virtual environment for the
test.  (This is an integral part of the test.)  Unfortunately, though
I can depend on python3-all for the build and then attempt to run the
tests for all supported Python versions, there is no equivalent
python3-all-venv package that I can depend on to bring in the relevant
versioned python3.XX-venv packages.  This would presumably be a simple
addition, and very helpful for my usage case (pylint-venv)!

Best wishes,

   Julian

Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

[Salvatore Bonaccorso]

Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for nodejs.

CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
CVE-2023-30590[3].


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-30581
https://www.cve.org/CVERecord?id=CVE-2023-30581
[1] https://security-tracker.debian.org/tracker/CVE-2023-30588
https://www.cve.org/CVERecord?id=CVE-2023-30588
[2] https://security-tracker.debian.org/tracker/CVE-2023-30589
https://www.cve.org/CVERecord?id=CVE-2023-30589
[3] https://security-tracker.debian.org/tracker/CVE-2023-30590
https://www.cve.org/CVERecord?id=CVE-2023-30590
[4] https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1039991: libxml2: CVE-2022-2309

[Salvatore Bonaccorso]

Source: libxml2
Version: 2.9.14+dfsg-1.2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 2.9.10+dfsg-6.7+deb11u4
Control: found -1 2.9.10+dfsg-1

Hi,

The following vulnerability was published for libxml2.

CVE-2022-2309[0]:
| NULL Pointer Dereference allows attackers to cause a denial of
| service (or application crash). This only applies when lxml is used
| together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and
| earlier are not affected. It allows triggering crashes through
| forged input data, given a vulnerable code sequence in the
| application. The vulnerability is caused by the iterwalk function
| (also used by the canonicalize function). Such code shouldn't be in
| wide-spread use, given that parsing + iterwalk would usually be
| replaced with the more efficient iterparse function. However, an XML
| converter that serialises to C14N would also be vulnerable, for
| example, and there are legitimate use cases for this code sequence.
| If untrusted input is received (also remotely) and processed via
| iterwalk function, a crash can be triggered.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2309
https://www.cve.org/CVERecord?id=CVE-2022-2309
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
[2] 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc
 
[3] 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2

Regards,
Salvatore

Bug#1039992: kcm does not initialize kdc_offset, leading to random "Ticket expired" and "Clock skew too great" errors

[Steffen Kieß]

Package: heimdal-kcm
Version: 7.8.git20221117.28daf24+dfsg-2
Control: found -1 7.7.0+dfsg-2+deb11u3

In kcm/cache.c in kcm_ccache_alloc(), slot->kdc_offset is not 
initialized. The means that kcm will return an uninitialized values for 
GET_KDC_OFFSET (the value will often be 0, but sometimes some random 
value) unless SET_KDC_OFFSET has been called for the cache before.


This has been fixed upstream on the master branch, but not on 
heimdal-7-1-branch:

https://github.com/heimdal/heimdal/pull/390
https://github.com/heimdal/heimdal/commit/9f58896af958ae5e6e3ebde8c48dad4eda841986

Bug#1036400: partman-jfs: JFS is on its way out, please remove from the installer

[John Paul Adrian Glaubitz]

Hello!

On Sat, 2023-05-20 at 15:07 +0200, Adam Borowski wrote:
> The JFS filesystem is deprecated in the kernel: on life support since 2009
> and with talks of removal altogether.

Not sure where you got this information from, but JFS [1] unlike ReiserFS [2]
is not marked as deprecated in the kernel. There was a single mail by Christoph
Hellwig suggesting to deprecate JFS in the near future but so far nothing
has been decided yet.

Adrian

> [1] 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/jfs/Kconfig
> [2] 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/reiserfs/Kconfig

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1039993: apparmor policy for tcpdump does not allow reading of "pcapng" files

[Chris Kuethe]

Package: tcpdump
Version: 4.99.1-3ubuntu0.1

I originally reported this as an Ubuntu bug and was redirected here.
https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2024017

As the title says, the stock apparmor policy for tcpdump does not
allow "pcapng" files - such as those produced by wireshark - to be
read. This manifests as an opaque "permission denied" message on the
terminal and a log like this in dmesg when doing something like
`tcpdump -nr /tmp/test.pcapng`:

`[239871.151443] audit: type=1400 audit(1686850017.603:206):
apparmor="DENIED" operation="open" class="file" profile="tcpdump"
name="/tmp/test.pcapng" pid=515786 comm="tcpdump" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0`

The stock policy /etc/apparmor.d/usr.bin.tcpdump contains these rules
(note the lack of pcapng):

```
 # for -r, -F and -w
  /**.[pP][cC][aA][pP] rw,
  /**.[cC][aA][pP] rw,
```

Just for fun, I linked my test file to `/tmp/test.pcap` and tcpdump
was able to parse it correctly, so the problem was definitely not an
invalid format.

I then added a local rule in /etc/apparmor.d/local/usr.bin/tcpdump
which allowed tcpdump to read it:

```
/**.[pP][cC][aA][pP][nN][gG] rw,
```
Please find attached a diff with this change for
https://salsa.debian.org/rfrancoise/tcpdump/-/blob/master/debian/usr.bin.tcpdump

System info:
$ lsb_release -rd
Description: Pop!_OS 22.04 LTS
Release: 22.04
$ uname -a
Linux laptop 6.2.6-76060206-generic
#202303130630~1685473338~22.04~995127e SMP PREEMPT_DYNAMIC Tue M
x86_64 x86_64 x86_64 GNU/Linux
$ apt-cache policy tcpdump
tcpdump:
  Installed: 4.99.1-3ubuntu0.1
  Candidate: 4.99.1-3ubuntu0.1
  Version table:
 *** 4.99.1-3ubuntu0.1 500
500 http://apt.pop-os.org/ubuntu jammy-updates/main amd64 Packages
100 /var/lib/dpkg/status
 4.99.1-3build2 500
500 http://apt.pop-os.org/ubuntu jammy/main amd64 Packages
$ tcpdump --version
tcpdump version 4.99.1
libpcap version 1.10.1 (with TPACKET_V3)
OpenSSL 3.0.2 15 Mar 2022


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?
--- usr.bin.tcpdump.orig	2023-06-15 11:01:20.472474816 -0700
+++ usr.bin.tcpdump	2023-06-15 11:01:44.680377905 -0700
@@ -54,6 +54,7 @@
 
   # for -r, -F and -w
   /**.[pP][cC][aA][pP] rw,
+  /**.[pP][cC][aA][pP][nN][gG] rw,
   /**.[cC][aA][pP] rw,
 
   # for convenience with -r (ie, read pcap files from other sources)

Bug#1039990: [Pkg-javascript-devel] Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

[Jérémy Lal]

Hi,

Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso  a
écrit :

> Source: nodejs
> Version: 18.13.0+dfsg1-1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team <
> t...@security.debian.org>
>
> Hi,
>
> The following vulnerabilities were published for nodejs.
>
> CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
> CVE-2023-30590[3].
>
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>

It would be interesting to know if we adopt the same plan we had with
security team:
full upstream updates in the same branch, 18.x here.

Jérémy

Bug#1039994: bullseye-pu: package logrotate/3.18.0-2+deb11u2

[Christian Göttsche]

Package: release.debian.org
Control: affects -1 + src:logrotate
User: release.debian@packages.debian.org
Usertags: pu
Tags: bullseye
Severity: normal

[ Reason ]
The previous upload (3.18.0-2+deb11u1) cherry picked several commits
around the state file handling of logrotate.
In particular 
debian/patches/applied-upstream/Do-not-lock-state-file-dev-null.patch
added the following wording to the man page:

If /dev/null is given as the state file, then logrotate will not
try to lock or write the state file.

In the current bullseye version this is only true for locking but nor
for writing since the related commit was not included.
Thus the usage of /dev/null as the state file can lead to /dev/null
being replaced by a regular file.
See #1039868 as an example.

[ Impact ]
Users might be instructed by the man page to use /dev/null as a
throwaway state file and end up with /dev/null being replaced with a
regular file.

[ Tests ]
The testsuite of logrotate passes and there have been no issues in
logrotate versions that include that commit, in particular 3.21.0,
which is the version in Debian stable and unstable.

[ Risks ]
The change is a single trivial added path comparison to skip the state
file writing iff the state file is literal "/dev/null". There is no
change in behavior if the state file is not "/dev/null".

[ Checklist ]
 [X] *all* changes are documented in the d/changelog
 [X] I reviewed all changes and I approve them
 [X] attach debdiff against the package in (old)stable
 [X] the issue is verified as fixed in unstable

[ Changes ]
Skip writing the state to the file iff the path is literal "/dev/null".
Add a test case around using /dev/null as a state file.

[ Other info ]

diff -Nru logrotate-3.18.0/debian/changelog logrotate-3.18.0/debian/changelog
--- logrotate-3.18.0/debian/changelog   2022-01-30 17:29:14.0 +0100
+++ logrotate-3.18.0/debian/changelog   2023-06-30 19:45:16.0 +0200
@@ -1,3 +1,10 @@
+logrotate (3.18.0-2+deb11u2) bullseye; urgency=medium
+
+  * d/patches: cherry-pick usptream fix:
+- writeState: do nothing if state file is /dev/null (Closes: #1039868)
+
+ -- Christian Göttsche   Fri, 30 Jun 2023
19:45:16 +0200
+
logrotate (3.18.0-2+deb11u1) stable; urgency=medium

  * d/patches: cherry-pick upstream fixes:
diff -Nru 
logrotate-3.18.0/debian/patches/applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch
logrotate-3.18.0/debian/patches/applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch
--- 
logrotate-3.18.0/debian/patches/applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch
 1970-01-01 01:00:00.0 +0100
+++ 
logrotate-3.18.0/debian/patches/applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch
 2023-06-30 19:45:16.0 +0200
@@ -0,0 +1,76 @@
+From: Kamil Dudka 
+Date: Thu, 3 Jun 2021 10:51:07 +0200
+Applied-Upstream:
https://github.com/logrotate/logrotate/commit/456692644cbf5adb6253cb7ed2d169e950a9e348
+Subject: writeState: do nothing if state file is /dev/null
+
+If users do not want to use any state file, they can specify `/dev/null`
+as the state file.  Without this fix, logrotate would unnecessarily fail
+to rename a temporary file to `/dev/null`.
+
+Fixes: https://github.com/logrotate/logrotate/issues/395
+---
+ logrotate.c|  4 
+ test/Makefile.am   |  1 +
+ test/test-0089.sh  | 14 ++
+ test/test-config.89.in |  4 
+ 4 files changed, 23 insertions(+)
+ create mode 100755 test/test-0089.sh
+ create mode 100644 test/test-config.89.in
+
+diff --git a/logrotate.c b/logrotate.c
+index d110d54..31161bb 100644
+--- a/logrotate.c
 b/logrotate.c
+@@ -2515,6 +2515,10 @@ static int writeState(const char *stateFilename)
+ char *prevCtx;
+ int force_mode = 0;
+
++if (!strcmp(stateFilename, "/dev/null"))
++/* explicitly asked not to write the state file */
++return 0;
++
+ localtime_r(&nowSecs, &now);
+
+ tmpFilename = malloc(strlen(stateFilename) + 5 );
+diff --git a/test/Makefile.am b/test/Makefile.am
+index f1a0062..97e5775 100644
+--- a/test/Makefile.am
 b/test/Makefile.am
+@@ -87,6 +87,7 @@ TEST_CASES = \
+   test-0086.sh \
+   test-0087.sh \
+   test-0088.sh \
++  test-0089.sh \
+   test-0092.sh \
+   test-0100.sh \
+   test-0101.sh \
+diff --git a/test/test-0089.sh b/test/test-0089.sh
+new file mode 100755
+index 000..c586690
+--- /dev/null
 b/test/test-0089.sh
+@@ -0,0 +1,14 @@
++#!/bin/sh
++
++. ./test-common.sh
++
++# skip the test if /dev/null is not readable
++test -r /dev/null || exit 77
++
++# we don't want any stuff left from previous runs
++cleanup 89
++
++# --- Test 89 
++# using /dev/null as state file tells logrotate not to write the state file
++preptest test.log 89 2
++$RLR --state /dev/null test-config.89
+diff --git a/test/test-config.89.in b/test/test-config.89.in
+new file mode 

Bug#1039995: RM: iceoryx [armhf] -- ANAIS; 32-bit architectures broken and unsupported

[Timo Röhling]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: iceo...@packages.debian.org
Control: affects -1 + src:iceoryx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear FTP team,

please remove the armhf binaries of src:iceoryx as they are not
functional. Upstream does not support 32-bit architectures at all, so
it is unlikely they will ever be fixed.


Cheers
Timo


-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmSfIwkACgkQ+C8H+466
LVmigQwAzsZnt/csVIGdf/jI97PDBRi+3ODaJTCILf3Tw+pD2doZ0+4ZTIVc1LcY
FUB570qxe9YlLqQPoQcJwEf1l/3koFVemAgjbJMOI9wcMraMqNRYzrxRt5l96j9i
G38iPEzdp67vlgM3kwTWXEQDwHnqlfXqePAeailn357+qe7owPJLIAA4k1jjebev
PVFknsRAIRBsaTeNR4KfFImB/+XxgHSluQha16SmyisTkW1OxJOdFgzUqfC8uxJf
LJpE5jhRRAT0JLliUNbatxhmd85SVbbGBvDez77irHymyEOLxTGYF6TW6vazffIP
VeOVKuKraP2NXrzsQRZV990yE6U9n0QqgGh2MVNgHmIJG+YtU/5p8IpwEzKrNeo8
xwfd4NDih8smma3XvBHFSN+DpePIXnFdmlTl0ViUamvGcDFe/BeqlxstJT6q0EvA
DNIBcGv5/hckHfSepg5zF83e9sEr7YfwEFV/B0lMVcigSFN45D+uIc5z4qsH0jLB
2nNmFqnA
=q6hN
-END PGP SIGNATURE-

Bug#1036829: libretro-mgba: Audio stutters horribly and sounds distorted

[Ryan Tandy]

Hello,

I'm preparing an update for mgba in bookworm to fix this issue. Can I 
ask you to test the proposed package and confirm that it works for you?


On my system, the current bookworm package has no audio at all in 
retroarch, which is different from what you reported, so I'd like to be 
sure I've got the right patch.


You can find debs built for bookworm here:

https://salsa.debian.org/rtandy/mgba/-/jobs/4381339/artifacts/browse/debian/output/

with these changes:

https://salsa.debian.org/rtandy/mgba/-/compare/debian%2F0.10.1+dfsg-1...bookworm+ci

thanks,
Ryan

Bug#1039990: [Pkg-javascript-devel] Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

[Salvatore Bonaccorso]

Hi

[CC'ing the security team alias]

On Fri, Jun 30, 2023 at 08:12:37PM +0200, Jérémy Lal wrote:
> Hi,
> 
> Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso  a
> écrit :
> 
> > Source: nodejs
> > Version: 18.13.0+dfsg1-1
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team <
> > t...@security.debian.org>
> >
> > Hi,
> >
> > The following vulnerabilities were published for nodejs.
> >
> > CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
> > CVE-2023-30590[3].
> >
> >
> > If you fix the vulnerabilities please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> >
> 
> It would be interesting to know if we adopt the same plan we had with
> security team:
> full upstream updates in the same branch, 18.x here.

Yes I think we can do the same for bookworm and follow the 18.x
releases given it is a LTS branch. Unless you have some reason to
believe it would not be wise to do for the 18.x series.

Regards,
Salvatore

Bug#1039996: steam-installer: steam/need-nvidia-i386 template refers to a non-existing nvidia-driver-libs-i386 package

[Ricardo Pérez]

Package: steam-installer
Version: 1:1.0.0.78~ds-2
Severity: normal
X-Debbugs-Cc: rica...@ubuntu.com

Dear Maintainer,

The steam/need-nvidia-i386 debconf template, found in
`/var/lib/dpkg/info/steam-installer.templates`, asks the user to install
the non-existing `nvidia-driver-libs-i386` package. I believe the
correct package is `nvidia-driver-libs:i386`, that is, the
`nvidia-driver-libs` package in the `i386` arch.

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (800, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages steam-installer depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  steam-libs 1:1.0.0.78~ds-2
ii  steam-libs-i3861:1.0.0.78~ds-2
ii  zenity 3.44.0-1

steam-installer recommends no packages.

steam-installer suggests no packages.

Versions of packages steam-libs depends on:
ii  ca-certificates  20230311
ii  curl 7.88.1-10
ii  file 1:5.44-3
ii  libc62.36-9
ii  libcrypt11:4.4.35-1
ii  libgcc-s1 [libgcc1]  13.1.0-6
ii  libgl1   1.6.0-1
ii  libgl1-mesa-dri  22.3.6-1+deb12u1
ii  libgpg-error01.46-1
ii  libstdc++6   13.1.0-6
ii  libudev1 252.11-1
ii  libva-x11-2  2.18.0-1
ii  libva2   2.18.0-1
ii  libxcb-dri3-01.15-1
ii  libxcb1  1.15-1
ii  libxi6   2:1.8-1+b1
ii  libxinerama1 2:1.1.4-3
ii  xz-utils 5.4.1-0.2

Versions of packages steam-libs recommends:
ii  alacritty [x-terminal-emulator]  0.11.0-4
ii  fontconfig   2.14.1-4
ii  fonts-liberation 1:1.07.4-11
ii  i965-va-driver [va-driver]   2.4.1+dfsg1-1
ii  intel-media-va-driver [va-driver]23.1.2+dfsg1-1
ii  libasound2-plugins   1.2.7.1-1
ii  libegl1  1.6.0-1
ii  libexpat12.5.0-2
ii  libfontconfig1   2.14.1-4
ii  libgbm1  22.3.6-1+deb12u1
ii  libsdl2-2.0-02.28.0+dfsg-1
ii  libva-drm2   2.18.0-1
ii  libva-glx2   2.18.0-1
ii  libx11-6 2:1.8.6-1
ii  libx11-xcb1  2:1.8.6-1
ii  libxau6  1:1.0.9-1
ii  libxcb-dri2-01.15-1
ii  libxcb-glx0  1.15-1
ii  libxcb-present0  1.15-1
ii  libxcb-sync1 1.15-1
ii  libxdamage1  1:1.1.6-1
ii  libxdmcp61:1.1.2-3
ii  libxext6 2:1.3.4-1+b1
ii  libxfixes3   1:6.0.0-2
ii  libxss1  1:1.2.3-1
ii  libxxf86vm1  1:1.1.4-1+b2
ii  mesa-va-drivers [va-driver]  22.3.6-1+deb12u1
ii  mesa-vulkan-drivers  22.3.6-1+deb12u1
ii  sakura [x-terminal-emulator] 3.8.7-1
ii  steam-devices1:1.0.0.78~ds-2
ii  va-driver-all2.18.0-1
ii  xdg-desktop-portal   1.16.0-2
ii  xdg-desktop-portal-gtk [xdg-desktop-portal-backend]  1.14.1-1
ii  xdg-utils1.1.3-4.1
ii  xterm [x-terminal-emulator]  382-2
ii  zenity   3.44.0-1

Versions of packages steam-libs suggests:
pn  libudev0
ii  nvidia-driver-libs  525.105.17-2
ii  nvidia-vulkan-icd   525.105.17-2
pn  pipewire

Versions of packages steam-libs:i386 depends on:
ii  ca-certificates  20230311
ii  curl 7.88.1-10
ii  file 1:5.44-3
ii  libc62.36-9
ii  libcrypt11:4.4.35-1
ii  libgcc-s1 [libgcc1]  13.1.0-6
ii  libgl1   1.6.0-1
ii  libgl1-mesa-dri  22.3.6-1+deb12u1
ii  libgpg-error01.46-1
ii  libstdc++6   13.1.0-6
ii  libudev1 252.11-1
ii  libva-x11-2  2.18.0-1
ii  libva2

Bug#1025552: Bug#1037295: live-config: starting Calamares installer requires a password (which is 'live')

[Simon McVittie]

On Fri, 30 Jun 2023 at 16:01:49 +0200, Roland Clobus wrote:
> On 10/06/2023 19:14, Simon McVittie wrote:
> > On Sat, 10 Jun 2023 at 15:10:35 +0100, Simon McVittie wrote:
> > > * Boot debian-live-12.0.0-amd64-gnome.iso (the version used for
> > >release-day testing)
> > >- KDE has a similar issue with slightly different steps to start the
> > >  installer, probably all desktops' variants are affected
> > 
> > GNOME, KDE and LXQT are affected.
> 
> I've proposed a fix for Calamares in #1025552, which is based on your
> proposal in this ticket.
> If it is accepted there, this ticket can be regarded as a duplicate.

Bug #1037295 "live-config: starting Calamares installer requires a
password" is not a duplicate of #1025552 "calamares: dependency on
transitional policykit-1 package", they are two separate issues both
triggered by the new polkitd version in bookworm. The fix for #1025552
is to remove the transitional package policykit-1 from Build-Depends,
and replace it with polkitd.

The additional issue that you described in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025552#21 *is* the
same thing as bug #1037295, and you are correct to say that the solution
is to provide a JavaScript file configuring polkitd to allow the live
user to start Calamares without a password, but that's outside the scope
of #1025552.

I think it would be better to solve this in live-config rather
than in Calamares, by modifying components/1080-policykit
with polkitd configuration similar to what I suggested in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037295#10, because I
don't think we want installing the calamares package onto an ordinary
(non-live) system to give members of the sudo group the ability to
run it without a re-authentication prompt.

smcv

Bug#1039997: RFP: go-mega -- A client library in go for mega.nz storage service, required for rclone

[Alastair]

Package: wnpp
Severity: wishlist

* Package name: go-mega
  Version : Unknown
  Upstream Contact: See https://github.com/t3rm1n4l/go-mega
* URL : https://github.com/t3rm1n4l/go-mega
* License : MIT
  Programming Lang: Go
  Description : A client library in Go for mega.co.nz storage service

This is an API client library for MEGA storage service. Currently, the library 
supports the basic APIs and operations as follows:

  * User login 
  * Fetch filesystem tree
  * Upload file
  * Download file
  * Create directory
  * Move file or directory
  * Rename file or directory
  * Delete file or directory
  * Parallel split download and upload
  * Filesystem events auto sync
  * Unit tests

It would be used by rclone so rlcone can support Mega.nz cloud
storage.
https://github.com/rclone/rclone/issues/3980#issuecomment-654415017
has details and the rlcone package patch where the Mega backend is
disabled is at 
https://sources.debian.org/patches/rclone/1.60.1%2Bdfsg-2/0002-Disable-mega-backend.patch/

Thank you.

Bug#1039998: kwin-wayland: kwin_wayland_wrapper spams thousands of messages to the journal

[mister01x]

Package: kwin-wayland
Version: 4:5.27.5-3
Severity: minor
X-Debbugs-Cc: mister...@web.de

Dear Maintainer,

kwin_wayland_wrapper writes thousands of lines a day to the journal.
A majority of those lines read:

Jun 30 13:10:11 kwin_wayland_wrapper[5999]: kwin_screencast: Dropping a
screencast frame because the compositor is slow

This makes it hard to read the journal as those messages come in rapid
succession at least 2 pages (on my terminal) per second.

On my system here i get:

$ journalctl --since today | grep "Dropping a screencast frame because\
the compositor is slow" | wc -l
29393

And:

$ journalctl --since today | grep kwin_wayland_wrapper | wc -l
39132

I think that this is an over excessive amount of messages to the journal
as it makes it harder to find messages of other programs which are not
that verbose. Therefore I consider this behaviour to be a bug.

Thanks for maintaining kwin-wayland!

Marcel

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.10-1-siduction-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8),
LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kwin-wayland depends on:
ii  kwayland-integration  5.27.5-2
ii  kwin-common   4:5.27.5-3
ii  libc6 2.36-9
ii  libcap2-bin   1:2.66-4
ii  libepoxy0 1.5.10-1
ii  libfontconfig12.14.1-4
ii  libfreetype6  2.12.1+dfsg-5
ii  libkdecorations2-5v5  4:5.27.5-2
ii  libkf5configcore5 5.107.0-1
ii  libkf5configgui5  5.107.0-1
ii  libkf5configwidgets5  5.107.0-1
ii  libkf5coreaddons5 5.107.0-1
ii  libkf5crash5  5.107.0-1
ii  libkf5dbusaddons5 5.107.0-1
ii  libkf5globalaccel-bin 5.107.0-2
ii  libkf5globalaccel55.107.0-2
ii  libkf5globalaccelprivate5 5.107.0-2
ii  libkf5i18n5   5.107.0-1
ii  libkf5idletime5   5.107.0-1
ii  libkf5notifications5  5.107.0-1
ii  libkf5plasma5 5.107.0-1
ii  libkf5service-bin 5.107.0-1
ii  libkf5service55.107.0-1
ii  libkf5windowsystem5   5.107.0-1
ii  libkwineffects14  4:5.27.5-3
ii  libkwinglutils14  4:5.27.5-3
ii  libpipewire-0.3-0 0.3.71-2+b2
ii  libqaccessibilityclient-qt5-0 0.4.1-1+b1
ii  libqt5core5a [qtbase-abi-5-15-8]  5.15.8+dfsg-12
ii  libqt5dbus5   5.15.8+dfsg-12
ii  libqt5gui55.15.8+dfsg-12
ii  libqt5network55.15.8+dfsg-12
ii  libqt5qml55.15.8+dfsg-3
ii  libqt5quick5  5.15.8+dfsg-3
ii  libqt5widgets55.15.8+dfsg-12
ii  libstdc++613.1.0-6
ii  libxcb-randr0 1.15-1
ii  libxcb-xfixes01.15-1
ii  libxcb1   1.15-1
ii  xwayland  2:22.1.9-1

kwin-wayland recommends no packages.

kwin-wayland suggests no packages.

-- debconf-show failed

Bug#1039958: autopkgtest-build-podman: Image creation fails with "sd-bus call: Permission denied"

[Simon McVittie]

On Fri, 30 Jun 2023 at 12:52:31 +0200, Gioele Barabucci wrote:
> autopkgtest-build-podman's failure is due to the issue reported in [1], i.e.
> the Debian setup of podman requires `dbus-user-session`, but none of the
> podman-related packages Depends on it.
> 
> [1] https://bugs.debian.org/1013344

Is there anything that could or should be done in autopkgtest to resolve
this? The only thing I can see that would help from the autopkgtest side
would be a dependency on dbus-user-session, but the dependencies of the
various autopkgtest-build-* tools are only Suggests anyway (we consider
the core functionality of autopkgtest to be running tests, not setting
up any specific backend), and adding a Suggests on dbus-user-session
seems like it wouldn't be a particularly helpful hint for users that
the absence of dbus-user-session is why they're seeing this error.

If this isn't actionable from autopkgtest's side, then I think the best
thing would be to reassign this bug to podman, merge it with #1013344,
and give it an "affects" on autopkgtest so that it'll still show up in
our list of known issues.

smcv

Bug#1038920: python3-certbot-dns-gandi: Update from Debian 11 -> 12 leaves certificate updates broken

[Harlan Lieberman-Berg]

tag 1038920 +patch
thanks

On Fri, Jun 30, 2023 at 6:35 AM Norbert Preining  wrote:
> You could still send me the code and I give it an eye ;-)

Sold!  preinst file is attached.

Sincerely,

-- 
Harlan Lieberman-Berg
~hlieberman


preinst
Description: Binary data

Bug#1039999: plantuml: CVE-2023-3431

[Salvatore Bonaccorso]

Source: plantuml
Version: 1:1.2020.2+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for plantuml.

CVE-2023-3431[0]:
| Improper Access Control in GitHub repository plantuml/plantuml prior
| to 1.2023.9.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3431
https://www.cve.org/CVERecord?id=CVE-2023-3431
[1] https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c/
[2] 
https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1040000: plantuml: CVE-2023-3432

[Salvatore Bonaccorso]

Source: plantuml
Version: 1:1.2020.2+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for plantuml.

CVE-2023-3432[0]:
| Server-Side Request Forgery (SSRF) in GitHub repository
| plantuml/plantuml prior to 1.2023.9.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3432
https://www.cve.org/CVERecord?id=CVE-2023-3432
[1] https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51/
[2] 
https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797
 

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1040002: Drop Felix from Uploaders

[Felix Lechner]

Package: nullmailer
Severity: wishlist

Hi David,

I have not used nullmailer in a little while, and I do not plan to
work on the package in the near future.

Please remove my email address from the Uploaders field at your leisure. Thanks!

Kind regards
Felix

P.S. The proposed change alone did not seem to justify an upload.

Bug#1040001: transition: r-base

[Andreas Tille]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: r-b...@packages.debian.org, debia...@lists.debian.org
Control: affects -1 + src:r-base

Hi,

I'm not sure that we are in the right status to ask for a transition bug
since the affected package was just uploaded some time ago by its
maintainer who did not considered a proper transition.  This was discussed
on debia...@lists.debian.org in several postings - I try to point you to
the most relevant ones

  https://lists.debian.org/debian-r/2023/06/msg00011.html
as a response to >30 bugs against single packages all affecting
the r-base migration due to (to be expected) autopkgtest errors
in testing.  You can basically get this list of now all RC buggy
packages from the tracker page or r-base[1]

  https://lists.debian.org/debian-r/2023/06/msg00017.html
suggests r-graphics-api-* after r-base maintainer confirmed
"they cheated _a little_ and changes the graphics API" (probably
meaning ABI not API)

  https://lists.debian.org/debian-r/2023/06/msg00016.html
Reference to the docs

  https://lists.debian.org/debian-r/2023/06/msg00025.html
In the end of this mail three options are listed which I simply
repeat here for your comfort:

   1. implement the r-graphics-api-*
  This might be a bit complex since for the moment I do not know
  any means how to detect the packages that need this dependency
  (and how we can implement this into dh-update-R)  So this might
  become technically complex in the first case

   2. Just do a full r-api transition
  This would work but affects more packages than strictly
  necessary.  My gut feeling says we will be able to finish this
  earlier than 1. despite technically not perfect

   3. Blindly ignore the fact that we need a transition and follow
  the hackish workaround by using random versioned Depends as
  suggested by Nilesh for r-cran-epi.

  https://lists.debian.org/debian-r/2023/06/msg00027.html
Confirmation for option 1.


While I would love to hear the opinion of the release team what kind of
transition (1. or 2.) should be prefered (if this is possible now at all
since the affected package r-base 4.3.1 is in the archive since some
time and also the most urgent packages are rebuild manually) or whether
we need to fight manually through this mess (option 3.)  I confirm that
I agree with Johannes Ranke to prefer option 1. and do it "right" to be
safe for the next time.

To support this idea I just commited some proof of concept change to
dh-r which would support injecting a virtual package in case r-base
would define it.  This requires confirmation of the r-base maintainer.

Sorry that this transition bug is that complex.  I would have loved if
it would went more coordinated but unfortunately that's not in my hands
and I simply try to reassemble the pieces.

Kind regards
Andreas.

[1] https://tracker.debian.org/pkg/r-base
[2] 
https://salsa.debian.org/r-pkg-team/dh-r/-/commit/f79e2573a59c1ff01c526a7dcf15b7f85263cc29

Ben file:

title = "r-base";
is_affected = ;
is_good = ;
is_bad = ;

Bug#1039958: autopkgtest-build-podman: Image creation fails with "sd-bus call: Permission denied"

[Gioele Barabucci]

On 30/06/23 21:15, Simon McVittie wrote:

On Fri, 30 Jun 2023 at 12:52:31 +0200, Gioele Barabucci wrote:

autopkgtest-build-podman's failure is due to the issue reported in [1], i.e.
the Debian setup of podman requires `dbus-user-session`, but none of the
podman-related packages Depends on it.

[1] https://bugs.debian.org/1013344


Is there anything that could or should be done in autopkgtest to resolve
this?


Perhaps unrelated to this specific bug, but I would suggest moving the 
builder/drivers to their own packages (autopkgtest-podman, 
autopkgtest-qemu) and letting them Depends on the required packages.


In this way, if I can be sure that after the installation of 
autopkgtest-X  I have all the things that are _needed_ to run that 
specific driver.



If this isn't actionable from autopkgtest's side, then I think the best
thing would be to reassign this bug to podman, merge it with #1013344,
and give it an "affects" on autopkgtest so that it'll still show up in
our list of known issues.


That also seems reasonable.

--
Gioele Barabucci

Bug#1039926: Will file bug report for complete R transition (Was: Bug#1039926: svglite requires rebuild under R 4.3.*)

[Andreas Tille]

Hi Johannes,

Am Fri, Jun 30, 2023 at 03:22:19PM +0200 schrieb Johannes Ranke:
> I think option 1 from [1] is the way to go, i.e. make r-base provide a 
> graphics API version according to the R changelog, and have the relevant 
> packages depend on that graphics API version. How to identify them was 
> discussed previously on this list [2]. Using the codesearch and github URLS 
> provided in that email, the list given there could be updated.

That's a good hint.  I took it as resource to draft some proof of
concept change for dh-r.
 
> Somehow Dirk is hesitant to do this, I think it is just a matter of "is this 
> really necessary"? To me, it seems there is ample evidence by now that it is 
> indeed necessary, for the mental sanity of everyone involved, and to avoid 
> future discussions about a full R API bump just because of the graphics API 
> on 
> the one hand, and to avoid breaking things by just ignoring the issue on the 
> other hand.

I've filed bug #1040001 and we'll see what release team will decide.

Kind regards
   Andreas.

-- 
http://fam-tille.de

Bug#1036004:

[Nathan Schulte]

I believe we've finally tracked down the root cause of this issue, and
a set of patches has come across that should resolve it.

I haven't yet tried these latest patches but instead an earlier trial
based upon v6.4-rc4, which worked well.

Two patch sets resolve the issue; I haven't tried just the latest, but
I believe both are required for correct operation:

- 
https://lore.kernel.org/linux-acpi/20230601221151.670-1-mario.limoncie...@amd.com/T/#u
- 
https://lore.kernel.org/linux-gpio/20230630194716.6497-1-mario.limoncie...@amd.com/T/#u

Bug#1039907: apt-cacher-cleanup.pl clears/removes all cached packages on trixie

[Mark Hindley]

Control: tags -1 moreinfo

On Thu, Jun 29, 2023 at 01:35:28PM +0200, Chris Nospam wrote:
> Package: apt-cacher
> Version: 1.7.29
> 
> As far as I can see, calling /usr/share/apt-cacher/apt-cacher-cleanup.pl
> (e.g. after apt-get dist-upgrade which stores some packages to the cache)
> under debian testing/trixie seems to remove ALL package files in the cache
> /var/cache/apt-cacher/packages/ftp.xx.debian.org_debian, instead of only
> removing superseeded packages which are not in the index any more.

There have not been any recent changes, so unless the underlying perl behaviour
has changed, I don't have an immediate explanation.
> 
> I did not change my config (= nearly default), which used to operate on
> bookworm. Nevertheless, after bookworm got stable (and I stayed on testing), I
> manually cleared the cache by replacing /var/cache/apt-cacher with a vanilla
> version like it once was created by apt-get install apt-cacher .

Can you clarify exactly what you did here? Was that before or after the
dist-upgrade?

Mark

Bug#1040003: jackd: add pipewire-jack to dependency alternativees

[Dominik George]

Package: jackd
Version: 5+nmu1
Severity: wishlist

The pipewire-jack package provides a JACKd implementation based
on PipeWire, which I am using on my audio recording workstation.

Other packages depend on jackd if they need a JACK daemon to talk
to (e.g. qjackctl), and that pulls in jackd2 currently, which
I do not need.

Please allow pipewire-pulse to satisfy the dependency on a JACKd
implementation.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages jackd depends on:
pn  jackd2 | jackd1  

jackd recommends no packages.

jackd suggests no packages.

Bug#1040004: netplan.io: autopkgtest fails with iproute2 v6.4

[Luca Boccassi]

Package: netplan.io
Version: 0.106.1-2

Dear Maintainers,

I just uploaded iproute2 6.4-1 and some outputs have changed, so
netplan's autopkgtest is failing:

4161s ==
4161s FAIL: test_mix_bridge_on_bond 
(__main__.TestNetworkManager.test_mix_bridge_on_bond)
4161s --
4161s Traceback (most recent call last):
4161s   File 
"/tmp/autopkgtest-lxc.c9fuz980/downtmp/build.jTA/src/tests/integration/scenarios.py",
 line 62, in test_mix_bridge_on_bond
4161s self.assert_iface('br0', ['inet 192.168.0.2/24'])
4161s   File 
"/tmp/autopkgtest-lxc.c9fuz980/downtmp/build.jTA/src/tests/integration/base.py",
 line 279, in assert_iface
4161s self.assertRegex(out, r, out)
4161s AssertionError: Regex didn't match: 'inet 192.168.0.2/24' not found in 
'16: br0:  mtu 1500 qdisc noqueue state DOWN 
group default qlen 1000\nlink/ether 02:b1:cb:83:28:73 brd ff:ff:ff:ff:ff:ff 
promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535 \nbridge forward_delay 1500 
hello_time 200 max_age 2000 ageing_time 3 stp_state 1 priority 32768 
vlan_filtering 0 vlan_protocol 802.1Q bridge_id 8000.2:b1:cb:83:28:73 
designated_root 8000.2:b1:cb:83:28:73 root_port 0 root_path_cost 0 
topology_change 0 topology_change_detected 0 hello_timer0.42 tcn_timer
0.00 topology_change_timer0.00 gc_timer  267.99 vlan_default_pvid 1 
vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 
01:80:c2:00:00:00 mcast_snooping 1 no_linklocal_learn 0 mcast_vlan_snooping 0 
mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 
16 mcast_hash_max 4096 mcast_last_member_count 2 mcast_startup_query_count 2 
mcast_last_member_interval 100 mcast_membership_interval 26000 
mcast_querier_interval 25500 mcast_query_interval 12500 
mcast_query_response_interval 1000 mcast_startup_query_interval 3124 
mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 
0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 
gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 
gro_max_size 65536 \n' : 16: br0:  mtu 1500 
qdisc noqueue state DOWN group default qlen 1000
4161s link/ether 02:b1:cb:83:28:73 brd ff:ff:ff:ff:ff:ff promiscuity 0 
allmulti 0 minmtu 68 maxmtu 65535 
4161s bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 
3 stp_state 1 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q 
bridge_id 8000.2:b1:cb:83:28:73 designated_root 8000.2:b1:cb:83:28:73 root_port 
0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer
0.42 tcn_timer0.00 topology_change_timer0.00 gc_timer  267.99 
vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 
group_address 01:80:c2:00:00:00 mcast_snooping 1 no_linklocal_learn 0 
mcast_vlan_snooping 0 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 
mcast_hash_elasticity 16 mcast_hash_max 4096 mcast_last_member_count 2 
mcast_startup_query_count 2 mcast_last_member_interval 100 
mcast_membership_interval 26000 mcast_querier_interval 25500 
mcast_query_interval 12500 mcast_query_response_interval 1000 
mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 
mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 
numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 
65536 tso_max_segs 65535 gro_max_size 65536 

3897s ==
3897s FAIL: test_tunnel_vxlan (__main__.TestNetworkd.test_tunnel_vxlan)
3897s --
3897s Traceback (most recent call last):
3897s   File 
"/tmp/autopkgtest-lxc.c9fuz980/downtmp/build.jTA/src/tests/integration/tunnels.py",
 line 232, in test_tunnel_vxlan
3897s self.assert_iface('vx0', [' udpcsum ', ' udp6zerocsumtx ',
3897s   File 
"/tmp/autopkgtest-lxc.c9fuz980/downtmp/build.jTA/src/tests/integration/base.py",
 line 279, in assert_iface
3897s self.assertRegex(out, r, out)
3897s AssertionError: Regex didn't match: ' udpcsum ' not found in '107: vx0: 
 mtu 1450 qdisc noqueue state UNKNOWN group 
default qlen 1000\nlink/ether 56:33:9d:43:62:06 brd ff:ff:ff:ff:ff:ff 
promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535 \nvxlan id 1337 group 
224.0.0.5 local 10.10.10.42 dev eth42 srcport 4000 4200 dstport 4567 ttl 64 
ageing 100 nolearning rsc l2miss l3miss udp_zero_csum6_tx udp_zero_csum6_rx 
remcsum_tx remcsum_rx numtxqueues 1 numrxqueues 1 gso_max_size 65536 
gso_max_segs 65535 tso_max_size 524280 tso_max_segs 65535 gro_max_size 65536 \n 
   inet6 fe80::5433:9dff:fe43:6206/64 scope link proto kernel_ll \n   
valid_lft forever preferred_lft forever\n' : 107: vx0: 
 mtu 1450 qdisc noqueue state UNKNOWN group 
default qlen 1000
3897s link/ether 56:33:9d:43:62:06 brd ff:ff:ff:ff

Bug#1039976: detex.1: some remarks and editorial fixes in a patch for the manual

[Preuße]

On 30.06.2023 01:46, Bjarni Ingi Gislason wrote:

Dear Bjarni,


here are some notes and a patch for the manual.


Many thanks for your patches: they are heavily appreciated.

It would be nice if you could provide your content as attachment, this 
would help me to extract the content, even if it is just text.
Further consider to submit your suggestions directly to the upstream 
maintainer of the software, if possible.


Many thanks,
  Hilmar
--
sigfault



OpenPGP_0x0C871C4C653C1F59.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1038000: bookworm-pu: package texlive-bin/2022.20220321.62855-5.1+deb12u1

[Preuße]

On 30.06.2023 13:56, Jonathan Wiltshire wrote:

Hi Jonathan,


You also need to target bookwork, not bookworm-proposed-updates, so I'll
reject the uploads and you can re-use the same version number.

Done. The packages are in the "Resolution Pending" queue. Hope I did 
everything right this time.


Hilmar
--
sigfault



OpenPGP_0x0C871C4C653C1F59.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature