Bug#983004:

[Bella Tofa]

Bug#982559: marked as done (xscorch Build-Depends on libreadline-gplv2-dev which has been removed)

[Debian Bug Tracking System]

Your message dated Thu, 18 Feb 2021 23:04:08 +
with message-id 
and subject line Bug#982559: fixed in xscorch 0.2.1-1+nmu6
has caused the Debian Bug report #982559,
regarding xscorch Build-Depends on libreadline-gplv2-dev which has been removed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
982559: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982559
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xscorch
Version: 0.2.1-1+nmu5
Severity: serious
Justification: FTBFS
User: trei...@debian.org
Usertags: edos-uninstallable

Hi,

libreadline-gplv2-dev has been removed from unstable [1]. Don't ask me
how that is possible as your package still Build-Depends on it, but it
happened. Please fix your package somehow, alternatives seem to be around.

Paul

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980504




OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: xscorch
Source-Version: 0.2.1-1+nmu6
Done: Peter Michael Green 

We believe that the bug you reported is fixed in the latest version of
xscorch, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 982...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Michael Green  (supplier of updated xscorch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 18 Feb 2021 20:50:52 +
Source: xscorch
Architecture: source
Version: 0.2.1-1+nmu6
Distribution: unstable
Urgency: medium
Maintainer: Jacob Luna Lundberg 
Changed-By: Peter Michael Green 
Closes: 982559
Changes:
 xscorch (0.2.1-1+nmu6) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Remove build-dependency on libreadline-gplv2-dev
 (Closes: 982559)
Checksums-Sha1:
 518a9262c10eef92d252307c61cdd1d27caf8558 1858 xscorch_0.2.1-1+nmu6.dsc
 87f44e7d2f36b840d7af62fd22696b2373e85c80 11792 
xscorch_0.2.1-1+nmu6.debian.tar.xz
 9faa7f69450410199a9597dd533ead949b3ccf54 11586 
xscorch_0.2.1-1+nmu6_source.buildinfo
Checksums-Sha256:
 d2033e41747b710bc5a11d739f9e8eab649c3efba57a7d00589b91486440dc13 1858 
xscorch_0.2.1-1+nmu6.dsc
 b30969b4b5fc5ff3f42abdcbfaf254fc377a75b501c7fbb57e107c6331a0d10c 11792 
xscorch_0.2.1-1+nmu6.debian.tar.xz
 3e568ff22ec016038705a3c511bc2a4b168238420090b717a2d54e802d7fe917 11586 
xscorch_0.2.1-1+nmu6_source.buildinfo
Files:
 b3170c174cea399cd1187b8f419b6217 1858 games optional xscorch_0.2.1-1+nmu6.dsc
 4d1aae50962268c85c83f0d12e19e023 11792 games optional 
xscorch_0.2.1-1+nmu6.debian.tar.xz
 bc359519e74843caaf0eb2b878a431d0 11586 games optional 
xscorch_0.2.1-1+nmu6_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCAAyFiEEU0DQATYMplbjSX63DEjqKnqP/XsFAmAu7+IUHHBsdWd3YXNo
QGRlYmlhbi5vcmcACgkQDEjqKnqP/XvClQ/+ID5YXt/2+dgQjZnprEQb/LAeVnTG
h+zCMu/R1KyDVlGyk4VhUAGRbNGYdFdnbqe4GgljeWbYQy6ESmHxMdhz26Aj9aaO
I/+Oj/AcRXAZqMZQDF/fUL0LcQcN7ZniV/+K38g1zEQ/NjwttzscYDH5DcVZbeyC
UPSqbZeS7zVwJAtKyYpll6l0H8iDJT86JbnPjQ1PDwz5abE/JZTX0p2IycuAtkBB
iTK6q3kcCKJrODjDa9CxNQl6lYgF4dM9YzAaG1WmYj8rUum7+R2+guD91gM0sHRy
I3+VWLIvxDCWqpl64uDicRu5Sr6edH4mBCYjJmwhGNLvK8PPcFbER39vSO1lUEFI
/FhOAUGvr1eP/3hWhfNSeXMKRK/JXy9uR1NKQGkg8s1dJHlk2z9yt+Yac8PIyjaq
41pUJ/xS8YfQtwQ/PqwY7mcSnoARNXfmOYG5Ipo/zSYLe6DowC/uR9wRVsF9leSP
P0vRIEug7lzernMIk44wPkyFYIPVNY4iaUjJrvSftCca2p4ALVp1zfCR4A3kkXUu
pb1JZ8bv48BGTGYymxAFL2sLdps6mXXFESKtRr47rcjOsdazbUVED1GcWU5NOBGK
t6nF3OklGsnkQ0qAXx3brXY0bDk/zb3RTE+jDuWOgkWEHQJ8mMc89+s+BLbZYh06
dN65abfGub13vnE=
=rKYD
-END PGP SIGNATURE End Message ---

Bug#982559: xscorch Build-Depends on libreadline-gplv2-dev which has been removed

[peter green]

I would thus propose simply dropping the build-dependency, a debdiff doing that 
is
attached, I may or may not NMU it later.

I have gone ahead with the NMU, final debdiff is attatched.

diff -Nru xscorch-0.2.1/debian/changelog xscorch-0.2.1/debian/changelog
--- xscorch-0.2.1/debian/changelog  2020-09-12 08:10:17.0 +0100
+++ xscorch-0.2.1/debian/changelog  2021-02-18 20:50:52.0 +
@@ -1,3 +1,11 @@
+xscorch (0.2.1-1+nmu6) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Remove build-dependency on libreadline-gplv2-dev
+(Closes: 982559)
+
+ -- Peter Michael Green   Thu, 18 Feb 2021 20:50:52 +
+
 xscorch (0.2.1-1+nmu5) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru xscorch-0.2.1/debian/control xscorch-0.2.1/debian/control
--- xscorch-0.2.1/debian/control2020-07-02 15:45:01.0 +0100
+++ xscorch-0.2.1/debian/control2021-02-18 20:48:27.0 +
@@ -4,7 +4,7 @@
 Homepage: http://www.xscorch.org/
 Maintainer: Jacob Luna Lundberg 
 Standards-Version: 3.9.2
-Build-Depends: debhelper (>= 7), groff, libglib2.0-dev, libgtk2.0-dev (>= 
2.20), libmikmod-dev, libreadline-gplv2-dev | libreadline5-dev, libx11-dev, 
libxext-dev, libxi-dev, autotools-dev
+Build-Depends: debhelper (>= 7), groff, libglib2.0-dev, libgtk2.0-dev (>= 
2.20), libmikmod-dev, libx11-dev, libxext-dev, libxi-dev, autotools-dev
 
 Package: xscorch
 Architecture: any

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 980564 88.0.4324.146-1~deb10u1
Bug #980564 {Done: Michel Le Bihan } [src:chromium] 
chromium: 88.0.4324.96 stable release
Marked as fixed in versions chromium/88.0.4324.146-1~deb10u1.
> fixed 972134 88.0.4324.146-1~deb10u1
Bug #972134 {Done: Michael Gilbert } [chromium] chromium: 
please, consider moving the package to team-maintainance to properly maintain it
Marked as fixed in versions chromium/88.0.4324.146-1~deb10u1.
> fixed 980482 88.0.4324.146-1~deb10u1
Bug #980482 {Done: Michael Gilbert } [chromium] chromium: 
upgrade to 87 breaks browser window rendering
Bug #979017 {Done: Michael Gilbert } [chromium] chromium 
87 with hw accel, opening a second window freezes the UI
Marked as fixed in versions chromium/88.0.4324.146-1~deb10u1; no longer marked 
as fixed in versions 88.0.4324.146-1~deb10u1.
Marked as fixed in versions chromium/88.0.4324.146-1~deb10u1; no longer marked 
as fixed in versions 88.0.4324.146-1~deb10u1.
> notfixed 980564 88.0.4324.96-1~deb10u1
Bug #980564 {Done: Michel Le Bihan } [src:chromium] 
chromium: 88.0.4324.96 stable release
The source 'chromium' and version '88.0.4324.96-1~deb10u1' do not appear to 
match any binary packages
No longer marked as fixed in versions chromium/88.0.4324.96-1~deb10u1.
> notfixed 972134 88.0.4324.96-1~deb10u1
Bug #972134 {Done: Michael Gilbert } [chromium] chromium: 
please, consider moving the package to team-maintainance to properly maintain it
There is no source info for the package 'chromium' at version 
'88.0.4324.96-1~deb10u1' with architecture ''
Unable to make a source version for version '88.0.4324.96-1~deb10u1'
No longer marked as fixed in versions 88.0.4324.96-1~deb10u1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
972134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972134
979017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979017
980482: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980482
980564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980564
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: reopening 982882

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 982882
Bug #982882 {Done: Tomasz Buchert } [src:stellarium] 
stellarium FTBFS on armel and mipsel
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions stellarium/0.20.4-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
982882: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982882
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 972134 88.0.4324.96-1~deb10u1
Bug #972134 {Done: Michael Gilbert } [chromium] chromium: 
please, consider moving the package to team-maintainance to properly maintain it
There is no source info for the package 'chromium' at version 
'88.0.4324.96-1~deb10u1' with architecture ''
Unable to make a source version for version '88.0.4324.96-1~deb10u1'
Marked as fixed in versions 88.0.4324.96-1~deb10u1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
972134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972134
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 980564  88.0.4324.96-1~deb10u1
Bug #980564 {Done: Michel Le Bihan } [src:chromium] 
chromium: 88.0.4324.96 stable release
The source 'chromium' and version '88.0.4324.96-1~deb10u1' do not appear to 
match any binary packages
Marked as fixed in versions chromium/88.0.4324.96-1~deb10u1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980564
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#982275: debianutils: add-shell depends on non-essential package

[Michael Gilbert]

On Sat, Feb 13, 2021 at 5:01 AM Andreas Henriksson wrote:
> > For systems where awk is not yet installed (chroots), installation of
> > dash will currently fail since it's postinst calls add-shell from
> > debianutils.
>
> Please share details about how to reproduce this situation!
>
> You say you don't have awk when dash postinst runs, but that would also
> mean you don't have base-files (since it pre-depends on awk), which
> means you're lacking essential packages while you're configuring
> dash!
>
> Sounds to me like you're doing something very peculiar and likely
> completely unsupported to be able to trigger this issue. Atleast I can't
> think of any obvious way how to trigger it.

Yes, I am doing something quite peculiar.  I am trying to install the
absolute minimal system possible, just enough to be able to run a
shell (dash).  In fact without even base-files.

# mmdebstrap --verbose --variant=custom
--include=sed,grep,libc-bin,dash,diffutils,coreutils unstable unstable
[...]
/usr/sbin/add-shell: 20: awk: not found
Either another instance of /usr/sbin/add-shell is running, or it was
previously interrupted.
Please examine /etc/shells.tmp to see if it should be moved onto /etc/shells.
dpkg: error processing package dash (--install):
 installed dash package post-installation script subprocess returned
error exit status 1
Errors were encountered while processing:
 dash

I can add mawk to the list of packages to make it work, but that isn't
quite so minimal ;)

# mmdebstrap --verbose --variant=custom
--include=sed,mawk,grep,libc-bin,dash,diffutils,coreutils unstable
unstable

> Replacing using awk with cat whenever possible sounds like a good thing
> to do, so for the record I'm not against that. My skepticism is more
> at why this is not a wishlist bug report (that would be much better to
> adress early in a development cycle, rather than when we're already in
> the bullseye freeze).

Given the peculiarity and simple work around, I am ok with any severity.

Best wishes,
Mike

Bug#982769: marked as done (php-horde-text-filter: CVE-2021-26929)

[Debian Bug Tracking System]

Your message dated Thu, 18 Feb 2021 21:19:21 +
with message-id 
and subject line Bug#982769: fixed in php-horde-text-filter 2.3.7-1
has caused the Debian Bug report #982769,
regarding php-horde-text-filter: CVE-2021-26929
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
982769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982769
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: php-horde-text-filter
Version: 2.3.6-7
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 2.3.5-3+deb10u1
Control: found -1 2.3.5-3

Hi,

The following vulnerability was published for php-horde-text-filter.

CVE-2021-26929[0]:
| An XSS issue was discovered in Horde Groupware Webmail Edition through
| 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The
| attacker can send a plain text e-mail message, with JavaScript encoded
| as a link or email that is mishandled by preProcess in Text2html.php,
| because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with
| XSS defenses.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-26929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26929
[1] https://lists.horde.org/archives/announce/2021/001298.html
[2] https://www.alexbirnberg.com/horde-xss.html
[3] 
https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: php-horde-text-filter
Source-Version: 2.3.7-1
Done: Mike Gabriel 

We believe that the bug you reported is fixed in the latest version of
php-horde-text-filter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 982...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel  (supplier of updated php-horde-text-filter 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 18 Feb 2021 22:05:19 +0100
Source: php-horde-text-filter
Architecture: source
Version: 2.3.7-1
Distribution: unstable
Urgency: medium
Maintainer: Horde Maintainers 
Changed-By: Mike Gabriel 
Closes: 982769
Changes:
 php-horde-text-filter (2.3.7-1) unstable; urgency=medium
 .
   * New upstream version 2.3.7:
 - CVE-2021-26929: Fix XSS issue. (Closes: #982769).
Checksums-Sha1:
 22d6d6bdafcf70bb4a1aba3482cc03a863646af6 2229 php-horde-text-filter_2.3.7-1.dsc
 63ee2b26ab12d08327b220232ad3bc08208a8973 55481 
php-horde-text-filter_2.3.7.orig.tar.gz
 7170af1863ff26dcef9c210d16d59125af6d1648 5112 
php-horde-text-filter_2.3.7-1.debian.tar.xz
 11c13145080343172a547951375b254fb4fcb607 6159 
php-horde-text-filter_2.3.7-1_source.buildinfo
Checksums-Sha256:
 69bf219f200fdaeb14dab37dde8c14928e1665dff50141ace830d85073da90ab 2229 
php-horde-text-filter_2.3.7-1.dsc
 eca599d2c453651d8a9281308d55163c4b9fefeedaf35a7c5be95e5db6e7eec4 55481 
php-horde-text-filter_2.3.7.orig.tar.gz
 beaa4809f73ca413091fa9bfb706bb574a17b2c6f3cc4f62dd191236906816a2 5112 
php-horde-text-filter_2.3.7-1.debian.tar.xz
 5d6abdb4d65f741f016d773fe1460bef12325f7c59eacedbf7b5b9d5f351401b 6159 
php-horde-text-filter_2.3.7-1_source.buildinfo
Files:
 1b77dce1ee2ec5691192652b4f90d1de 2229 php optional 
php-horde-text-filter_2.3.7-1.dsc
 ec5d474e9d61063cc02289c8a55fde41 55481 php optional 
php-horde-text-filter_2.3.7.orig.tar.gz
 e2e0e02de63b425a973a0365bca11939 5112 php optional 
php-horde-text-filter_2.3.7-1.debian.tar.xz
 953c2e0fe68491b6310c0374abad9baa 6159 php optional 
php-horde-text-filter_2.3.7-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmAu10QVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx51sP/i8rfTuD+QTyp+2bGDsSkT/BfdRd
g2r5ZEi9aRMSGXi/wFwx/S/7BvF3I63Ny1/rmN/Bv1LAk5x6pgySiaJlj8cm7m+9
YuisrQiTpnaM+shiZJasWRwIFo5Q7w0LI27YdHn9F0RYDe2WbSlNdJ9OuJgeakWU
a1FpZ1WrMR1KKDO6TURCdRTWN0xowpEw8zMiP5ACpfJB9YR0eHPiWjbFRt1706rG
8LQOas1aLQh+JOA8etO4eMR8JGEIYWJ91mTjU/KMaQJ4vXtQJDzWMUGvH+S2fXwZ

Processed: Re: Bug#939733: lsb-release: lsb_release does not show point release on Debian 10.1

[Debian Bug Tracking System]

Processing control commands:

> severity -1 normal
Bug #939733 [lsb-release] lsb-release: lsb_release does not show point release 
on Debian 10.1
Severity set to 'normal' from 'serious'

-- 
939733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939733
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#939733: lsb-release: lsb_release does not show point release on Debian 10.1

[Chris Hofstaedtler]

Control: severity -1 normal

* Dmitry Bogatov  [2019-09-11 16:15]:
> control: severity -1 +normal

That appears to have failed. Trying again, as a service :-)

Bug#982882: marked as done (stellarium FTBFS on armel and mipsel)

[Debian Bug Tracking System]

Your message dated Thu, 18 Feb 2021 20:19:24 +
with message-id 
and subject line Bug#982882: fixed in stellarium 0.20.4-2
has caused the Debian Bug report #982882,
regarding stellarium FTBFS on armel and mipsel
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
982882: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982882
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: stellarium
Version: 0.20.4-1
Severity: serious
Tags: ftbfs

Hi Maintainer,

Your last upload FTBFS on mipsel and armel.

Paul

https://buildd.debian.org/status/package.php?p=stellarium

make[3]: Leaving directory '/<>/obj-arm-linux-gnueabi'
[ 24%] Built target translations-stellarium
[ 24%] Generating ../../translations/stellarium-skycultures/zh_CN.qm
cd /<>/obj-arm-linux-gnueabi/po/stellarium-skycultures &&
/usr/lib/qt5/bin/lconvert -i
/<>/po/stellarium-skycultures/zh_CN.po -o
/<>/obj-arm-linux-gnueabi/translations/stellarium-skycultures/zh_CN.qm
[ 24%] Generating ../../translations/stellarium-skycultures/zh_HK.qm
cd /<>/obj-arm-linux-gnueabi/po/stellarium-skycultures &&
/usr/lib/qt5/bin/lconvert -i
/<>/po/stellarium-skycultures/zh_HK.po -o
/<>/obj-arm-linux-gnueabi/translations/stellarium-skycultures/zh_HK.qm
[ 24%] Generating ../../translations/stellarium-skycultures/zh_TW.qm
cd /<>/obj-arm-linux-gnueabi/po/stellarium-skycultures &&
/usr/lib/qt5/bin/lconvert -i
/<>/po/stellarium-skycultures/zh_TW.po -o
/<>/obj-arm-linux-gnueabi/translations/stellarium-skycultures/zh_TW.qm
make[3]: Leaving directory '/<>/obj-arm-linux-gnueabi'
[ 24%] Built target translations-stellarium-skycultures
make[2]: Leaving directory '/<>/obj-arm-linux-gnueabi'
make[1]: *** [Makefile:174: all] Error 2
make[1]: Leaving directory '/<>/obj-arm-linux-gnueabi'
dh_auto_build: error: cd obj-arm-linux-gnueabi && make -j4
"INSTALL=install --strip-program=true" VERBOSE=1 returned exit code 2
make: *** [debian/rules:7: build-arch] Error 25



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: stellarium
Source-Version: 0.20.4-2
Done: Tomasz Buchert 

We believe that the bug you reported is fixed in the latest version of
stellarium, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 982...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tomasz Buchert  (supplier of updated stellarium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 18 Feb 2021 20:20:24 +0100
Source: stellarium
Architecture: source
Version: 0.20.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Astro Maintainers 

Changed-By: Tomasz Buchert 
Closes: 982882
Changes:
 stellarium (0.20.4-2) unstable; urgency=medium
 .
   * Turn off parallel builds on armel and mipsel (Closes: #982882)
Checksums-Sha1:
 48493bcc87dac8fbf323fff3f0905d93b05a6bed 2659 stellarium_0.20.4-2.dsc
 76b69e719793f17a0b1c5b2c25a1c6d2d7de8096 17944 
stellarium_0.20.4-2.debian.tar.xz
 ce4f3565cbc96b22a1775a1f54eccc2435fbe5d8 13958 
stellarium_0.20.4-2_amd64.buildinfo
Checksums-Sha256:
 22ec7af9d09ceb5da4fea214f655e2557cdaa49985857dee7440e5c57939149f 2659 
stellarium_0.20.4-2.dsc
 3bdc227a76342dc5d5c80818de8ae44bc729896024b793967f09710581796c97 17944 
stellarium_0.20.4-2.debian.tar.xz
 2eb468d006b652e1b8c49a28a7504821fca23343eb0860d13a0b4822ef8126d1 13958 
stellarium_0.20.4-2_amd64.buildinfo
Files:
 40876156ec9b28bed7a29c5ff24f3520 2659 science optional stellarium_0.20.4-2.dsc
 812cdd1914c393b5f1cd6ada396fa6e3 17944 science optional 
stellarium_0.20.4-2.debian.tar.xz
 b3daeafe94640c9b9fbe51a4903a81e9 13958 science optional 
stellarium_0.20.4-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEzmRl4OZ9N8ZVV+eKAK40x+rZ6zgFAmAuxfESHHRvbWFzekBk
ZWJpYW4ub3JnAAoJEACuNMfq2es4Pa4P/2VGeeuujBt4EK1xIKg3A7WTDoGh+O2q
5m08Hg9Ncrgva5KmLqCr+FO6D4QfkdFyFWsl+v+4Ka0DUKoFIYyhMmCvDDizWTml
mzK2CqGqGU1Xcz++v/F7AIN0lxyiZi2z3lHDSuX4H4bsESWuHq098gicNOdtLdTL
e6Vf8hJUAJIsxTGlM4J0lBq72wY20BOlQFa4W6nfZlVYNzBxiJ+TBequuZfsZnHC
TexFt0js5KofTbP7YrKXO//NUYn0BRi1mBOVBM/eBNpPfnGHWhMfOn4nriTQ6Mj6
fCFc5h9Hij0gbZrmiEdrTHm4XPq+XeMiCc4TDXHQEXWelvOYng16lcZalU6pruX5

Bug#975535: elpy's autopkg tests fail with Python 3.9

[Nicholas D Steeves]

Hi Adrian,

Adrian Bunk  writes:

> On Sat, Jan 30, 2021 at 10:09:03PM -0500, Nicholas D Steeves wrote:
>> Hi Adrian,
>
> Hi Nicholas,
>
>> Thank you for checking in with this bug!  Please let me know ASAP if
>> another autoremoval exception will be provided, because if necessary I
>> can do the shady thing of disabling tests to buy time...but I'd really
>> prefer not to!
>
> I am not a member of a release team, just a normal developer.
>

ACK :-)

> Personally, I would go with disabling some (or all) tests if the package 
> is overally working and the tests are the only worry for missing bullseye.
>

Basic functionality is ok, depending on the working definition of
"basic", but my feeling is that it's a minefield for intermediate and
advanced use of the IDE features due to a big wave of breaking changes
introduced by various dependencies in the period right between this bug
was filed, continuing until shortly before our soft freeze.  Active
upstream issues that affect Elpy in bullseye have been multiplying, and
at this point I'm starting to find it strange that this (#975535) is the
only reported bug.

The primary maintainer has injured hands and will be AFK for a while as
he recovers.  The second maintainer has a new job and no time, but my
hope is the upstream community will band together in time to get Elpy
into a good state in time for bullseye.  I will contribute what I can,
but worry that it won't be enough.

Coordination is occurring here:
https://github.com/jorgenschaefer/elpy/issues/1884

Regards,
Nicholas


signature.asc
Description: PGP signature

Bug#982882: stellarium FTBFS on armel and mipsel

[Tomasz Buchert]

On 15/02/21 20:54, Paul Gevers wrote:
> Source: stellarium
> Version: 0.20.4-1
> Severity: serious
> Tags: ftbfs
>
> [...]

Seems like it is
https://github.com/Stellarium/stellarium/issues/1131. This has been
solved with https://bugreports.qt.io/browse/QTBUG-87010.

Surprisingly, the fix is not in qtbase-opensource-src-5.15.2+dfsg. I'm
not sure why, it seems like the fix was intended to land there.

I think I can work around this by probably removing parallelism in the
build process. I'll see if that works.


signature.asc
Description: PGP signature

Bug#982519: zstd: Race condition allows attacker to access world-readable destination file

[Thorsten Glaser]

On Thu, 18 Feb 2021, Salvatore Bonaccorso wrote:
> On Thu, Feb 11, 2021 at 08:33:58AM +0100, Sebastien Delafond wrote:

> > The recently applied patch still creates the file with the default
> > umask[0], before chmod'ing down to 0600, so an attacker could still open
> > it in the meantime.
>
> FTR, this has been fixed upstream.
>
> https://github.com/facebook/zstd/commit/a774c5797399040af62db21d8a9b9769e005430e

| Note that a downside of this solution is that it is global: `umask()` affects
| all file creation calls in the process. I believe this is safe since
| […] thread […]

Why don’t you use a nōn-global solution then?

Instead of fopen(…) do an open(…, 0600) followed by fdopen().

bye,
//mirabilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.   -- Rob Pike in "Notes on Programming in C"

Bug#981976: marked as done (icingaweb2-module-businessprocess: depends on nonexistent icingaweb2-ipl)

[Willy nilly]

close 981976

On Thu, Feb 18, 2021 at 5:51 PM Debian Bug Tracking System <
ow...@bugs.debian.org> wrote:

> Your message dated Thu, 18 Feb 2021 17:48:49 +
> with message-id 
> and subject line Bug#981976: fixed in icingaweb2-module-businessprocess
> 2.3.0-2
> has caused the Debian Bug report #981976,
> regarding icingaweb2-module-businessprocess: depends on nonexistent
> icingaweb2-ipl
> to be marked as done.
>
> This means that you claim that the problem has been dealt with.
> If this is not the case it is now your responsibility to reopen the
> Bug report if necessary, and/or fix the problem forthwith.
>
> (NB: If you are a system administrator and have no idea what this
> message is talking about, this may indicate a serious mail system
> misconfiguration somewhere. Please contact ow...@bugs.debian.org
> immediately.)
>
>
> --
> 981976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981976
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
>
>
> -- Forwarded message --
> From: "bs.net" 
> To: sub...@bugs.debian.org
> Cc:
> Bcc:
> Date: Fri, 05 Feb 2021 14:55:53 +0100
> Subject: icingaweb2-module-businessprocess is uninstallable: dependency on
> nonexistent package
> Package: icingaweb2-module-businessprocess
> Version: 2.3.0-1
>
> Hi,
>
> the icingaweb2-module-businessprocess package is unusable in Debian,
> because
> it has an unmet dependency on icingaweb2-ipl (maybe it should be
> icingaweb2-
> module-ipl?).
>
> It would be good if this problem could be solved.
>
> Thank you and kind regards.
>
>
>
> -- Forwarded message --
> From: Debian FTP Masters 
> To: 981976-cl...@bugs.debian.org
> Cc:
> Bcc:
> Date: Thu, 18 Feb 2021 17:48:49 +
> Subject: Bug#981976: fixed in icingaweb2-module-businessprocess 2.3.0-2
> Source: icingaweb2-module-businessprocess
> Source-Version: 2.3.0-2
> Done: David Kunz 
>
> We believe that the bug you reported is fixed in the latest version of
> icingaweb2-module-businessprocess, which is due to be installed in the
> Debian FTP archive.
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to 981...@bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> David Kunz  (supplier of updated
> icingaweb2-module-businessprocess package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmas...@ftp-master.debian.org)
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Fri, 18 Jan 2021 14:56:44 +0200
> Source: icingaweb2-module-businessprocess
> Architecture: source
> Version: 2.3.0-2
> Distribution: unstable
> Urgency: medium
> Maintainer: David Kunz 
> Changed-By: David Kunz 
> Closes: 981976
> Changes:
>  icingaweb2-module-businessprocess (2.3.0-2) unstable; urgency=medium
>  .
>* Correcting module name in depends (Closes: #981976).
>* Removing .pc files from binary package.
>* Removing .travis.yml file from binary package.
> Checksums-Sha1:
>  d51f05f9deb4d262b61bf578f54b0c553daedb15 2134
> icingaweb2-module-businessprocess_2.3.0-2.dsc
>  e84130a6b5c80f2a44db28b8d6528f3e6d7238cc 2752
> icingaweb2-module-businessprocess_2.3.0-2.debian.tar.xz
>  d26097ef4aa97e9b03e62429364abb8cbc16a488 5916
> icingaweb2-module-businessprocess_2.3.0-2_amd64.buildinfo
> Checksums-Sha256:
>  332a8cf58b702ad6082cd5d0dc9297860a1bb5175513b97f9071ec7afb2860c7 2134
> icingaweb2-module-businessprocess_2.3.0-2.dsc
>  da04e8b0a745be8e30e1cad837cd3f98987f6a64f0159f260ff0fb38c089 2752
> icingaweb2-module-businessprocess_2.3.0-2.debian.tar.xz
>  15b0e05bed25076840b30776de6c7ab6507ad7d339de2a209448d6c4d5bd1f9e 5916
> icingaweb2-module-businessprocess_2.3.0-2_amd64.buildinfo
> Files:
>  bcb407f0dca7eef2087eb1eac87c64dc 2134 admin optional
> icingaweb2-module-businessprocess_2.3.0-2.dsc
>  8eee12143a6fa255e6eb8b2369f36918 2752 admin optional
> icingaweb2-module-businessprocess_2.3.0-2.debian.tar.xz
>  15a3808211f5e7e4ce44a5f297be772c 5916 admin optional
> icingaweb2-module-businessprocess_2.3.0-2_amd64.buildinfo
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmAupiIACgkQVc8b+Yar
> ucc33BAAgCIuQCZFR5YzxThzNJ4qoYV9tjv5/HijQMDwjNJkzUQhLv+AgzjYFLmK
> yl7d3WGxJDLInY0ZwqoTzKGLX73xbxyiNu0agN6CrBSArgfiCjNbxNJfkyykHMZW
> 0TR/BJ1QcmXUlvcOZghTD6FP4Ux84xWtMp1EDMmS3feSkUHMZif0N6sdqCsazMVB
> IvkSlRTFqWYru9i3QX0tV9ChkAw8mxFVxg/7Odj9GHs8VSYUibwrrcFL6phuMd6I
> +sgky+MqrdaIjvIlkDuz2TUgGhrPAaNRMiHdb93vVXXZWcKT0dxTDd4CVAEqa9nv
> hmpS8QRKyZBnuTYrQSMHpwhpA8lRdX4e92To1jGQYdd7HwUw3+Atg9ACaPM40nUu
> mDYR9gWSfGpU56tXEBRsO/xps1sv+JgV/7ajd/DtHziPZghMF1IO23GBTRDHjOHP
> IrUEiLmV1staoDKg4EwFttPoeJYWpBXAFcKNmYzTpxJ/CvuP723aZeQHe/yw+yIa
> 

Bug#980809: Matrix package default tolerance on s390x (Re: Bug#980809: rmatrix: breaks autopkgtest of r-cran-glmmtmb on s390x)

[Dirk Eddelbuettel]

Graham,

Thanks for the bug tracker follow-up which made me aware of the ongoing
discussion in #665 at glmmTMB. It's frustrating to have the run around but it
really looks like as I argued all along: not an issue in Matrix.  Now, TMB is
of course a complex package too..   Appreciate you chasing this so thoroughly.

Dirk

PS What is bts-link? Is that a new service we have to tie our BTS to GH and 
others?

-- 
https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#983017: 9base: flaky autopkgtest on i386: stack smashing detected

[Dennis Filder]

The attached patch excludes fortune from the package in case no one
will track this down on a porterbox.  I looked at it on amd64 and
found nothing suspicious sticking out.


9base_nofortune.patch.gz
Description: application/gzip

Bug#981976: marked as done (icingaweb2-module-businessprocess: depends on nonexistent icingaweb2-ipl)

[Debian Bug Tracking System]

Your message dated Thu, 18 Feb 2021 17:48:49 +
with message-id 
and subject line Bug#981976: fixed in icingaweb2-module-businessprocess 2.3.0-2
has caused the Debian Bug report #981976,
regarding icingaweb2-module-businessprocess: depends on nonexistent 
icingaweb2-ipl
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
981976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981976
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: icingaweb2-module-businessprocess
Version: 2.3.0-1

Hi,

the icingaweb2-module-businessprocess package is unusable in Debian, because
it has an unmet dependency on icingaweb2-ipl (maybe it should be icingaweb2-
module-ipl?).

It would be good if this problem could be solved.

Thank you and kind regards.
--- End Message ---
--- Begin Message ---
Source: icingaweb2-module-businessprocess
Source-Version: 2.3.0-2
Done: David Kunz 

We believe that the bug you reported is fixed in the latest version of
icingaweb2-module-businessprocess, which is due to be installed in the Debian 
FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 981...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Kunz  (supplier of updated 
icingaweb2-module-businessprocess package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 18 Jan 2021 14:56:44 +0200
Source: icingaweb2-module-businessprocess
Architecture: source
Version: 2.3.0-2
Distribution: unstable
Urgency: medium
Maintainer: David Kunz 
Changed-By: David Kunz 
Closes: 981976
Changes:
 icingaweb2-module-businessprocess (2.3.0-2) unstable; urgency=medium
 .
   * Correcting module name in depends (Closes: #981976).
   * Removing .pc files from binary package.
   * Removing .travis.yml file from binary package.
Checksums-Sha1:
 d51f05f9deb4d262b61bf578f54b0c553daedb15 2134 
icingaweb2-module-businessprocess_2.3.0-2.dsc
 e84130a6b5c80f2a44db28b8d6528f3e6d7238cc 2752 
icingaweb2-module-businessprocess_2.3.0-2.debian.tar.xz
 d26097ef4aa97e9b03e62429364abb8cbc16a488 5916 
icingaweb2-module-businessprocess_2.3.0-2_amd64.buildinfo
Checksums-Sha256:
 332a8cf58b702ad6082cd5d0dc9297860a1bb5175513b97f9071ec7afb2860c7 2134 
icingaweb2-module-businessprocess_2.3.0-2.dsc
 da04e8b0a745be8e30e1cad837cd3f98987f6a64f0159f260ff0fb38c089 2752 
icingaweb2-module-businessprocess_2.3.0-2.debian.tar.xz
 15b0e05bed25076840b30776de6c7ab6507ad7d339de2a209448d6c4d5bd1f9e 5916 
icingaweb2-module-businessprocess_2.3.0-2_amd64.buildinfo
Files:
 bcb407f0dca7eef2087eb1eac87c64dc 2134 admin optional 
icingaweb2-module-businessprocess_2.3.0-2.dsc
 8eee12143a6fa255e6eb8b2369f36918 2752 admin optional 
icingaweb2-module-businessprocess_2.3.0-2.debian.tar.xz
 15a3808211f5e7e4ce44a5f297be772c 5916 admin optional 
icingaweb2-module-businessprocess_2.3.0-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmAupiIACgkQVc8b+Yar
ucc33BAAgCIuQCZFR5YzxThzNJ4qoYV9tjv5/HijQMDwjNJkzUQhLv+AgzjYFLmK
yl7d3WGxJDLInY0ZwqoTzKGLX73xbxyiNu0agN6CrBSArgfiCjNbxNJfkyykHMZW
0TR/BJ1QcmXUlvcOZghTD6FP4Ux84xWtMp1EDMmS3feSkUHMZif0N6sdqCsazMVB
IvkSlRTFqWYru9i3QX0tV9ChkAw8mxFVxg/7Odj9GHs8VSYUibwrrcFL6phuMd6I
+sgky+MqrdaIjvIlkDuz2TUgGhrPAaNRMiHdb93vVXXZWcKT0dxTDd4CVAEqa9nv
hmpS8QRKyZBnuTYrQSMHpwhpA8lRdX4e92To1jGQYdd7HwUw3+Atg9ACaPM40nUu
mDYR9gWSfGpU56tXEBRsO/xps1sv+JgV/7ajd/DtHziPZghMF1IO23GBTRDHjOHP
IrUEiLmV1staoDKg4EwFttPoeJYWpBXAFcKNmYzTpxJ/CvuP723aZeQHe/yw+yIa
yjNad99ESghmBd9Nm7sJ/sZEQf7rTqC7Ru5Vq6qURnmWdL34T7xPagbezckmkQaC
LeibAf6eS7gNYe3p0+WXSqiuf0TxAn9+S8lCBoK8Dmv05rJ/O+qagj1yfcX7HycA
akP/Gu1Eh72r7JxfCwufRaChzFMZ2J03tv3QXGGhlnO5yx11eYY=
=JJFb
-END PGP SIGNATURE End Message ---

Bug#980219: marked as done (flowblade: Fails to start without python3-distutils)

[Debian Bug Tracking System]

Your message dated Thu, 18 Feb 2021 17:33:28 +
with message-id 
and subject line Bug#980219: fixed in flowblade 2.8.0.2-1
has caused the Debian Bug report #980219,
regarding flowblade: Fails to start without python3-distutils
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
980219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980219
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: flowblade
Version: 2.6-2
Severity: important

Dear Maintainer,

When attempting to run flowblade it fails with the following output:
$ flowblade
FLOWBLADE MOVIE EDITOR 2.6
--
Launch script dir: /usr/bin
Running from installation...
modules path: /usr/share/flowblade/Flowblade
MLT found, version: 6.24.0
Failed to import module app.py to launch Flowblade!
ERROR: cannot import name 'dir_util' from 'distutils' 
(/usr/lib/python3.9/distutils/__init__.py)

Installation was assumed to be at: /usr/share/flowblade/Flowblade


Manually installing python3-distutils seems to resolve the issue, and 
flowblade
starts as expected. I see that python3-distutils is listed as a build 
dependency
but it looks like it needs to be a dependency for the binary package as 
well.


Also seen in 
https://bugs.launchpad.net/ubuntu/+source/flowblade/+bug/1909642



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-1-amd64 (SMP w/3 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages flowblade depends on:
ii  frei0r-plugins1.7.0-1
ii  gir1.2-gdkpixbuf-2.0  2.42.2+dfsg-1
ii  gir1.2-glib-2.0   1.66.1-1+b1
ii  gir1.2-gtk-3.03.24.24-1
ii  gir1.2-pango-1.0  1.46.2-3
ii  gmic  2.4.5-1.1+b2
ii  libmlt-data   6.24.0-1
ii  librsvg2-common   2.50.2+dfsg-1
ii  python3   3.9.1-1
ii  python3-cairo 1.16.2-4+b2
ii  python3-dbus  1.2.16-4+b1
ii  python3-gi3.38.0-1+b2
ii  python3-gi-cairo  3.38.0-1+b2
ii  python3-mlt   6.24.0-1
ii  python3-numpy 1:1.19.5-1
ii  python3-opencv4.5.1+dfsg-4
ii  python3-pil   8.1.0-1
ii  swh-plugins   0.4.17-2

flowblade recommends no packages.

flowblade suggests no packages.

-- no debconf information


--
mvh / best regards
Hans Joachim Desserud
http://desserud.org
--- End Message ---
--- Begin Message ---
Source: flowblade
Source-Version: 2.8.0.2-1
Done: Gürkan Myczko 

We believe that the bug you reported is fixed in the latest version of
flowblade, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 980...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gürkan Myczko  (supplier of updated flowblade package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 18 Feb 2021 13:32:28 +0100
Source: flowblade
Architecture: source
Version: 2.8.0.2-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Multimedia Maintainers 
Changed-By: Gürkan Myczko 
Closes: 980219 982952
Changes:
 flowblade (2.8.0.2-1) experimental; urgency=medium
 .
   * Merge debian/*. (Closes: #980219)
   * New upstream version.
   * Unquote %s mailcap entry. (Closes: #982952)
   * d/copyright: drop unused paragraph.
Checksums-Sha1:
 d426ded6ae0c94b26a6da82a60a03f8a89abd706 2179 flowblade_2.8.0.2-1.dsc
 dbabd8cf44b0e676db41b0f8d678746491d764c3 17310851 flowblade_2.8.0.2.orig.tar.gz
 c1a3ddfaba386624ddbe5162778518036eec2912 23052 
flowblade_2.8.0.2-1.debian.tar.xz
 a51a311d7e5c240372f8f6dc76a24da095bc563f 8296 
flowblade_2.8.0.2-1_amd64.buildinfo
Checksums-Sha256:
 6f1ee4427b90f0d6dab6aeef1857f1c0b6534fdfe2ff3f924f3c76ff4fc0b34b 2179 
flowblade_2.8.0.2-1.dsc
 1d2a9400cf2e6f0221e78f9c87ad47621a1d79aeda1b62b93de8a2b64cb7 17310851 
flowblade_2.8.0.2.orig.tar.gz
 47e0037822f5572ab85e0ceb3da962143d0e43a957690c5db473c2201b68445a 23052 
flowblade_2.8.0.2-1.debian.tar.xz
 

Processed: [bts-link] source package src:rmatrix, src:r-cran-glmmtmb

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:rmatrix, 
> src:r-cran-glmmtmb
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #980809 (http://bugs.debian.org/980809)
> # Bug title: rmatrix: breaks autopkgtest of r-cran-glmmtmb on s390x
> #  * https://github.com/glmmTMB/glmmTMB/issues/665
> #  * remote status changed: open -> closed
> #  * closed upstream
> tags 980809 + fixed-upstream
Bug #980809 [src:rmatrix, src:r-cran-glmmtmb] rmatrix: breaks autopkgtest of 
r-cran-glmmtmb on s390x
Added tag(s) fixed-upstream.
> usertags 980809 - status-open
Usertags were: status-open.
Usertags are now: .
> usertags 980809 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980809: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980809
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#983018: marked as pending in qttools-opensource-src

[Dmitry Shachnev]

Control: tag -1 pending

Hello,

Bug #983018 in qttools-opensource-src reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/qt-kde-team/qt/qttools/-/commit/3f30e1424052ebb926ec506f1fda8294c49f0434


Add 4: epoch to qdbus transitional package.

Closes: #983018.


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/983018

Processed: Bug#983018 marked as pending in qttools-opensource-src

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #983018 [qdbus] qdbus: Needs package downgrade from Buster to Bullseye 
(missing epoch in transitional package)
Added tag(s) pending.

-- 
983018: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983018
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#973715: RE: Bug#973715: fwupd-amd64-signed holding off fwupd update results in segfaulting binary

[Steve McIntyre]

On Thu, Feb 18, 2021 at 09:32:24AM +0100, Paul Gevers wrote:
>Hi Limonciello,
>
>On 18-02-2021 07:15, Limonciello, Mario wrote:
>> I don't have the power to manually run it. So there is nothing I can do.
>> With the new 1.5.6-1 upload someone will need to manually run it again.
>
>I recognize what you say. However, *in my opinion* you can't just upload
>the unsigned package without securing that the signing will happen ASAP,
>with such tight dependencies. Users of unstable should expect that their
>system breaks once in a while, but that's not by design but because bugs
>happen. Being able to not update because of transitions is to be
>expected and we don't have an alternative. But that's different from
>what I read in this bug, where something else got updated and then the
>fwupd set breaks without warning.

We're in a bind here - by now I was hoping/assuming that we'd have the
signing queue running automatically. I've just prodded in #debian-ftp
to ask people to run the queue.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"War does not determine who is right - only who is left."
   -- Bertrand Russell

Bug#982790: wlroots: started transition during soft freeze

[Sebastian Ramacher]

Hi nicoo

On 2021-02-16 15:59:19, nicoo wrote:
> On Sun, Feb 14, 2021 at 02:49:27PM +0100, Sebastian Ramacher wrote:
> > The upload of 0.12.0-2 just started a transition. Note that we are in
> > soft freeze and hence transitions are no longer acceptable for bullseye.
> 
> Apologies for this: I had discussed this on #debian-devel on 2020-02-04
> with (amongst others) elbrus, at which time I pinged the maintainers of
> wlroots on IRC, but waited 10 days before the upload and missed that
> the soft freeze window had started.

These 10 days makes the difference between transition freeze and soft
freeze. We're now defintely past the point where we want to do
transitions which require actions from the release team (I guess nobodoy
would have noticed this transition if it wouldn't require a binNMU of
phoc). Sorry

> The delay & forgetting was mostly due to some mess elsewhere in Debian
> eating up all my energy; I can tell you privately if it's relevant, but
> it might suffice to say that antiharassment@ and DAM were involved. >_>'

I'm very sorry to hear that.

> For reference, the ABI breakage & soname change is due to wlroots making
> some part of its API private, and removing obsolete & unstable functionality
> (functions wlr_xdg_*_v6_*), which account for the largest part of the diff.
> I attached the debdiff, and upstream's changelog is there:
>   https://github.com/swaywm/wlroots/releases/tag/0.12.0

While it's valuable to keep the ABI clean, I think that this change can
wait for bookworm.

Cheers
-- 
Sebastian Ramacher

Processed: severity of 983026 is serious, tagging 983026

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 983026 serious
Bug #983026 [libglib2.0-0] libglib2.0-0: After update GDM3 does not longer start
Severity set to 'serious' from 'important'
> tags 983026 + experimental
Bug #983026 [libglib2.0-0] libglib2.0-0: After update GDM3 does not longer start
Added tag(s) experimental.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
983026: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983026
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#939568: marked as done (icingaweb2-module-graphite: Incomplete debian/copyright?)

[Debian Bug Tracking System]

Your message dated Thu, 18 Feb 2021 15:48:41 +
with message-id 
and subject line Bug#939568: fixed in icingaweb2-module-graphite 1.1.0-2
has caused the Debian Bug report #939568,
regarding icingaweb2-module-graphite: Incomplete debian/copyright?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
939568: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939568
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: icingaweb2-module-graphite
Version: 1.1.0-1
Severity: serious
Justication: Policy ยง12.5
X-Debbugs-CC: David Kunz , ftpmas...@debian.org

Hi,

I just ACCEPTed icingaweb2-module-graphite from NEW but noticed it 
was missing attribution in debian/copyright for at least library/vendor.

This is in no way exhaustive so please check over the entire package 
carefully and address these on your next upload.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- End Message ---
--- Begin Message ---
Source: icingaweb2-module-graphite
Source-Version: 1.1.0-2
Done: David Kunz 

We believe that the bug you reported is fixed in the latest version of
icingaweb2-module-graphite, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 939...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Kunz  (supplier of updated 
icingaweb2-module-graphite package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 22 Jun 2020 07:59:26 +0200
Source: icingaweb2-module-graphite
Architecture: source
Version: 1.1.0-2
Distribution: unstable
Urgency: medium
Maintainer: David Kunz 
Changed-By: David Kunz 
Closes: 939568 952982
Changes:
 icingaweb2-module-graphite (1.1.0-2) unstable; urgency=medium
 .
   * Updating debhelper.
   * Updating standard version.
   * Completion copyright (Closes: #939568).
   * Fixing typo in path (Closes: #952982).
   * Fixing typo in previous changelog entry.
Checksums-Sha1:
 804a7c97d5898cf1ddfcc4361818b4bb98e1a06e 2047 
icingaweb2-module-graphite_1.1.0-2.dsc
 b658ba5050480d57ef2c02620ed0f9684c347b23 2308 
icingaweb2-module-graphite_1.1.0-2.debian.tar.xz
 fcb984543244b0f6b6f9b3d18932df74e8dc479d 5850 
icingaweb2-module-graphite_1.1.0-2_amd64.buildinfo
Checksums-Sha256:
 9b959c50739dd473583a0dcdbf0049145c4a5e935e8eb1b0f3c01b1fdfdc61be 2047 
icingaweb2-module-graphite_1.1.0-2.dsc
 7c556538c7dee9fc46a8dbdbfb2bc997f163e49cbb63887e478c4a8894575dfe 2308 
icingaweb2-module-graphite_1.1.0-2.debian.tar.xz
 00ec618fbd6e35f15e757f151dbc02364dc651a8ffaa87185cfb8c4da5eb0ffd 5850 
icingaweb2-module-graphite_1.1.0-2_amd64.buildinfo
Files:
 761fff4c39b0e7d616d62a59d355e1d1 2047 admin optional 
icingaweb2-module-graphite_1.1.0-2.dsc
 79a3dad19b490923a94bf334d97a9dae 2308 admin optional 
icingaweb2-module-graphite_1.1.0-2.debian.tar.xz
 29c90b7afb92fe54f6da1a35690a916b 5850 admin optional 
icingaweb2-module-graphite_1.1.0-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmAuh+4ACgkQVc8b+Yar
ucesXRAAkhelDzS620TMTVm0IWvYPzPeIydEPCjHwt9PhftSzn1GAAcQ4E7c6LO0
Cm13m5RPLVuqZBlflW2KAlvfEEwgYfqCGLlFfT4Gsao/QCG/J9kZsgyiwgEI4KDi
/4/DnexBM7160mMgjaTMd9MZpACNCGmaLu19UhzMIN0Vd1yS0K9zwBlZLNT9CZli
xdDb1SpL572vTX8/RGpuzB4Y/gXJHqqB9TNf7OBkUrYQ5gC1upU27jtvsdHc459W
yTdqy/hgahxI7uln9MIEQHSGSoCssEeIaPSspDUTHFQB6z9YxlTZyfElW02k6OQL
32zNQxno+HtPQQ0djMfHxlKUvTbDUf2UhFxzH5Kz/5ywBuh6niOm2Fgkt/n92Sgy
u9bxvMxkGFfUwe/2tmAWU9aJ2ipNQ5G1hfzsaTrq+PLdqW/R4KFTeX7HYYQ9n4VJ
QXTZPdjYdkR88GFXA2CigRqZqLu5ucspC6MhkZrmCnjBR313k0xvxsBY0rT7VSuO
yWTJSlFrfAyL8G62GdvX4WFYdMLwcpCac8qC3D0f43bsF0aDARnzLruERIbBeoIE
7nkl46mQcY2N38mQPLG1QTOA92xFAKB7DvnH8PAnreq0gq3FIF+Hy7+5BEpF0OKh
UjYxZA+DXbyp7gMUu73GikIlKgrVh35Onw23+H/jQ4sK80nKVnM=
=0rNi
-END PGP SIGNATURE End Message ---

Bug#969907: Bug#969537: epdfinfo crashing with mismatched libpoppler102 and libpoppler-glib8

[Simon McVittie]

On Thu, 18 Feb 2021 at 12:06:58 +0100, Pino Toscano wrote:
> In data lunedì 15 febbraio 2021 13:07:13 CET, Simon McVittie ha scritto:
> > > In Cairo and Pango (which have a similar structure with multiple binary
> > > packages making use of each other's implementation details), I added a
> > > debian/shlibs.local to make sure the binary packages all get lockstep
> > > dependencies. I think the same technique would be appropriate here. See
> > > attached.
> 
> I honestly do not understand how this is even a problem, considering I
> fixed this more than 5 years ago:
> https://salsa.debian.org/freedesktop-team/poppler/-/commit/7929aa2d5ec9464fea755f622319d224787c4110

Sorry, I didn't spot that the interdependencies were already strict. I'll
close the MR.

> I'd rather think that the situation happened because
> elpa-pdf-tools-server links both to libpoppler and libpoppler-glib:
> the rebuild against poppler 20.09.0 (i.e. libpoppler102) make
> elpa-pdf-tools-server link to libpoppler102 (forcing the newer
> dependency to it), and setting an old dependency for libpoppler-glib
> because there is no need for a newer version.

So elpa-pdf-tools-server is linked to libpoppler-glib, and because the
(parts of the) libpoppler-glib API that it uses has not changed for a
while, it is happy with an old version; but then during a partial
upgrade, it can get this

elpa-pdf-tools-server
\- old libpoppler-glib
|   \- libpoppler95
\- libpoppler102

and the two copies of libpoppler fight?

That seems entirely plausible, and I don't immediately see a way to
fix it without adding Breaks (which would force a lockstep upgrade,
somewhat defeating the purpose of SONAMEs).

GNOME had similar issues during the libffi transition, where gjs' direct
use of libffi conflicted with its indirect use via GLib, and I think we
ended up adding Breaks to force the broken combinations not to happen.

> Another contributing factor is that emacs-pdf-tools "abuses" the
> libpoppler-glib internals, see server/poppler-hack.cc. I don't know
> why it does that, and I'd rather see the actual issues fixed in
> libpoppler-glib.

That does look like emacs-pdf-tools is doing things that aren't guaranteed
to work, yes, and the solution is indeed to improve libpoppler-glib to do
what emacs-pdf-tools needs (and then make emacs-pdf-tools depend on the
newer version instead of working around older versions).

smcv

Bug#982974: FTBFS: fails to compile translation files

[tony mancill]

On Wed, Feb 17, 2021 at 09:38:16PM +0530, Ritesh Raj Sarraf wrote:
> Source: swt4-gtk
> Version: 4.17.0-1
> Severity: serious
> Tags: ftbfs
> Justification: fails to build from source (but built successfully in the past)

Hi Ritesh,

It seems that a local sbuild in a clean chroot doesn't set the
environment the same way that reproducible-builds.org does, as 4.17.0-1
builds correctly in that environment.  But that's a separate concern.

I just wanted to comment that the reproducible-builds.org build for
4.18.0-2 is successful, and that is the version we would like to get
into bullseye.  It is currently blocked by #979609 [1].

Cheers,
tony

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979609

Bug#983025: libqt5widgets5: Segfault with QGLWidget class. Fixed Upstream

[Alejandro Lorenzo]

Package: libqt5widgets5
Version: 5.15.2+dfsg-4
Severity: critical
Tags: upstream newcomer
Justification: breaks unrelated software

Dear Maintainer,

Recently i found a bug in QGLWidget (one of the widgets included in
libqt5widgets5) that
creates a segfault. This bug was accepted as upstream bug 86582

(https://bugreports.qt.io/browse/QTBUG-86582)

It was confirmed and fixed by the Qt people, unfortunately, it has been
committed to the
5.15 LTS branch of their development which is no longer accessible to the
OpenSource licensees

QGLWidget has been a deprecated Widget for some time now, and many software
changed to
QOpenGLWidget alternative, which does not exhibit this problem, but other
pieces of the debian
system (e.g. libqtgstreamer; also deprecated but still in debian repos)  uses
it.

In the issue tracker of the Qt project the likely cause of the bug is
commented, but the actual
fix is not detailed (or i do not know how to access it)

Anyways, i want to put this here to kee everyone informed about this.



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (600, 'unstable'), (600, 'testing'), (500, 'oldoldstable'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libqt5widgets5 depends on:
ii  libc6 2.31-9
ii  libgcc-s1 10.2.1-6
ii  libqt5core5a [qtbase-abi-5-15-2]  5.15.2+dfsg-4
ii  libqt5gui55.15.2+dfsg-4
ii  libstdc++610.2.1-6

libqt5widgets5 recommends no packages.

libqt5widgets5 suggests no packages.

Bug#981009: Charybdis abandoned upstream, do not ship in bullseye

[Antoine Beaupré]

On 2021-02-18 02:32:10, Sadie Powell wrote:
> Charybdis' development was terminated due to (among other reasons) threats by 
> a former maintainer. It probably won't be revived.
>
> It's successor is probably Solanum (https://github.com/solanum-ircd/solanum) 
> which is a fork that is led by freenode and OFTC people some of whom were 
> contributors to Charybdis. It might be a good idea to package that instead 
> when it gets a release?

I believe my co-maintainer here is working on this, actually. No WNPP
bug, as far as I know, but as you say, without an upstream release it
might not be worth it just yet.

But yes, it's pretty much the replacement for charybdis, but do note
that it's not a drop-in replacement.

A.

-- 
We will create a civilization of the Mind in Cyberspace. May it be more
humane and fair than the world your governments have made before.
- John Perry Barlow, 1996
A Declaration of Independence of Cyberspace

Bug#885195: [Pkg-electronics-devel] Bug#885195: guile-2.0 removed

[Kai-Martin Knaak]

Joerg Jaspert  schrieb am 13. February 2021:

> i just removed guile-2.0 from unstable.
> While your package already won't be part of the next release, it will 
> now also be unusable in unstable.
> 
> Please either upload a fixed version

A fixed version sits at debian mentors looking for a sponsor.
https://mentors.debian.net/package/geda-gaf/

First upload to debian mentors was last week (Tuesday 9th). I reploaded
to amend changes that make lintian complain less and respond to remarks
by reviewers.

All the best,

---<)kaimartin(>---
-- 
Kai-Martin Knaak
Email: k...@familieknaak.de
Öffentlicher PGP-Schlüssel:
https://keyserver.ubuntu.com/pks/lookup?op=index=0x7B0F9882


pgpjmZsDa0IFc.pgp
Description: OpenPGP digital signature

Processed: closing 982833

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # reassign reopened the bug
> close 982833
Bug #982833 [manpages-l10n] man2html,man2html-base,manpages-it: manpage 
conflicts: man2html.1, hman.1
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
982833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: man2html,man2html-base,manpages-it: manpage conflicts: man2html.1, hman.1

[Debian Bug Tracking System]

Processing control commands:

> found -1 4.9.1-5
Bug #982833 [manpages-l10n] man2html,man2html-base,manpages-it: manpage 
conflicts: man2html.1, hman.1
There is no source info for the package 'manpages-l10n' at version '4.9.1-5' 
with architecture ''
Unable to make a source version for version '4.9.1-5'
Marked as found in versions 4.9.1-5; no longer marked as fixed in versions 
manpages-l10n/4.9.1-5.

-- 
982833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#982833: man2html,man2html-base,manpages-it: manpage conflicts: man2html.1, hman.1

[Andreas Beckmann]

Followup-For: Bug #982833
Control: found -1 4.9.1-5

Hi,

the conflicting manpages are still present in manpages-it 4.9.1-5:

/usr/share/man/it/man1/hman.1.gz
/usr/share/man/it/man1/man2html.1.gz


Andreas

Processed: Bug#981976: in version 2.1.0-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 981976 2.1.0-2
Bug #981976 [icingaweb2-module-businessprocess] 
icingaweb2-module-businessprocess: depends on nonexistent icingaweb2-ipl
Marked as found in versions icingaweb2-module-businessprocess/2.1.0-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
981976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981976
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#981976: in version 2.1.0-2

[David Kunz]

found 981976 2.1.0-2
thanks

Hi,

this bug has been found in above version.

Regards,
David

Bug#983041: php-imagick: autopkgtest regression: cd: too many arguments

[Ondřej Surý]

> 
> On 18. 2. 2021, at 14:39, Paul Gevers  wrote:
> 
> autopkgtest [13:11:38]: test command1: cd imagick-*/tests && phpunit

Gah, whoever did this (well, and I definitely have merged it, so it’s my fault 
anyway),
it’s wrong, it needs to iterate through the directories.

Thanks for the poke.

Ondrej
--
Ondřej Surý (He/Him)
ond...@sury.org



signature.asc
Description: Message signed with OpenPGP

Bug#983041: php-imagick: autopkgtest regression: cd: too many arguments

[Paul Gevers]

Source: php-imagick
Version: 3.4.4+php8.0+3.4.4-2
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent upload of php-imagick the autopkgtest of php-imagick fails
in testing when that autopkgtest is run with the binary packages of
php-imagick from unstable. It passes when run with only packages from
testing. In tabular form:

   passfail
php-imagickfrom testing3.4.4+php8.0+3.4.4-2
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration to testing [1]. Can
you please investigate the situation and fix it?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=php-imagick

https://ci.debian.net/data/autopkgtest/testing/amd64/p/php-imagick/10526591/log.gz

autopkgtest [13:11:38]: test command1: cd imagick-*/tests && phpunit
--verbose .
autopkgtest [13:11:38]: test command1: [---
bash: line 1: cd: too many arguments
autopkgtest [13:11:38]: test command1: ---]



OpenPGP_signature
Description: OpenPGP digital signature

Bug#983027: r-bioc-mutationalpatterns: autopkgtest regression in testing: no package called ‘BSgenome.Hsapiens.UCSC.hg19’

[Andreas Tille]

Hi folks,

I think this is a consequence of running autopkgtest-pkg-r blindly for all
bioc packages since we are adding

   Testsuite: autopkgtest-pkg-r

automatically to all packages.  The "manual" test is prevented by simply
renaming the debian/tests/control file to

   
https://salsa.debian.org/r-pkg-team/r-bioc-mutationalpatterns/-/blob/master/debian/tests/control_needs_large_data

and thus documenting the issue.

The easiest cure would be to simply remove the Testsuite field
from debian/control.  However, routine-update would re-add this
(which I think is a sensible thing to do) and if we use a comment
to prevent routine-update to add this field this in turn is
removed again by dh-update-R (called by run-unit-test).  This
is all not so elegant.

I'm currently thinking about some file

   debian/tests/autopkgtest-pkg-r.hook

which will be executed after

   
https://salsa.debian.org/r-pkg-team/dh-r/-/blob/master/scripts/pkg-r-autopkgtest#L28

This could exclude or tweak some test files and in the case below simply
remove those tests that are trying to load not yet packaged stuff (which
is for a reason since these are just big data files).

What do you think?

Kind regards

 Andreas.

On Thu, Feb 18, 2021 at 12:33:47PM +0100, Paul Gevers wrote:
> Source: r-bioc-mutationalpatterns
> Version: 2.0.0-2
> X-Debbugs-CC: debian...@lists.debian.org
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: regression
> 
> Dear maintainer(s),
> 
> With a recent (October 2020) change somewhere outside of your package
> the autopkgtest of your package started to fail. I copied some of the
> output at the bottom of this report. Can you please investigate the
> situation and fix it?
> 
> More information about this bug and the reason for filing it can be found on
> https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
> 
> Paul
> 
> https://ci.debian.net/data/autopkgtest/testing/amd64/r/r-bioc-mutationalpatterns/10546520/log.gz
> 
> ══ Failed tests
> 
> ── Error (test-bin_mutation_density.R:11:1): (code run outside of
> `test_that()`) ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE)
> test-bin_mutation_density.R:11:0
> ── Error (test-calculate_lesion_segretation.R:5:1): (code run outside of
> `test_that()`) ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE)
> test-calculate_lesion_segretation.R:5:0
> ── Error (test-context_potential_damage_analysis.R:13:1): (code run
> outside of `test_that()`) ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE)
> test-context_potential_damage_analysis.R:13:0
> ── Error (test-extract_signatures.R:19:1): (code run outside of
> `test_that()`) ──
> Error: Package 'ccfindR' is needed for variational_bayes to work. Please
> either install it or use the regular NMF.
> Backtrace:
> █
>  1. └─MutationalPatterns::extract_signatures(...)
> test-extract_signatures.R:19:0
> ── Error (test-get_indel_context.R:10:1): (code run outside of
> `test_that()`) ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE)
> test-get_indel_context.R:10:0
> ── Error (test-mut_context.R:10:1): (code run outside of `test_that()`)
> 
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE)
> test-mut_context.R:10:0
> ── Error (test-mut_matrix_stranded.R:6:1): (code run outside of
> `test_that()`) ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE)
> test-mut_matrix_stranded.R:6:0
> ── Error (test-mut_matrix.R:5:1): (code run outside of `test_that()`)
> ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE) test-mut_matrix.R:5:0
> ── Error (test-mut_type_occurrences.R:10:1): (code run outside of
> `test_that()`) ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE)
> test-mut_type_occurrences.R:10:0
> ── Error (test-plot_spectrum_region.R:10:1): (code run outside of
> `test_that()`) ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, character.only = TRUE)
> test-plot_spectrum_region.R:10:0
> ── Error (test-plot_spectrum.R:11:1): (code run outside of
> `test_that()`) ──
> Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
> Backtrace:
> █
>  1. └─base::library(ref_genome, 

Bug#983008: marked as done (silver-platter: autopkgtest regression: cannot import name 'debcommit' from 'breezy.plugins.debian.changelog')

[Debian Bug Tracking System]

Your message dated Thu, 18 Feb 2021 13:33:38 +
with message-id 
and subject line Bug#983008: fixed in silver-platter 0.4.1-2
has caused the Debian Bug report #983008,
regarding silver-platter: autopkgtest regression: cannot import name 
'debcommit' from 'breezy.plugins.debian.changelog'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
983008: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983008
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: silver-platter
Version: 0.4.1-1
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent upload of silver-platter the autopkgtest of silver-platter
fails in testing when that autopkgtest is run with the binary packages
of silver-platter from unstable. It passes when run with only packages
from testing. In tabular form:

   passfail
silver-platter from testing0.4.1-1
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration to testing [1]. Can
you please investigate the situation and fix it?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=silver-platter

https://ci.debian.net/data/autopkgtest/testing/amd64/s/silver-platter/10539975/log.gz

==
ERROR: test_debian_upstream (unittest.loader._FailedTest)
--
ImportError: Failed to import test module: test_debian_upstream
Traceback (most recent call last):
  File "/usr/lib/python3.9/unittest/loader.py", line 154, in
loadTestsFromName
module = __import__(module_name)
  File
"/tmp/autopkgtest-lxc.k6jl00if/downtmp/build.OAF/src/silver_platter/tests/test_debian_upstream.py",
line 21, in 
from ..debian.upstream import (
  File
"/tmp/autopkgtest-lxc.k6jl00if/downtmp/build.OAF/src/silver_platter/debian/upstream.py",
line 73, in 
from breezy.plugins.debian.changelog import debcommit
ImportError: cannot import name 'debcommit' from
'breezy.plugins.debian.changelog'
(/usr/lib/python3/dist-packages/breezy/plugins/debian/changelog.py)



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: silver-platter
Source-Version: 0.4.1-2
Done: Jelmer Vernooij 

We believe that the bug you reported is fixed in the latest version of
silver-platter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 983...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jelmer Vernooij  (supplier of updated silver-platter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 18 Feb 2021 13:05:11 +
Source: silver-platter
Architecture: source
Version: 0.4.1-2
Distribution: unstable
Urgency: medium
Maintainer: Jelmer Vernooij 
Changed-By: Jelmer Vernooij 
Closes: 983008
Changes:
 silver-platter (0.4.1-2) unstable; urgency=medium
 .
   * Bump minimum breezy-debian version to something that supports
 debcommit. Closes: #983008
Checksums-Sha1:
 e8e27876b5f43e1cb677edb5a8009141b352d8c7 2231 silver-platter_0.4.1-2.dsc
 d2be20ee65782b44d13ae1b385b83257e29c743d 47012 
silver-platter_0.4.1-2.debian.tar.xz
 9f72f580c5f0a39b060b544f44d61dd9fee0e45d 10552 
silver-platter_0.4.1-2_amd64.buildinfo
Checksums-Sha256:
 2f02040b2f60cfff601eb05a54e8947708dc6d7f53153b82e3d87474f1210d2d 2231 
silver-platter_0.4.1-2.dsc
 aa8e0e4f230a9de2866284097737dde3ff5a50b6056224ec5261072bc478cf49 47012 
silver-platter_0.4.1-2.debian.tar.xz
 f3bfc41db4f35ad5ba4ba836748def13118115fd9e585763596a15fd258d3086 10552 
silver-platter_0.4.1-2_amd64.buildinfo
Files:
 7994fb4358265d49df6092e70c3faa5f 2231 vcs optional silver-platter_0.4.1-2.dsc
 ec44b851358406a3a9d12f921d361191 47012 vcs optional 
silver-platter_0.4.1-2.debian.tar.xz
 ee7e6025d1cf25c46c963ec60d6075f2 10552 vcs optional 

Bug#983034: plasma-workspace-wayland: hanging in ksplashqml

[Heinrich Schuchardt]

Package: plasma-workspace-wayland
Version: 4:5.20.5-3
Severity: grave

Dear Maintainer,

from SDDM I try to start a Wayland KDE session.

The whole GUI freezes.
CTRL-ALT-FN2 cannot be used to open a terminal session.
SSH login is still possible.

Top reports 100 % CPU load for ksplashqml.

Mainboard is MacchiatoBIN with 16 GiB RAM.
Video card is GeForce GT 710 with nouveau driver.

Kernel command line:
BOOT_IMAGE=/vmlinuz-5.10.0-3-arm64 root=UUID= ro quiet

The problem only occurs in Wayland sessions. X11 KDE is working fine.

Best regards

Heinrich Schuchardt

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: arm64 (aarch64)

Kernel: Linux 5.10.0-3-arm64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages plasma-workspace-wayland depends on:
ii  kwayland-integration  5.20.5-1
ii  kwin-wayland  4:5.20.5-1
ii  libc6 2.31-9
ii  libkf5configcore5 5.78.0-4
ii  libkf5coreaddons5 5.78.0-2
ii  libkworkspace5-5  4:5.20.5-3
ii  libqt5core5a  5.15.2+dfsg-4
ii  libqt5dbus5   5.15.2+dfsg-4
ii  libstdc++610.2.1-6
ii  plasma-workspace  4:5.20.5-3
ii  qtwayland55.15.2-2

plasma-workspace-wayland recommends no packages.

plasma-workspace-wayland suggests no packages.

-- no debconf information

Processed: reassign 982833 to manpages-l10n, found 982833 in manpages-l10n/4.9.1-2 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # fix version tracking info
> reassign 982833 manpages-l10n
Bug #982833 {Done: Helge Kreutzmann } 
[man2html,man2html-base,manpages-it] man2html,man2html-base,manpages-it: 
manpage conflicts: man2html.1, hman.1
Bug reassigned from package 'man2html,man2html-base,manpages-it' to 
'manpages-l10n'.
No longer marked as found in versions man2html/1.6g-14 and 
manpages-l10n/4.9.1-2.
No longer marked as fixed in versions manpages-l10n/4.9.1-5.
> found 982833 manpages-l10n/4.9.1-2
Bug #982833 {Done: Helge Kreutzmann } [manpages-l10n] 
man2html,man2html-base,manpages-it: manpage conflicts: man2html.1, hman.1
Marked as found in versions manpages-l10n/4.9.1-2 and reopened.
> fixed 982833 manpages-l10n/4.9.1-5
Bug #982833 [manpages-l10n] man2html,man2html-base,manpages-it: manpage 
conflicts: man2html.1, hman.1
Marked as fixed in versions manpages-l10n/4.9.1-5.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
982833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#983029: lava: flaky autopkgtest: lava-server-gunicorn service is not active

[Paul Gevers]

Source: lava
Version: 2020.12-1
Severity: serious
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: flaky

Dear maintainer(s),

Your package has an autopkgtest, great. However, it fails often (since
around January on amd64 and arm64) [1].

Because the unstable-to-testing migration software now blocks on
regressions in testing, flaky tests, i.e. tests that flip between
passing and failing without changes to the list of installed packages,
are causing people unrelated to your package to spend time on these
tests.

I copied the output at the bottom of this report.

Paul

[1] https://ci.debian.net/packages/l/lava/testing/amd64/

https://ci.debian.net/data/autopkgtest/testing/amd64/l/lava/10400827/log.gz

+ cd /root
+ lava-server manage check
System check identified no issues (0 silenced).
+ lava-server manage check --deploy
SystemCheckError: System check identified some issues:

ERRORS:
lava services: lava-server-gunicorn service is not active.

INFOS:
debian pkg: 'lava-coordinator' not installed from a Debian package

System check identified 2 issues (2 silenced).
autopkgtest [12:35:59]: test management: ---]
autopkgtest [12:35:59]: test management:  - - - - - - - - - - results -
- - - - - - - - -
management   FAIL non-zero exit status 1



OpenPGP_signature
Description: OpenPGP digital signature

Bug#983028: splint-data build failure: missing files

[Vincent Lefevre]

Source: splint
Version: 1:3.1.2+dfsg-4
Severity: serious
Tags: ftbfs
Justification: ftbfs

splint-data 1:3.1.2+dfsg-4 is missing, so that splint cannot be
installed.

https://buildd.debian.org/status/package.php?p=splint signals a
build failure for "all" (thus affecting splint-data):

make[1]: Entering directory '/<>'
dh_install -psplint-data -X.lcd -XMakefile
dh_install: warning: Cannot find (any matches for) "usr/share/splint/imports/" 
(tried in ., debian/tmp)

dh_install: warning: splint-data missing files: usr/share/splint/imports/
dh_install: warning: Cannot find (any matches for) "usr/share/splint/lib/" 
(tried in ., debian/tmp)

dh_install: warning: splint-data missing files: usr/share/splint/lib/
dh_install: error: missing files, aborting
make[1]: *** [debian/rules:52: override_dh_install] Error 25
make[1]: Leaving directory '/<>'
make: *** [debian/rules:23: binary-indep] Error 2

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#983027: r-bioc-mutationalpatterns: autopkgtest regression in testing: no package called ‘BSgenome.Hsapiens.UCSC.hg19’

[Paul Gevers]

Source: r-bioc-mutationalpatterns
Version: 2.0.0-2
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent (October 2020) change somewhere outside of your package
the autopkgtest of your package started to fail. I copied some of the
output at the bottom of this report. Can you please investigate the
situation and fix it?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

https://ci.debian.net/data/autopkgtest/testing/amd64/r/r-bioc-mutationalpatterns/10546520/log.gz

══ Failed tests

── Error (test-bin_mutation_density.R:11:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-bin_mutation_density.R:11:0
── Error (test-calculate_lesion_segretation.R:5:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-calculate_lesion_segretation.R:5:0
── Error (test-context_potential_damage_analysis.R:13:1): (code run
outside of `test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-context_potential_damage_analysis.R:13:0
── Error (test-extract_signatures.R:19:1): (code run outside of
`test_that()`) ──
Error: Package 'ccfindR' is needed for variational_bayes to work. Please
either install it or use the regular NMF.
Backtrace:
█
 1. └─MutationalPatterns::extract_signatures(...)
test-extract_signatures.R:19:0
── Error (test-get_indel_context.R:10:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-get_indel_context.R:10:0
── Error (test-mut_context.R:10:1): (code run outside of `test_that()`)

Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-mut_context.R:10:0
── Error (test-mut_matrix_stranded.R:6:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-mut_matrix_stranded.R:6:0
── Error (test-mut_matrix.R:5:1): (code run outside of `test_that()`)
──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE) test-mut_matrix.R:5:0
── Error (test-mut_type_occurrences.R:10:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-mut_type_occurrences.R:10:0
── Error (test-plot_spectrum_region.R:10:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-plot_spectrum_region.R:10:0
── Error (test-plot_spectrum.R:11:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-plot_spectrum.R:11:0
── Error (test-plot_strand.R:10:1): (code run outside of `test_that()`)

Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-plot_strand.R:10:0
── Error (test-read_vcfs_as_granges.R:5:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-read_vcfs_as_granges.R:5:0
── Error (test-strand_occurrences.R:10:1): (code run outside of
`test_that()`) ──
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-strand_occurrences.R:10:0
── Error (test-type_context.R:10:1): (code run outside of `test_that()`)
───
Error: there is no package called ‘BSgenome.Hsapiens.UCSC.hg19’
Backtrace:
█
 1. └─base::library(ref_genome, character.only = TRUE)
test-type_context.R:10:0

[ FAIL 15 | WARN 0 | SKIP 0 | PASS 264 ]



OpenPGP_signature
Description: OpenPGP digital signature

Bug#982519: marked as done (zstd: Race condition allows attacker to access world-readable destination file)

[Debian Bug Tracking System]

Your message dated Thu, 18 Feb 2021 11:19:24 +
with message-id 
and subject line Bug#982519: fixed in libzstd 1.4.8+dfsg-2
has caused the Debian Bug report #982519,
regarding zstd: Race condition allows attacker to access world-readable 
destination file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
982519: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: zstd
Version: 1.4.8+dfsg-1
Severity: grave
Tags: security
X-Debbugs-Cc: t...@security.debian.org

The recently applied patch still creates the file with the default
umask[0], before chmod'ing down to 0600, so an attacker could still open
it in the meantime.

Cheers,

-- 
Seb

[0] https://github.com/facebook/zstd/blob/dev/programs/fileio.c#L682
--- End Message ---
--- Begin Message ---
Source: libzstd
Source-Version: 1.4.8+dfsg-2
Done: Étienne Mollier 

We believe that the bug you reported is fixed in the latest version of
libzstd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 982...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Étienne Mollier  (supplier of updated libzstd 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 18 Feb 2021 09:52:53 +0100
Source: libzstd
Architecture: source
Version: 1.4.8+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Debian Med Packaging Team 

Changed-By: Étienne Mollier 
Closes: 982519
Changes:
 libzstd (1.4.8+dfsg-2) unstable; urgency=high
 .
   * Team upload.
   * When a file with restricted permissions is compressed, the resulting file
 inherits the umask of the user for the time of the compression.  This was
 partially mitigated previously by running a change of permissions after a
 `chmod`, but left a small but exploitable window just after the `fopen`.
 This update adds 0018-fix-file-permissions-on-compression.patch to make
 sure the compressed file is not group nor world readable for the _entire_
 duration of the compression.
 Closes: #982519
Checksums-Sha1:
 c03852712749e44d07c52073b0862c74fc536326 2266 libzstd_1.4.8+dfsg-2.dsc
 7ddd022f263593fd1420a20b726988fc4177e566 14644 
libzstd_1.4.8+dfsg-2.debian.tar.xz
 3446d20b07dc6f52cfcb4a3abf9b4d7c84c1d104 7398 
libzstd_1.4.8+dfsg-2_amd64.buildinfo
Checksums-Sha256:
 956bf60dc6f33a2a1deac7b0323d31e409fa8833f0fad423cede60a96ce73317 2266 
libzstd_1.4.8+dfsg-2.dsc
 67cb0e652e9b6f543640b82ff5a5e94460d8e107521af7518e06477aa4df0822 14644 
libzstd_1.4.8+dfsg-2.debian.tar.xz
 2bc235602530e434b8811d4732197c1e6878bdfee58e4872f39e1b3936b5595c 7398 
libzstd_1.4.8+dfsg-2_amd64.buildinfo
Files:
 c4b5c38975d04467ae5b9b564770a6bf 2266 libs optional libzstd_1.4.8+dfsg-2.dsc
 908f01d234189534d8661d8a2c2f77c1 14644 libs optional 
libzstd_1.4.8+dfsg-2.debian.tar.xz
 afbf6a443b713102575837d428704b1e 7398 libs optional 
libzstd_1.4.8+dfsg-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmAuPdQACgkQeTz2fo8N
Edq5kw//bMU9RNODi4Vn/LQwx38j13P+uirwvPM7+BKbq1v3Gr4FBdogbCZarChM
aMnQ5BDMFGThZaW69GXrGEEZB/EuhIbwNWH3tBpbAEYLlz7vfg5JlmVNW/WxhifR
/l05ZAUzix0wx6fFfM11tVXDX0Tjr/pa60aNnbw3Bu2tJrjuLR0foh8iSyLHSDsf
jjRBrf7OtRV2X8d7r5xOUuHkmVXyGV3Bp5g8yhrSBGIW/9kjXRrcOUbUXTb7lca6
tmAgRnXAfAK1+GCPYMelJANRTjSVKEXcEArlIKKkXWLqdclRLcpHDEA5flXceoGx
bNtooNwEPZCuYak7BDq4US8C0Wsn3sP3Fmolzuwo4+Vw7DCXcDRSoQuupHj2qRJC
otlCJcTP1cr2rHGlSzzfHCK8cIuH8TgkOqsRu7zmKA1i4B5l1NRdYvI4T2Lcm1og
/SITL57mlqnwqtpSrXOT48nuH7k9Gi1he6r6B98e/YSuW5YEeJ6+ULyDYGrtC0EL
QL3avVLUQi0PMCwHupI6+zaGqPu3pdSO//A3YsE6cmNobeb3Ywax3/Za6SfDKdQh
K+GYAK0tj4JTd4lvR4y2gZkZNHCYUKm8NSK68+ttQwB/3mxTdPan5AJ2RrH7Sz7M
0M+dSq/FxNQM60WnSaVFXcVDkOVNAbA/XGJg3isDgM+WBODAgIU=
=urmZ
-END PGP SIGNATURE End Message ---

Bug#969907: Bug#969537: epdfinfo crashing with mismatched libpoppler102 and libpoppler-glib8

[Pino Toscano]

Hi Simon,

In data lunedì 15 febbraio 2021 13:07:13 CET, Simon McVittie ha scritto:
> Control: retitle 969907 epdfinfo crashing with mismatched libpoppler102 and 
> libpoppler-glib8
> Control: tags 969907 + patch
> 
> Sorry, this reply should have gone to the clone in libpoppler-glib8,
> not to the archived original bug in epdfinfo (which I don't think was
> ever really an epdfinfo bug).
> 
> On Mon, 15 Feb 2021 at 12:03:35 +, Simon McVittie wrote:
> > I don't think this is actually about whether libpoppler-glib added new ABI
> > without bumping the shlibs version - it has a .symbols file that tracks
> > the version in which each public symbol was added.
> >
> > Instead, I think this is about private symbols and partial
> > upgrades. libpoppler102 and libpoppler-glib8 come from the same
> > source package, so libpoppler-glib8 is very likely to make assumptions
> > about private implementation details of the corresponding version of
> > libpoppler102; many of the source files glib/*.cc that get compiled into
> > libpoppler-glib8 have #include "poppler-private.h". This is fine if
> > everyone does an `apt upgrade` with no pinning, but breaks down if people
> > do arbitrary partial upgrades with pinning or interactively (leading to a
> > "Frankendebian" system).
> > 
> > If the upstream developers of poppler are asked to support a system where
> > libpoppler102 and libpoppler-glib8 are at different versions, I'm pretty
> > sure the first thing they will say is "don't". I think the same is
> > appropriate for downstreams.

Yes, this is correct.

> > In Cairo and Pango (which have a similar structure with multiple binary
> > packages making use of each other's implementation details), I added a
> > debian/shlibs.local to make sure the binary packages all get lockstep
> > dependencies. I think the same technique would be appropriate here. See
> > attached.

I honestly do not understand how this is even a problem, considering I
fixed this more than 5 years ago:
https://salsa.debian.org/freedesktop-team/poppler/-/commit/7929aa2d5ec9464fea755f622319d224787c4110
and indeed:

  $ apt-cache show libpoppler-glib8
  Package: libpoppler-glib8
  Source: poppler
  Version: 20.09.0-3.1
  [...]
  Depends: libpoppler102 (= 20.09.0-3.1), libc6 (>= 2.14), libcairo2 (>= 
1.12.0), libfreetype6 (>= 2.2.1), libglib2.0-0 (>= 2.41), libstdc++6 (>= 5.2)
  [...]

So the strict dependency is already in place. If I check the version
that was reported in the bug report, I see:

  $ debsnap -d . libpoppler-glib8 -a amd64 0.85.0-2
  $ dpkg -I libpoppler-glib8_0.85.0-2_amd64.deb
   Package: libpoppler-glib8
   Source: poppler
   Version: 0.85.0-2
   Depends: libpoppler95 (= 0.85.0-2), libc6 (>= 2.14), libcairo2 (>= 1.12.0), 
libfreetype6 (>= 2.2.1), libglib2.0-0 (>= 2.41), libstdc++6 (>= 5.2)

I'd rather think that the situation happened because
elpa-pdf-tools-server links both to libpoppler and libpoppler-glib:
the rebuild against poppler 20.09.0 (i.e. libpoppler102) make
elpa-pdf-tools-server link to libpoppler102 (forcing the newer
dependency to it), and setting an old dependency for libpoppler-glib
because there is no need for a newer version.

This was also a problem in case there was an incomplete dist-upgrade to
the newer poppler, so the newer libpoppler was pulled in but the newer
libpoppler-glib not. I remember having seen this in the past (when I
used to maintain poppler), but it happened once and indeed it was due
to an incomplete dist-upgrade. IMHO this will not happen in
oldstable->stable dist-upgrades, as everything will be build with the
newer libraries, and hopefully the dist-upgrade will be done fully.

Another contributing factor is that emacs-pdf-tools "abuses" the
libpoppler-glib internals, see server/poppler-hack.cc. I don't know
why it does that, and I'd rather see the actual issues fixed in
libpoppler-glib.

-- 
Pino Toscano

signature.asc
Description: This is a digitally signed message part.

Processed: identify affected versions

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # this variant with short window affects both Buster and Stretch
> found 982519 1.3.8+dfsg-3+deb10u1
Bug #982519 [zstd] zstd: Race condition allows attacker to access 
world-readable destination file
Marked as found in versions libzstd/1.3.8+dfsg-3+deb10u1.
> found 982519 1.1.2-1
Bug #982519 [zstd] zstd: Race condition allows attacker to access 
world-readable destination file
Marked as found in versions libzstd/1.1.2-1.
> thank you
Stopping processing here.

Please contact me if you need assistance.
-- 
982519: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#969907: epdfinfo crashing with mismatched libpoppler102 and libpoppler-glib8

[Simon McVittie]

On Mon, 15 Feb 2021 at 12:07:13 +, Simon McVittie wrote:
> On Mon, 15 Feb 2021 at 12:03:35 +, Simon McVittie wrote:
> > I don't think this is actually about whether libpoppler-glib added new ABI
> > without bumping the shlibs version - it has a .symbols file that tracks
> > the version in which each public symbol was added.
> >
> > Instead, I think this is about private symbols and partial
> > upgrades. libpoppler102 and libpoppler-glib8 come from the same
> > source package, so libpoppler-glib8 is very likely to make assumptions
> > about private implementation details of the corresponding version of
> > libpoppler102; many of the source files glib/*.cc that get compiled into
> > libpoppler-glib8 have #include "poppler-private.h". This is fine if
> > everyone does an `apt upgrade` with no pinning, but breaks down if people
> > do arbitrary partial upgrades with pinning or interactively (leading to a
> > "Frankendebian" system).

Sorry, the proposed patch that I previously attached had the wrong bug
number in its Closes:. Please see attached for a corrected version.

Also available as a MR:
.

smcv
>From 215e53945323a7cee80e2bbc9a30ad209d7e77e1 Mon Sep 17 00:00:00 2001
From: Simon McVittie 
Date: Mon, 15 Feb 2021 11:53:51 +
Subject: [PATCH] d/shlibs.local: Upgrade all binary packages in lockstep

Like many projects where one source package builds multiple binary
packages, poppler has private headers that share non-public interfaces
between its binary packages. Upgrading one binary package from this
source without upgrading the others is not something that its upstream
developers are ever going to test or support, and neither should we.

Closes: #969907
---
 debian/changelog| 12 
 debian/shlibs.local |  4 
 2 files changed, 16 insertions(+)
 create mode 100644 debian/shlibs.local

diff --git a/debian/changelog b/debian/changelog
index d65fa9f..54c96af 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+poppler (20.09.0-3.2) UNRELEASED; urgency=medium
+
+  * d/shlibs.local: Upgrade all binary packages in lockstep.
+Like many projects where one source package builds multiple binary
+packages, poppler has private headers that share non-public interfaces
+between its binary packages. Upgrading one binary package from this
+source without upgrading the others is not something that its upstream
+developers are ever going to test or support, and neither should we.
+(Closes: #969537)
+
+ -- Simon McVittie   Mon, 15 Feb 2021 11:44:22 +
+
 poppler (20.09.0-3.1) unstable; urgency=medium
 
   * debian/tests: make autopkgtests cross-test-friendly (Closes: #969726)
diff --git a/debian/shlibs.local b/debian/shlibs.local
new file mode 100644
index 000..af3275a
--- /dev/null
+++ b/debian/shlibs.local
@@ -0,0 +1,4 @@
+libpoppler 102 libpoppler102 (= ${binary:Version})
+libpoppler-cpp 0 libpoppler-cpp0v5 (= ${binary:Version})
+libpoppler-glib 8 libpoppler-glib8 (= ${binary:Version})
+libpoppler-qt5 1 libpoppler-qt5-1 (= ${binary:Version})
-- 
2.30.1

Bug#982519: [sprint] [RFS] libzstd 1.4.8+dfsg-2

[Étienne Mollier]

Control: tag -1 pending

Hi Sébastien, Hi Salvatore,

Salvatore Bonaccorso, on 2021-02-18 06:19:29 +0100:
> FTR, this has been fixed upstream.

Thanks the ping, I inlined upstream patch in the next iteration
of libzstd: 1.4.8+dfsg-2.  Upload will occur with urgency=high.
Changes are available on Salsa:

https://salsa.debian.org/med-team/libzstd

This package will need sponsored upload (unless Nilesh did grant
me upload permissions.  :)

Have a nice day,
-- 
Étienne Mollier 
Fingerprint:  8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
Sent from /dev/pts/1, please excuse my verbosity.


signature.asc
Description: PGP signature

Processed: [sprint] [RFS] libzstd 1.4.8+dfsg-2

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #982519 [zstd] zstd: Race condition allows attacker to access 
world-readable destination file
Added tag(s) pending.

-- 
982519: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#951988: libplacebo: FTBFS: (.text+0x8ee): undefined reference to `spvContextCreate'

[Simon McVittie]

On Mon, 18 Jan 2021 at 11:27:35 +, Simon McVittie wrote:
> On Mon, 18 Jan 2021 at 10:54:30 +, Simon McVittie wrote:
> > Unfortunately, unlike #980369, I was not able to find a combination of
> > libraries that I could add to spirv.pc to fix this bug.
> 
> I think the attached might do it? As before, I don't know this library,
> so please review carefully.
> 
> I have deliberately not used SPIRV-Tools-Shared here to avoid being
> affected by #980370.

https://salsa.debian.org/xorg-team/vulkan/glslang/-/merge_requests/4

(Updated patches attached, if you prefer the BTS.)

smcv
>From af942e4bc20bdb9fab9f187f497e7fe6c80cf12d Mon Sep 17 00:00:00 2001
From: Simon McVittie 
Date: Mon, 18 Jan 2021 11:24:30 +
Subject: [PATCH 1/2] Add missing dependencies to spirv.pc

Some code accessed via spirv.pc requires SPIRV-Tools and/or glslang.

Signed-off-by: Simon McVittie 
Closes: #951988
---
 debian/control|  3 +-
 debian/patches/series |  1 +
 ...endencies-on-SPIRV-Tools-and-glslang.patch | 38 +++
 3 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 debian/patches/spirv.pc-Add-dependencies-on-SPIRV-Tools-and-glslang.patch

diff --git a/debian/control b/debian/control
index 594ac5a8..6eacf228 100644
--- a/debian/control
+++ b/debian/control
@@ -28,7 +28,8 @@ Description: OpenGL and OpenGL ES shader front end and validator -- tools
 
 Package: glslang-dev
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends},
+ spirv-tools,
 Suggests: glslang-tools
 Multi-Arch: same
 Description: OpenGL and OpenGL ES shader front end and validator -- development files
diff --git a/debian/patches/series b/debian/patches/series
index 7d0b1f9a..e66d681a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 glslang-default-resource-limits_staticlib.patch
 0001-pkg-config-compatibility.patch
 glslang.pc-Add-missing-libraries.patch
+spirv.pc-Add-dependencies-on-SPIRV-Tools-and-glslang.patch
diff --git a/debian/patches/spirv.pc-Add-dependencies-on-SPIRV-Tools-and-glslang.patch b/debian/patches/spirv.pc-Add-dependencies-on-SPIRV-Tools-and-glslang.patch
new file mode 100644
index ..160832d6
--- /dev/null
+++ b/debian/patches/spirv.pc-Add-dependencies-on-SPIRV-Tools-and-glslang.patch
@@ -0,0 +1,38 @@
+From: Simon McVittie 
+Date: Mon, 18 Jan 2021 11:22:34 +
+Subject: spirv.pc: Add dependencies on SPIRV-Tools and glslang
+
+Otherwise, a simple program like this will fail to link:
+
+#include 
+int main (void)
+{
+  std::string s;
+  glslang::GetSpirvVersion(s);
+  return 0;
+}
+
+when compiled with the obvious parameters from pkg-config:
+
+g++ -ospirv spirv.cpp $(pkg-config --cflags --libs spirv)
+
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951988
+Signed-off-by: Simon McVittie 
+---
+ SPIRV/spirv.pc.cmake.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/SPIRV/spirv.pc.cmake.in b/SPIRV/spirv.pc.cmake.in
+index dfcad94..d47d427 100644
+--- a/SPIRV/spirv.pc.cmake.in
 b/SPIRV/spirv.pc.cmake.in
+@@ -5,7 +5,7 @@
+ 
+ Name: @SPIRV_NAME@
+ Description: SPIR-V is a binary intermediate language for representing graphical-shader stages and compute kernels for multiple Khronos APIs, including OpenCL, OpenGL, and Vulkan
+-Requires:
++Requires: SPIRV-Tools, glslang
+ Version: @SPIRV_VERSION@
+ Libs: -L${libdir} -lSPIRV
+ Cflags: -I${includedir}
+\ No newline at end of file
-- 
2.30.1

>From ff5bf4e4301419d16f68a5ca673dc1c88c3f3c1f Mon Sep 17 00:00:00 2001
From: Simon McVittie 
Date: Mon, 18 Jan 2021 10:16:45 +
Subject: [PATCH 2/2] d/tests/glslang-dev: Add a test for spirv.pc

Signed-off-by: Simon McVittie 
Reproduces: #951988
---
 .../glslang.pc-Add-missing-libraries.patch   |  2 +-
 debian/tests/glslang-dev | 16 
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/debian/patches/glslang.pc-Add-missing-libraries.patch b/debian/patches/glslang.pc-Add-missing-libraries.patch
index f8029af4..b3fa7b4f 100644
--- a/debian/patches/glslang.pc-Add-missing-libraries.patch
+++ b/debian/patches/glslang.pc-Add-missing-libraries.patch
@@ -11,7 +11,7 @@ Signed-off-by: Simon McVittie 
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/glslang/glslang.pc.cmake.in b/glslang/glslang.pc.cmake.in
-index 921497e..fd92606 100644
+index 921497e..8c49e0c 100644
 --- a/glslang/glslang.pc.cmake.in
 +++ b/glslang/glslang.pc.cmake.in
 @@ -7,5 +7,5 @@
diff --git a/debian/tests/glslang-dev b/debian/tests/glslang-dev
index 3f6af04a..bf103ca0 100755
--- a/debian/tests/glslang-dev
+++ b/debian/tests/glslang-dev
@@ -35,6 +35,17 @@ int main (void)
 }
 EOF
 
+cat > spirv.cpp <<'EOF'
+#include 
+
+int main (void)
+{
+  std::string s;
+  glslang::GetSpirvVersion(s);
+  return 0;
+}
+EOF
+
 # This is hard-coded because 

Processed: Re: Bug#983014: manpages-de: Fails to upgrade from 4.2.0-1 to 4.9.1-5: This installation run will require temporarily removing the essential package manpages-de:amd64 due to a Conflicts/Pre

[Debian Bug Tracking System]

Processing control commands:

> severity -1 important
Bug #983014 [manpages-de] manpages-de: Fails to upgrade from 4.2.0-1 to 
4.9.1-5: This installation run will require temporarily removing the essential 
package manpages-de:amd64 due to a Conflicts/Pre-Depends loop.
Severity set to 'important' from 'serious'
> reassign -1 apt 2.1.20
Bug #983014 [manpages-de] manpages-de: Fails to upgrade from 4.2.0-1 to 
4.9.1-5: This installation run will require temporarily removing the essential 
package manpages-de:amd64 due to a Conflicts/Pre-Depends loop.
Bug reassigned from package 'manpages-de' to 'apt'.
No longer marked as found in versions manpages-l10n/4.9.1-5.
Ignoring request to alter fixed versions of bug #983014 to the same values 
previously set
Bug #983014 [apt] manpages-de: Fails to upgrade from 4.2.0-1 to 4.9.1-5: This 
installation run will require temporarily removing the essential package 
manpages-de:amd64 due to a Conflicts/Pre-Depends loop.
Marked as found in versions apt/2.1.20.

-- 
983014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983014
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#983014: manpages-de: Fails to upgrade from 4.2.0-1 to 4.9.1-5: This installation run will require temporarily removing the essential package manpages-de:amd64 due to a Conflicts/Pre-Depends loop.

[Axel Beckert]

Control: severity -1 important
Control: reassign -1 apt 2.1.20

Hi David,

thanks for having a look at this.

David Kalnischkies wrote:
> On Thu, Feb 18, 2021 at 08:12:06AM +0100, Axel Beckert wrote:
> > I though have no idea why apt regards manpages-de as
> > essential. X-Debbugs-Cc'ing the APT developers at
> 
> Does the output of
> $ apt rdepends manpages-de --important
> include more than task-german and parl-desktop-eu?

Correct:

$ apt rdepends manpages-de --important
manpages-de
Reverse Depends:
  Depends: kiva-users
  Depends: task-german
  Depends: task-german
  Depends: parl-desktop-eu

> In particular, does it include a local metapackage which is tagged
> Essential/Important:yes?

Correct:

Package: kiva-users
Source: abe-metapackages
[…]
Depends: […], manpages-de, […]
Important: yes

Full control file stanza at
https://github.com/xtaran/abe-metapackages/blob/master/debian/control#L1243-L1333

Binary package at
https://noone.org/apt/pool/main/a/abe-metapackages/kiva-users_19_all.deb

> (Important packages are considered like Essential which here is probably
>  wrong as we shouldn't make ordering guarantees for it… but then,
>  I guess that is part of why libgcc ↔ libgcc_s works now. And btw: The
>  commandline flag stands for "important dependencies", which in this
>  case is Depends and Pre-Depends,

What I don't understand is, that apt claims that manpages-de is
Essential (or Important, whatever) just because an Essential (or
Important…) package depends on it.

I do see that it might want to apply similar rules for dependencies of
Essential packages, but the phrase "the essential package
manpages-de:amd64" is nevertheless extremly misleading and not
helpful.

>  it has nothing to do with the
>  Important flag or the other billion things also called important)

Downgrading to important (sic!) as a first measure and reassigning
then to apt.

P.S. to Toddy and Helge: Sorry for the noise. You already had enough
trouble with manpages-de in the last few weeks.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#979432: ruby-rack FTBFS on IPV6-only buildds

[Paul Gevers]

Hi,

On Sun, 7 Feb 2021 19:22:30 +0100 Chris Hofstaedtler 
wrote:
> I guess one can change all the tests to use ::1 instead of
> 127.0.0.1, but that will just introduce other failure modes.

If no proper solution can be found shortly, can this package please be
uploaded with these specific tests disabled?

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#979865: m2crypto FTBFS on IPV6-only buildds

[Paul Gevers]

Hi,

On Fri, 29 Jan 2021 20:50:07 +0100 Sebastian Andrzej Siewior
 wrote:
> > The release team considers these bugs release critical.
> 
> it would be easier to enforce to have all buildds configured equally so
> the package does not fail on a random buildd.

I *guess* that's not trivial as I think it depends on the network their in.

m2crypto needs another upload anyways. Without a proper IPv6 solution
for the tests, can the failing network tests please be disabled in the
next upload?

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#983014: manpages-de: Fails to upgrade from 4.2.0-1 to 4.9.1-5: This installation run will require temporarily removing the essential package manpages-de:amd64 due to a Conflicts/Pre-Depends loop.

[David Kalnischkies]

On Thu, Feb 18, 2021 at 08:12:06AM +0100, Axel Beckert wrote:
> I though have no idea why apt regards manpages-de as
> essential. X-Debbugs-Cc'ing the APT developers at

Does the output of
$ apt rdepends manpages-de --important
include more than task-german and parl-desktop-eu?

In particular, does it include a local metapackage which is tagged
Essential/Important:yes?

(Important packages are considered like Essential which here is probably
 wrong as we shouldn't make ordering guarantees for it… but then,
 I guess that is part of why libgcc ↔ libgcc_s works now. And btw: The
 commandline flag stands for "important dependencies", which in this
 case is Depends and Pre-Depends, it has nothing to do with the
 Important flag or the other billion things also called important)


If not have a look into /var/backups for a dpkg.status file from before
your (failed) upgrade, so that we might be able to reproduce this.


Best regards

David Kalnischkies


signature.asc
Description: PGP signature

Bug#983017: 9base: flaky autopkgtest on i386: stack smashing detected

[Paul Gevers]

Hi,

On Thu, 18 Feb 2021 08:28:06 +0100 Paul Gevers  wrote:
> shoogle has an autopkgtest, great. However, on i386 it fails more often
  ^^^ oops, that's what you get for reusing an old mail.

> I copied the output at the bottom of this report. Can you please look
> into it and make the test more robust (against network issues). If you
> keep the test that requires internet, you should add the needs-internet
> restriction too.

This paragraph also doesn't apply. Sorry for the sub-optimal report.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Processed: Re: [Pkg-openssl-devel] Bug#983013: m2crypto: autopkgtest needs update for new version of openssl: M2Crypto.RSA.RSAError: sslv3 rollback attack

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 983013 https://gitlab.com/m2crypto/m2crypto/-/issues/293
Bug #983013 [src:m2crypto] m2crypto: autopkgtest needs update for new version 
of openssl: M2Crypto.RSA.RSAError: sslv3 rollback attack
Set Bug forwarded-to-address to 
'https://gitlab.com/m2crypto/m2crypto/-/issues/293'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
983013: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983013
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#983013: [Pkg-openssl-devel] Bug#983013: m2crypto: autopkgtest needs update for new version of openssl: M2Crypto.RSA.RSAError: sslv3 rollback attack

[Kurt Roeckx]

forwarded 983013 https://gitlab.com/m2crypto/m2crypto/-/issues/293
thanks

I've created an upstream issue for it.

Bug#973715: RE: Bug#973715: fwupd-amd64-signed holding off fwupd update results in segfaulting binary

[Paul Gevers]

Hi Limonciello,

On 18-02-2021 07:15, Limonciello, Mario wrote:
> I don't have the power to manually run it. So there is nothing I can do.
> With the new 1.5.6-1 upload someone will need to manually run it again.

I recognize what you say. However, *in my opinion* you can't just upload
the unsigned package without securing that the signing will happen ASAP,
with such tight dependencies. Users of unstable should expect that their
system breaks once in a while, but that's not by design but because bugs
happen. Being able to not update because of transitions is to be
expected and we don't have an alternative. But that's different from
what I read in this bug, where something else got updated and then the
fwupd set breaks without warning.

If unstable doesn't work for you, how about using experimental? You can
upload there much more freely and once stuff is ready (including making
sure the signing can happen ASAP) you upload to unstable.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Processed: found 983018 in 5.15.2-3

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # Forgot to set the actual version in the bug report
> found 983018 5.15.2-3
Bug #983018 [qdbus] qdbus: Needs package downgrade from Buster to Bullseye 
(missing epoch in transitional package)
Marked as found in versions qttools-opensource-src/5.15.2-3.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
983018: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983018
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#983019: x11vnc: flaky autopkgtest: /tmp/x11vnc_allow-connections_result: No such file or directory

[Paul Gevers]

Source: x11vnc
Version: 0.9.16-6
Severity: serious
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: flaky

Dear maintainer(s),

Your package has an autopkgtest, great. However, it fails often [1].

Because the unstable-to-testing migration software now blocks on
regressions in testing, flaky tests, i.e. tests that flip between
passing and failing without changes to the list of installed packages,
are causing people unrelated to your package to spend time on these
tests.

I copied the output at the bottom of this report.

Paul

[1]

https://ci.debian.net/data/autopkgtest/testing/amd64/x/x11vnc/10356520/log.gz

autopkgtest [20:16:31]: test allow-connections: [---
cat: /tmp/x11vnc_allow-connections_result: No such file or directory
autopkgtest [20:16:47]: test allow-connections: ---]



OpenPGP_signature
Description: OpenPGP digital signature

Bug#982713: minexpert2: FTBFS: [ERROR] LazyFont - Failed to read font file /usr/share/texlive/texmf-dist/fonts/opentype/public/stix2-otf/STIX2Math.otf

[Juhani Numminen]

Dear maintainer,

> [ERROR] LazyFont - Failed to read font file 
> /usr/share/texlive/texmf-dist/fonts/opentype/public/stix2-otf/STIX2Math.otf

It's easy enough to locate the files which mention the font,
it is doc/user-manuals/fop.xconf in all three affected packages.

https://codesearch.debian.net/search?q=%2Fusr%2Fshare%2Ftexlive%2Ftexmf-dist%2Ffonts%2Fopentype%2Fpublic%2Fstix2-otf%2FSTIX2Math.otf=1

>From texlive-extra's build log I gather the font file may have
changed names to STIXTwoMath-Regular.otf, that is
/usr/share/texlive/texmf-dist/fonts/opentype/public/stix2-otf/STIXTwoMath-Regular.otf.

https://buildd.debian.org/status/fetch.php?pkg=texlive-extra=all=2020.20210202-1=1612267116=0

--
Juhani

Bug#983018: qdbus: Needs package downgrade from Buster to Bullseye (missing epoch in transitional package)

[Axel Beckert]

Package: qdbus
Severity: serious
Justification: §3.2 and https://wiki.debian.org/SystemDowngrade

Hi,

on one system I wondered why qdbus is still on Qt4. Then I noticed that
the version of the Qt4 qdbus package from Buster is higher (!) than the
version of the Qt5 qdbus package in Bullseye:

$ apt-cache policy qdbus
qdbus:
  Installed: 4:4.8.7+dfsg-18+deb10u1
  Candidate: 4:4.8.7+dfsg-18+deb10u1
  Version table:
 *** 4:4.8.7+dfsg-20 100
100 /var/lib/dpkg/status
 5.15.2-3 990
900 https://debian.ethz.ch/debian bullseye/main i386 Packages

>From what I can see, the proper fix is to prepend at least an epoch of
"4" to (only) the transitional package, i.e. to make the version of
qdbus in Bullseye "4:5.15.2-…" instead of just "5.15.2-…".

Even the BTS gets it partially wrong probably because of this and still
thinks the current qdbus package is built from the qt4-x11 source
package:

https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=qdbus;dist=unstable
(Note that it displays the correct version number, but the wrong source
package.)

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), 
(500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 
'buildd-experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-1-amd64 (SMP w/4 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Processed: bug 983010 is forwarded to https://github.com/Debian/debiman/issues/127

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 983010 https://github.com/Debian/debiman/issues/127
Bug #983010 [src:mdocml, src:debiman] mdocml breaks debiman autopkgtest: 
different output
Set Bug forwarded-to-address to 'https://github.com/Debian/debiman/issues/127'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
983010: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983010
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#983013: [Pkg-openssl-devel] Bug#983013: m2crypto: autopkgtest needs update for new version of openssl: M2Crypto.RSA.RSAError: sslv3 rollback attack

[Sebastian Andrzej Siewior]

On 2021-02-18 08:15:15 [+0100], Paul Gevers wrote:
> 
> I copied some of the output at the bottom of this report.  I *think*
> this may be related to CVE-2020-25657 "bleichenbacher timing attacks in
> the RSA decryption API" against m2crypto, hence I file this bug against
> m2crypto.

The openssl side is aware of the situtation. Currently we want to
clarify the documentation in openssl
https://github.com/openssl/openssl/issues/14216

and then report this m2crypto upstream what should be done instead.
The bug fix triggered the problem :)

Sebastian

Processed: tagging 982992

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 982992 - sid
Bug #982992 [src:node-regjsparser, src:node-regexpu-core] node-regjsparser 
breaks node-regexpu-core autopkgtest: Missing expected exception (Error).
Removed tag(s) sid.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
982992: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982992
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems