Processed: closing 1004864

2022-02-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 1004864 1.0.3-1
Bug #1004864 [src:density-fitness] density-fitness FTBFS with libpdb-redo-dev 
2.0.1
Marked as fixed in versions density-fitness/1.0.3-1.
Bug #1004864 [src:density-fitness] density-fitness FTBFS with libpdb-redo-dev 
2.0.1
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1004864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004864
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1002165: isbnlib: diff for NMU version 3.9.3-1.2

2022-02-04 Thread Adrian Bunk 
Control: tags 1002165 + patch
Control: tags 1002165 + pending

Dear maintainer,

I've prepared an NMU for isbnlib (versioned as 3.9.3-1.2) and uploaded 
it to DELAYED/14. Please feel free to tell me if I should cancel it.

cu
Adrian
diff -Nru isbnlib-3.9.3/debian/changelog isbnlib-3.9.3/debian/changelog
--- isbnlib-3.9.3/debian/changelog	2019-10-04 02:46:17.0 +0300
+++ isbnlib-3.9.3/debian/changelog	2022-02-05 07:29:00.0 +0200
@@ -1,3 +1,11 @@
+isbnlib (3.9.3-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add upstream fix for compatibility with Python 3.10.
+(Closes: #1002165)
+
+ -- Adrian Bunk   Sat, 05 Feb 2022 07:29:00 +0200
+
 isbnlib (3.9.3-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru isbnlib-3.9.3/debian/patches/0001-fix-61.patch isbnlib-3.9.3/debian/patches/0001-fix-61.patch
--- isbnlib-3.9.3/debian/patches/0001-fix-61.patch	1970-01-01 02:00:00.0 +0200
+++ isbnlib-3.9.3/debian/patches/0001-fix-61.patch	2022-02-05 07:26:11.0 +0200
@@ -0,0 +1,28 @@
+From 11d0092cb0fb3d177817e3a302918f54db97ba72 Mon Sep 17 00:00:00 2001
+From: Alexandre Conde 
+Date: Mon, 21 Oct 2019 09:18:55 +0100
+Subject: fix #61
+
+---
+ isbnlib/_imcache.py | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/isbnlib/_imcache.py b/isbnlib/_imcache.py
+index de126d0..deb599f 100644
+--- a/isbnlib/_imcache.py
 b/isbnlib/_imcache.py
+@@ -1,7 +1,10 @@
+ # -*- coding: utf-8 -*-
+ """Read and write to a dict-like cache."""
+ 
+-from collections import MutableMapping
++try:
++from collections.abc import MutableMapping
++except ImportError:  # PY27
++from collections import MutableMapping
+ 
+ 
+ class IMCache(MutableMapping):
+-- 
+2.20.1
+
diff -Nru isbnlib-3.9.3/debian/patches/series isbnlib-3.9.3/debian/patches/series
--- isbnlib-3.9.3/debian/patches/series	1970-01-01 02:00:00.0 +0200
+++ isbnlib-3.9.3/debian/patches/series	2022-02-05 07:29:00.0 +0200
@@ -0,0 +1 @@
+0001-fix-61.patch

Processed: isbnlib: diff for NMU version 3.9.3-1.2

2022-02-04 Thread Debian Bug Tracking System 
Processing control commands:

> tags 1002165 + patch
Bug #1002165 [src:isbnlib] isbnlib: FTBFS: ImportError: cannot import name 
'MutableMapping' from 'collections' 
(/usr/lib/python3.10/collections/__init__.py)
Added tag(s) patch.
> tags 1002165 + pending
Bug #1002165 [src:isbnlib] isbnlib: FTBFS: ImportError: cannot import name 
'MutableMapping' from 'collections' 
(/usr/lib/python3.10/collections/__init__.py)
Added tag(s) pending.

-- 
1002165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002165
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 997189 is forwarded to https://github.com/octo/liboping/pull/61

2022-02-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> forwarded 997189 https://github.com/octo/liboping/pull/61
Bug #997189 [src:liboping] liboping: FTBFS: oping.c:1159:25: error: format not 
a string literal and no format arguments [-Werror=format-security]
Changed Bug forwarded-to-address to 'https://github.com/octo/liboping/pull/61' 
from 'https://github.com/octo/liboping/issues/62'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
997189: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997189
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: atd forgets to run a job in the queue

2022-02-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 1004972 patch
Bug #1004972 [at] atd forgets to run a job in the queue
Added tag(s) patch.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1004972: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004972
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004990: golang-github-containernetworking-plugin-dnsname: podman does not use the dnsname plugin because the executable is in wrong directory

2022-02-04 Thread Mateusz Kijowski 
Package: golang-github-containernetworking-plugin-dnsname
Version: 1.1.1+ds1-4+b7
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: mateusz.kijow...@gmail.com

The plugin executable is installed as /usr/lib/dnsname, but should be 
/usr/lib/cni/dnsname, because this is where podman expects it to be present.
This package version also doesn't depend on dnsmasq-core.
You can make it usable by installing dnsmasq manually and moving the files
either manuall or by dpkg-divert:
dpkg-divert --divert /usr/lib/cni/dnsname --rename /usr/lib/dnsname
Then podman includes this plugin in new networks created and name
resolution works
The version present in testing and sid already seems to put it in the
correct place and include a dnsmasq-core dependency


-- System Information:
Debian Release: 11.2
  APT prefers stable-security
  APT policy: (990, 'stable-security'), (990, 'stable'), (800, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-11-amd64 (SMP w/8 CPU threads)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages golang-github-containernetworking-plugin-dnsname depends 
on:
ii  libc6  2.31-13+deb11u2

golang-github-containernetworking-plugin-dnsname recommends no packages.

golang-github-containernetworking-plugin-dnsname suggests no packages.

-- no debconf information

Bug#1004978: marked as done (wrong connection between copyright holder and license)

2022-02-04 Thread Debian Bug Tracking System 
Your message dated Fri, 04 Feb 2022 22:49:30 +
with message-id 
and subject line Bug#1004978: fixed in lxc 1:4.0.11-1~exp4
has caused the Debian Bug report #1004978,
regarding wrong connection between copyright holder and license
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1004978: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004978
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: lxc
Severity: serious
User: alteh...@debian.org
Usertags: ftp
thanks

Hi,

after the last REJECT of lxc 4.0.11-1~exp1 due to missing copyright holder 
in debian/copyright, the names have been added but the corresponding 
licenses are wrong.
Wolfgang Bumiller and Adrian Reber licensed their contribution under GPL-2 
only, Daniel Lezcano licensed his contribution under an LGPL.


Please rework your debian/copyright for the current version and also 
check the contents for other releases.


Thanks!
  Thorsten
--- End Message ---
--- Begin Message ---
Source: lxc
Source-Version: 1:4.0.11-1~exp4
Done: Pierre-Elliott Bécue 

We believe that the bug you reported is fixed in the latest version of
lxc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1004...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre-Elliott Bécue  (supplier of updated lxc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 04 Feb 2022 23:06:35 +0100
Source: lxc
Architecture: source
Version: 1:4.0.11-1~exp4
Distribution: experimental
Urgency: medium
Maintainer: pkg-lxc 
Changed-By: Pierre-Elliott Bécue 
Closes: 1004978
Changes:
 lxc (1:4.0.11-1~exp4) experimental; urgency=medium
 .
   * d/copyright: Clean the mess and extract as much as possible from the files
 in the repo (Closes: #1004978)
   * wrap-and-sort
Checksums-Sha1:
 8eb6c0a2d0fd0b9a5ba3922734b8061d617ffdb8 2924 lxc_4.0.11-1~exp4.dsc
 ac33fbc9fdf21e418a37ba03ce8661008b20b186 50212 lxc_4.0.11-1~exp4.debian.tar.xz
 c24579a629a570f2d00945f305d48933924a351e 13069 
lxc_4.0.11-1~exp4_amd64.buildinfo
Checksums-Sha256:
 1e0c0de427e629845347649a8eefef9041ac07ba00d6b814e8d3b02a79795819 2924 
lxc_4.0.11-1~exp4.dsc
 57dc5a80e7f4fcf9a0b232bd0811683bc87f0b3a77c3e8b69cc1a96995232a8f 50212 
lxc_4.0.11-1~exp4.debian.tar.xz
 30f28027bceb3774fa695e4046d676e621ec10df092f9c4923db4d559435db0c 13069 
lxc_4.0.11-1~exp4_amd64.buildinfo
Files:
 fa10132655c6c4fcabca95ec97c7c542 2924 admin optional lxc_4.0.11-1~exp4.dsc
 cae5c70778a065a8d6a7f9e4ded32275 50212 admin optional 
lxc_4.0.11-1~exp4.debian.tar.xz
 4da0b2f553e3be78c027fec291948d25 13069 admin optional 
lxc_4.0.11-1~exp4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJSBAEBCgA8FiEESYqTBWsFJgT6y8ijKb+g0HkpCsoFAmH9p8UeHHBpZXJyZS1l
bGxpb3R0LmJlY3VlQGlucmlhLmZyAAoJECm/oNB5KQrKcOkP/iqK18b445JJwu8m
2BgEBWcOijtmTKR71mHTb7X1YCuT0p63ShUBli3CUCejifU25tFWnFEFgG1mVERb
rUMeCaOoAKboBQGxqZtNlJq3UIx9JpHiKgTFmyYIEZvHLQbGBxEzD/aih2QravXB
JfGeVTq5n3gRdG0tG7Fu9sowsQvwj8K8XMc4lhL2toKvKyfW9flwA8GfsZv1DYF0
vdHrGhmOrbrbPGjlxVlI94U7k2TqKNAovYT2LaQm6UFpZeMFxkcRLh6O2nyr6Iq9
cBlIaVOXKzNv/zP4KEYEhXYUe0W1TP2xAI20sbhE5VC0T7fDpQE4HDwS/k7LtmkL
qPE6JNT9flUBwSZ2NvPicpopqDPOVnWpqb0Vc7HbueIcGmrc0czV0Ul/Emf/7wQX
CwcH6ZmFCqbd0uiPY7S5vSSIL/CU2mVzVqbWaLsXIHdzlN2bbkOdqcTBJSSgxmEJ
oUx7dE4aiqEddg+a58T8Au8P4ajFUGMiVVf2A53UEa9ARrvN2AmbjzBCr5zXs9PH
BvXAzDce+XwLQS5vWVSMs2Vtfdk1DLU6phMJXWxvNYnKYe5Nx/Y8YDUn0rgI4sH7
7JJvjK5svE7rnoEpAB1yTgi3tYPVli4CMVwSKS25dn6QB125Ag78HSQ13cyu9jIJ
8qGXDLV5N95LS1mwhski7r/QS05Z
=0L9B
-END PGP SIGNATURE End Message ---

Processed: Re: Bug#1004671: incompatible with current biblatex version

2022-02-04 Thread Debian Bug Tracking System 
Processing control commands:

> reassign -1 texlive-bibtex-extra
Bug #1004671 [biber] incompatible with current biblatex version
Bug reassigned from package 'biber' to 'texlive-bibtex-extra'.
No longer marked as found in versions biber/2.17-1.
Ignoring request to alter fixed versions of bug #1004671 to the same values 
previously set
> found -1 2021.20211217-1
Bug #1004671 [texlive-bibtex-extra] incompatible with current biblatex version
Marked as found in versions texlive-extra/2021.20211217-1.
> tags -1 + pending
Bug #1004671 [texlive-bibtex-extra] incompatible with current biblatex version
Added tag(s) pending.

-- 
1004671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004671
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004671: incompatible with current biblatex version

2022-02-04 Thread Hilmar Preuße 

Control: reassign -1 texlive-bibtex-extra
Control: found -1 2021.20211217-1
Control: tags -1 + pending

Am 31.01.2022 um 15:53 teilte Ryan Kavanagh mit:

Hi,


I'm not sure if this should instead be filed against
texlive-bibtex-extra, but the current version of biber is incompatible
with the biblatex package currently in Debian unstable. This effectively
renders biber useless and makes it impossible to compile documents that
use biblatex.

The new biblatex has been uploaded to CTAN and has been integrated into 
the TL packages. I'm currently building new source packages.


Hilmar
--
sigfault



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1002961: marked as done (src:castle-game-engine: fails to migrate to testing for too long: FTBFS on armel)

2022-02-04 Thread Debian Bug Tracking System 
Your message dated Fri, 04 Feb 2022 21:19:00 +
with message-id 
and subject line Bug#1002961: fixed in castle-game-engine 7.0~alpha.1+dfsg-5
has caused the Debian Bug report #1002961,
regarding src:castle-game-engine: fails to migrate to testing for too long: 
FTBFS on armel
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1002961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002961
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: castle-game-engine
Version: 6.4+dfsg1-7
Severity: serious
Control: close -1 7.0~alpha.1+dfsg-4
Tags: sid bookworm
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 60 days as having a Release Critical bug in 
testing [1]. Your package src:castle-game-engine has been trying to 
migrate for 61 days [2]. Hence, I am filing this bug. Your package fails 
to build on armel, but is successfully built there in the past.


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and bookworm, so 
it doesn't affect (old-)stable.


If you believe your package is unable to migrate to testing due to 
issues beyond your control, don't hesitate to contact the Release Team.


Paul

[1] https://lists.debian.org/debian-devel-announce/2020/02/msg5.html
[2] https://qa.debian.org/excuses.php?package=castle-game-engine


OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: castle-game-engine
Source-Version: 7.0~alpha.1+dfsg-5
Done: Abou Al Montacir 

We believe that the bug you reported is fixed in the latest version of
castle-game-engine, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1002...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Abou Al Montacir  (supplier of updated 
castle-game-engine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 04 Feb 2022 21:54:07 +0100
Source: castle-game-engine
Architecture: source
Version: 7.0~alpha.1+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Pascal Packaging Team 
Changed-By: Abou Al Montacir 
Closes: 1002961
Changes:
 castle-game-engine (7.0~alpha.1+dfsg-5) unstable; urgency=medium
 .
   * Moved CI tests outside rules file.
 Disabled CI tests result for armel until FPC gets fixed.
   * Added tests failing on armel to expected failures on that architecture.
 (Closes: Bug#1002961)
Checksums-Sha1:
 8b7044b71998ee230d039aa2ec02a2822f524227 2191 
castle-game-engine_7.0~alpha.1+dfsg-5.dsc
 33328fc3220c87f1b32cf0fc3635d4679232ced1 31248 
castle-game-engine_7.0~alpha.1+dfsg-5.debian.tar.xz
 f2cd8d6863e880c0e5cfeaa88d7ee2b52d5d4533 16005 
castle-game-engine_7.0~alpha.1+dfsg-5_amd64.buildinfo
Checksums-Sha256:
 8aaae05457f966b302ba7798fdeb877611ce55b5577a8bbaa5b93bc69d424c03 2191 
castle-game-engine_7.0~alpha.1+dfsg-5.dsc
 fc1dce530781b121822a9d04975629b8ea2b5ff79fc948f7292fa6ce4e540bf0 31248 
castle-game-engine_7.0~alpha.1+dfsg-5.debian.tar.xz
 9a50747e9f383dfab4c83e4a52b6f173f502b94c0dc573a3d64ae15e1c3599c1 16005 
castle-game-engine_7.0~alpha.1+dfsg-5_amd64.buildinfo
Files:
 6e89cf3710ce50376db0239d40ed5e00 2191 misc optional 
castle-game-engine_7.0~alpha.1+dfsg-5.dsc
 4550af7f951c8b4446eab5edf44024be 31248 misc optional 
castle-game-engine_7.0~alpha.1+dfsg-5.debian

Bug#1004974: atftpd: Potential information leak in atftpd<0.7.5

2022-02-04 Thread Salvatore Bonaccorso 
Control: retitle -1 atftpd: CVE-2021-46671: Potential information leak in 
atftpd<0.7.5

Hi Andreas,

On Fri, Feb 04, 2022 at 07:40:49PM +0100, Andreas B. Mundt wrote:
> Control: patch -1
> 
> 
> Hi,
> 
> many thanks for the report and the information provided!
> 
> >* What led up to the situation?
> > During a research project we have found a potential information leak
> > in the atftpd daemon from package atftpd, where malformed requests can
> > lead to a (partial) leak of the contents of /etc/group. 
> 
> > […]
> 
> > It appears that this bug has been fixed upstream (commit
> > 9cf799c40738722001552618518279e9f0ef62e5), and the fix is already
> > included in atftpd version 0.7.git20210915-3 in debian testing).
> > Yet we were able to reproduce this behavior on debian stable/bullseye 
> > (atftpd version 0.7.git20120829-3.3+deb11u1) and debian oldstable/buster 
> > (atftpd version 0.7.git20120829-3.2~deb10u2).
> 
> I've prepared packages with the cherry-picked patch for
>   bullseye (0.7.git20120829-3.3+deb11u2) and
>   buster (0.7.git20120829-3.2~deb10u3).
> Nothing has been uploaded yet to coordinate with the security team first,
> debdiff attached.

The issue has been assigned CVE-2021-46671.

Andreas, unless I miss something crucial, I think this issue can be
fixed in the upcoming point releases and does not require a DSA.

Regards,
Salvatore

Processed: Re: Bug#1004974: atftpd: Potential information leak in atftpd<0.7.5

2022-02-04 Thread Debian Bug Tracking System 
Processing control commands:

> retitle -1 atftpd: CVE-2021-46671: Potential information leak in atftpd<0.7.5
Bug #1004974 {Done: Salvatore Bonaccorso } [atftpd] atftpd: 
Potential information leak in atftpd<0.7.5
Changed Bug title to 'atftpd: CVE-2021-46671: Potential information leak in 
atftpd<0.7.5' from 'atftpd: Potential information leak in atftpd<0.7.5'.

-- 
1004974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004974
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004980: libtbb12: missing Breaks+Replaces: libtbb2 (<< 2021)

2022-02-04 Thread Andreas Beckmann 
Package: libtbb12
Version: 2021.5.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.
This error may also be triggered by having a predecessor package from
'sid 'installed while installing the package from 'experimental'.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../libtbb12_2021.5.0-1_amd64.deb ...
  Unpacking libtbb12:amd64 (2021.5.0-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libtbb12_2021.5.0-1_amd64.deb (--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/libtbbmalloc.so.2', which is 
also in package libtbb2:amd64 2020.3-1
  Errors were encountered while processing:
   /var/cache/apt/archives/libtbb12_2021.5.0-1_amd64.deb


If libtbb12 contains multiple libraries with different SOVERSIONs, you
should consider splitting the package further ...


cheers,

Andreas


libtbb2=2020.3-1_libtbb12=2021.5.0-1.log.gz
Description: application/gzip

Bug#1004926: marked as done (libgd-graph-perl: FTBFS with libgd-perl >= 2.75)

2022-02-04 Thread Debian Bug Tracking System 
Your message dated Fri, 04 Feb 2022 19:49:40 +
with message-id 
and subject line Bug#1004926: fixed in libgd-graph-perl 1.54~ds-3
has caused the Debian Bug report #1004926,
regarding libgd-graph-perl: FTBFS with libgd-perl >= 2.75
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1004926: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004926
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libgd-graph-perl
Version: 1.48-2
Severity: serious
Tags: upstream ftbfs sid bookworm
Justification: fails to build from source
Forwarded: https://rt.cpan.org/Ticket/Display.html?id=140940

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

As noticed by ci.d.n, libgd-graph-perl has test failures with recent
versions of libgd-perl (first 2.75-1, now 2.76-1).

The current failure is:

Problems reading t/images/logo_xbm_noext (tried: libgd best-guess) at 
t/bugfixes.t line 46.

#   Failed test '_read_logo_file succeeds for xbm without file extension'
#   at t/bugfixes.t line 46.

#   Failed test 'undef isa 'GD::Image''
#   at t/bugfixes.t line 48.
# undef isn't defined
# Looks like you failed 2 tests of 33.
t/bugfixes.t ... 
1..33
ok 1 - use GD::Graph;
ok 2 - Got an object from new()
ok 3 - An object of class 'GD::Graph' isa 'GD::Graph'
ok 4 - _read_logo_file succeeds for gif with file extension
ok 5 - An object of class 'GD::Image' isa 'GD::Image'
ok 6 - _read_logo_file succeeds for gif without file extension
ok 7 - An object of class 'GD::Image' isa 'GD::Image'
ok 8 - _read_logo_file succeeds for jpeg with file extension
ok 9 - An object of class 'GD::Image' isa 'GD::Image'
ok 10 - _read_logo_file succeeds for jpeg without file extension
ok 11 - An object of class 'GD::Image' isa 'GD::Image'
ok 12 - _read_logo_file succeeds for jpeg with alternate extension
ok 13 - An object of class 'GD::Image' isa 'GD::Image'
ok 14 - _read_logo_file succeeds for png with file extension
ok 15 - An object of class 'GD::Image' isa 'GD::Image'
ok 16 - _read_logo_file succeeds for png without file extension
ok 17 - An object of class 'GD::Image' isa 'GD::Image'
ok 18 - _read_logo_file succeeds for png with alternate extension
ok 19 - An object of class 'GD::Image' isa 'GD::Image'
ok 20 - _read_logo_file succeeds for xbm with file extension
ok 21 - An object of class 'GD::Image' isa 'GD::Image'
not ok 22 - _read_logo_file succeeds for xbm without file extension
not ok 23 - undef isa 'GD::Image'
ok 24 - Skipping: GD *really* doesn't support importing XPM files
ok 25 - Skipping: GD *really* doesn't support importing XPM files
ok 26 - Skipping: GD *really* doesn't support importing XPM files
ok 27 - Skipping: GD *really* doesn't support importing XPM files
ok 28 - use GD::Graph::bars;
ok 29 - freakish divide-by-zero trick
ok 30 - No fatalities on the above
ok 31 - Survived 20792
ok 32 - and got a result
ok 33 - No timeout
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/33 subtests 


This is tracked upstream at https://rt.cpan.org/Ticket/Display.html?id=140940
and https://rt.cpan.org/Ticket/Display.html?id=140910


Cheers,
gregor


-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmH8Hw9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgbsZhAAurp7E0WDXHqB1PTcwOcOjHhUp8nvJDUlSxZyIFaoHAisJ9XFNynvRbs3
Z3qTSk50jmsQtEnUjAfQoW1QWnyRv2GCCiohcPx/8BPLjFL8/PLVhkIEX26QMTsh
nVlxwxlYeEWZxLTFyThWdlzHm49xOxAov4Iexe3vvyf5JZN3HcVsqYe3nprDW+8H
2QNL//Di12HRubFOGnkkYtDjOGuin7sDD+e083+CUabZHRlL/u9euOknZU2FvFh3
12SglgjdR4SOiJOOQ7OPUqwBJlllX0NYU629iILCwfJNDXJHTZUWZgqLt99vL2hm
NLYd9dMT1ZIqrtw4wNE1jC2JQbPh9+W1+PofcGltp+8ykgrc5mtqaz20tlgaP8I0
N8ts8LDxENVY5iFI0VweyQDeTG4wsG522v3WCRlpNqAuVJp7LxP9pDxY3CufDVS9
y09xKwznr6waDM8S4CnL4GCqOyQZw7D2TvEtl0hT/JwmsDcGgDEjD2wK2dgMiC6K
wn+DHSeDSvKt2m9MvFaA1QDiu9Ir0W78q0kLFosUyIcxUUy6UAthGOkSQ1NZpH3N
nl2+dX/S0bdksClNt5ir5hbuFYAJ/neJwv2n9hdmsRa3wRwS5ViPA76XZ1qLZkw7
ZkK2iOTc3YRwnU9mvxbUevExNFjQ2fjS2BmzW7jEz505xRXmrvE=
=9COu
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: libgd-graph-perl
Source-Version: 1.54~ds-3
Done: gregor herrmann 

We believe that the bug you reported is fixed in the latest version of
libgd-graph-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1004...@bugs.debian.org,
and the maintainer will reopen the bug rep

Bug#1004974: closing 1004974

2022-02-04 Thread Salvatore Bonaccorso 
close 1004974 0.7.git20210915-1
thanks

Fixed for unstable already in 0.7.git20210915-1.

Processed: closing 1004974

2022-02-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 1004974 0.7.git20210915-1
Bug #1004974 [atftpd] atftpd: Potential information leak in atftpd<0.7.5
Marked as fixed in versions atftp/0.7.git20210915-1.
Bug #1004974 [atftpd] atftpd: Potential information leak in atftpd<0.7.5
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1004974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004974
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Bug#1004926 marked as pending in libgd-graph-perl

2022-02-04 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 pending
Bug #1004926 [src:libgd-graph-perl] libgd-graph-perl: FTBFS with libgd-perl >= 
2.75
Added tag(s) pending.

-- 
1004926: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004926
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004926: marked as pending in libgd-graph-perl

2022-02-04 Thread gregor herrmann 
Control: tag -1 pending

Hello,

Bug #1004926 in libgd-graph-perl reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/perl-team/modules/packages/libgd-graph-perl/-/commit/2dd0741e59798eaa44c7b27eca76bb2488e79bf8


Add patch from upstream pull request for GD compatibility.

Closes: #1004926


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1004926

Processed: found 1004974 in 0.7.git20120829-3.2~deb10u2

2022-02-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 1004974 0.7.git20120829-3.2~deb10u2
Bug #1004974 [atftpd] atftpd: Potential information leak in atftpd<0.7.5
Marked as found in versions atftp/0.7.git20120829-3.2~deb10u2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1004974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004974
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 1004974 in 0.7.git20120829-3.3

2022-02-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 1004974 0.7.git20120829-3.3
Bug #1004974 [atftpd] atftpd: Potential information leak in atftpd<0.7.5
Marked as found in versions atftp/0.7.git20120829-3.3.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1004974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004974
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004974: atftpd: Potential information leak in atftpd<0.7.5

2022-02-04 Thread Andreas B. Mundt 
Control: patch -1


Hi,

many thanks for the report and the information provided!

>* What led up to the situation?
> During a research project we have found a potential information leak
> in the atftpd daemon from package atftpd, where malformed requests can
> lead to a (partial) leak of the contents of /etc/group. 

> […]

> It appears that this bug has been fixed upstream (commit
> 9cf799c40738722001552618518279e9f0ef62e5), and the fix is already
> included in atftpd version 0.7.git20210915-3 in debian testing).
> Yet we were able to reproduce this behavior on debian stable/bullseye 
> (atftpd version 0.7.git20120829-3.3+deb11u1) and debian oldstable/buster 
> (atftpd version 0.7.git20120829-3.2~deb10u2).

I've prepared packages with the cherry-picked patch for
  bullseye (0.7.git20120829-3.3+deb11u2) and
  buster (0.7.git20120829-3.2~deb10u3).
Nothing has been uploaded yet to coordinate with the security team first,
debdiff attached.

Best Regards, 

  Andi

diff -u atftp-0.7.git20120829/debian/changelog 
atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,10 @@
+atftp (0.7.git20120829-3.3+deb11u2) bullseye; urgency=medium
+
+  * Cherry pick 9cf799 from upstream to fix read-past-end-of-array.
+(Closes: #1004974)
+
+ -- Andreas B. Mundt   Fri, 04 Feb 2022 18:09:05 +0100
+
 atftp (0.7.git20120829-3.3+deb11u1) bullseye; urgency=medium
 
   * Fix for CVE-2021-41054 (Closes: #994895)
diff -u atftp-0.7.git20120829/options.c atftp-0.7.git20120829/options.c
--- atftp-0.7.git20120829/options.c
+++ atftp-0.7.git20120829/options.c
@@ -43,6 +43,12 @@
  struct tftphdr *tftp_data = (struct tftphdr *)data;
  size_t size = data_size - sizeof(tftp_data->th_opcode);
 
+ /* sanity check - requests always end in a null byte,
+  * check to prevent argz_next from reading past the end of
+  * data, as it doesn't do bounds checks */
+ if (data_size == 0 || data[data_size-1] != '\0')
+  return ERR;
+
  /* read filename */
  entry = argz_next(tftp_data->th_stuff, size, entry);
  if (!entry)
@@ -79,6 +85,12 @@
  struct tftphdr *tftp_data = (struct tftphdr *)data;
  size_t size = data_size - sizeof(tftp_data->th_opcode);
 
+ /* sanity check - options always end in a null byte,
+  * check to prevent argz_next from reading past the end of
+  * data, as it doesn't do bounds checks */
+ if (data_size == 0 || data[data_size-1] != '\0')
+  return ERR;
+
  while ((entry = argz_next(tftp_data->th_stuff, size, entry)))
  {
   tmp = entry;
diff -u atftp-0.7.git20120829/debian/changelog 
atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,10 @@
+atftp (0.7.git20120829-3.2~deb10u3) buster; urgency=medium
+
+  * Cherry pick 9cf799 from upstream to fix read-past-end-of-array.
+(Closes: #1004974)
+
+ -- Andreas B. Mundt   Fri, 04 Feb 2022 18:47:25 +0100
+
 atftp (0.7.git20120829-3.2~deb10u2) buster; urgency=medium
 
   * Fix for CVE-2021-41054 (Closes: #994895)
diff -u atftp-0.7.git20120829/options.c atftp-0.7.git20120829/options.c
--- atftp-0.7.git20120829/options.c
+++ atftp-0.7.git20120829/options.c
@@ -43,6 +43,12 @@
  struct tftphdr *tftp_data = (struct tftphdr *)data;
  size_t size = data_size - sizeof(tftp_data->th_opcode);
 
+ /* sanity check - requests always end in a null byte,
+  * check to prevent argz_next from reading past the end of
+  * data, as it doesn't do bounds checks */
+ if (data_size == 0 || data[data_size-1] != '\0')
+  return ERR;
+
  /* read filename */
  entry = argz_next(tftp_data->th_stuff, size, entry);
  if (!entry)
@@ -79,6 +85,12 @@
  struct tftphdr *tftp_data = (struct tftphdr *)data;
  size_t size = data_size - sizeof(tftp_data->th_opcode);
 
+ /* sanity check - options always end in a null byte,
+  * check to prevent argz_next from reading past the end of
+  * data, as it doesn't do bounds checks */
+ if (data_size == 0 || data[data_size-1] != '\0')
+  return ERR;
+
  while ((entry = argz_next(tftp_data->th_stuff, size, entry)))
  {
   tmp = entry;

Bug#1004978: wrong connection between copyright holder and license

2022-02-04 Thread Thorsten Alteholz 

Package: lxc
Severity: serious
User: alteh...@debian.org
Usertags: ftp
thanks

Hi,

after the last REJECT of lxc 4.0.11-1~exp1 due to missing copyright holder 
in debian/copyright, the names have been added but the corresponding 
licenses are wrong.
Wolfgang Bumiller and Adrian Reber licensed their contribution under GPL-2 
only, Daniel Lezcano licensed his contribution under an LGPL.


Please rework your debian/copyright for the current version and also 
check the contents for other releases.


Thanks!
  Thorsten

Bug#1004972: atd forgets to run a job in the queue

2022-02-04 Thread Vincent Lefevre 
On 2022-02-04 18:57:27 +0100, Vincent Lefevre wrote:
> 2. Due to the above minor issue, the timer was set at the present
>time 18:43:00 (1643996580). But for some reason, the pause()
>that follows it is not interrupted. This is the real issue.
>This also makes the patched "at" unreliable as this yields a
>race condition: the timer may still expire before pause() is
>called, though this is normally rather unlikely, I think.

Well, according to the timer_create(2) man page, that's a sleep()
that should be used, not pause().

New patch attached, which also fixes another issue when
HAVE_CLOCK_GETTIME is not defined: in atd_setalarm(), the value
of the subtraction could be negative (unexpected, but possible),
then implicitly converted to unsigned int for sleep(), which is
obviously incorrect.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Index: at-3.2.4/atd.c
===
--- at-3.2.4.orig/atd.c
+++ at-3.2.4/atd.c
@@ -804,7 +804,7 @@ void atd_setalarm(time_t next)
 {
 timeout.it_value.tv_sec = next;
 timer_settime(timer, TIMER_ABSTIME, &timeout, NULL);
-pause();
+sleep(next - now);
 }
 #else
 void timer_setup()
@@ -818,7 +818,7 @@ time_t atd_gettime()
 
 void atd_setalarm(time_t next)
 {
-sleep(next - atd_gettime());
+sleep(next - now);
 }
 #endif
 /* Global functions */
@@ -953,7 +953,7 @@ main(int argc, char *argv[])
 daemon_setup();
 
 do {
-	now = time(NULL);
+	now = atd_gettime();
 	next_invocation = run_loop();
 	if ((next_invocation > now) && (!hupped)) {
 	atd_setalarm(next_invocation);

Bug#1004972: atd forgets to run a job in the queue

2022-02-04 Thread Vincent Lefevre 
On 2022-02-04 18:01:34 +0100, Vincent Lefevre wrote:
> So it seems that there is some randomness in the reproducibility,
> but with the patched "at" and many others tests to try to make
> the new job appear at the end (which I couldn't succeed, but this
> seems to be useless anyway), I couldn't reproduce the bug at all
> (but why???).

After adding some logging to the unpatched "at", i.e. with the
remaining "now = time(NULL);":

Feb 04 18:42:36 zira atd[72429]: now = 1643996556
Feb 04 18:42:36 zira atd[72429]: run_time = 1643996580
Feb 04 18:42:36 zira atd[72429]: run_time = 1644876000
Feb 04 18:42:36 zira atd[72429]: run_time = 1644912000
Feb 04 18:42:36 zira atd[72429]: next_invocation = 1643996580
Feb 04 18:43:00 zira atd[72429]: now = 1643996579
Feb 04 18:43:00 zira atd[72429]: run_time = 1643996580
Feb 04 18:43:00 zira atd[72429]: run_time = 1644876000
Feb 04 18:43:00 zira atd[72429]: run_time = 1644912000
Feb 04 18:43:00 zira atd[72429]: next_invocation = 1643996580

There are 2 causes:

1. time(NULL) and clock_gettime(CLOCK_REALTIME,...) may have a
   one-second shift. So, at 18:43:00, "now" was still seen at
   18:42:59; thus the job that should have run at 18:43:00 was
   still seen as being in the future. Not a real issue, except
   inefficiency, thanks to the loop, which should take care of
   that.

2. Due to the above minor issue, the timer was set at the present
   time 18:43:00 (1643996580). But for some reason, the pause()
   that follows it is not interrupted. This is the real issue.
   This also makes the patched "at" unreliable as this yields a
   race condition: the timer may still expire before pause() is
   called, though this is normally rather unlikely, I think.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#986709: rsnapshot is stable, not dead

2022-02-04 Thread Boyuan Yang 
Hi Michael,

On Fri, 1 Oct 2021 10:29:27 -0500 Michael Lustfield 
wrote:
> [ moving back to rsnapshot ]
> 
> > [...]
> > Debian package. The only bug of "serious" severity classification is 
> > this one. But when my uninformed assessment is at odds with an actual 
> > Debian maintainer, I have no choice but to assume that there is an 
> > important factor which I am blind to.<<
> 
> There are definitely options; I'm just one person with an opinion. It's
> entirely possible all of my previous reasoning has been permanently fixed
and
> I'm just too jaded to see that. If such a scenario were to be our present
case,
> then it would be very easy for someone else to just hop in, grab this, and
> maintain (own) it indefinitely (... or until such time it must be retired).
> 
>   ^ This could be you, anyone that commented on this thread, etc.
> 
> If, however, my $super_notsosecret reasoning still holds water,
> then... that won't be so easy and it becomes a self-solving problem.
> 
> >>I understand that it's not your 
> > responsibility to teach me just to satisfy my idle curiosity, so we can 
> > leave it at that.
> 
> It's actually very difficult for me to not launch into a long-winded rant,
so
> thank-you for prompting me to provide this additional explanation.

I heard of this issue around rsnapshot in Debian in recent months from various
information sources. While I completely understand your opinion, this looks
like another unexpected consequence due to Debian's strong package maintenance
ownership. I am not against your decision, but I am wondering if the following
actions would work for you:

1) Package the latest rsnapshot release 1.4.4 as-is, but still keep this RC
bug open since it is not considered suitable for Stable release, or

2) Orphan package rsnapshot since you find this software not maintainable, or

3) Remove it from Debian archive as you originally planned.

My personal thought is that some actions would be better than getting stuck
here, and I am also interested in the next step. At least I believe doing
nothing does not fall into the category of package maintenance.

Thanks,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#1003674: php-sabre-vobject: (autopkgtest) needs update for php8.1: ValueError: Epoch doesn't fit in a PHP integer

2022-02-04 Thread Krüger 
Hello all,

this does not seem to be a PHP problem, but a Y2038 problem of the 32bit 
architectures.

The same problem with other projects:

https://externals.io/message/112808
https://github.com/Kovah/LinkAce/issues/255

Yours sincerely Sebastian

Bug#1004972: atd forgets to run a job in the queue

2022-02-04 Thread Vincent Lefevre 
On 2022-02-04 17:27:37 +0100, Vincent Lefevre wrote:
> It seems to solve the bug, but this is surprising as these functions
> should be equivalent.
> 
> However, in my tests, atq showed:
> 
> 502 Mon Feb 14 23:00:00 2022 a vinc17
> 511 Fri Feb  4 17:10:00 2022 a vinc17
> 503 Tue Feb 15 09:00:00 2022 a vinc17
> 
> 512 Fri Feb  4 17:12:00 2022 a vinc17
> 502 Mon Feb 14 23:00:00 2022 a vinc17
> 503 Tue Feb 15 09:00:00 2022 a vinc17
> 
> 513 Fri Feb  4 17:24:00 2022 a vinc17
> 502 Mon Feb 14 23:00:00 2022 a vinc17
> 503 Tue Feb 15 09:00:00 2022 a vinc17
> 
> 514 Fri Feb  4 17:26:00 2022 a vinc17
> 502 Mon Feb 14 23:00:00 2022 a vinc17
> 503 Tue Feb 15 09:00:00 2022 a vinc17
> 
> i.e. in all these cases, the new job was not shown last by atq.
> I don't know whether this has an influence.

With the unpatched "at", for

522 Fri Feb  4 17:54:00 2022 a vinc17
502 Mon Feb 14 23:00:00 2022 a vinc17
503 Tue Feb 15 09:00:00 2022 a vinc17

the job was taken into account. But for

523 Fri Feb  4 17:55:00 2022 a vinc17
502 Mon Feb 14 23:00:00 2022 a vinc17
503 Tue Feb 15 09:00:00 2022 a vinc17

it isn't (and it is still in the queue at 18:01).

So it seems that there is some randomness in the reproducibility,
but with the patched "at" and many others tests to try to make
the new job appear at the end (which I couldn't succeed, but this
seems to be useless anyway), I couldn't reproduce the bug at all
(but why???).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Processed: tagging 1002394

2022-02-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 1002394 + pending
Bug #1002394 [src:tinydb] tinydb: FTBFS: dh_auto_test: error: pybuild --test 
--test-pytest -i python{version} -p "3.10 3.9" returned exit code 13
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1002394: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002394
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004972: atd forgets to run a job in the queue

2022-02-04 Thread Vincent Lefevre 
On 2022-02-04 17:02:08 +0100, Vincent Lefevre wrote:
> Well, in the atd source, there are inconsistencies in the time
> functions. I can try to have a closer look and make a patch...

The attached patch solves an inconsistency by replacing a remaining
"time(NULL)" by "atd_gettime()". I suppose that this should have
been done in commit 6a3f0cd094717e098803f913e76a3499341cdaf3.

It seems to solve the bug, but this is surprising as these functions
should be equivalent.

However, in my tests, atq showed:

502 Mon Feb 14 23:00:00 2022 a vinc17
511 Fri Feb  4 17:10:00 2022 a vinc17
503 Tue Feb 15 09:00:00 2022 a vinc17

512 Fri Feb  4 17:12:00 2022 a vinc17
502 Mon Feb 14 23:00:00 2022 a vinc17
503 Tue Feb 15 09:00:00 2022 a vinc17

513 Fri Feb  4 17:24:00 2022 a vinc17
502 Mon Feb 14 23:00:00 2022 a vinc17
503 Tue Feb 15 09:00:00 2022 a vinc17

514 Fri Feb  4 17:26:00 2022 a vinc17
502 Mon Feb 14 23:00:00 2022 a vinc17
503 Tue Feb 15 09:00:00 2022 a vinc17

i.e. in all these cases, the new job was not shown last by atq.
I don't know whether this has an influence.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Index: b/atd.c
===
--- a/atd.c
+++ b/atd.c
@@ -953,7 +953,7 @@ main(int argc, char *argv[])
 daemon_setup();
 
 do {
-	now = time(NULL);
+	now = atd_gettime();
 	next_invocation = run_loop();
 	if ((next_invocation > now) && (!hupped)) {
 	atd_setalarm(next_invocation);

Bug#1004972: atd forgets to run a job in the queue

2022-02-04 Thread Vincent Lefevre 
Well, in the atd source, there are inconsistencies in the time
functions. I can try to have a closer look and make a patch...

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1004974: atftpd: Potential information leak in atftpd<0.7.5

2022-02-04 Thread Johannes Krupp 
Package: atftpd
Version: 0.7.git20120829-3.3+deb11u1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: debian_f7b...@jkrupp.de, Debian Security Team 


Dear Maintainer,

   * What led up to the situation?
During a research project we have found a potential information leak in the 
atftpd daemon from package atftpd, where malformed requests can lead to a 
(partial) leak of the contents of /etc/group.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Sent the following (malformed) packet:
```
: 0001 006e 6574 6173 6369 6900 7473 697a  ...netascii.tsiz
0010: 6500 78  e.x
```

   * What was the outcome of this action?
A freshly started atfptd server replies with a packet containing contents of 
/etc/group
```
: 0006 7473 697a 6500 7831 3a0a 6269 6e3a  ..tsize.x1:.bin:
0010: 783a 323a 0a73 7973 3a78 3a33 3a0a 6164  x:2:.sys:x:3:.ad
0020: 6d3a 783a 343a 0a74 7479 3a78 3a35 3a0a  m:x:4:.tty:x:5:.
0030: 6469 736b 3a78 3a36 3a0a 6c70 3a78 3a37  disk:x:6:.lp:x:7
0040: 3a0a 6d61 696c 3a78 3a38 3a0a 6e65 7773  :.mail:x:8:.news
0050: 3a78 3a39 3a0a 7575 6370 3a78 3a31 303a  :x:9:.uucp:x:10:
0060: 0a6d 616e 3a78 3a31 323a 0a70 726f 7879  .man:x:12:.proxy
0070: 3a78 3a31 333a 0a6b 6d65 6d3a 783a 3135  :x:13:.kmem:x:15
0080: 3a0a 6469 616c 6f75 743a 783a 3230 3a0a  :.dialout:x:20:.
0090: 6661 783a 783a 3231 3a0a 766f 6963 653a  fax:x:21:.voice:
00a0: 783a 3232 3a0a 6364 726f 6d3a 783a 3234  x:22:.cdrom:x:24
00b0: 3a0a 666c 6f70 7079 3a78 3a32 353a 0a74  :.floppy:x:25:.t
00c0: 6170 653a 783a 3236 3a0a 7375 646f 3a78  ape:x:26:.sudo:x
00d0: 3a32 373a 0a61 7564 696f 3a78 3a32 393a  :27:.audio:x:29:
00e0: 0a64 6970 3a78 3a33 303a 0a77  2d64  .dip:x:30:.www-d
00f0: 6174 613a 783a  3a0a 6261 636b 7570  ata:x:33:.backup
0100: 3a78 3a33 343a 0a00  :x:34:..
```

   * What outcome did you expect instead?
No response or an error message from the server.

It appears that this bug has been fixed upstream (commit
9cf799c40738722001552618518279e9f0ef62e5), and the fix is already
included in atftpd version 0.7.git20210915-3 in debian testing).
Yet we were able to reproduce this behavior on debian stable/bullseye 
(atftpd version 0.7.git20120829-3.3+deb11u1) and debian oldstable/buster 
(atftpd version 0.7.git20120829-3.2~deb10u2).

Further, the issue appears to only occur when running atftpd in
standalone mode (--daemon, not via inetd), and only on the very first
request, as the buffer containing /etc/group data is overwritten by the
new request.

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-9-amd64 (SMP w/1 CPU thread)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages atftpd depends on:
ii  debconf [debconf-2.0]  1.5.77
ii  libc6  2.31-13+deb11u2
ii  libpcre3   2:8.39-13
ii  libwrap0   7.6.q-31
ii  lsb-base   11.1.0
ii  tcpd   7.6.q-31
ii  update-inetd   4.51

Versions of packages atftpd recommends:
ii  rlinetd [inet-superserver]  0.9.3-1

Versions of packages atftpd suggests:
ii  logrotate  3.18.0-2

-- debconf information:
  atftpd/mcast_addr: 239.239.239.0-255
  atftpd/multicast: true
  atftpd/logfile: /var/log/atftpd.log
  atftpd/maxthread: 100
  atftpd/tftpd-timeout: 300
  atftpd/logtofile: false
  atftpd/tsize: true
  atftpd/ttl: 1
  atftpd/basedir: /srv/tftp
  atftpd/blksize: true
  atftpd/verbosity: 5 (LOG_NOTICE)
  atftpd/port: 69
  atftpd/mcast_port: 1758
  atftpd/use_inetd: true
  atftpd/retry-timeout: 5
  atftpd/timeout: true

Bug#1004972: atd forgets to run a job in the queue

2022-02-04 Thread Vincent Lefevre 
On 2022-02-04 16:31:17 +0100, Vincent Lefevre wrote:
> The job got run as soon as I submitted a new job. But again, this
> new job remained in the queue after the scheduled time. I'm wondering
> whether the cause is the existing jobs that are already in the queue,
> but scheduled later; there's possibly broken logic there.
> 
> This makes "at" completely unreliable.

This is a regression: downgrading to at 3.1.23-1.1 makes the
forgotten job run, and if I try again, I no longer get this
problem. But after upgrading again to at 3.2.4-2 and trying
again, the problem reappeared.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Processed: Re: atd forgets to run a job in the queue

2022-02-04 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 grave
Bug #1004972 [at] atd forgets to run a job in the queue
Severity set to 'grave' from 'important'

-- 
1004972: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004972
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004902: marked as done (openrct2: FTBFS TTF.cpp:358:32: error: invalid conversion from 'const TTF_Font*' to 'TTF_Font*')

2022-02-04 Thread Debian Bug Tracking System 
Your message dated Fri, 04 Feb 2022 14:38:06 +
with message-id 
and subject line Bug#1004902: fixed in openrct2 0.3.5.1+ds-3
has caused the Debian Bug report #1004902,
regarding openrct2: FTBFS TTF.cpp:358:32: error: invalid conversion from 'const 
TTF_Font*' to 'TTF_Font*'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1004902: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004902
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openrct2
Version: 0.3.5.1+ds-2
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)

Hi,

openrct2 recently started to FTBFS, probably due to a change in a build
dependency:

/build/openrct2-0.3.5.1+ds/src/openrct2/drawing/TTF.cpp: In function 'bool 
ttf_provides_glyph(const TTF_Font*, codepoint_t)':
/build/openrct2-0.3.5.1+ds/src/openrct2/drawing/TTF.cpp:358:32: error: invalid 
conversion from 'const TTF_Font*' to 'TTF_Font*' [-fpermissive]
  358 | return TTF_GlyphIsProvided(font, codepoint);
  |^~~~
  ||
  |const TTF_Font*
In file included from 
/build/openrct2-0.3.5.1+ds/src/openrct2/drawing/../config/../drawing/Font.h:10,
 from 
/build/openrct2-0.3.5.1+ds/src/openrct2/drawing/../config/../drawing/Drawing.h:16,
 from 
/build/openrct2-0.3.5.1+ds/src/openrct2/drawing/../config/Config.h:13,
 from 
/build/openrct2-0.3.5.1+ds/src/openrct2/drawing/TTF.cpp:21:
/usr/include/SDL2/SDL_ttf.h:184:59: note:   initializing argument 1 of 'int 
TTF_GlyphIsProvided(TTF_Font*, Uint16)'
  184 | extern DECLSPEC int SDLCALL TTF_GlyphIsProvided(TTF_Font *font, Uint16 
ch);
  | ~~^~~~
make[3]: *** [CMakeFiles/libopenrct2.dir/build.make:2347: 
CMakeFiles/libopenrct2.dir/src/openrct2/drawing/TTF.cpp.o] Error 1


I have a successful build from Jan 07, the most "promising" build dependency
change since then seems to be

-Setting up libsdl2-ttf-2.0-0:amd64 (2.0.15+dfsg1-2) ...^M
+Setting up libsdl2-ttf-2.0-0:amd64 (2.0.18+dfsg-2) ...^M

-Setting up libsdl2-ttf-dev:amd64 (2.0.15+dfsg1-2) ...^M
+Setting up libsdl2-ttf-dev:amd64 (2.0.18+dfsg-2) ...^M


Andreas


openrct2_0.3.5.1+ds-2.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: openrct2
Source-Version: 0.3.5.1+ds-3
Done: Mathias Gibbens 

We believe that the bug you reported is fixed in the latest version of
openrct2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1004...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mathias Gibbens  (supplier of updated openrct2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 04 Feb 2022 01:34:13 +
Source: openrct2
Architecture: source
Version: 0.3.5.1+ds-3
Distribution: unstable
Urgency: medium
Maintainer: Mathias Gibbens 
Changed-By: Mathias Gibbens 
Closes: 1004902
Changes:
 openrct2 (0.3.5.1+ds-3) unstable; urgency=medium
 .
   * Update d/control to only list little-endian architectures
   * Fix FTBFS in unstable (Closes: #1004902)
   * Add d/gbp.conf
   * Update years in d/copyright
Checksums-Sha1:
 72df9ba06ab0d0e03e3aa5604875379b14f7f335 2344 openrct2_0.3.5.1+ds-3.dsc
 7cd6a08b227509be93fad1f842cced6dc5297392 12132 
openrct2_0.3.5.1+ds-3.debian.tar.xz
 a82ec7c6ae63f3e2c79ee6ec27ad5e686fe5aafb 12804 
openrct2_0.3.5.1+ds-3_source.buildinfo
Checksums-Sha256:
 a7bfd0c749fecebc95edb34cbdf0ce067166729a08e84261dd0716402f30c781 2344 
openrct2_0.3.5.1+ds-3.dsc
 c316122ba55af53cf9abd1f3f3fcb7375bab1786f3f9a009813de23c6ee2deda 12132 
openrct2_0.3.5.1+ds-3.debian.tar.xz
 86128e5ea19549a8dbdf4d77a616382bf378a6ef8303c9f26efc77713d4033fa 12804 
openrct2_0.3.5.1+ds-3_source.buildinfo
Files:
 0849e3e4c51fecd30c0d7dbd506dbe4b 2344 contrib/games optional 
openrct2_0.3.5.1+ds-3.dsc
 c04ce16b17fb8755db5042f389b24476 12132 contrib/games optional 
openrct2_0.3.5.1+ds-3.debian.tar.xz
 91dc3bf6832fa80ea874390197f5d277 12804 contrib/games optional 
openrct2_0.3.5.1+ds-3_source.buildinfo

-

Bug#997933: me too

2022-02-04 Thread Joey Hess 
Seeing this bug after upgrade. My imap server is dovecot.

-- 
see shy jo


signature.asc
Description: PGP signature

Processed: tagging 1004963

2022-02-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 1004963 + upstream
Bug #1004963 [src:libde265] CVE-2020-21598 CVE-2020-21600 CVE-2020-21602
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1004963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004963
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004964: lbzip2: Current package (version 2.5-2.2) is empty besides /usr/share/doc folder. No binary.

2022-02-04 Thread Marcus Jodorf 
Package: lbzip2
Version: 2.5-2.2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

current package is broken.
Executable is missing.

Best

Marcus Jodorf


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Bug#1004963: CVE-2020-21598 CVE-2020-21600 CVE-2020-21602

2022-02-04 Thread Moritz Muehlenhoff 
Source: libde265
Version: 1.0.8-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

CVE-2020-21602:
https://github.com/strukturag/libde265/issues/242

CVE-2020-21600:
https://github.com/strukturag/libde265/issues/243

CVE-2020-21598:
https://github.com/strukturag/libde265/issues/237

Bug#1004956: graphviz: FTBFS: These bindings need PHP7

2022-02-04 Thread Sebastiaan Couwenberg 

On Fri, 4 Feb 2022 10:41:23 + Niko Tyni  wrote:

Looking at the build history there, the PHP 8.1 transition seems to fit
the timeline.

It's actually swig that doesn't support PHP 8 yet, see:

 https://bugs.debian.org/1003479

Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#1004330: makes the package useless with PHP 8

2022-02-04 Thread Francesco Potortì 
The most urgent thing now is to mark the current dokuwiki package and php8 as 
incompatible, so people don't keep falling here until a solution is out.

Bug#1004330: makes the package useless with PHP 8

2022-02-04 Thread Francesco Potortì 
>I have a more or less working package of the most recent upstream
>release plus one or two patches at
>https://salsa.debian.org/abe/dokuwiki
>
>It runs in production on https://swissmk.ch/

I'd be happy to try it.  However after tweaking with the code I managed to have 
it almost working.  The only thing that I found not working  is generation and 
sending of email: the recipient is empty and the email bounces.  Snce this 
problem does not cause an error or warning for me to read in the logs, I have 
not found the culprit.

So I have enough incentives to try out a new version.  I am writing to you in 
private.

-- 
Francesco Potortì (ricercatore)Voice:  +39.050.621.3058
ISTI - Area della ricerca CNR  Mobile: +39.348.8283.107
via G. Moruzzi 1, I-56124 Pisa Skype:  wnlabisti
(gate 20, 1st floor, room C71) Web:http://fly.isti.cnr.it

Bug#1004956: graphviz: FTBFS: These bindings need PHP7

2022-02-04 Thread Niko Tyni 
Source: graphviz
Version: 2.42.2-5
Severity: serious
Tags: ftbfs sid bookworm
Control: block 1003176 with -1

This package fails to build from source on current sid, and apparently
testing as well.

Build logs can be found at

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/graphviz.html

Looking at the build history there, the PHP 8.1 transition seems to fit
the timeline.

Excerpt:

  gv_php.cpp:772:3: error: #error These bindings need PHP7 - to generate PHP5 
bindings use: SWIG < 4.0.0 and swig -php5
772 | # error These bindings need PHP7 - to generate PHP5 bindings use: 
SWIG < 4.0.0 and swig -php5
|   ^
  gv_php.cpp: In function 'int SWIG_ConvertPtr(zval*, void**, swig_type_info*, 
int)':
  gv_php.cpp:963:54: error: cannot convert 'zval*' {aka '_zval_struct*'} to 
'zend_object*' {aka '_zend_object*'} in argument passing
963 |   HashTable * ht = Z_OBJ_HT_P(z)->get_properties(z);
|  ^
|  |
|  zval* {aka 
_zval_struct*}
  gv_php.cpp: At global scope:
  gv_php.cpp:5405:2: error: 'ZEND_ARG_PASS_INFO' was not declared in this 
scope; did you mean 'ZEND_ARG_OBJ_INFO'?
 
-- 
Niko Tyni   nt...@debian.org

Processed: graphviz: FTBFS: These bindings need PHP7

2022-02-04 Thread Debian Bug Tracking System 
Processing control commands:

> block 1003176 with -1
Bug #1003176 [release.debian.org] transition: perl 5.34
1003176 was blocked by: 997267 1002681 1002093 997189
1003176 was not blocking any bugs.
Added blocking bug(s) of 1003176: 1004956

-- 
1003176: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003176
1004956: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004956
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1004953: marked as done (emscripten: attempts internet communication during build)

2022-02-04 Thread Debian Bug Tracking System 
Your message dated Fri, 04 Feb 2022 10:33:57 +
with message-id 
and subject line Bug#1004953: fixed in emscripten 3.1.3~dfsg-4
has caused the Debian Bug report #1004953,
regarding emscripten: attempts internet communication during build
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1004953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004953
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: emscripten
Version: 3.1.3~dfsg-2
Severity: serious

Hello, looks like a new test (test_sdl2_ttf) is trying to reach github during 
build

see 
https://launchpadlibrarian.net/583868498/buildlog_ubuntu-jammy-amd64.emscripten_3.1.3~dfsg-2ubuntu1_BUILDING.txt.gz



test_sdl2_mixer_wav (test_other.other) ... skipped 'requested to be skipped'
test_sdl2_linkable (test_other.other) ... skipped 'requested to be skipped'
test_sdl2_gfx_linkable (test_other.other) ... skipped 'requested to be skipped'
['--version'] 2.0.10
via emmake
ports:INFO: retrieving port: freetype from 
https://github.com/emscripten-ports/FreeType/archive/version_1.zip
['--cflags'] -s USE_SDL=2
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 169, in 
_new_conn
conn = connection.create_connection(
  File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 73, in 
create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
  File "/usr/lib/python3.10/socket.py", line 955, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in 
urlopen
httplib_response = self._make_request(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in 
_make_request
self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, 
in _validate_conn
conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 353, in 
connect
conn = self._new_conn()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 181, in 
_new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno -2] Name or 
service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in 
urlopen
retries = retries.increment(
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in 
increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='github.com', port=443): 
Max retries exceeded with url: /emscripten-ports/FreeType/archive/version_1.zip 
(Caused by NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service 
not known'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/<>/emcc.py", line 3950, in 
sys.exit(main(sys.argv))
  File "/usr/lib/python3.10/contextlib.py", line 79, in inner
return func(*args, **kwds)
  File "/<>/emcc.py", line 3943, in main
ret = run(args)
  File "/<>/emcc.py", line 1145, in run
via emmake
linker_inputs = phase_compile_inputs(options, state, newargs, input_files)
  File "/usr/lib/python3.10/contextlib.py", line 79, in inner
return func(*args, **kwds)
  File "/<>/emcc.py", line 2672, in phase_compile_inputs
compile_source_file(i, input_file)
  File "/<>/emcc.py", line 2652, in compile_source_file
cmd = get_clang_command(input_file)
  File "/<>/emcc.py", line 2593, in get_clang_command
return get_compiler(src_file) + get_cflags(state.orig_args) + compile_args 
+ [src_file]
  File "/<>/emcc.py", line 898, in get_cflags
ports.add_cflags(cflags, settings)
  File "/<>/tools/ports/__init__.py", line 364, in add_cflags
port.get(Ports, settings, shared)
  File "/<>/tools/ports/freetype.py", line 19, in get
ports.fetch_project('freetype', 
'https://github.com/emscripten-ports/FreeType/archive/' + TAG + '.zip', 
'FreeType-' + TAG, sha512hash=HASH)
  File "/<>/tools/ports/__init__.py", line 258, in fetch_project
retrieve()
  File "/<>/tools/po

Bug#1004953: marked as pending in emscripten

2022-02-04 Thread Jonas Smedegaard 
Control: tag -1 pending

Hello,

Bug #1004953 in emscripten reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/js-team/emscripten/-/commit/1097df128b09a02d72e60bbdb1ed57c811f1fe50


fix avoid tests test_sdl2_config test_sdl2_ttf requiring download of Emscripten 
port; closes: bug#1004953, thanks to Gianfranco Costamagna


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1004953

Processed: Bug#1004953 marked as pending in emscripten

2022-02-04 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 pending
Bug #1004953 [src:emscripten] emscripten: attempts internet communication 
during build
Added tag(s) pending.

-- 
1004953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004953
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#996048: marked as done (postfix-mta-sts-resolver: autopkgtest doesn't handle new version of ca-certificates nicely: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one ce

2022-02-04 Thread Debian Bug Tracking System 
Your message dated Fri, 04 Feb 2022 09:05:44 +
with message-id 
and subject line Bug#996048: fixed in postfix-mta-sts-resolver 1.1.2-1
has caused the Debian Bug report #996048,
regarding postfix-mta-sts-resolver: autopkgtest doesn't handle new version of 
ca-certificates nicely: rehash: warning: skipping ca-certificates.crt,it does 
not contain exactly one certificate or CRL
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
996048: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996048
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: postfix-mta-sts-resolver
Version: 1.0.0-4
Severity: serious
Tags: sid bookworm
User: debian...@lists.debian.org
Usertags: needs-update
Control: affects -1 src:ca-certificates

[X-Debbugs-CC: debian...@lists.debian.org,
ca-certifica...@packages.debian.org]

Dear maintainer(s),

With a recent upload of ca-certificates the autopkgtest of
postfix-mta-sts-resolver fails in testing when that autopkgtest is run
with the binary packages of ca-certificates from unstable. It passes
when run with only packages from testing. In tabular form:

 passfail
ca-certificates  from testing20211004
postfix-mta-sts-resolver from testing1.0.0-4
all others   from testingfrom testing

I copied some of the output at the bottom of this report. The *warning*
seems to be innocent, but causes the test to fail because by default
autopkgtest considers output on stderr as fatal (without the
allow-stderr restriction).

Currently this regression is blocking the migration of ca-certificates
to testing [1]. Of course, ca-certificates shouldn't just break your
autopkgtest (or even worse, your package), but it seems to me that the
change in ca-certificates was intended and your package needs to update
to the new situation.

If this is a real problem in your package (and not only in your
autopkgtest), the right binary package(s) from ca-certificates should
really add a versioned Breaks on the unfixed version of (one of your)
package(s). Note: the Breaks is nice even if the issue is only in the
autopkgtest as it helps the migration software to figure out the right
versions to combine in the tests.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=ca-certificates

https://ci.debian.net/data/autopkgtest/testing/amd64/p/postfix-mta-sts-resolver/15856707/log.gz

autopkgtest [19:39:52]: test run: [---
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain
exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
autopkgtest [19:40:04]: test run: ---]
autopkgtest [19:40:04]: test run:  - - - - - - - - - - results - - - - -
- - - - -
run  FAIL stderr: rehash: warning: skipping
ca-certificates.crt,it does not contain exactly one certificate or CRL



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: postfix-mta-sts-resolver
Source-Version: 1.1.2-1
Done: Marc Dequènes (Duck) 

We believe that the bug you reported is fixed in the latest version of
postfix-mta-sts-resolver, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 996...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Dequènes (Duck)  (supplier of updated 
postfix-mta-sts-resolver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 30 Jan 2022 20:13:57 +0100
Source: postfix-mta-sts-resolver
Architecture: source
Version: 1.1.2-1
Distribution: unstable
Urgency: medium
Maintainer: Benjamin Hof 
Changed-By: Marc Dequènes (Duck) 
Closes: 996048
Changes:
 postfix-mta-sts-resolver (1.1.2-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #996048)
   * Debian CI: testsuite now needs machine, not container.
   * Update salsa-ci.yml to currently recommended configuration.
   * Bump Standards-Versio

Bug#1004438: marked as done (reportbug: gstreamer1.0-plugins-bad 1.18.5-1+b4 has an invalid dependency on a contrib package)

2022-02-04 Thread Debian Bug Tracking System 
Your message dated Fri, 04 Feb 2022 10:34:24 +0200
with message-id 
and subject line Re: reportbug: gstreamer1.0-plugins-bad 1.18.5-1+b4 has an 
invalid dependency on a contrib package
has caused the Debian Bug report #1004438,
regarding reportbug: gstreamer1.0-plugins-bad 1.18.5-1+b4 has an invalid 
dependency on a contrib package
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1004438: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004438
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gstreamer1.0-plugins-bad
Version: 1.18.5-1+b4
Severity: serious
Justification: Policy 2.2.1
X-Debbugs-Cc: fgou...@free.fr

Dear Maintainer,

gstreamer1.0-plugins-bad is part of the main archive area. However in
Debian Testing's version 1.18.5-1+b4 it depends on
libgstreamer-gl1.0-0 which is now in the contrib archive area.

This is a violation of section 2.2.1 of the Policy which states that:

   None of the packages in the main archive area require software
   outside of that area to function.

So to fix this one of the following should be done:
* Demote this dependency to a 'Suggest', assuming the package is still
  usable without it.
* Remove the dependency entirely with the same caveat.
* Or libgstreamer-gl1.0-0 should be moved back to the main archive area.


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-10-amd64 (SMP w/36 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages gstreamer1.0-plugins-bad depends on:
ii  gstreamer1.0-plugins-base   1.18.5-1
ii  libaom3 3.2.0-2
ii  libass9 1:0.15.2-1
ii  libbs2b03.1.0+dfsg-2.2+b1
ii  libbz2-1.0  1.0.8-5
ii  libc6   2.33-3
ii  libcairo2   1.16.0-5
ii  libchromaprint1 1.5.1-1
ii  libcurl3-gnutls 7.81.0-1
ii  libdc1394-252.2.6-4
ii  libdca0 0.0.7-2
ii  libde265-0  1.0.8-1
ii  libdrm2 2.4.109-2
ii  libdvdnav4  6.1.1-1
ii  libdvdread8 6.1.2-1
ii  libfaad22.10.0-2
ii  libflite1   2.2-2
ii  libfluidsynth3  2.2.4-2
ii  libgcc-s1   11.2.0-14
ii  libglib2.0-02.70.2-1
ii  libgme0 0.6.3-2
ii  libgsm1 1.0.18-2
ii  libgstreamer-gl1.0-01.18.5-1
ii  libgstreamer-plugins-bad1.0-0   1.18.5-1+b4
ii  libgstreamer-plugins-base1.0-0  1.18.5-1
ii  libgstreamer1.0-0   1.18.5-1
ii  libgudev-1.0-0  237-2
ii  libilmbase252.5.7-2
ii  libkate10.4.1-11
ii  liblcms2-2  2.12~rc1-2
ii  liblilv-0-0 0.24.12-2
ii  libltc111.3.1-1
ii  libmfx1 22.1.0-1
ii  libmjpegutils-2.1-0 1:2.1.0+debian-6
ii  libmms0 0.6.4-3
ii  libmodplug1 1:0.8.9.0-3
ii  libmpcdec6  2:0.1~r495-2
ii  libmpeg2encpp-2.1-0 1:2.1.0+debian-6
ii  libmplex2-2.1-0 1:2.1.0+debian-6
ii  libnettle8  3.7.3-1
ii  libnice10   0.1.18-2
ii  libofa0 0.9.3-21
ii  libopenal1  1:1.19.1-2
ii  libopenexr252.5.7-1
ii  libopenjp2-72.4.0-6
ii  libopenmpt0 0.6.0-1
ii  libopenni2-02.2.0.33+dfsg-15
ii  libopus01.3.1-0.1
ii  liborc-0.4-01:0.4.32-2
ii  libpango-1.0-0  1.50.3+ds1-4
ii  libpangocairo-1.0-0 1.50.3+ds1-4
ii  librsvg2-2  2.50.7+dfsg-2
ii  librtmp12.4+20151223.gitfa8646d.1-2+b2
ii  libsbc1 1.5-3
ii  libsndfile1 1.0.31-2
ii  libsoundtouch1  2.3.1+ds1-1+b1
ii  libspandsp2 0.0.6+dfsg-2
ii  libsrt1.4-gnutls1.4.2-1.4
ii  libsrtp2-1  2.4.2-2
ii  libssl1.1   1.1.1m-1
ii  libstdc++6  11.2.0-14
ii  libusb-1.0-0

Bug#1004953: emscripten: attempts internet communication during build

2022-02-04 Thread Gianfranco Costamagna 

Source: emscripten
Version: 3.1.3~dfsg-2
Severity: serious

Hello, looks like a new test (test_sdl2_ttf) is trying to reach github during 
build

see 
https://launchpadlibrarian.net/583868498/buildlog_ubuntu-jammy-amd64.emscripten_3.1.3~dfsg-2ubuntu1_BUILDING.txt.gz



test_sdl2_mixer_wav (test_other.other) ... skipped 'requested to be skipped'
test_sdl2_linkable (test_other.other) ... skipped 'requested to be skipped'
test_sdl2_gfx_linkable (test_other.other) ... skipped 'requested to be skipped'
['--version'] 2.0.10
via emmake
ports:INFO: retrieving port: freetype from 
https://github.com/emscripten-ports/FreeType/archive/version_1.zip
['--cflags'] -s USE_SDL=2
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 169, in 
_new_conn
conn = connection.create_connection(
  File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 73, in 
create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
  File "/usr/lib/python3.10/socket.py", line 955, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in 
urlopen
httplib_response = self._make_request(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in 
_make_request
self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, 
in _validate_conn
conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 353, in 
connect
conn = self._new_conn()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 181, in 
_new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno -2] Name or 
service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in 
urlopen
retries = retries.increment(
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in 
increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='github.com', port=443): 
Max retries exceeded with url: /emscripten-ports/FreeType/archive/version_1.zip 
(Caused by NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service 
not known'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/<>/emcc.py", line 3950, in 
sys.exit(main(sys.argv))
  File "/usr/lib/python3.10/contextlib.py", line 79, in inner
return func(*args, **kwds)
  File "/<>/emcc.py", line 3943, in main
ret = run(args)
  File "/<>/emcc.py", line 1145, in run
via emmake
linker_inputs = phase_compile_inputs(options, state, newargs, input_files)
  File "/usr/lib/python3.10/contextlib.py", line 79, in inner
return func(*args, **kwds)
  File "/<>/emcc.py", line 2672, in phase_compile_inputs
compile_source_file(i, input_file)
  File "/<>/emcc.py", line 2652, in compile_source_file
cmd = get_clang_command(input_file)
  File "/<>/emcc.py", line 2593, in get_clang_command
return get_compiler(src_file) + get_cflags(state.orig_args) + compile_args 
+ [src_file]
  File "/<>/emcc.py", line 898, in get_cflags
ports.add_cflags(cflags, settings)
  File "/<>/tools/ports/__init__.py", line 364, in add_cflags
port.get(Ports, settings, shared)
  File "/<>/tools/ports/freetype.py", line 19, in get
ports.fetch_project('freetype', 
'https://github.com/emscripten-ports/FreeType/archive/' + TAG + '.zip', 
'FreeType-' + TAG, sha512hash=HASH)
  File "/<>/tools/ports/__init__.py", line 258, in fetch_project
retrieve()
  File "/<>/tools/ports/__init__.py", line 213, in retrieve
response = requests.get(url)
  File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in 
request
resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='github.com', 
port=443): Max retries exceeded with url: 
/