Bug#1041731: groff-base: "-" mapped as HYPHEN

[Russ Allbery]

Guillem Jover  writes:
> On Mon, 2023-08-14 at 14:18:51 +0200, Samuel Thibault wrote:

>> Yes, we'd ideally want to fix all manpages to have everything set
>> alright. But we have to do that before the release. And if that's not
>> complete, release with the
>> 
>> .char - \-
>> 
>> workaround.

> Whenever I've maintained man pages in roff I tend to be precise in
> the usage of - and \-, but TBH this has seemed like a lost battle,
> more so since at least lintian stopped emitting tags for it. And
> another problem which I think it's going to be very hard to fix is
> with man page generators from other formats, such as pod2man, where
> it currently has heuristics to determine when to use - or \-, but it
> does not currently has a way to accurately do this always.

Yes, I understand why upstream really wants to find a way to make the
distinction between a language hyphen and an ASCII hyphen to work.  They
are different characters in the *roff language, and in a proper
typesetting system such as troff is intended to be, it is important to
distinguish between them for the best output.

That said, I was surprised to see the attempt to go down this path again
given how many problems we had the last time, and I am quite dubious that
we will be successful.  Not only is this a fiddly point of *roff that a
lot of people writing man pages simply don't pay attention to, man pages
are also generated from a host of other formats that simply do not have
this distinction in their language and therefore *cannot* make this
distinction in generated *roff except by guessing.

Just to give you an idea of the sort of thing that I'm trying to maintain
in order to be "correct" about this distinction, here is the current code
from podlators:

s{
( (?:\G|^|\s|$NBSP) [\(\"]* [a-zA-Z] ) ( \\- )?
( (?: [a-zA-Z\']+ \\-)+ )
( [a-zA-Z\']+ ) (?= [\)\".?!,;:]* (?:\s|$NBSP|\Z|\\\ ) )
\b
} {
my ($prefix, $hyphen, $main, $suffix) = ($1, $2, $3, $4);
$hyphen ||= '';
$main =~ s/\\-/-/g;
$prefix . $hyphen . $main . $suffix;
}egx;

This is still obviously buggy, though.  For example, command names
mentioned in the text look like words with hyphens and I don't think
there's any real way to tell the difference.

I have to admit that I am somewhat tempted to at least make this
transformation optional and instead let people configure pod2man to simply
escape every single - character as \- in the output.  This is not
"correct", but I think it's more correct than what is happening now, and
it's at least consistent.  However, I have a note that I have to do this
translation or *roff will produce unacceptable output, and I don't
remember what problem there was that made me write that comment in the
first place.  Maybe the problem with breaking long lines with
lots-of-words-that-are-all-conncted-by-hyphens, although that's somewhat
rare.

My opinion is that the world of documents that are handled by man do not
encode meaningful distinctions between - and \-, and man should therefore
unify those characters.

-- 
Russ Allbery (r...@debian.org)  

Bug#1041731: groff-base: "-" mapped as HYPHEN

[Guillem Jover]

Hi!

[ CCed Russ for the pod2man side of this. ]

On Mon, 2023-08-14 at 14:18:51 +0200, Samuel Thibault wrote:
> I'm marking this important, and am tempted to raise it to serious...
> 
> The problem at stake is that we have already a hard time making
> newcomers read manpages. If they can't even trust copying/pasting lines
> from them, they will just definitely turn away, and we'll aggravate the
> schism between us olders and newcomers. Trust me from 20-year teaching
> experience...

This is not just copy, searching in formatted man pages from
within a pager or with grep for example does not work any more (well
you can always use «.» but that's rather unintuitive).

> Yes, we'd ideally want to fix all manpages to have everything set
> alright. But we have to do that before the release. And if that's not
> complete, release with the
> 
> .char - \-
> 
> workaround.

Whenever I've maintained man pages in roff I tend to be precise in
the usage of - and \-, but TBH this has seemed like a lost battle,
more so since at least lintian stopped emitting tags for it. And
another problem which I think it's going to be very hard to fix is
with man page generators from other formats, such as pod2man, where
it currently has heuristics to determine when to use - or \-, but it
does not currently has a way to accurately do this always.

> As in: maybe we can leave the symptom open until the freeze period, so
> that developers notice the issue and fix their bugs, and on the freeze
> period, introduce the workaround so that end users of the eventual
> released distribution don't get affected while we are still fixing the
> bugs.

While in an ideal world that might be good, I'm not sure this is worth
the pain, and fixing this (if deemed necessary) out of linting tags
seems like a better plan?

Thanks,
Guillem

Bug#1051592: Regression: Commit "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" breaks ruleset loading in linux-stable

[Pablo Neira Ayuso]

Hi Timo,

On Mon, Sep 11, 2023 at 11:37:50PM +0200, Timo Sigurdsson wrote:
> Hi,
> 
> recently, Debian updated their stable kernel from 6.1.38 to 6.1.52
> which broke nftables ruleset loading on one of my machines with lots
> of "Operation not supported" errors. I've reported this to the
> Debian project (see link below) and Salvatore Bonaccorso and I
> identified "netfilter: nf_tables: disallow rule addition to bound
> chain via NFTA_RULE_CHAIN_ID" (0ebc1064e487) as the offending commit
> that introduced the regression. Salvatore also found that this issue
> affects the 5.10 stable tree as well (observed in 5.10.191), but he
> cannot reproduce it on 6.4.13 and 6.5.2.
> 
> The issue only occurs with some rulesets. While I can't trigger it
> with simple/minimal rulesets that I use on some machines, it does
> occur with a more complex ruleset that has been in use for months
> (if not years, for large parts of it). I'm attaching a somewhat
> stripped down version of the ruleset from the machine I originally
> observed this issue on. It's still not a small or simple ruleset,
> but I'll try to reduce it further when I have more time.
> 
> The error messages shown when trying to load the ruleset don't seem
> to be helpful. Just two simple examples: Just to give two simple
> examples from the log when nftables fails to start:
> /etc/nftables.conf:99:4-44: Error: Could not process rule: Operation not 
> supported
> tcp option maxseg size 1-500 counter drop
> ^
> /etc/nftables.conf:308:4-27: Error: Could not process rule: Operation not 
> supported
> tcp dport sip-tls accept
> 

I can reproduce this issue with 5.10.191 and 6.1.52 and nftables v1.0.6,
this is not reproducible with v1.0.7 and v1.0.8.

> Since the issue only affects some stable trees, Salvatore thought it
> might be an incomplete backport that causes this.
> 
> If you need further information, please let me know.

Userspace nftables v1.0.6 generates incorrect bytecode that hits a new
kernel check that rejects adding rules to bound chains. The incorrect
bytecode adds the chain binding, attach it to the rule and it adds the
rules to the chain binding. I have cherry-picked these three patches
for nftables v1.0.6 userspace and your ruleset restores fine.

See patches enclosed to this email.
>From 4e5b0a64227dde250f94bec45b3fb127d78b7fd2 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso 
Date: Mon, 6 Feb 2023 15:28:40 +0100
Subject: [PATCH 1/3,nft] rule: add helper function to expand chain rules intoi
 commands

[ upstream commit 784597a4ed63b9decb10d74fdb49a1b021e22728 ]

This patch adds a helper function to expand chain rules into commands.
This comes in preparation for the follow up patch.

Signed-off-by: Pablo Neira Ayuso 
---
 src/rule.c | 39 ++-
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/src/rule.c b/src/rule.c
index 1402210acd8d..43c6520517ce 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1310,13 +1310,31 @@ void cmd_add_loc(struct cmd *cmd, uint16_t offset, const struct location *loc)
 	cmd->num_attrs++;
 }
 
+static void nft_cmd_expand_chain(struct chain *chain, struct list_head *new_cmds)
+{
+	struct rule *rule;
+	struct handle h;
+	struct cmd *new;
+
+	list_for_each_entry(rule, >rules, list) {
+		memset(, 0, sizeof(h));
+		handle_merge(, >handle);
+		if (chain->flags & CHAIN_F_BINDING) {
+			rule->handle.chain_id = chain->handle.chain_id;
+			rule->handle.chain.location = chain->location;
+		}
+		new = cmd_alloc(CMD_ADD, CMD_OBJ_RULE, ,
+>location, rule_get(rule));
+		list_add_tail(>list, new_cmds);
+	}
+}
+
 void nft_cmd_expand(struct cmd *cmd)
 {
 	struct list_head new_cmds;
 	struct flowtable *ft;
 	struct table *table;
 	struct chain *chain;
-	struct rule *rule;
 	struct set *set;
 	struct obj *obj;
 	struct cmd *new;
@@ -1362,22 +1380,9 @@ void nft_cmd_expand(struct cmd *cmd)
 	>location, flowtable_get(ft));
 			list_add_tail(>list, _cmds);
 		}
-		list_for_each_entry(chain, >chains, list) {
-			list_for_each_entry(rule, >rules, list) {
-memset(, 0, sizeof(h));
-handle_merge(, >handle);
-if (chain->flags & CHAIN_F_BINDING) {
-	rule->handle.chain_id =
-		chain->handle.chain_id;
-	rule->handle.chain.location =
-		chain->location;
-}
-new = cmd_alloc(CMD_ADD, CMD_OBJ_RULE, ,
-		>location,
-		rule_get(rule));
-list_add_tail(>list, _cmds);
-			}
-		}
+		list_for_each_entry(chain, >chains, list)
+			nft_cmd_expand_chain(chain, _cmds);
+
 		list_splice(_cmds, >list);
 		break;
 	case CMD_OBJ_SET:
-- 
2.30.2

>From 70c03d81df0e87fb416bd1f38409367e9d08ed7f Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso 
Date: Mon, 6 Feb 2023 15:28:41 +0100
Subject: [PATCH 2/3,nft] rule: expand standalone chain that contains rules

[ upstream 27c753e4a8d4744f479345e3f5e34cafef751602 commit ]

Bug#1050026: marked as done (r-bioc-metagenomeseq: autopkgtest regression)

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 23:19:04 +
with message-id 
and subject line Bug#1050026: fixed in r-bioc-metagenomeseq 1.42.0-2
has caused the Debian Bug report #1050026,
regarding r-bioc-metagenomeseq: autopkgtest regression
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1050026: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050026
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: r-bioc-metagenomeseq
Version: 1.42.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Hi Maintainer

The upload of r-bioc-metagenomeseq 1.42.0-1 is failing its own
autopkgtest [1].  I've copied what I hope is the relevant part of the
log below.

Regards
Graham


[1] https://ci.debian.net/packages/r/r-bioc-metagenomeseq/testing/amd64/


 48s Loading required package: glmnet
 48s Loading required package: Matrix
 49s Loaded glmnet 4.1-7
 49s Loading required package: RColorBrewer
106s [ FAIL 2 | WARN 6 | SKIP 0 | PASS 13 ]
106s
106s ══ Failed tests

106s ── Failure ('test-norm.R:28:3'): `cumNormStat` returns the
correct value ───
106s cumNormStat(lungData) not equal to 0.7014946.
106s names for target but not for current
106s ── Failure ('test-norm.R:34:3'): `cumNormStatFast` returns the
correct value ───
106s cumNormStatFast(lungData) not equal to 0.7014946.
106s names for target but not for current
106s
106s [ FAIL 2 | WARN 6 | SKIP 0 | PASS 13 ]
106s Error: Test failures
106s Execution halted
--- End Message ---
--- Begin Message ---
Source: r-bioc-metagenomeseq
Source-Version: 1.42.0-2
Done: Charles Plessy 

We believe that the bug you reported is fixed in the latest version of
r-bioc-metagenomeseq, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1050...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Charles Plessy  (supplier of updated r-bioc-metagenomeseq 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 11 Sep 2023 22:41:53 +
Source: r-bioc-metagenomeseq
Architecture: source
Version: 1.42.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian R Packages Maintainers 
Changed-By: Charles Plessy 
Closes: 1050026
Changes:
 r-bioc-metagenomeseq (1.42.0-2) unstable; urgency=medium
 .
   * Team upload.
   * Fix broken upstream tests. (Closes: #1050026)
Checksums-Sha1:
 a5c1013183f667f7147cb71ca1a97041a9166a55 2282 r-bioc-metagenomeseq_1.42.0-2.dsc
 5ad617c25b53fdbe3033c429da54a6d1476d2da2 5100 
r-bioc-metagenomeseq_1.42.0-2.debian.tar.xz
 4274f4f7ff2fc0d0c3304c576ba787e1d1c1f4dc 11317 
r-bioc-metagenomeseq_1.42.0-2_source.buildinfo
Checksums-Sha256:
 c861f942d9f995a97ed12825c56659ab6e57264c6e420303a67bccc85a7a6cdc 2282 
r-bioc-metagenomeseq_1.42.0-2.dsc
 e3adee0ad7f3642adeafa9778d920b89497f5960c35df86e40dc5d7d08b07a5e 5100 
r-bioc-metagenomeseq_1.42.0-2.debian.tar.xz
 e40bc48375f84c00cd48d724cb77ce52fb965f0fbec97f4ecb2019bcb4eff7df 11317 
r-bioc-metagenomeseq_1.42.0-2_source.buildinfo
Files:
 c5bc68854cb38d9d2702d367c4491861 2282 gnu-r optional 
r-bioc-metagenomeseq_1.42.0-2.dsc
 290fd4a4aab7e38c5e592931ce564252 5100 gnu-r optional 
r-bioc-metagenomeseq_1.42.0-2.debian.tar.xz
 69746271344e6c4ce35b2e1bd58e0689 11317 gnu-r optional 
r-bioc-metagenomeseq_1.42.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCAAwFiEEc0cUmcxg7Z7ugFlGxb1sjyKV1QIFAmT/mxsSHHBsZXNzeUBk
ZWJpYW4ub3JnAAoJEMW9bI8ildUCfngP/j5WLNmLlLpGATKOCJbQXM9j7cPykm05
FS9MjHrMm2fNrjSA7CXf5ilYYJ59zBGHKc3khwuyL4nmNjmNtRGiENcbGexCbczm
NqEYBUD96FG0On+6NwQy/2IcY3mSr6PAeGk2Psg5ZQWTiaojDV5DjzRRZPKWOaYM
fviKIrxZ93wa1arwg6UmU9R1uF7JP0c6LgaVsNj2uezQNkNy2i9l2SEU6fPgPn6/
AyG1JBMxOz8rcmJ03dQiWj2fbaj5vEEKJ+Ob8IKXsOgBFjmvjxwE4C3wzmVOBBiR
vD3UiaW1Rn6zPxU6accohiOH0MOKrl2UmBMAXiVpukQoxixn9UFoVK1I5t6AmqgI
id18iYj/VuKxlW97yVUYZ4DcFqUDECBGzCpX2XMxEHIQ3SWXNknoshS5jAzLbDDj
Di8VUFsRu8aY0zohOhKTPKtktz5smmYY5UPFifeYXoUiRF5ud4UiASAiIndpHMqI
tDpFaiYkk4PLGYTurEkW5InODL907QKca4H78YrARKE0TgqJhJ8+me7xqnwjPuTj
cenhV5x0EIM4cEnFwVKaAZA+APEc1IEAxQ04QL6U7LSJbbWeCcMkdzLxaIHd7Oql
cYjdQzfRYNkpQKa78NrImD9XGLsH2bfz4iKJy0D9jIW58CsR088jN+qH0X7ijYyM
DOf3RpiBrqdB

Bug#1051592: Regression: Commit "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" breaks ruleset loading in linux-stable

[Timo Sigurdsson]

Hi,

recently, Debian updated their stable kernel from 6.1.38 to 6.1.52 which broke 
nftables ruleset loading on one of my machines with lots of "Operation not 
supported" errors. I've reported this to the Debian project (see link below) 
and Salvatore Bonaccorso and I identified "netfilter: nf_tables: disallow rule 
addition to bound chain via NFTA_RULE_CHAIN_ID" (0ebc1064e487) as the offending 
commit that introduced the regression. Salvatore also found that this issue 
affects the 5.10 stable tree as well (observed in 5.10.191), but he cannot 
reproduce it on 6.4.13 and 6.5.2.

The issue only occurs with some rulesets. While I can't trigger it with 
simple/minimal rulesets that I use on some machines, it does occur with a more 
complex ruleset that has been in use for months (if not years, for large parts 
of it). I'm attaching a somewhat stripped down version of the ruleset from the 
machine I originally observed this issue on. It's still not a small or simple 
ruleset, but I'll try to reduce it further when I have more time.

The error messages shown when trying to load the ruleset don't seem to be 
helpful. Just two simple examples:
Just to give two simple examples from the log when nftables fails to start:
/etc/nftables.conf:99:4-44: Error: Could not process rule: Operation not 
supported
tcp option maxseg size 1-500 counter drop
^
/etc/nftables.conf:308:4-27: Error: Could not process rule: Operation not 
supported
tcp dport sip-tls accept


Since the issue only affects some stable trees, Salvatore thought it might be 
an incomplete backport that causes this.

If you need further information, please let me know.


Thanks and kind regards,

Timo


#regzbot introduced: 0ebc1064e487
#regzbot monitor: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051592#!/usr/sbin/nft -f

flush ruleset

define public_if = eth0
define trusted_if = eth1
define voip_if = eth2.10
define guest_if = eth2.20
define home_if = { $trusted_if, $voip_if, $guest_if }
define home_ipv6_if = { $trusted_if, $voip_if, $guest_if }

define masq_ip = { 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 
192.168.4.0/24 }
define masq_if = $public_if

define host1_ip = 192.168.1.10
define host2_ip = 192.168.2.20
define host3_ip = 192.168.3.30
define host4_ip = 192.168.4.40

define proxy_port = 8443

define private_ip = { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
define private_ip6 = { fe80::/64, fd00::/8 }
define bogons_ip = { 0.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 
169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24, 192.0.2.0/24, 192.168.0.0/16, 
198.18.0.0/15, 198.51.100.0/24, 203.0.113.0/24, 224.0.0.0/3 }
define bogons_ip6 = { ::/3, 2001:0002::/48, 2001:0003::/32, 2001:10::/28, 
2001:20::/28, 2001::/32, 2001:db8::/32, 2002::/16, 3000::/4, 4000::/2, 8000::/1 
}

define sip_whitelist_ip6 = { 2001:db8::1/128, 2001:db8::2/128 }
define smtps_whitelist_ip = 10.0.0.1
define protocol_whitelist = { tcp, udp, icmp, ipv6-icmp }

table inet filter {
map if_input {
type ifname : verdict;
elements = { $public_if : jump public_input, $trusted_if : jump 
home_input, $voip_if : jump home_input, $guest_if : jump home_input }
}
map if_forward {
type ifname : verdict;
elements = { $public_if : jump public_forward, $trusted_if : 
jump trusted_forward, $voip_if : jump voip_forward, $guest_if : jump 
guest_forward }
}
map if_output {
type ifname : verdict;
elements = { $public_if : jump public_output, $trusted_if : 
jump home_output, $voip_if : jump home_output, $guest_if : jump home_output }
}

set ipv4_blacklist { type ipv4_addr; flags interval; auto-merge; }
set ipv6_blacklist { type ipv6_addr; flags interval; auto-merge; }
set limit_src_ip { type ipv4_addr; flags dynamic, timeout; size 1024; }
set limit_src_ip6 { type ipv6_addr; flags dynamic, timeout; size 1024; }

chain PREROUTING_RAW {
type filter hook prerouting priority raw;

meta l4proto != $protocol_whitelist counter drop
tcp flags syn jump {
tcp option maxseg size 1-500 counter drop
tcp sport 0 counter drop
}
rt type 0 counter drop
}

chain PREROUTING_MANGLE {
type filter hook prerouting priority mangle;

ct state vmap { invalid : jump ct_invalid_pre, untracked : jump 
ct_untracked_pre, new : jump ct_new_pre, related : jump rpfilter }
}
chain ct_invalid_pre {
counter drop
}
chain ct_untracked_pre {
icmpv6 type { nd-router-solicit, nd-router-advert, 
nd-neighbor-solicit, nd-neighbor-advert, mld-listener-query, 

Processed: tagging 1051740

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1051740 + upstream
Bug #1051740 [src:gpac] gpac: CVE-2023-3012 CVE-2023-3013 CVE-2023-3291 
CVE-2023-39562 CVE-2023-4678 CVE-2023-4681 CVE-2023-4682 CVE-2023-4683 
CVE-2023-4720 CVE-2023-4721 CVE-2023-4722 CVE-2023-4754 CVE-2023-4755 
CVE-2023-4756 CVE-2023-4758 CVE-2023-4778
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1051740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051740
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 1051737, bug 1051737 is forwarded to https://sourceforge.net/p/freeimage/bugs/298/ ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1051737 + upstream
Bug #1051737 [src:freeimage] freeimage: CVE-2020-21427
Added tag(s) upstream.
> forwarded 1051737 https://sourceforge.net/p/freeimage/bugs/298/
Bug #1051737 [src:freeimage] freeimage: CVE-2020-21427
Set Bug forwarded-to-address to 'https://sourceforge.net/p/freeimage/bugs/298/'.
> tags 1051736 + upstream
Bug #1051736 [src:freeimage] freeimage: CVE-2020-21426
Added tag(s) upstream.
> forwarded 1051736 https://sourceforge.net/p/freeimage/bugs/300/
Bug #1051736 [src:freeimage] freeimage: CVE-2020-21426
Set Bug forwarded-to-address to 'https://sourceforge.net/p/freeimage/bugs/300/'.
> tags 1051738 + upstream
Bug #1051738 [src:freeimage] freeimage: CVE-2020-21428
Added tag(s) upstream.
> forwarded 1051738 https://sourceforge.net/p/freeimage/bugs/299/
Bug #1051738 [src:freeimage] freeimage: CVE-2020-21428
Set Bug forwarded-to-address to 'https://sourceforge.net/p/freeimage/bugs/299/'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1051736: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051736
1051737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051737
1051738: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051738
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1051740: gpac: CVE-2023-3012 CVE-2023-3013 CVE-2023-3291 CVE-2023-39562 CVE-2023-4678 CVE-2023-4681 CVE-2023-4682 CVE-2023-4683 CVE-2023-4720 CVE-2023-4721 CVE-2023-4722 CVE-2023-4754 CVE-2023-475

[Moritz Mühlenhoff]

Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for gpac.

CVE-2023-3012[0]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.2.2.

https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7

CVE-2023-3013[1]:
| Unchecked Return Value in GitHub repository gpac/gpac prior to
| 2.2.2.

https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073
https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594

CVE-2023-3291[2]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.2.2.

https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf

CVE-2023-39562[3]:
| GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a
| heap-use-after-free via the gf_bs_align function at bitstream.c.
| This vulnerability allows attackers to cause a Denial of Service
| (DoS) via supplying a crafted file.

https://github.com/gpac/gpac/issues/2537
https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6

CVE-2023-4678[4]:
| Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07
https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877

CVE-2023-4681[5]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c
https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e

CVE-2023-4682[6]:
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be
https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c

CVE-2023-4683[7]:
| NULL Pointer Dereference in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec
https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922

CVE-2023-4720[8]:
| Floating Point Comparison with Incorrect Operator in GitHub
| repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a
https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad

CVE-2023-4721[9]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63
https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc

CVE-2023-4722[10]:
| Integer Overflow or Wraparound in GitHub repository gpac/gpac prior
| to 2.3-DEV.

https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76
https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830

CVE-2023-4754[11]:
| Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c

CVE-2023-4755[12]:
| Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a
https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3

CVE-2023-4756[13]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.

https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01
https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05

CVE-2023-4758[14]:
| Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.

https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86
https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6

CVE-2023-4778[15]:
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/
https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3012
https://www.cve.org/CVERecord?id=CVE-2023-3012
[1] https://security-tracker.debian.org/tracker/CVE-2023-3013
https://www.cve.org/CVERecord?id=CVE-2023-3013
[2] https://security-tracker.debian.org/tracker/CVE-2023-3291
https://www.cve.org/CVERecord?id=CVE-2023-3291
[3] https://security-tracker.debian.org/tracker/CVE-2023-39562
https://www.cve.org/CVERecord?id=CVE-2023-39562
[4] https://security-tracker.debian.org/tracker/CVE-2023-4678
https://www.cve.org/CVERecord?id=CVE-2023-4678
[5] https://security-tracker.debian.org/tracker/CVE-2023-4681
https://www.cve.org/CVERecord?id=CVE-2023-4681
[6] 

Bug#1051738: freeimage: CVE-2020-21428

[Moritz Mühlenhoff]

Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for freeimage.

CVE-2020-21428[0]:
| Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp
| in FreeImage 3.18.0 allows remote attackers to run arbitrary code
| and cause other impacts via crafted image file.

https://sourceforge.net/p/freeimage/bugs/299/

This appears to be fixed in r1877 of the upstream Subversion repository

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-21428
https://www.cve.org/CVERecord?id=CVE-2020-21428

Please adjust the affected versions in the BTS as needed.

Bug#1051722: marked as done (libnvme fails to build from source on unstable)

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 21:04:15 +
with message-id 
and subject line Bug#1051722: fixed in libnvme 1.5-3
has caused the Debian Bug report #1051722,
regarding libnvme fails to build from source on unstable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1051722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libnvme
Version: 1.3-1
Severity: serious
Tags: ftbfs patch
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: mateus.mor...@canonical.com

Hi,

Building libnvme from source currently fails during
execute_after_dh_auto_install when moving python-related files from
debian/tmp/usr/local/lib/python.

It seems these files are already at the correct location, at debian/tmp/usr/lib,
so removing the python correction lines from d/rules fixes the issue.

I'm building using sbuild on an sid schroot. The command I run is:
$ sbuild -d unstable --purge-build=successful 
--debbuildopts='--buildinfo-option=-O' --no-run-lintian

Ultimately, the build fails with:
make[1]: Entering directory '/<>'
# correcting python location
mv debian/tmp/usr/local/lib/python* debian/tmp/usr/lib
mv: cannot stat 'debian/tmp/usr/local/lib/python*': No such file or directory
make[1]: *** [debian/rules:13: execute_after_dh_auto_install] Error 1
make[1]: Leaving directory '/<>'
make: *** [debian/rules:6: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2


-- System Information:
Debian Release: bookworm/sid
  APT prefers lunar-updates
  APT policy: (500, 'lunar-updates'), (500, 'lunar-security'), (500, 'lunar'), 
(100, 'lunar-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.2.0-32-generic (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
>From 7fd68f186f60a0288b088dc2754aafd8451bbc5d Mon Sep 17 00:00:00 2001
From: Mateus Rodrigues de Morais 
Date: Wed, 6 Sep 2023 10:39:11 -0300
Subject: [PATCH] Removed Python location correction

---
 debian/rules | 4 
 1 file changed, 4 deletions(-)

diff --git a/debian/rules b/debian/rules
index 6673d04..4cb8910 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,10 +9,6 @@ override_dh_auto_configure:
dh_auto_configure -- -Ddocs=man -Ddocs-build=true -Dpython=enabled 
-Dopenssl=enabled --default-library=both
 
 execute_after_dh_auto_install:
-   # correcting python location
-   mv debian/tmp/usr/local/lib/python* debian/tmp/usr/lib
-   rm -rf debian/tmp/usr/local
-
# remove empty manpages
find debian/tmp/usr/share/man -type f -empty -exec rm -f {} +
 
-- 
2.39.2

--- End Message ---
--- Begin Message ---
Source: libnvme
Source-Version: 1.5-3
Done: Daniel Baumann 

We believe that the bug you reported is fixed in the latest version of
libnvme, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1051...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann  (supplier of updated libnvme 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 11 Sep 2023 22:26:38 +0200
Source: libnvme
Architecture: source
Version: 1.5-3
Distribution: sid
Urgency: medium
Maintainer: Daniel Baumann 
Changed-By: Daniel Baumann 
Closes: 1051722
Changes:
 libnvme (1.5-3) sid; urgency=medium
 .
   * Uploading to sid.
   * Making workaround for certain meson versions conditional in rules to
 fix (now) FTBFS in sid (Closes: #1051722).
Checksums-Sha1:
 2ca5ef83b38ea872b8b0543e98449cf4d6ef93da 2196 libnvme_1.5-3.dsc
 ccb3efba869892b7dd5412fc1fb7ce5948e6edd2 7480 libnvme_1.5-3.debian.tar.xz
 da66f395e6f39b0e32bbfd90551f67a6bee1b4af 9496 libnvme_1.5-3_amd64.buildinfo
Checksums-Sha256:
 e3f3f299a212c1cb5d0b189932a1c871402122770f93f7d50b5766cfcfecd4f2 2196 
libnvme_1.5-3.dsc
 aa804c81e7c6bc1550210fbc2abb559eee79e631e21c9118a40af4f3748edc0e 7480 

Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Salvatore Bonaccorso]

Hi,

On Mon, Sep 11, 2023 at 10:52:12PM +0200, Salvatore Bonaccorso wrote:
> Hi Timo,
> 
> On Mon, Sep 11, 2023 at 10:31:56PM +0200, Timo Sigurdsson wrote:
> > Hi Salvatore,
> > 
> > Salvatore Bonaccorso schrieb am 11.09.2023 22:20 (GMT +02:00):
> > 
> > > Bisected the issue:
> > > 
> > > $ git bisect log
> > > git bisect start
> > > # status: waiting for both good and bad commits
> > > # good: [61fd484b2cf6bc8022e8e5ea6f693a9991740ac2] Linux 6.1.38
> > > git bisect good 61fd484b2cf6bc8022e8e5ea6f693a9991740ac2
> > > # status: waiting for bad commit, 1 good commit known
> > > # bad: [1321ab403b38366a4cfb283145bb2c005becb1e5] Linux 6.1.45
> > > git bisect bad 1321ab403b38366a4cfb283145bb2c005becb1e5
> > > # good: [95d49f79e94d4fa8105c880a266789609f3e791a] ext4: only update
> > > i_reserved_data_blocks on successful block allocation
> > > git bisect good 95d49f79e94d4fa8105c880a266789609f3e791a
> > > # good: [f8b61a2c29fc70f64daad698cf09c1f79a0e39f9] drm/amd/display: Set 
> > > minimum
> > > requirement for using PSR-SU on Rembrandt
> > > git bisect good f8b61a2c29fc70f64daad698cf09c1f79a0e39f9
> > > # bad: [bd2decac7345134ea0bd3f4b978478ef53367cd8] mptcp: ensure subflow is
> > > unhashed before cleaning the backlog
> > > git bisect bad bd2decac7345134ea0bd3f4b978478ef53367cd8
> > > # bad: [fe3409cd013cfd10d3e6787b49f33a5dda39cffd] RDMA/irdma: Fix op_type
> > > reporting in CQEs
> > > git bisect bad fe3409cd013cfd10d3e6787b49f33a5dda39cffd
> > > # good: [85c38ac62c1372cc1ab05426315aad61025d33ef] atheros: fix return 
> > > value
> > > check in atl1_tso()
> > > git bisect good 85c38ac62c1372cc1ab05426315aad61025d33ef
> > > # bad: [539cf23cb48835c69cc3d22edff28b92bd82bb18] tipc: stop tipc crypto 
> > > on
> > > failure in tipc_node_create
> > > git bisect bad 539cf23cb48835c69cc3d22edff28b92bd82bb18
> > > # good: [1ecdbf2467ae4bc4df00c5cfab427cb1aaa5e3e1] x86/traps: Fix
> > > load_unaligned_zeropad() handling for shared TDX memory
> > > git bisect good 1ecdbf2467ae4bc4df00c5cfab427cb1aaa5e3e1
> > > # bad: [7218974aba07ff60c646d5a512b02b871402b03e] mm: suppress mm fault 
> > > logging
> > > if fatal signal already pending
> > > git bisect bad 7218974aba07ff60c646d5a512b02b871402b03e
> > > # good: [89a4d1a89751a0fbd520e64091873e19cc0979e8] netfilter: 
> > > nft_set_rbtree:
> > > fix overlap expiration walk
> > > git bisect good 89a4d1a89751a0fbd520e64091873e19cc0979e8
> > > # bad: [268cb07ef3ee17b5454a7c4b23376802c5b00c79] netfilter: nf_tables:
> > > disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
> > > git bisect bad 268cb07ef3ee17b5454a7c4b23376802c5b00c79
> > > # good: [4237462a073e24f71c700f3e5929f07b6ee1bcaa] netfilter: nf_tables: 
> > > skip
> > > immediate deactivate in _PREPARE_ERROR
> > > git bisect good 4237462a073e24f71c700f3e5929f07b6ee1bcaa
> > > # first bad commit: [268cb07ef3ee17b5454a7c4b23376802c5b00c79] netfilter:
> > > nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
> > > 
> > > $ git bisect visualize
> > > commit 268cb07ef3ee17b5454a7c4b23376802c5b00c79
> > > Author: Pablo Neira Ayuso 
> > > Date:   Sun Jul 23 16:41:48 2023 +0200
> > > 
> > > netfilter: nf_tables: disallow rule addition to bound chain via
> > > NFTA_RULE_CHAIN_ID
> > > 
> > > [ Upstream commit 0ebc1064e4874d5987722a2ddbc18f94aa53b211 ]
> > > 
> > > Bail out with EOPNOTSUPP when adding rule to bound chain via
> > > NFTA_RULE_CHAIN_ID. The following warning splat is shown when
> > > adding a rule to a deleted bound chain:
> > > 
> > >  WARNING: CPU: 2 PID: 13692 at net/netfilter/nf_tables_api.c:2013
> > >  nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
> > >  CPU: 2 PID: 13692 Comm: chain-bound-rul Not tainted 6.1.39 #1
> > >  RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
> > > 
> > > Fixes: d0e2c7de92c7 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
> > > Reported-by: Kevin Rich 
> > > Signed-off-by: Pablo Neira Ayuso 
> > > Signed-off-by: Florian Westphal 
> > > Signed-off-by: Sasha Levin 
> > 
> > Hehe, yes, I was just about to write you the same. My test build
> > with this one reverted lets me load the ruleset again.
> > 
> > Would you like to take this upstream? I was just about to file a
> > report in netfilter's bugzilla, but since you also worked on it as
> > well, I don't mean to interfere...
> > 
> > I'll try to further reduce my test ruleset to see what actually
> > triggers this.
> 
> I'm fine if you report it upstream, as you have the best position for
> making further tests further stripped down rulesets. But instread of
> bugzilla I think it's best to directly mail Pablo Neira Ayuso
> , the people in the Signed-off-by, additionally
> the stable list (sta...@vger.kernel.org) and the regressions
> mailinglist (regressi...@lists.linux.dev, cf.
> https://www.kernel.org/doc/html/latest/process/handling-regressions.html).

get_maintainers.pl additionally gives:

$ ./scripts/get_maintainer.pl 

Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Salvatore Bonaccorso]

Hi Timo,

On Mon, Sep 11, 2023 at 10:31:56PM +0200, Timo Sigurdsson wrote:
> Hi Salvatore,
> 
> Salvatore Bonaccorso schrieb am 11.09.2023 22:20 (GMT +02:00):
> 
> > Bisected the issue:
> > 
> > $ git bisect log
> > git bisect start
> > # status: waiting for both good and bad commits
> > # good: [61fd484b2cf6bc8022e8e5ea6f693a9991740ac2] Linux 6.1.38
> > git bisect good 61fd484b2cf6bc8022e8e5ea6f693a9991740ac2
> > # status: waiting for bad commit, 1 good commit known
> > # bad: [1321ab403b38366a4cfb283145bb2c005becb1e5] Linux 6.1.45
> > git bisect bad 1321ab403b38366a4cfb283145bb2c005becb1e5
> > # good: [95d49f79e94d4fa8105c880a266789609f3e791a] ext4: only update
> > i_reserved_data_blocks on successful block allocation
> > git bisect good 95d49f79e94d4fa8105c880a266789609f3e791a
> > # good: [f8b61a2c29fc70f64daad698cf09c1f79a0e39f9] drm/amd/display: Set 
> > minimum
> > requirement for using PSR-SU on Rembrandt
> > git bisect good f8b61a2c29fc70f64daad698cf09c1f79a0e39f9
> > # bad: [bd2decac7345134ea0bd3f4b978478ef53367cd8] mptcp: ensure subflow is
> > unhashed before cleaning the backlog
> > git bisect bad bd2decac7345134ea0bd3f4b978478ef53367cd8
> > # bad: [fe3409cd013cfd10d3e6787b49f33a5dda39cffd] RDMA/irdma: Fix op_type
> > reporting in CQEs
> > git bisect bad fe3409cd013cfd10d3e6787b49f33a5dda39cffd
> > # good: [85c38ac62c1372cc1ab05426315aad61025d33ef] atheros: fix return value
> > check in atl1_tso()
> > git bisect good 85c38ac62c1372cc1ab05426315aad61025d33ef
> > # bad: [539cf23cb48835c69cc3d22edff28b92bd82bb18] tipc: stop tipc crypto on
> > failure in tipc_node_create
> > git bisect bad 539cf23cb48835c69cc3d22edff28b92bd82bb18
> > # good: [1ecdbf2467ae4bc4df00c5cfab427cb1aaa5e3e1] x86/traps: Fix
> > load_unaligned_zeropad() handling for shared TDX memory
> > git bisect good 1ecdbf2467ae4bc4df00c5cfab427cb1aaa5e3e1
> > # bad: [7218974aba07ff60c646d5a512b02b871402b03e] mm: suppress mm fault 
> > logging
> > if fatal signal already pending
> > git bisect bad 7218974aba07ff60c646d5a512b02b871402b03e
> > # good: [89a4d1a89751a0fbd520e64091873e19cc0979e8] netfilter: 
> > nft_set_rbtree:
> > fix overlap expiration walk
> > git bisect good 89a4d1a89751a0fbd520e64091873e19cc0979e8
> > # bad: [268cb07ef3ee17b5454a7c4b23376802c5b00c79] netfilter: nf_tables:
> > disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
> > git bisect bad 268cb07ef3ee17b5454a7c4b23376802c5b00c79
> > # good: [4237462a073e24f71c700f3e5929f07b6ee1bcaa] netfilter: nf_tables: 
> > skip
> > immediate deactivate in _PREPARE_ERROR
> > git bisect good 4237462a073e24f71c700f3e5929f07b6ee1bcaa
> > # first bad commit: [268cb07ef3ee17b5454a7c4b23376802c5b00c79] netfilter:
> > nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
> > 
> > $ git bisect visualize
> > commit 268cb07ef3ee17b5454a7c4b23376802c5b00c79
> > Author: Pablo Neira Ayuso 
> > Date:   Sun Jul 23 16:41:48 2023 +0200
> > 
> > netfilter: nf_tables: disallow rule addition to bound chain via
> > NFTA_RULE_CHAIN_ID
> > 
> > [ Upstream commit 0ebc1064e4874d5987722a2ddbc18f94aa53b211 ]
> > 
> > Bail out with EOPNOTSUPP when adding rule to bound chain via
> > NFTA_RULE_CHAIN_ID. The following warning splat is shown when
> > adding a rule to a deleted bound chain:
> > 
> >  WARNING: CPU: 2 PID: 13692 at net/netfilter/nf_tables_api.c:2013
> >  nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
> >  CPU: 2 PID: 13692 Comm: chain-bound-rul Not tainted 6.1.39 #1
> >  RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
> > 
> > Fixes: d0e2c7de92c7 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
> > Reported-by: Kevin Rich 
> > Signed-off-by: Pablo Neira Ayuso 
> > Signed-off-by: Florian Westphal 
> > Signed-off-by: Sasha Levin 
> 
> Hehe, yes, I was just about to write you the same. My test build
> with this one reverted lets me load the ruleset again.
> 
> Would you like to take this upstream? I was just about to file a
> report in netfilter's bugzilla, but since you also worked on it as
> well, I don't mean to interfere...
> 
> I'll try to further reduce my test ruleset to see what actually
> triggers this.

I'm fine if you report it upstream, as you have the best position for
making further tests further stripped down rulesets. But instread of
bugzilla I think it's best to directly mail Pablo Neira Ayuso
, the people in the Signed-off-by, additionally
the stable list (sta...@vger.kernel.org) and the regressions
mailinglist (regressi...@lists.linux.dev, cf.
https://www.kernel.org/doc/html/latest/process/handling-regressions.html).

It should be noted:

0ebc1064e487 ("netfilter: nf_tables: disallow rule addition to bound
chain via NFTA_RULE_CHAIN_ID") in 6.5-rc4 was backported to several
stable series, namely in 5.10.190, 5.15.124, 6.1.43, 6.4.8.

While I can reproduce the issue in 5.10.191-1 and 6.1.52-1, I cannot
in 6.4.13-1 or 6.5.2-1 (not yet released in Debian).

Possibly for the 

Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Timo Sigurdsson]

Hi Salvatore,

Salvatore Bonaccorso schrieb am 11.09.2023 22:20 (GMT +02:00):

> Bisected the issue:
> 
> $ git bisect log
> git bisect start
> # status: waiting for both good and bad commits
> # good: [61fd484b2cf6bc8022e8e5ea6f693a9991740ac2] Linux 6.1.38
> git bisect good 61fd484b2cf6bc8022e8e5ea6f693a9991740ac2
> # status: waiting for bad commit, 1 good commit known
> # bad: [1321ab403b38366a4cfb283145bb2c005becb1e5] Linux 6.1.45
> git bisect bad 1321ab403b38366a4cfb283145bb2c005becb1e5
> # good: [95d49f79e94d4fa8105c880a266789609f3e791a] ext4: only update
> i_reserved_data_blocks on successful block allocation
> git bisect good 95d49f79e94d4fa8105c880a266789609f3e791a
> # good: [f8b61a2c29fc70f64daad698cf09c1f79a0e39f9] drm/amd/display: Set 
> minimum
> requirement for using PSR-SU on Rembrandt
> git bisect good f8b61a2c29fc70f64daad698cf09c1f79a0e39f9
> # bad: [bd2decac7345134ea0bd3f4b978478ef53367cd8] mptcp: ensure subflow is
> unhashed before cleaning the backlog
> git bisect bad bd2decac7345134ea0bd3f4b978478ef53367cd8
> # bad: [fe3409cd013cfd10d3e6787b49f33a5dda39cffd] RDMA/irdma: Fix op_type
> reporting in CQEs
> git bisect bad fe3409cd013cfd10d3e6787b49f33a5dda39cffd
> # good: [85c38ac62c1372cc1ab05426315aad61025d33ef] atheros: fix return value
> check in atl1_tso()
> git bisect good 85c38ac62c1372cc1ab05426315aad61025d33ef
> # bad: [539cf23cb48835c69cc3d22edff28b92bd82bb18] tipc: stop tipc crypto on
> failure in tipc_node_create
> git bisect bad 539cf23cb48835c69cc3d22edff28b92bd82bb18
> # good: [1ecdbf2467ae4bc4df00c5cfab427cb1aaa5e3e1] x86/traps: Fix
> load_unaligned_zeropad() handling for shared TDX memory
> git bisect good 1ecdbf2467ae4bc4df00c5cfab427cb1aaa5e3e1
> # bad: [7218974aba07ff60c646d5a512b02b871402b03e] mm: suppress mm fault 
> logging
> if fatal signal already pending
> git bisect bad 7218974aba07ff60c646d5a512b02b871402b03e
> # good: [89a4d1a89751a0fbd520e64091873e19cc0979e8] netfilter: nft_set_rbtree:
> fix overlap expiration walk
> git bisect good 89a4d1a89751a0fbd520e64091873e19cc0979e8
> # bad: [268cb07ef3ee17b5454a7c4b23376802c5b00c79] netfilter: nf_tables:
> disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
> git bisect bad 268cb07ef3ee17b5454a7c4b23376802c5b00c79
> # good: [4237462a073e24f71c700f3e5929f07b6ee1bcaa] netfilter: nf_tables: skip
> immediate deactivate in _PREPARE_ERROR
> git bisect good 4237462a073e24f71c700f3e5929f07b6ee1bcaa
> # first bad commit: [268cb07ef3ee17b5454a7c4b23376802c5b00c79] netfilter:
> nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
> 
> $ git bisect visualize
> commit 268cb07ef3ee17b5454a7c4b23376802c5b00c79
> Author: Pablo Neira Ayuso 
> Date:   Sun Jul 23 16:41:48 2023 +0200
> 
> netfilter: nf_tables: disallow rule addition to bound chain via
> NFTA_RULE_CHAIN_ID
> 
> [ Upstream commit 0ebc1064e4874d5987722a2ddbc18f94aa53b211 ]
> 
> Bail out with EOPNOTSUPP when adding rule to bound chain via
> NFTA_RULE_CHAIN_ID. The following warning splat is shown when
> adding a rule to a deleted bound chain:
> 
>  WARNING: CPU: 2 PID: 13692 at net/netfilter/nf_tables_api.c:2013
>  nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
>  CPU: 2 PID: 13692 Comm: chain-bound-rul Not tainted 6.1.39 #1
>  RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
> 
> Fixes: d0e2c7de92c7 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
> Reported-by: Kevin Rich 
> Signed-off-by: Pablo Neira Ayuso 
> Signed-off-by: Florian Westphal 
> Signed-off-by: Sasha Levin 

Hehe, yes, I was just about to write you the same. My test build with this one 
reverted lets me load the ruleset again.

Would you like to take this upstream? I was just about to file a report in 
netfilter's bugzilla, but since you also worked on it as well, I don't mean to 
interfere...

I'll try to further reduce my test ruleset to see what actually triggers this.

Thanks and regards,

Timo

Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Salvatore Bonaccorso]

Hi,

On Mon, Sep 11, 2023 at 04:28:34PM +0200, Salvatore Bonaccorso wrote:
> Control: found -1 5.10.191-1
> 
> On Mon, Sep 11, 2023 at 04:17:46PM +0200, Salvatore Bonaccorso wrote:
> > Control: tags -1 + confirmed upstream
> > 
> > Hi,
> > 
> > On Mon, Sep 11, 2023 at 04:08:07PM +0200, Salvatore Bonaccorso wrote:
> > > Control: tags -1 - moreinfo unreproducible
> > > 
> > > Hi Timo,
> > > 
> > > On Mon, Sep 11, 2023 at 03:15:18AM +0200, Timo Sigurdsson wrote:
> > > > Hi,
> > > > 
> > > > Salvatore Bonaccorso schrieb am 10.09.2023 12:21 (GMT +02:00):
> > > > 
> > > > > Would it be possible to provide a minimal set of rules triggering the
> > > > > issue? Can you reproduce the issue with the official build?
> > > > 
> > > > So, I did some more testing on a different machine running the official 
> > > > build. My findings so far are:
> > > > 1) Yes, I can reproduce the issue with the official build.
> > > > 2) The issue depends on the ruleset. The minimal ruleset I have on that 
> > > > machine, doesn't trigger the issue, but when I copy over the ruleset 
> > > > from the machine I first observed this on, then I can reproduce it.
> > > > 
> > > > I'm attaching a somewhat stripped down version of my original, rather 
> > > > complex ruleset. It's by no means a "minimal" reproducer, cause I 
> > > > haven't had the time yet to further reduce it in order to see what 
> > > > actually triggers it. But you should be able to observe that this 
> > > > ruleset loads just fine on linux 6.1.38-4, but doesn't anymore on 
> > > > 6.1.52-1.
> > > 
> > > Thanks for providing it, this helps debugging the issue.
> > > 
> > > > I also started looking into what commit could have introduced this. My 
> > > > first guess "netfilter: nft_dynset: disallow object maps" 
> > > > (23185c6aed1f) is wrong. Even with this one reverted, the issue occurs. 
> > > > I'll try another build with "netfilter: nf_tables: disallow rule 
> > > > addition to bound chain via NFTA_RULE_CHAIN_ID" (0ebc1064e487) reverted 
> > > > tomorrow evening...
> > > 
> > > Thanks, as soon we have the introducing commit we can go to the next
> > > step and check upstream. I cannot trigger the problem with 6.4.13-1 or
> > > 6.5.2.
> > 
> > The issue seems to be present already in 6.1.49-rc1, which I had still
> > from local pareparations for the rebases. So the bisection needs to go
> > to the upstream versions between 6.1.38 and 6.1.49 at least.
> 
> Additionally the behaviour change is as well in 5.10.191-1 (and
> 5.10.193 upstream), whereeas not triggering in 5.10.179.
> 
> So to be on the safe side making the following statement: either this
> is a real regression affecting several stable series or there is an
> intentional upstream change uncovering an issue in ruleset. As the
> behaviour is not in 6.5.2 for now considering it the first case.

Bisected the issue:

$ git bisect log
git bisect start
# status: waiting for both good and bad commits
# good: [61fd484b2cf6bc8022e8e5ea6f693a9991740ac2] Linux 6.1.38
git bisect good 61fd484b2cf6bc8022e8e5ea6f693a9991740ac2
# status: waiting for bad commit, 1 good commit known
# bad: [1321ab403b38366a4cfb283145bb2c005becb1e5] Linux 6.1.45
git bisect bad 1321ab403b38366a4cfb283145bb2c005becb1e5
# good: [95d49f79e94d4fa8105c880a266789609f3e791a] ext4: only update 
i_reserved_data_blocks on successful block allocation
git bisect good 95d49f79e94d4fa8105c880a266789609f3e791a
# good: [f8b61a2c29fc70f64daad698cf09c1f79a0e39f9] drm/amd/display: Set minimum 
requirement for using PSR-SU on Rembrandt
git bisect good f8b61a2c29fc70f64daad698cf09c1f79a0e39f9
# bad: [bd2decac7345134ea0bd3f4b978478ef53367cd8] mptcp: ensure subflow is 
unhashed before cleaning the backlog
git bisect bad bd2decac7345134ea0bd3f4b978478ef53367cd8
# bad: [fe3409cd013cfd10d3e6787b49f33a5dda39cffd] RDMA/irdma: Fix op_type 
reporting in CQEs
git bisect bad fe3409cd013cfd10d3e6787b49f33a5dda39cffd
# good: [85c38ac62c1372cc1ab05426315aad61025d33ef] atheros: fix return value 
check in atl1_tso()
git bisect good 85c38ac62c1372cc1ab05426315aad61025d33ef
# bad: [539cf23cb48835c69cc3d22edff28b92bd82bb18] tipc: stop tipc crypto on 
failure in tipc_node_create
git bisect bad 539cf23cb48835c69cc3d22edff28b92bd82bb18
# good: [1ecdbf2467ae4bc4df00c5cfab427cb1aaa5e3e1] x86/traps: Fix 
load_unaligned_zeropad() handling for shared TDX memory
git bisect good 1ecdbf2467ae4bc4df00c5cfab427cb1aaa5e3e1
# bad: [7218974aba07ff60c646d5a512b02b871402b03e] mm: suppress mm fault logging 
if fatal signal already pending
git bisect bad 7218974aba07ff60c646d5a512b02b871402b03e
# good: [89a4d1a89751a0fbd520e64091873e19cc0979e8] netfilter: nft_set_rbtree: 
fix overlap expiration walk
git bisect good 89a4d1a89751a0fbd520e64091873e19cc0979e8
# bad: [268cb07ef3ee17b5454a7c4b23376802c5b00c79] netfilter: nf_tables: 
disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
git bisect bad 268cb07ef3ee17b5454a7c4b23376802c5b00c79
# good: [4237462a073e24f71c700f3e5929f07b6ee1bcaa] 

Bug#1051729: pmix: CVE-2023-41915

[Salvatore Bonaccorso]

Source: pmix
Version: 5.0.0~rc1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for pmix.

CVE-2023-41915[0]:
| OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers
| to obtain ownership of arbitrary files via a race condition during
| execution of library code with UID 0.

As mentioned in [2]:
| A filesystem race condition could permit a malicious user
| to obtain ownership of an arbitrary file on the filesystem
| when parts of the PMIx library are called by a process
| running as uid 0. This may happen under the default
| configuration of certain workload managers, including Slurm.

(fs.protected_symlinks not protecting in such a case)

Please downgrade the severity if you do not agree on the assessment,
but at a very start the unstable version should be fixed. We can have
a look what need to be done for bookworm and bullseye in next step.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-41915
https://www.cve.org/CVERecord?id=CVE-2023-41915
[1] 
https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17
[2] https://github.com/openpmix/openpmix/releases/tag/v5.0.1

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1051355: Processed: your mail

[Leandro Cunha]

On Mon, Sep 11, 2023 at 4:10 PM Andres Salomon  wrote:
>
>
>
> On Mon, Sep 11 2023 at 03:27:30 PM -03:00:00, Leandro Cunha 
>  wrote:
>
> On Mon, Sep 11, 2023 at 4:07 AM Andres Salomon  wrote:
>
> So apparently it's already fixed in sid and trixie: 
> https://tracker.debian.org/news/1454349/accepted-llvm-toolchain-16-11606-11-source-into-unstable/
>  Bug didn't get closed because of the missing "(closes: " in that changelog 
> entry. I'll push the clang-16 stuff to git so you can give it a test build on 
> ppc. On Mon, Sep 11 2023 at 12:37:39 AM -05:00:00, Timothy Pearson 
>  wrote: For 16 to work we'll need the Debian 
> clang team to include this patchset: https://reviews.llvm.org/D158066 Any 
> chance of that happening? - Original Message - From: "Andres Salomon" 
>  To: "Leandro Cunha" , 
> 1051...@bugs.debian.org Cc: "Timothy Pearson" 
>  Sent: Sunday, September 10, 2023 11:43:18 PM 
> Subject: Re: Bug#1051355: Processed: your mail Alright, I built 117 w/ 
> clang-16 on sid and it doesn't segfault. Same exact build but with clang-14 
> segfaults. Timothy, did you ever get the ppc64 issues with clang >= 15 
> squared away? It's looking like I'm going to need to upload a build with 
> clang-16. On Sun, Sep 10 2023 at 03:07:29 PM -03:00:00, Leandro Cunha 
>  wrote: Hi, Em dom., 10 de set. de 2023 15:01, 
> Andres Salomon mailto:dilin...@queued.net>> escreveu: 
> Unfortunately 117 *also* segfaults on sid. I'm tempted to try a newer clang, 
> but probably not 15 since debian's planning to remove it. 16, I guess? Arch 
> is already with Clang 16 and I tested Chromium 117 in a vm that I installed 
> here and it was working normally.
>
> So we already have this version on unstable? I saw it in experimental. 
> https://metadata.ftp-master.debian.org/changelogs//main/l/llvm-defaults/llvm-defaults_0.57~exp4_changelog
>
>
> That's just the defaults package, which we don't really care about. Because 
> we're dealing with different compilers across different distributions, we're 
> hardcoding the specific clang version for each distribution's build.

Ah yes, I see, there is a user on GitHub who compiles Chromium for
Ubuntu, Debian and Windows operating systems with Clang/LLVM. I also
tested the .deb package it offers in version 117 and it worked. But of
course I had to delete the package distributed by Debian. And I also
didn't find any segmentation fault bug reports in version 116 in my
search. In this sense, research was carried out on other distributions
and their bug tracker. But I noticed that this problem sometimes
occurs considering the links inserted here.

https://groups.google.com/a/chromium.org/g/chromium-bugs/search?q=segmentation%20fault
https://bugs.chromium.org/p/chromium/issues/detail?id=48168
https://bbs.archlinux.org/viewtopic.php?id=151904
https://bugs.chromium.org/p/chromium/issues/list?q=segmentation%20fault=2
https://groups.google.com/a/chromium.org/g/chromium-bugs/c/wolJA_Ma4ZE
https://github.com/RobRich999/Chromium_Clang

-- 
Cheers,
Leandro Cunha

Bug#1051355: Processed: your mail

[Andres Salomon]

On Mon, Sep 11 2023 at 03:27:30 PM -03:00:00, Leandro Cunha 
 wrote:
On Mon, Sep 11, 2023 at 4:07 AM Andres Salomon > wrote:


 So apparently it's already fixed in sid and trixie:

 



 Bug didn't get closed because of the missing "(closes: " in that 
changelog entry. I'll push the clang-16 stuff to git so you can give 
it a test build on ppc.


 On Mon, Sep 11 2023 at 12:37:39 AM -05:00:00, Timothy Pearson 
> wrote:


 For 16 to work we'll need the Debian clang team to include this 
patchset:  Any chance of that 
happening? - Original Message -


 From: "Andres Salomon" > To: "Leandro Cunha" 
mailto:leandrocunha...@gmail.com>>, 
1051...@bugs.debian.org  Cc: 
"Timothy Pearson" > Sent: Sunday, September 10, 
2023 11:43:18 PM Subject: Re: Bug#1051355: Processed: your mail


 Alright, I built 117 w/ clang-16 on sid and it doesn't segfault. 
Same exact build but with clang-14 segfaults. Timothy, did you ever 
get the ppc64 issues with clang >= 15 squared away? It's looking 
like I'm going to need to upload a build with clang-16. On Sun, Sep 
10 2023 at 03:07:29 PM -03:00:00, Leandro Cunha 
mailto:leandrocunha...@gmail.com>> wrote:


 Hi, Em dom., 10 de set. de 2023 15:01, Andres Salomon 
mailto:dilin...@queued.net> 
<>> escreveu:


 Unfortunately 117 *also* segfaults on sid. I'm tempted to try a 
newer clang, but probably not 15 since debian's planning to remove 
it. 16, I guess?


 Arch is already with Clang 16 and I tested Chromium 117 in a vm 
that I installed here and it was working normally.


So we already have this version on unstable? I saw it in experimental.




That's just the defaults package, which we don't really care about. 
Because we're dealing with different compilers across different 
distributions, we're hardcoding the specific clang version for each 
distribution's build.

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 1051722 src:libnvme 1.5-2
Bug #1051722 [libnvme] libnvme fails to build from source on unstable
Bug reassigned from package 'libnvme' to 'src:libnvme'.
No longer marked as found in versions 1.5-2.
Ignoring request to alter fixed versions of bug #1051722 to the same values 
previously set
Bug #1051722 [src:libnvme] libnvme fails to build from source on unstable
Marked as found in versions libnvme/1.5-2.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1051722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 1051722 libnvme 1.5-2
Bug #1051722 [src:libnvme] libnvme fails to build from source on unstable
Bug reassigned from package 'src:libnvme' to 'libnvme'.
No longer marked as found in versions libnvme/1.3-1.
Ignoring request to alter fixed versions of bug #1051722 to the same values 
previously set
Bug #1051722 [libnvme] libnvme fails to build from source on unstable
There is no source info for the package 'libnvme' at version '1.5-2' with 
architecture ''
Unable to make a source version for version '1.5-2'
Marked as found in versions 1.5-2.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1051722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1051523: Doxygen changes breaks krb5 documentation build

[Sam Hartman]

> "Tianyu" == Tianyu Chen  writes:


Tianyu> During a local rebuild of krb5, your package failed to
Tianyu> build.

So, I'm guessing this is related to the upgrade in Debian from doxygen
1.9.4 to 1.9.8.

The krb5 build process uses doxygen to generate an xml representation of
the documentation from a bunch of C header files.  Then it uses a pile
of python scripts which haven't seen much love since the days of python2
to turn that documentation into rst, and then includes it in a sphinx
document.

It expects all the doxygen to be in a file called krb5_8hin.xml.
Unfortunately the new doxygen is breaking up the sources into a bunch of
different files and including  elements to refer to them rather
than  elements including their definition.  And so the python
doesn't find the definitions of the documented functions and the build
fails because not many rst files are generated.

I am hoping for help at this point.
I'll continue to look into it, but I'm not familiar with the innards of
doxygen, nor the xml parser that the krb5 python is using.


signature.asc
Description: PGP signature

Bug#1051355: Processed: your mail

[Leandro Cunha]

On Mon, Sep 11, 2023 at 4:07 AM Andres Salomon  wrote:
>
> So apparently it's already fixed in sid and trixie:
>
> https://tracker.debian.org/news/1454349/accepted-llvm-toolchain-16-11606-11-source-into-unstable/
>
> Bug didn't get closed because of the missing "(closes: " in that changelog 
> entry. I'll push the clang-16 stuff to git so you can give it a test build on 
> ppc.
>
> On Mon, Sep 11 2023 at 12:37:39 AM -05:00:00, Timothy Pearson 
>  wrote:
>
> For 16 to work we'll need the Debian clang team to include this patchset: 
> https://reviews.llvm.org/D158066 Any chance of that happening? - Original 
> Message -
>
> From: "Andres Salomon"  To: "Leandro Cunha" 
> , 1051...@bugs.debian.org Cc: "Timothy Pearson" 
>  Sent: Sunday, September 10, 2023 11:43:18 PM 
> Subject: Re: Bug#1051355: Processed: your mail
>
> Alright, I built 117 w/ clang-16 on sid and it doesn't segfault. Same exact 
> build but with clang-14 segfaults. Timothy, did you ever get the ppc64 issues 
> with clang >= 15 squared away? It's looking like I'm going to need to upload 
> a build with clang-16. On Sun, Sep 10 2023 at 03:07:29 PM -03:00:00, Leandro 
> Cunha  wrote:
>
> Hi, Em dom., 10 de set. de 2023 15:01, Andres Salomon  > escreveu:
>
> Unfortunately 117 *also* segfaults on sid. I'm tempted to try a newer clang, 
> but probably not 15 since debian's planning to remove it. 16, I guess?
>
> Arch is already with Clang 16 and I tested Chromium 117 in a vm that I 
> installed here and it was working normally.

So we already have this version on unstable? I saw it in experimental.
https://metadata.ftp-master.debian.org/changelogs//main/l/llvm-defaults/llvm-defaults_0.57~exp4_changelog

-- 
Cheers,
Leandro Cunha

Bug#1051722: libnvme fails to build from source on unstable

[Mateus Rodrigues de Morais]

Source: libnvme
Version: 1.3-1
Severity: serious
Tags: ftbfs patch
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: mateus.mor...@canonical.com

Hi,

Building libnvme from source currently fails during
execute_after_dh_auto_install when moving python-related files from
debian/tmp/usr/local/lib/python.

It seems these files are already at the correct location, at debian/tmp/usr/lib,
so removing the python correction lines from d/rules fixes the issue.

I'm building using sbuild on an sid schroot. The command I run is:
$ sbuild -d unstable --purge-build=successful 
--debbuildopts='--buildinfo-option=-O' --no-run-lintian

Ultimately, the build fails with:
make[1]: Entering directory '/<>'
# correcting python location
mv debian/tmp/usr/local/lib/python* debian/tmp/usr/lib
mv: cannot stat 'debian/tmp/usr/local/lib/python*': No such file or directory
make[1]: *** [debian/rules:13: execute_after_dh_auto_install] Error 1
make[1]: Leaving directory '/<>'
make: *** [debian/rules:6: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2


-- System Information:
Debian Release: bookworm/sid
  APT prefers lunar-updates
  APT policy: (500, 'lunar-updates'), (500, 'lunar-security'), (500, 'lunar'), 
(100, 'lunar-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.2.0-32-generic (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
>From 7fd68f186f60a0288b088dc2754aafd8451bbc5d Mon Sep 17 00:00:00 2001
From: Mateus Rodrigues de Morais 
Date: Wed, 6 Sep 2023 10:39:11 -0300
Subject: [PATCH] Removed Python location correction

---
 debian/rules | 4 
 1 file changed, 4 deletions(-)

diff --git a/debian/rules b/debian/rules
index 6673d04..4cb8910 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,10 +9,6 @@ override_dh_auto_configure:
dh_auto_configure -- -Ddocs=man -Ddocs-build=true -Dpython=enabled 
-Dopenssl=enabled --default-library=both
 
 execute_after_dh_auto_install:
-   # correcting python location
-   mv debian/tmp/usr/local/lib/python* debian/tmp/usr/lib
-   rm -rf debian/tmp/usr/local
-
# remove empty manpages
find debian/tmp/usr/share/man -type f -empty -exec rm -f {} +
 
-- 
2.39.2

Processed: reassign 1051294 to src:libxmlb, affects 1051294

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 1051294 src:libxmlb
Bug #1051294 [src:libxmlb-dev] fwupd: FTBFS: Run-time dependency xmlb found: NO 
(tried pkgconfig and cmake)
Warning: Unknown package 'src:libxmlb-dev'
Bug reassigned from package 'src:libxmlb-dev' to 'src:libxmlb'.
Ignoring request to alter found versions of bug #1051294 to the same values 
previously set
Ignoring request to alter fixed versions of bug #1051294 to the same values 
previously set
> affects 1051294 src:fwupd
Bug #1051294 [src:libxmlb] fwupd: FTBFS: Run-time dependency xmlb found: NO 
(tried pkgconfig and cmake)
Ignoring request to set affects of bug 1051294 to the same value previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1051294: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051294
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: [bts-link] source package src:numba

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #
> # bts-link upstream status pull for source package src:numba
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting user to debian-bts-l...@lists.debian.org (was 
debian-bts-l...@lists.debian.org).
> # remote status report for #1033907 (http://bugs.debian.org/1033907)
> # Bug title: numba: autopkgtest regression: segmentation fault on arm64
> #  * https://github.com/numba/numba/issues/9109
> #  * remote status changed: open -> closed
> #  * closed upstream
> tags 1033907 + fixed-upstream
Bug #1033907 [src:numba] numba: autopkgtest regression: segmentation fault on 
arm64
Added tag(s) fixed-upstream.
> usertags 1033907 - status-open
Usertags were: status-open.
There are now no usertags set.
> usertags 1033907 + status-closed
There were no usertags set.
Usertags are now: status-closed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1033907: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033907
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1035422: marked as done (librust-barrel+diesel-dev: depends on unavailable librust-diesel-1-dev (>= 1.2-~~))

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 17:23:41 +
with message-id 
and subject line Bug#1035422: fixed in rust-barrel 0.7.0-1
has caused the Debian Bug report #1035422,
regarding librust-barrel+diesel-dev: depends on unavailable 
librust-diesel-1-dev (>= 1.2-~~)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1035422: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035422
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: librust-barrel+diesel-dev,librust-barrel+diesel-rs-dev
Version: 0.6.5-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

  The following packages have unmet dependencies:
   librust-barrel+diesel-dev : Depends: librust-diesel-1-dev (>= 1.2-~~) but it 
is not installable

  The following packages have unmet dependencies:
   librust-barrel+diesel-rs-dev : Depends: librust-diesel-1-dev (>= 1.2-~~) but 
it is not installable

src:rust-diesel is already at version 2.0.3


cheers,

Andreas
--- End Message ---
--- Begin Message ---
Source: rust-barrel
Source-Version: 0.7.0-1
Done: Matthias Geiger 

We believe that the bug you reported is fixed in the latest version of
rust-barrel, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1035...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Geiger  (supplier of updated rust-barrel package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 11 Sep 2023 19:00:40 +0200
Source: rust-barrel
Architecture: source
Version: 0.7.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers 

Changed-By: Matthias Geiger 
Closes: 1035422
Changes:
 rust-barrel (0.7.0-1) unstable; urgency=medium
 .
   * Team upload.
   * Package barrel 0.7.0 from crates.io using debcargo 2.6.0
   * Collapsed features in debcargo.toml
   * New upstream release (Closes: #1035422)
   * Exclude examples and mark pq, mysql features as flaky to enable
 tests
Checksums-Sha1:
 851aed925e4ec6c135106c6518ea408fddaa857d 2195 rust-barrel_0.7.0-1.dsc
 8ce3d144b88b226ae88c6fb42520c550e6fdef33 33870 rust-barrel_0.7.0.orig.tar.gz
 ab23b6ca8f9fb9cd79ed2b37d677655d24dc2906 3556 rust-barrel_0.7.0-1.debian.tar.xz
 6e6d8cb7366d3705efe9a589e826541553550fcd 7328 
rust-barrel_0.7.0-1_source.buildinfo
Checksums-Sha256:
 73ca485f81e430891c5fab3a0b16392bf3143aef50033a6288170361e8ce8fac 2195 
rust-barrel_0.7.0-1.dsc
 3a174acfef113a0fda03b6b86a44864232c51bf12d887a9ec4f02e5b71280074 33870 
rust-barrel_0.7.0.orig.tar.gz
 a53222477176dd6ffaa632bdff9bba65a161f8a8f649c0329af94371bb97b9ba 3556 
rust-barrel_0.7.0-1.debian.tar.xz
 cfb88181518cb4d755b20b204a47b0168b58c9d2b6e1e65adc4f5592cba199ed 7328 
rust-barrel_0.7.0-1_source.buildinfo
Files:
 e07a2585d0bda85b66b9af0bd3134ae7 2195 rust optional rust-barrel_0.7.0-1.dsc
 fb9e0122128af444b4b71bb223ecb3b6 33870 rust optional 
rust-barrel_0.7.0.orig.tar.gz
 522360f6383533748bb7fa5950cea66e 3556 rust optional 
rust-barrel_0.7.0-1.debian.tar.xz
 2533bc0068a07fbc8f309e73fb2c8952 7328 rust optional 
rust-barrel_0.7.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJJBAEBCgAzFiEEwuGmy/3s5RGopBdtGL0QaztsVHUFAmT/R7wVHHdlcmRhaGlh
c0ByaXNldXAubmV0AAoJEBi9EGs7bFR1yS0QAJA1Cuwf+c92aT/YTxvzA+aNkl02
wIMwF056BN/AjsJd+QTkyNJ4eJqKC3uuh4YndBvXS9u8GJCYXI+FBixjiXK+aIc5
LMHFl07t09hDTSqkv7hlNx2EsJrPOwrcwI2hZ9tD0R5sTOKXwvVqiZW/zR+cTqzr
HdsdqMIUJWo9pF+EQ8UOGBPLZ+mwrfrrmeRbz6td6xIBdVXaUvJ2SfCCMIcoxoWI
2lqA69eiz56x+cfArXVE7Pzn1ZOGnPpVUpYGzqgmPWf7t8VMifUUmDLZ/wGvSt04
noW50b5rrdo9STsglNxvh4l7SY9IVWRjClxB1QVJ9w0DSf8e5/fpU5ICyZTvjVuz
hYirYiYPHsJQcZFrMA7LmlY1SkBv5Bw1T0obRFP1A3Du4gwiQBRX3emEjYAgV5DG
hpu9MGRnVOkk3xmyfW9E4YOK0suvwBUuPPYfsIHitAVUXxqULqHDW3drcqlynTap
r0QhneOlGKicWnyz60UdG5YRinznaLu806/75sHdiv/PQevzADumABJyLMzYXQZF
i5fXzsBf2gNqGbxNrg+yw21SdZ8/lCLYvJR5iVyflAwTipyKG1WRje7C3VjovdXN
GFl6vJymtSCSrjfXSW+wULqA0rc1xhQvsBqwJTLQ92bH26AFXou+YqU1RjrHGwU1
lV8o4B2TgrfiLXP8
=eo6a
-END PGP SIGNATURE End Message ---

Processed: reassign 1051294 to src:libxmlb-dev, affects 1051294

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 1051294 src:libxmlb-dev
Bug #1051294 [src:fwupd] fwupd: FTBFS: Run-time dependency xmlb found: NO 
(tried pkgconfig and cmake)
Bug reassigned from package 'src:fwupd' to 'src:libxmlb-dev'.
Warning: Unknown package 'src:libxmlb-dev'
Warning: Unknown package 'src:libxmlb-dev'
No longer marked as found in versions fwupd/1.9.4-2.
Warning: Unknown package 'src:libxmlb-dev'
Warning: Unknown package 'src:libxmlb-dev'
Ignoring request to alter fixed versions of bug #1051294 to the same values 
previously set
Warning: Unknown package 'src:libxmlb-dev'
> affects 1051294 src:fwupd
Bug #1051294 [src:libxmlb-dev] fwupd: FTBFS: Run-time dependency xmlb found: NO 
(tried pkgconfig and cmake)
Warning: Unknown package 'src:libxmlb-dev'
Added indication that 1051294 affects src:fwupd
Warning: Unknown package 'src:libxmlb-dev'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1051294: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051294
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: severity of 1051717 is wishlist

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 1051717 wishlist
Bug #1051717 [bsdgames] split wtf(6) in a separate package?
Severity set to 'wishlist' from 'critical'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1051717: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051717
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1051717: split wtf(6) in a separate package?

[Antoine Beaupre]

Package: bsdgames
Version: 2.17-29+b1
Severity: critical

I wonder if wtf(6) should be split in a separate package. It's a
genuinely useful package (as opposed to a "game") that I have only
discovered recently, even though I have been familiar with BSD games
for more than a few decades at this point (!).

It seems to be effectively maintained in its own fork right now, with
updates on the acronyms files maintained in debian/patches, which
... doesn't seem ideal.

void-linux seem to have their own git repo for this now:

https://github.com/void-linux/netbsd-wtf

... and it seems relatively up to date. It *looks* like the upstream
source is split between:

http://cvsweb.netbsd.org/bsdweb.cgi/src/share/misc/?only_with_tag=MAIN

and:

http://cvsweb.netbsd.org/bsdweb.cgi/src/games/wtf/?only_with_tag=MAIN

... so I'm not sure how we should handle that, but maybe converging
over the above git repo would be best?

Another upstream I found is:

https://sourceforge.net/projects/bsd-games/

... but i'm not sure how valid that actually is either.

Arch seems to be using this as an upstream now:

https://github.com/vattam/BSDGames

See:

https://archlinux.org/packages/extra/x86_64/bsd-games/

... but that doesn't ship the wtf(6) program!

Anyway, just a thought!

-- System Information:
Debian Release: 12.1
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable'), 
(1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-11-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bsdgames depends on:
ii  libc6  2.36-9+deb12u1
ii  libfl2 2.6.4-8.2
ii  libgcc-s1  12.2.0-14
ii  libncurses66.4-4
ii  libstdc++6 12.2.0-14
ii  libtinfo6  6.4-4
ii  miscfiles [wordlist]   1.5+dfsg-4
ii  wamerican-huge [wordlist]  2020.12.07-2
ii  wfrench [wordlist] 1.2.7-2

bsdgames recommends no packages.

bsdgames suggests no packages.

-- no debconf information

Bug#1038135: marked as done (rust-diesel: librust-diesel-dev uninstallable on 32-bit archs)

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 16:14:55 +
with message-id 
and subject line Bug#1038135: fixed in rust-diesel 2.0.3-2
has caused the Debian Bug report #1038135,
regarding rust-diesel: librust-diesel-dev uninstallable on 32-bit archs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038135
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rust-diesel
Version: 2.0.3-1
Severity: serious
Tags: patch
Justification: uninstallable
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu mantic ubuntu-patch

Dear maintainers,

rust-diesel is not migrating to Debian testing because it depends on
librust-pq-sys-dev and librust-mysqlclient-sys-dev, neither of which is
buildable on 32-bit archs; but it does not build-depend on these packages,
so librust-diesel-dev builds uninstallable binary packages.

Either rust-diesel should build-depend on these packages so that binaries
are not built on architectures where they're unavailable, or the
dependencies should be relaxed so that the packages are installable.

For the moment, I've opted for the first of these in Ubuntu.  See attached
patch.

Thanks for considering,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
diff -Nru rust-diesel-2.0.3/debian/control rust-diesel-2.0.3/debian/control
--- rust-diesel-2.0.3/debian/control2023-02-10 03:05:35.0 -0800
+++ rust-diesel-2.0.3/debian/control2023-06-15 13:22:18.0 -0700
@@ -8,7 +8,9 @@
  libstd-rust-dev ,
  librust-diesel-derives-2.0+32-column-tables-dev ,
  librust-diesel-derives-2.0+default-dev ,
- librust-diesel-derives-2.0+with-deprecated-dev 
+ librust-diesel-derives-2.0+with-deprecated-dev ,
+ librust-pq-sys-dev,
+ librust-mysqlclient-sys-dev
 Maintainer: Debian Rust Maintainers 

 Uploaders:
  kpcyrd ,
--- End Message ---
--- Begin Message ---
Source: rust-diesel
Source-Version: 2.0.3-2
Done: Matthias Geiger 

We believe that the bug you reported is fixed in the latest version of
rust-diesel, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Geiger  (supplier of updated rust-diesel package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 11 Sep 2023 17:36:52 +0200
Source: rust-diesel
Architecture: source
Version: 2.0.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers 

Changed-By: Matthias Geiger 
Closes: 1038135
Changes:
 rust-diesel (2.0.3-2) unstable; urgency=medium
 .
   * Team upload.
   * Package diesel 2.0.3 from crates.io using debcargo 2.6.0
   * Dropped use-dotenv patch and updated relax-deps patch as dotenvy is
 in debian
   * Build-depend on newer mysqlclient-sys and pq-sys versions that built on 32-
 bit arches (Closes: #1038135)
Checksums-Sha1:
 fccd5ea9fa4430a1840a6d84d908ddc2a5109cc5 2329 rust-diesel_2.0.3-2.dsc
 04c3a1b984b973f5386b167c23e6af207a755e88 5104 rust-diesel_2.0.3-2.debian.tar.xz
 540e0dc4758c0a913c20541b5a02fe76432c90e4 7328 
rust-diesel_2.0.3-2_source.buildinfo
Checksums-Sha256:
 17a9fe4c4220b76f9e64269de8a444e7e69e4c7a5428633d6dde0428239e7385 2329 
rust-diesel_2.0.3-2.dsc
 dc90aa6c6b442b15ee5b19e408bf0eb8e247f2cf5bf58a27a5b7075c570636c0 5104 
rust-diesel_2.0.3-2.debian.tar.xz
 8a5e9be0b6c1d82e196a2230c04d002684dc8f60cc20f1a9329cfdf9939928fa 7328 
rust-diesel_2.0.3-2_source.buildinfo
Files:
 5b2359a59da057a08b4db48b5b8d350b 2329 rust optional rust-diesel_2.0.3-2.dsc
 b18968b826ff38c98dc348acbcb3e308 5104 rust optional 
rust-diesel_2.0.3-2.debian.tar.xz
 c69d21181aea6816af81703e92e7ba9a 7328 rust optional 
rust-diesel_2.0.3-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJJBAEBCgAzFiEEwuGmy/3s5RGopBdtGL0QaztsVHUFAmT/NBgVHHdlcmRhaGlh
c0ByaXNldXAubmV0AAoJEBi9EGs7bFR1TrUP/ifs8cNe2mCfK22Mg6cAf1TeMOaS

Bug#957501: marked as done (looptools: ftbfs with GCC-10)

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 15:19:06 +
with message-id 
and subject line Bug#957501: fixed in looptools 2.16-1
has caused the Debian Bug report #957501,
regarding looptools: ftbfs with GCC-10
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
957501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=957501
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:looptools
Version: 2.8-1
Severity: normal
Tags: sid bullseye
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-10

Please keep this issue open in the bug tracker for the package it
was filed for.  If a fix in another package is required, please
file a bug for the other package (or clone), and add a block in this
package. Please keep the issue open until the package can be built in
a follow-up test rebuild.

The package fails to build in a test rebuild on at least amd64 with
gcc-10/g++-10, but succeeds to build with gcc-9/g++-9. The
severity of this report will be raised before the bullseye release,
so nothing has to be done for the buster release.

The full build log can be found at:
http://people.debian.org/~doko/logs/gcc10-20200225/looptools_2.8-1_unstable_gcc10.log
The last lines of the build log are at the end of this report.

To build with GCC 10, either set CC=gcc-10 CXX=g++-10 explicitly,
or install the gcc, g++, gfortran, ... packages from experimental.

  apt-get -t=experimental install g++ 

Common build failures are new warnings resulting in build failures with
-Werror turned on, or new/dropped symbols in Debian symbols files.
For other C/C++ related build failures see the porting guide at
http://gcc.gnu.org/gcc-10/porting_to.html

[...]
f951: Warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for 
Fortran
gfortran -fstack-protector --param=ssp-buffer-size=4 -Werror=format-security 
-O1 -g -ffixed-line-length-none -fno-range-check -ff2c  -DQUAD=1 -DU77EXT=0 
 -I. -c -o ffdxc0.o ffdxc0.F
f951: Warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for 
Fortran
gfortran -fstack-protector --param=ssp-buffer-size=4 -Werror=format-security 
-O1 -g -ffixed-line-length-none -fno-range-check -ff2c  -DQUAD=1 -DU77EXT=0 
 -I. -c -o ffdcc0.o ffdcc0.F
gfortran -fstack-protector --param=ssp-buffer-size=4 -Werror=format-security 
-O1 -g -ffixed-line-length-none -fno-range-check -ff2c  -DQUAD=1 -DU77EXT=0 
 -I. -c -o ffdel3.o ffdel3.F
f951: Warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for 
Fortran
f951: Warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for 
Fortran
gfortran -fstack-protector --param=ssp-buffer-size=4 -Werror=format-security 
-O1 -g -ffixed-line-length-none -fno-range-check -ff2c  -DQUAD=1 -DU77EXT=0 
 -I. -c -o ffcel3.o ffcel3.F
f951: Warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for 
Fortran
gfortran -fstack-protector --param=ssp-buffer-size=4 -Werror=format-security 
-O1 -g -ffixed-line-length-none -fno-range-check -ff2c  -DQUAD=1 -DU77EXT=0 
 -I. -c -o D0.o D0.F
f951: Warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for 
Fortran
gfortran -fstack-protector --param=ssp-buffer-size=4 -Werror=format-security 
-O1 -g -ffixed-line-length-none -fno-range-check -ff2c  -DQUAD=1 -DU77EXT=0 
 -I. -c -o D0C.o D0C.F
f951: Warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for 
Fortran
D0.F:1289:36:

  929 |  &  2*(Li2omrat2(q2, s, q4, t) -
  |  2
..
 1289 |dilogs = Li2omrat2(q3, t, x43(4), x43(2)) +
  |1
Error: Type mismatch between actual argument at (1) and actual argument at (2) 
(COMPLEX(8)/REAL(8)).
D0.F:1290:38:

  929 |  &  2*(Li2omrat2(q2, s, q4, t) -
  |  2
..
 1290 |  & Li2omrat2(q3, t, x43(3), x43(1)) +
  |  1
Error: Type mismatch between actual argument at (1) and actual argument at (2) 
(COMPLEX(8)/REAL(8)).
D0.F:1291:38:

  929 |  &  2*(Li2omrat2(q2, s, q4, t) -
  |  2
..
 1291 |  & Li2omrat2(q4, s, x43(1), x43(3)) +
  |  1
Error: Type mismatch between actual argument at (1) and actual argument at (2) 
(COMPLEX(8)/REAL(8)).
D0.F:1292:38:

  929 |  &  2*(Li2omrat2(q2, s, q4, t) -
  |  2
..
 1292 |  & Li2omrat2(q4, s, x43(2), x43(4))
  | 

Bug#1008996: marked as done (opentsne builds with -march=native on amd64)

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 15:19:32 +
with message-id 
and subject line Bug#1008996: fixed in opentsne 1.0.0-1
has caused the Debian Bug report #1008996,
regarding opentsne builds with -march=native on amd64
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1008996: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008996
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: opentsne
Version: 0.6.1-2
Severity: serious

Building with -march=native means the package will only work
on machines compatible with whatever buildd built it.

Please remove the -march=native from setup.py.
--- End Message ---
--- Begin Message ---
Source: opentsne
Source-Version: 1.0.0-1
Done: Picca Frédéric-Emmanuel 

We believe that the bug you reported is fixed in the latest version of
opentsne, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1008...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Picca Frédéric-Emmanuel  (supplier of updated opentsne 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 11 Sep 2023 16:34:39 +0200
Source: opentsne
Architecture: source
Version: 1.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PaN Maintainers 

Changed-By: Picca Frédéric-Emmanuel 
Closes: 1008996
Changes:
 opentsne (1.0.0-1) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Bump debhelper from old 12 to 13.
   * Set debhelper-compat version in Build-Depends.
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
 Repository-Browse.
   * Update standards version to 4.6.0, no changes needed.
 .
   [ Picca Frédéric-Emmanuel ]
   * New upstream version 1.0.0
   * Bug fix: "opentsne builds with -march=native on amd64", thanks to
 Adrian Bunk (Closes: #1008996).
Checksums-Sha1:
 70273837837a1fb40e590674771262df95f7281c 2535 opentsne_1.0.0-1.dsc
 244a87f6d7d657fd46af1d701fd298c47f138bcf 22643133 opentsne_1.0.0.orig.tar.gz
 a8c26c585715c789d6c1af3408d61216276966ed 3408 opentsne_1.0.0-1.debian.tar.xz
Checksums-Sha256:
 173c908d2516a71d2e813f2e211b42ca5f4d4347d5b77641a9fdbdb665154ccf 2535 
opentsne_1.0.0-1.dsc
 31de08ea24dbfccec756535d5b9c3aa72cdcaad1bad2f505de6993328743f4f0 22643133 
opentsne_1.0.0.orig.tar.gz
 4da2f0655295bb2a969c1325b6c37a27a24e571a61a77b6d6c3afae12fc2ab4b 3408 
opentsne_1.0.0-1.debian.tar.xz
Files:
 c3bfc95f20fc71bd16cd07e304a43cdd 2535 python optional opentsne_1.0.0-1.dsc
 c3a837f60429d36cdae70c7ed08977ec 22643133 python optional 
opentsne_1.0.0.orig.tar.gz
 60e12597be8ee35fed40cb91c6fe7414 3408 python optional 
opentsne_1.0.0-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEE2bRTt5m4gw2UXmoKW/VOXhK5ALsFAmT/KQoRHHBpY2NhQGRl
Ymlhbi5vcmcACgkQW/VOXhK5ALswIxAAgP/ouztaUkcvzsLH1eesRfFZTBc+uL3o
zbuotCxbEdUIQT6aVTSS1+XmDaLtovJKYDOoUIxRkb6U5GejAXBbxcyBbTk4V9YD
+NjdB01yk0Uj0uZDfHRY4FPKLhG/LFSAGeV1UByEjY/Dyy9cvFKIYvD5xnB3pRAV
65jpcu4emiVw48854H9x3agDw9sAwzbs1H6nTx2rWMUiWPXobCfhvRh6qcUk2SLC
qaOqaVvJLjJ01Oygbc8HtxQ6pYFAnONDubVGytyooHstIIbdnxDLjVXHGaLYwqgr
/YutGpY5UA+9oXdiLeOYcdw4ayL5UXPkEcLC6EaGayQBIrrTcmOsvbQVHO3bC1Ag
tgiJmlGAjwvqT6sxIV/qiDaPN0H37gJycmHFrHHOxTR6n9QdsVxECsjZKMeHd+1B
Spdh7vhcpdmBJ7AVZJhjw6lBNRuLWvyNHwJ+wvSvBIoi+MP5BTr2KBwNh3LMM/G2
wEgVvhT2AbK8eTA2o5lvm3QfzMuYJhjwG37AKfottfO11AHqsBssCnGp4zn4TZLE
FEcBNLV3hkrx979iiN4kelwwJqJJ8o0PYBf2qqpVyIDx8u5EShm/7wj+yBF69J9J
Shl/n93Ps4sk0wYGjAcWmHYVJ1VMy41PxaAyOgvGa5dG++3YU9bYqm3BkWg3QNK5
Y0E3lqpkoyc=
=RuYe
-END PGP SIGNATURE End Message ---

Bug#1049903: petsc: misbuild with gcc-13

[Drew Parsons]

Source: petsc
Followup-For: Bug #1049903

Thanks for the clarification.  I'll apply the patch.

Processed: tagging 1051454

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1051454 + confirmed upstream pending
Bug #1051454 [src:librist] librist: FTBFS on 32-bit architectures: "Simple 
profile unicast packet loss" test segfaults
Added tag(s) confirmed, pending, and upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1051454: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051454
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Debian Bug Tracking System]

Processing control commands:

> found -1 5.10.191-1
Bug #1051592 [linux] linux: Regression - upgrade to 6.1.52-1 breaks nftables
There is no source info for the package 'linux' at version '5.10.191-1' with 
architecture ''
Unable to make a source version for version '5.10.191-1'
Marked as found in versions 5.10.191-1.

-- 
1051592: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051592
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1036076: rust-mysqlclient-sys appears to be unsound when used with mariadb.

[Matthias Geiger]

On Mon, 15 May 2023 05:47:10 +0100 Peter Green  wrote:
> Package: rust-mysqlclient-sys
> Severity: serious
>
> I was looking at why rust-diesel was not migrating to testing
> (other than the freeze obviously) and noticed that rust-mysqlclient-sys
> was not built on 32-bit architectures. As with a bunch of other
> packages I correctly suspected this was mostly a case of unportable
> bindgen-generated tests and started preparing fixes for them.
>
> However while doing so, I rapidly came to the conclusion that something
> else was wrong. Specifically I noticed significant discrepancies
> between the "mysql" (actually mariadb) C headers on my system and the
> rust bindings in rust-mysqlclient-sys.
>
> The tests in the crate only test that the size/alignment of the
> structures defined in the crate are consistent with what they were
> when the bindings were generated. They do not check in any way that
> they are consistent with the structures defined by the C headers on
> the user's system. There are no functional tests either.
>
> My conclusion is that attempting to use this crate with mariadb
> is highly unsound, though I don't know enough about how the mysql
> client library is used to determine in what way exactly it will break
> and whether the breakage is likely to be immediately apparent or more
> subtle.
>

fwiw, I reported an issue upstream about the failing tests and uploaded 
a version skipping those unblocking diesel and rdeps.


best,

--
Matthias Geiger (werdahias)
Debian Maintainer
"Freiheit ist immer Freiheit des anders Denkenden" -- Rosa Luxemburg



OpenPGP_0x18BD106B3B6C5475.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Salvatore Bonaccorso]

Control: found -1 5.10.191-1

On Mon, Sep 11, 2023 at 04:17:46PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 + confirmed upstream
> 
> Hi,
> 
> On Mon, Sep 11, 2023 at 04:08:07PM +0200, Salvatore Bonaccorso wrote:
> > Control: tags -1 - moreinfo unreproducible
> > 
> > Hi Timo,
> > 
> > On Mon, Sep 11, 2023 at 03:15:18AM +0200, Timo Sigurdsson wrote:
> > > Hi,
> > > 
> > > Salvatore Bonaccorso schrieb am 10.09.2023 12:21 (GMT +02:00):
> > > 
> > > > Would it be possible to provide a minimal set of rules triggering the
> > > > issue? Can you reproduce the issue with the official build?
> > > 
> > > So, I did some more testing on a different machine running the official 
> > > build. My findings so far are:
> > > 1) Yes, I can reproduce the issue with the official build.
> > > 2) The issue depends on the ruleset. The minimal ruleset I have on that 
> > > machine, doesn't trigger the issue, but when I copy over the ruleset from 
> > > the machine I first observed this on, then I can reproduce it.
> > > 
> > > I'm attaching a somewhat stripped down version of my original, rather 
> > > complex ruleset. It's by no means a "minimal" reproducer, cause I haven't 
> > > had the time yet to further reduce it in order to see what actually 
> > > triggers it. But you should be able to observe that this ruleset loads 
> > > just fine on linux 6.1.38-4, but doesn't anymore on 6.1.52-1.
> > 
> > Thanks for providing it, this helps debugging the issue.
> > 
> > > I also started looking into what commit could have introduced this. My 
> > > first guess "netfilter: nft_dynset: disallow object maps" (23185c6aed1f) 
> > > is wrong. Even with this one reverted, the issue occurs. I'll try another 
> > > build with "netfilter: nf_tables: disallow rule addition to bound chain 
> > > via NFTA_RULE_CHAIN_ID" (0ebc1064e487) reverted tomorrow evening...
> > 
> > Thanks, as soon we have the introducing commit we can go to the next
> > step and check upstream. I cannot trigger the problem with 6.4.13-1 or
> > 6.5.2.
> 
> The issue seems to be present already in 6.1.49-rc1, which I had still
> from local pareparations for the rebases. So the bisection needs to go
> to the upstream versions between 6.1.38 and 6.1.49 at least.

Additionally the behaviour change is as well in 5.10.191-1 (and
5.10.193 upstream), whereeas not triggering in 5.10.179.

So to be on the safe side making the following statement: either this
is a real regression affecting several stable series or there is an
intentional upstream change uncovering an issue in ruleset. As the
behaviour is not in 6.5.2 for now considering it the first case.

Regards,
Salvatore

Processed: Re: Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed upstream
Bug #1051592 [linux] linux: Regression - upgrade to 6.1.52-1 breaks nftables
Added tag(s) upstream and confirmed.

-- 
1051592: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051592
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Salvatore Bonaccorso]

Control: tags -1 + confirmed upstream

Hi,

On Mon, Sep 11, 2023 at 04:08:07PM +0200, Salvatore Bonaccorso wrote:
> Control: tags -1 - moreinfo unreproducible
> 
> Hi Timo,
> 
> On Mon, Sep 11, 2023 at 03:15:18AM +0200, Timo Sigurdsson wrote:
> > Hi,
> > 
> > Salvatore Bonaccorso schrieb am 10.09.2023 12:21 (GMT +02:00):
> > 
> > > Would it be possible to provide a minimal set of rules triggering the
> > > issue? Can you reproduce the issue with the official build?
> > 
> > So, I did some more testing on a different machine running the official 
> > build. My findings so far are:
> > 1) Yes, I can reproduce the issue with the official build.
> > 2) The issue depends on the ruleset. The minimal ruleset I have on that 
> > machine, doesn't trigger the issue, but when I copy over the ruleset from 
> > the machine I first observed this on, then I can reproduce it.
> > 
> > I'm attaching a somewhat stripped down version of my original, rather 
> > complex ruleset. It's by no means a "minimal" reproducer, cause I haven't 
> > had the time yet to further reduce it in order to see what actually 
> > triggers it. But you should be able to observe that this ruleset loads just 
> > fine on linux 6.1.38-4, but doesn't anymore on 6.1.52-1.
> 
> Thanks for providing it, this helps debugging the issue.
> 
> > I also started looking into what commit could have introduced this. My 
> > first guess "netfilter: nft_dynset: disallow object maps" (23185c6aed1f) is 
> > wrong. Even with this one reverted, the issue occurs. I'll try another 
> > build with "netfilter: nf_tables: disallow rule addition to bound chain via 
> > NFTA_RULE_CHAIN_ID" (0ebc1064e487) reverted tomorrow evening...
> 
> Thanks, as soon we have the introducing commit we can go to the next
> step and check upstream. I cannot trigger the problem with 6.4.13-1 or
> 6.5.2.

The issue seems to be present already in 6.1.49-rc1, which I had still
from local pareparations for the rebases. So the bisection needs to go
to the upstream versions between 6.1.38 and 6.1.49 at least.

Regards,
Salvatore

Processed: Re: Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Debian Bug Tracking System]

Processing control commands:

> tags -1 - moreinfo unreproducible
Bug #1051592 [linux] linux: Regression - upgrade to 6.1.52-1 breaks nftables
Removed tag(s) moreinfo and unreproducible.

-- 
1051592: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051592
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1051592: linux: Regression - upgrade to 6.1.52-1 breaks nftables

[Salvatore Bonaccorso]

Control: tags -1 - moreinfo unreproducible

Hi Timo,

On Mon, Sep 11, 2023 at 03:15:18AM +0200, Timo Sigurdsson wrote:
> Hi,
> 
> Salvatore Bonaccorso schrieb am 10.09.2023 12:21 (GMT +02:00):
> 
> > Would it be possible to provide a minimal set of rules triggering the
> > issue? Can you reproduce the issue with the official build?
> 
> So, I did some more testing on a different machine running the official 
> build. My findings so far are:
> 1) Yes, I can reproduce the issue with the official build.
> 2) The issue depends on the ruleset. The minimal ruleset I have on that 
> machine, doesn't trigger the issue, but when I copy over the ruleset from the 
> machine I first observed this on, then I can reproduce it.
> 
> I'm attaching a somewhat stripped down version of my original, rather complex 
> ruleset. It's by no means a "minimal" reproducer, cause I haven't had the 
> time yet to further reduce it in order to see what actually triggers it. But 
> you should be able to observe that this ruleset loads just fine on linux 
> 6.1.38-4, but doesn't anymore on 6.1.52-1.

Thanks for providing it, this helps debugging the issue.

> I also started looking into what commit could have introduced this. My first 
> guess "netfilter: nft_dynset: disallow object maps" (23185c6aed1f) is wrong. 
> Even with this one reverted, the issue occurs. I'll try another build with 
> "netfilter: nf_tables: disallow rule addition to bound chain via 
> NFTA_RULE_CHAIN_ID" (0ebc1064e487) reverted tomorrow evening...

Thanks, as soon we have the introducing commit we can go to the next
step and check upstream. I cannot trigger the problem with 6.4.13-1 or
6.5.2.

Regards,
Salvatore

Bug#1038135: rust-diesel: librust-diesel-dev uninstallable on 32-bit archs

[Matthias Geiger]

On Thu, 15 Jun 2023 13:32:41 -0700 Steve Langasek 
 wrote:

> Package: rust-diesel
> Version: 2.0.3-1
> Severity: serious
> Tags: patch
> Justification: uninstallable
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu mantic ubuntu-patch
>
> Dear maintainers,
>
> rust-diesel is not migrating to Debian testing because it depends on
> librust-pq-sys-dev and librust-mysqlclient-sys-dev, neither of which is
> buildable on 32-bit archs; but it does not build-depend on these 
packages,

> so librust-diesel-dev builds uninstallable binary packages.
>
> Either rust-diesel should build-depend on these packages so that binaries
> are not built on architectures where they're unavailable, or the
> dependencies should be relaxed so that the packages are installable.
>
> For the moment, I've opted for the first of these in Ubuntu. See attached
> patch.
>


I just uploaded a proper version of mysqlclient-sys where the failing 
bindgen tests are skipped for now.


I'll do the same for pq-sys; that should make it and dependent packages 
build/installable.


best,

werdahias

Bug#957313: marked as done (grsync: ftbfs with GCC-10)

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 15:39:30 +0200
with message-id <5101bd52-af40-4b83-99ee-ca6fa8fe1...@debian.org>
and subject line Re: grsync: ftbfs with GCC-10
has caused the Debian Bug report #957313,
regarding grsync: ftbfs with GCC-10
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
957313: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=957313
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:grsync
Version: 1.2.6-2
Severity: normal
Tags: sid bullseye
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-10

Please keep this issue open in the bug tracker for the package it
was filed for.  If a fix in another package is required, please
file a bug for the other package (or clone), and add a block in this
package. Please keep the issue open until the package can be built in
a follow-up test rebuild.

The package fails to build in a test rebuild on at least amd64 with
gcc-10/g++-10, but succeeds to build with gcc-9/g++-9. The
severity of this report will be raised before the bullseye release,
so nothing has to be done for the buster release.

The full build log can be found at:
http://people.debian.org/~doko/logs/gcc10-20200225/grsync_1.2.6-2_unstable_gcc10.log
The last lines of the build log are at the end of this report.

To build with GCC 10, either set CC=gcc-10 CXX=g++-10 explicitly,
or install the gcc, g++, gfortran, ... packages from experimental.

  apt-get -t=experimental install g++ 

Common build failures are new warnings resulting in build failures with
-Werror turned on, or new/dropped symbols in Debian symbols files.
For other C/C++ related build failures see the porting guide at
http://gcc.gnu.org/gcc-10/porting_to.html

[...]
In file included from /usr/include/glib-2.0/glib/galloca.h:32,
 from /usr/include/glib-2.0/glib.h:30,
 from /usr/include/glib-2.0/gobject/gbinding.h:28,
 from /usr/include/glib-2.0/glib-object.h:23,
 from /usr/include/glib-2.0/gio/gioenums.h:28,
 from /usr/include/glib-2.0/gio/giotypes.h:28,
 from /usr/include/glib-2.0/gio/gio.h:26,
 from /usr/include/gtk-2.0/gdk/gdkapplaunchcontext.h:30,
 from /usr/include/gtk-2.0/gdk/gdk.h:32,
 from /usr/include/gtk-2.0/gtk/gtk.h:32,
 from callbacks.c:5:
/usr/include/glib-2.0/glib/gtypes.h:551:8: note: declared here
  551 | struct _GTimeVal
  |^
callbacks.c:1367:3: warning: ‘g_get_current_time’ is deprecated: Use 
'g_get_real_time' instead [-Wdeprecated-declarations]
 1367 |   g_get_current_time();
  |   ^~
In file included from /usr/include/glib-2.0/glib/giochannel.h:33,
 from /usr/include/glib-2.0/glib.h:54,
 from /usr/include/glib-2.0/gobject/gbinding.h:28,
 from /usr/include/glib-2.0/glib-object.h:23,
 from /usr/include/glib-2.0/gio/gioenums.h:28,
 from /usr/include/glib-2.0/gio/giotypes.h:28,
 from /usr/include/glib-2.0/gio/gio.h:26,
 from /usr/include/gtk-2.0/gdk/gdkapplaunchcontext.h:30,
 from /usr/include/gtk-2.0/gdk/gdk.h:32,
 from /usr/include/gtk-2.0/gtk/gtk.h:32,
 from callbacks.c:5:
/usr/include/glib-2.0/glib/gmain.h:575:8: note: declared here
  575 | void   g_get_current_time (GTimeVal   *result);
  |^~
callbacks.c:1374:3: warning: ‘g_get_current_time’ is deprecated: Use 
'g_get_real_time' instead [-Wdeprecated-declarations]
 1374 |   g_get_current_time();
  |   ^~
In file included from /usr/include/glib-2.0/glib/giochannel.h:33,
 from /usr/include/glib-2.0/glib.h:54,
 from /usr/include/glib-2.0/gobject/gbinding.h:28,
 from /usr/include/glib-2.0/glib-object.h:23,
 from /usr/include/glib-2.0/gio/gioenums.h:28,
 from /usr/include/glib-2.0/gio/giotypes.h:28,
 from /usr/include/glib-2.0/gio/gio.h:26,
 from /usr/include/gtk-2.0/gdk/gdkapplaunchcontext.h:30,
 from /usr/include/gtk-2.0/gdk/gdk.h:32,
 from /usr/include/gtk-2.0/gtk/gtk.h:32,
 from callbacks.c:5:
/usr/include/glib-2.0/glib/gmain.h:575:8: note: declared here
  575 | void   g_get_current_time (GTimeVal   *result);
  |^~
gcc  -Wall -rdynamic -g -O2 -fdebug-prefix-map=/<>=. 
-fstack-protector-strong 

Processed: Re: [Debichem-devel] Bug#1037566: abinit: ftbfs with GCC-13

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 1037566 9.10.4-1
Bug #1037566 {Done: Adrian Bunk } [src:abinit] abinit: ftbfs 
with GCC-13
Ignoring request to alter fixed versions of bug #1037566 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1037566: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037566
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1051563: mutt: CVE-2023-4874 CVE-2023-4875

[Antonio Radici]

On Sun, Sep 10, 2023 at 09:59:53PM +0200, Sebastian Andrzej Siewior wrote:
> Hi Antonio!
> 
> On 2023-09-10 15:57:58 [+0200], Antonio Radici wrote:
> > On Sun, Sep 10, 2023 at 01:38:33PM +0200, Salvatore Bonaccorso wrote:
> > > Hi Antonio,
> > > 
> > > FWIW, I have done the bookworm-security upload already to
> > > security-master, and still working on the bullseye-security one (with
> > > plan to release the DSA tonight ideally).
> > 
> > Ack, thanks for the update, I assume this was a particularly serious issue 
> > that
> > had to be handled immediately!
> 
> I pinged Salvatore on IRC about this and he was working on
> stable/old-stable fix of the version at the time. So I suggest to help
> out and prepare latest upstream from upstream for unstable (which was in
> opinion only fixes).
> Unfortunately I saw your reply to the bug after performing the update.
> I'm sorry if I overstepped here. In the meantime I prepared a pull on
> salsa for the changes I made.
> As a matter of fact, I noticed that I somehow missed the latest
> changelog from the package which I noticed while I tried to open the
> pull request. After looking at it again, it looks like I just missed the
> changelog entry.
> 
> Once again, I'm sorry for any trouble I may have caused.

Hi Sebastian,
not a problem at all! It's just that I was unaware! You were much faster than
me and that's definitely very good. Thanks a lot for your contribution to
Debian, I really appreciate it :)

Processed: Re: [pkg-apparmor] Bug#1050256: autopkgtest fails on debci

[Debian Bug Tracking System]

Processing control commands:

> severity -1 important
Bug #1050256 [apparmor,lxc] apparmor makes systemd autopkgtests fail on bookworm
Severity set to 'important' from 'serious'

-- 
1050256: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050256
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1050256: [pkg-apparmor] Bug#1050256: autopkgtest fails on debci

[Michael Biebl]

Control: severity -1 important

Am 09.09.23 um 14:20 schrieb intrigeri:

Hi again,

Thank you all for working both on workarounds for Debian CI and on
a proper upstream Linux kernel fix. Impressive cross-team work! :)


+1


At this stage it seems clear that the bug and the corresponding ideal
fix are in the AppArmor part of src:linux, and the bug affects at
least src:apparmor and src:lxc. I'd like to reflect this in the
metadata of #1050256 by reassigning the bug to Linux, and adding
"affects" indications. I'll do so in the next few days unless someone
objects soon.


It also affects at least
src:systemd, src:pdns, src:policykit-1
All those packages have added workarounds for this issue.
I'll revert the workaround in systemd and notify the maintainers of pdns 
and policykit-1.



Doing so will also be an opportunity for me to sum up the problem for
the maintainers of src:linux, and let them know about our desired
timeline: ideally this would be fixed in the upcoming Bookworm
point-release.

This being said, if said timeline can't be met in src:linux, it'll be
up to the maintainers of LXC in Debian to decide what they want to do
in the upcoming Bookworm point-release.

If I misunderstood something important, please let me know.


Sounds good to me.

For now, given that all the debci hosts are running the backports 
kernel, I'm downgrading the severity again.


When you do the reassignment, you should probably merge this bug report 
with #1038315 and #1042880, now that we know what the root cause is.



Regards,
Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Processed: Re: Mono package in Debian is still very outdated (6.8 but should be 6.12)

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #1010445 [mono-complete] mono-complete: Mono package in Debian is very 
outdated (6.8 but should be 6.12)
Severity set to 'serious' from 'important'

-- 
1010445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010445
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1041557: marked as done (r-cran-bookdown breaks r-cran-flextable autopkgtest: `bookmarks` has length 3, not length 0)

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 11:45:45 +0200
with message-id 
and subject line Fixed with latest uploads
has caused the Debian Bug report #1041557,
regarding r-cran-bookdown breaks r-cran-flextable autopkgtest: `bookmarks` has 
length 3, not length 0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041557: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041557
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: r-cran-bookdown, r-cran-flextable
Control: found -1 r-cran-bookdown/0.34+dfsg-1
Control: found -1 r-cran-flextable/0.8.4-1
Severity: serious
Tags: sid trixie
User: debian...@lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of r-cran-bookdown the autopkgtest of 
r-cran-flextable fails in testing when that autopkgtest is run with the 
binary packages of r-cran-bookdown from unstable. It passes when run 
with only packages from testing. In tabular form:


   passfail
r-cran-bookdownfrom testing0.34+dfsg-1
r-cran-flextable   from testing0.8.4-1
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration of r-cran-bookdown 
to testing [1]. Due to the nature of this issue, I filed this bug report 
against both packages. Can you please investigate the situation and 
reassign the bug to the right package?


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=r-cran-bookdown

https://ci.debian.net/data/autopkgtest/testing/amd64/r/r-cran-flextable/35990349/log.gz

 94s BEGIN TEST testthat.R
 94s  94s R version 4.3.1 (2023-06-16) -- "Beagle Scouts"
 94s Copyright (C) 2023 The R Foundation for Statistical Computing
 94s Platform: x86_64-pc-linux-gnu (64-bit)
 94s  94s R is free software and comes with ABSOLUTELY NO WARRANTY.
 94s You are welcome to redistribute it under certain conditions.
 94s Type 'license()' or 'licence()' for distribution details.
 94s  94s R is a collaborative project with many contributors.
 94s Type 'contributors()' for more information and
 94s 'citation()' on how to cite R or R packages in publications.
 94s  94s Type 'demo()' for some demos, 'help()' for on-line help, or
 94s 'help.start()' for an HTML browser interface to help.
 94s Type 'q()' to quit R.
 94s  94s > library(testthat)
 94s > library(flextable)
 94s > library(officer)
 94s >  94s > test_check("flextable")
107s [ FAIL 1 | WARN 0 | SKIP 5 | PASS 163 ]
107s 107s ══ Skipped tests (5) 
═══

108s • On CRAN (5): 'test-as_flextable.R:3:1', 'test-borders.R:3:1',
108s   'test-captions-rmd.R:188:3', 'test-keep-next.R:3:1', 
'test-md-captions.R:3:1'
108s 108s ══ Failed tests 

108s ── Failure ('test-captions-rmd.R:150:3'): with word_document2 
──

108s `bookmarks` has length 3, not length 0.
108s 108s [ FAIL 1 | WARN 0 | SKIP 5 | PASS 163 ]
108s Error: Test failures
108s Execution halted
108s autopkgtest [11:46:05]: test run-unit-test



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Hi,

all tests seem to pass with latest uploads thus closing this bug.

Kind regards
 Andreas.

-- 
http://fam-tille.de--- End Message ---

Bug#1049872: FTBFS on multiple release architectures

[Emanuele Rocca]

Hello Andrius,

On 2023-09-09 08:38, Andrius Merkys wrote:
> This is news to me. Could you please point out where in Debian Policy I can
> read more about such requirement? I thought I saw packages dropping support
> for one or another release architecture without being removed from testing.

See https://release.debian.org/testing/rc_policy.txt section 4
(Autobuilding).

  Emanuele

Bug#1050605: marked as done (linux-image-6.4.0-3-amd64: Unable to boot on 2009 13inch MacBook Pro)

[Debian Bug Tracking System]

Your message dated Mon, 11 Sep 2023 00:42:20 -0700
with message-id <87zg1t17hf@debian-hx90.lan>
and subject line Re: linux-image-6.4.0-3-amd64: Unable to boot on 2009 13inch 
MacBook Pro
has caused the Debian Bug report #1050605,
regarding linux-image-6.4.0-3-amd64: Unable to boot on 2009 13inch MacBook Pro
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1050605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050605
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:linux
Version: 6.4.11-1
Severity: grave
Justification: renders package unusable

The recent update of linux-image to version 6.4.0-3 causes this laptop unable to
boot.  As the boot was not successful I could not check the log through dmesg so
I will attach a photo later.

The relevant part of the error of the end of the boot messages when trying to
boot in recovery mode is hand-typed below:

,
| [3.453462] ACPI Warning: \_SB.PCI0.IXVE.IGPU._DSM: Argument #4 type 
mismatch - Found [Buffer], ACPI requires [Package] (20230331/nsarguments-61)
| [3.454515] ACPI: \_SB_.PCI0.IXVE.IGPU: failed to evaluate _DSM
| [3.455576] nouveau :02:00.0: enabling device (0002 -> 0003)
| [3.456812] ACPI: \_SB_.PCI0.LGPU: Enabled at IRQ 18
`

After this the boot process stuck like when trying to boot normally.

Using linux-image-6.4.0-2-amd64 and early kernel versions the laptop can boot
without issues.

I saw there is #1050460 reporting a similar error error on nVidia GPU but as my
laptop cannot even boot I figured it may be better to file a separate bug and
let the maintainer to decide whether to merge the bugs.

Note that the system info is generated when booted with a 6.4.0-2 kernel.

-- Package-specific info:
** Kernel log: boot messages should be attached

** Model information
sys_vendor: Apple Inc.
product_name: MacBookPro5,5
product_version: 1.0
chassis_vendor: Apple Inc.
chassis_version: Mac-F2268AC8
bios_vendor: Apple Inc.
bios_version:MBP55.88Z.00AC.B03.0906151708
board_vendor: Apple Inc.
board_name: Mac-F2268AC8
board_version: 

** PCI devices:
00:00.0 Host bridge [0600]: NVIDIA Corporation MCP79 Host Bridge [10de:0a82] 
(rev b1)
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- 
Kernel driver in use: nForce2_smbus
Kernel modules: i2c_nforce2, nv_tco

00:03.3 RAM memory [0500]: NVIDIA Corporation MCP79 Memory Controller 
[10de:0a89] (rev b1)
Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz+ UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- TAbort- SERR- TAbort- SERR- TAbort- SERR- 
Kernel driver in use: ohci-pci
Kernel modules: ohci_pci

00:04.1 USB controller [0c03]: NVIDIA Corporation MCP79 EHCI USB 2.0 Controller 
[10de:0aa6] (rev b1) (prog-if 20 [EHCI])
Subsystem: NVIDIA Corporation Apple iMac 9,1 [10de:cb79]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: ehci-pci
Kernel modules: ehci_pci

00:06.0 USB controller [0c03]: NVIDIA Corporation MCP79 OHCI USB 1.1 Controller 
[10de:0aa7] (rev b1) (prog-if 10 [OHCI])
Subsystem: NVIDIA Corporation Apple iMac 9,1 [10de:cb79]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: ohci-pci
Kernel modules: ohci_pci

00:06.1 USB controller [0c03]: NVIDIA Corporation MCP79 EHCI USB 2.0 Controller 
[10de:0aa9] (rev b1) (prog-if 20 [EHCI])
Subsystem: NVIDIA Corporation Apple iMac 9,1 [10de:cb79]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: ehci-pci
Kernel modules: ehci_pci

00:08.0 Audio device [0403]: NVIDIA Corporation MCP79 High Definition Audio 
[10de:0ac0] (rev b1)
Subsystem: NVIDIA Corporation Apple iMac 9,1 [10de:cb79]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- 

Bug#1051661: /usr/bin/qemu-system-ppc: Package not installable

[Michael Tokarev]

Control: reassign -1 dak

11.09.2023 08:40, Christian Marillat wrote:

Package: qemu-system-ppc
Version: 1:8.0.4+dfsg-3+b1
Severity: serious
File: /usr/bin/qemu-system-ppc

Dear Maintainer,

sudo apt-get install qemu-system-ppc qemu-system-data
...
The following packages have unmet dependencies:
  qemu-system-ppc : Depends: qemu-system-data (> 1:8.1.0+ds~) but 
1:8.0.4+dfsg-3 is to be installed
E: Unable to correct problems, you have held broken packages.


I've no idea where the bug is, but it is definitely not in qemu.
qemu-system-data has been built successfully on Saturday:

 https://buildd.debian.org/status/package.php?p=qemu

(note q-s-d is Installed but it is not propagated to the archives
by something in debian infrastructure).

I asked on IRC in #debian-devel, #debian-buildd and #debian-ftp
about this matter yesterday but there's no conclusive answers
so far.  I've been referred to #915948 and #887060. I've no
idea if this is dak, buildd setup, ftp/archive building prob
or something else.

I'll upload new qemu release today with build-tests disabled,
meanwhile please don't shot the messenger :)

Short history of events.  qemu source package Build-Depends-Arch
on qemu-system-data these days, which is an arch-all package
produced by the same source.  So it is sort of cyclic dependency
(though I allow any previous version of q-s-d to be used, not
just the one from the same version).  My thought was that since
arch-all build is separate, it will complete and the results
installed, which will allow all other, arch-any, buildds to
use this arch-all package just fine.

However first upload of 8.1.0-1 faced an issue with dh
"helpfully" propagating CFLAGS (with newly added -fcf-protection)
to arch-all build too, where it makes no sense and resulted in
bios/firmware failing to build, hence 8.1.0-1 arch-all q-s-d
build was unsuccessful.  I fixed it up in subsequent uploads
(which required de-dh'ifying of the whole thing which took me
a while), and we're now in the situation at hand: buildds are
waiting for q-s-d (which was dropped from the archives) to be
available, it is built and installed by arch-all buildd, but
making it available in archives is holding by lack of other
qemu binary packages of the same version.

I'm reassigning this to dak for now. Will wait for possible
more answers for a few hours more, and will make an upload
w/o tests if nothing is heard.

Thanks,

/mjt

Processed: closing 1026820

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # builds now
> close 1026820 1:2.49.20210628.gitde01f0f-3.1
Bug #1026820 [src:clisp] FTBFS: Fail to build with libunistring5
Marked as fixed in versions clisp/1:2.49.20210628.gitde01f0f-3.1.
Bug #1026820 [src:clisp] FTBFS: Fail to build with libunistring5
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1026820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026820
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1051661: /usr/bin/qemu-system-ppc: Package not installable

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 dak
Bug #1051661 [qemu-system-ppc] /usr/bin/qemu-system-ppc: Package not installable
Bug reassigned from package 'qemu-system-ppc' to 'dak'.
Warning: Unknown package 'dak'
Warning: Unknown package 'dak'
No longer marked as found in versions qemu/1:8.0.4+dfsg-3.
Warning: Unknown package 'dak'
Warning: Unknown package 'dak'
Ignoring request to alter fixed versions of bug #1051661 to the same values 
previously set
Warning: Unknown package 'dak'

-- 
1051661: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1051355: Processed: your mail

[Andres Salomon]

So apparently it's already fixed in sid and trixie:



Bug didn't get closed because of the missing "(closes: " in that 
changelog entry. I'll push the clang-16 stuff to git so you can give it 
a test build on ppc.


On Mon, Sep 11 2023 at 12:37:39 AM -05:00:00, Timothy Pearson 
 wrote:
For 16 to work we'll need the Debian clang team to include this 
patchset:




Any chance of that happening?

- Original Message -
 From: "Andres Salomon" >
 To: "Leandro Cunha" >, 1051...@bugs.debian.org 

 Cc: "Timothy Pearson" >

 Sent: Sunday, September 10, 2023 11:43:18 PM
 Subject: Re: Bug#1051355: Processed: your mail


 Alright, I built 117 w/ clang-16 on sid and it doesn't segfault. 
Same

 exact build but with clang-14 segfaults.

 Timothy, did you ever get the ppc64 issues with clang >= 15 squared
 away? It's looking like I'm going to need to upload a build with
 clang-16.

 On Sun, Sep 10 2023 at 03:07:29 PM -03:00:00, Leandro Cunha
 mailto:leandrocunha...@gmail.com>> 
wrote:

 Hi,

 Em dom., 10 de set. de 2023 15:01, Andres Salomon
 mailto:dilin...@queued.net> 
<>> escreveu:

 Unfortunately 117 *also* segfaults on sid.

 I'm tempted to try a newer clang, but probably not 15 since 
debian's

 planning to remove it. 16, I guess?


 Arch is already with Clang 16 and I tested Chromium 117 in a vm 
that

 I installed here and it was working normally.

Bug#1051355: Processed: your mail

[Leandro Cunha]

On Mon, Sep 11, 2023 at 2:37 AM Timothy Pearson
 wrote:
>
> For 16 to work we'll need the Debian clang team to include this patchset:
>
> https://reviews.llvm.org/D158066
>
> Any chance of that happening?
>
> - Original Message -
> > From: "Andres Salomon" 
> > To: "Leandro Cunha" , 1051...@bugs.debian.org
> > Cc: "Timothy Pearson" 
> > Sent: Sunday, September 10, 2023 11:43:18 PM
> > Subject: Re: Bug#1051355: Processed: your mail
>
> > Alright, I built 117 w/ clang-16 on sid and it doesn't segfault. Same
> > exact build but with clang-14 segfaults.
> >
> > Timothy, did you ever get the ppc64 issues with clang >= 15 squared
> > away? It's looking like I'm going to need to upload a build with
> > clang-16.
> >
> > On Sun, Sep 10 2023 at 03:07:29 PM -03:00:00, Leandro Cunha
> >  wrote:
> >> Hi,
> >>
> >> Em dom., 10 de set. de 2023 15:01, Andres Salomon
> >> mailto:dilin...@queued.net>> escreveu:
> >>> Unfortunately 117 *also* segfaults on sid.
> >>>
> >>> I'm tempted to try a newer clang, but probably not 15 since debian's
> >>> planning to remove it. 16, I guess?
> >>
> >> Arch is already with Clang 16 and I tested Chromium 117 in a vm that
> >> I installed here and it was working normally.

Clang migration will have to go through a transition, as it may still
break some packages and this requires care.
Which could still delay the release of new versions of Chromium.

Example: https://lists.debian.org/debian-release/2019/12/msg00402.html

-- 
Cheers,
Leandro Cunha