Bug#1052210: lxappearance: segfault after upgrade to lxappearance 0.6.3-3

[jim_p]

Package: lxappearance
Followup-For: Bug #1052210
X-Debbugs-Cc: pitsior...@outlook.com

@10dmar10
Do you have lxapperance-obconf installed too? If yes, have you tried removing
it?
And if possible, please open a new bug report there, with grave severity. The
patch is already available, so it won't be much work of fixing the package.


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxappearance depends on:
ii  libc62.37-10
ii  libdbus-1-3  1.14.10-1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.78.0-2
ii  libgtk-3-0   3.24.38-5
ii  libx11-6 2:1.8.6-1

Versions of packages lxappearance recommends:
pn  lxde-settings-daemon  

lxappearance suggests no packages.

-- no debconf information

Bug#1052376: lxpanel: no longer obeys its geometry settings

[jim_p]

Package: lxpanel
Version: 0.10.1-4
Followup-For: Bug #1052376
X-Debbugs-Cc: pitsior...@outlook.com

Any chance of merging any of the patches from the other bug report?
Let's say that I can live with the panel being bright (I use numix as gtk
theme)... or with the tooltips that show up on the top of the screen instead of
above the panel (I have it on the bottom)... or with the icons' display in the
task bar which is partially broken.
What annoys me the most is that when opening more than 6 windows, the right
side of the panel, with the clock and the tray, goes off screen (screen has
1280 pixels width).

p.s. The panel being bright is something gtk3 related I guess, because pcmanfm
is also bright and got its gtk3 upgrade at the same time. Forcing the gtk3 apps
to use the dark version of the theme, by adding gtk-application-prefer-dark-
theme=1 in .config/gtk-3.0/settings.ini makes all gtk3 apps dark, e.g. chromium
or firefox, which is not wanted.


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxpanel depends on:
ii  libasound2   1.2.9-2
ii  libc62.37-10
ii  libcairo21.18.0-1
ii  libcurl3-gnutls  8.2.1-2
ii  libfm-gtk3-4 1.3.2-4
ii  libfm-modules1.3.2-4
ii  libfm4   1.3.2-4
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.78.0-2
ii  libgtk-3-0   3.24.38-5
ii  libiw30  30~pre9-14
ii  libkeybinder-3.0-0   0.3.2-1.1
ii  libmenu-cache3   1.1.0-1.1
ii  libpango-1.0-0   1.51.0+ds-2
ii  libwnck-3-0  43.0-3
ii  libx11-6 2:1.8.6-1
ii  libxml2  2.9.14+dfsg-1.3
ii  lxmenu-data  0.1.5-2.1
ii  lxpanel-data 0.10.1-4

Versions of packages lxpanel recommends:
ii  alacritty [x-terminal-emulator] 0.12.2-2
ii  dunst [notification-daemon] 1.9.2-1
ii  libnotify-bin   0.8.2-1
ii  notification-daemon 3.20.0-4+b1
pn  pavucontrol | gnome-alsamixer   
ii  rxvt-unicode [x-terminal-emulator]  9.31-1
ii  xkb-data2.38-2
ii  xterm [x-terminal-emulator] 384-1

Versions of packages lxpanel suggests:
ii  brave-browser [www-browser]  1.58.135
ii  chromium [www-browser]   117.0.5938.132-1
ii  firefox [www-browser]117.0.1-1

-- no debconf information

Bug#1042082: Please take over udev SysV init script

[Bill Brelsford]

When upgrading (with aptitude), initscripts (3.08-1) is set up
before udev (254.4-1). Udev claims to remove the "obsolete
conffile /etc/init.d/udev", but it's still there. However, the
rc*.d symlinks are not -- "update-rc.d udev defaults" fixes it.

Regards..  Bill

Bug#1052131: [pkg-gnupg-maint] Bug#1052131: Bug#1052131: gnupg2: gpg incompatible with Yubikey 5 NFC and key storage

[Manoj Srivastava]

Hi,

   I will try tomorrow. I do have a second yubikey, brand new, so I can try
and reproduce three exact sequence of commands under typescript.

   Msnoj

On Fri, Sep 29, 2023, 7:05 PM Daniel Kahn Gillmor 
wrote:

> Hi Manoj--
>
> On Mon 2023-09-25 19:01:45 -0400, Daniel Kahn Gillmor wrote:
> > Control: forwarded 1052131 https://dev.gnupg.org/T6733
> > Control: retitle 1052131 GnuPG's keytocard fails on Yubikey 5 NFC when
> PIN is not default
>
> I don't know whether you've seen over on the upstream bug but they were
> unable to replicate the problem you've described here.  Is it possible
> for you to try with a local stock build of GnuPG 2.2.40 (2.2.42) to see
> whether you see the same problem?  That might help to rule out any of
> the debian patches at least.  I don't have a Yubikey 5 NFC to test this
> with, unfortunately.
>
> --dkg
>

Bug#1053174: Block Ben Tris

[Don Armstrong]

On Thu, 28 Sep 2023, Christoph Berg wrote:
> we keep seeing non-actionable bug reports from Ben Tris that look like
> this:

Hi Ben, please don't file bugs like this which aren't actionable. If you
find something minor wrong with a package like this, please provide a
patch so that maintainers can see what you think is wrong and how they
should fix it.

It looks like you've closed the non-actionable bugs that you had filed,
so I won't immediately be putting in a block for you, but if it happens
again, I will.

Thanks!

-- 
Don Armstrong  https://www.donarmstrong.com

Thanks be to God, that he gave me Stubbornness, when I know I am right.
 -- John Adams (Letter to Edmund Jennings, 27 September 1782)

Bug#1053254: new version available

[Ben Tris]

Source: ries
Version: 2018.08.05-1
Severity: normal
X-Debbugs-Cc: benatt...@gezapig.nl

Dear Maintainer,

Just a notice.

2023-08-01 version available

there is also:
Debian Math Team 


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1053253: ITP: python-podman -- Python library of bindings to use the RESTful API of Podman

[Michal Arbet]

Package: wnpp
Severity: wishlist
Owner: Michal Arbet 

* Package name: python3-podman
  Version : 4.7.0
  Upstream Author : Jhon Honce 
* URL : https://github.com/containers/podman-py
* License : Apache-2.0 license
  Programming Lang: Python
  Description : Python library of bindings to use the RESTful API of
Podman

This package provides python bindings to use the RESTful API of Podman.
This package needs to be in stable debian to merge podman support in
kolla-ansible openstack
opensource project here
https://review.opendev.org/c/openstack/ansible-collection-kolla/+/852240 and
https://review.opendev.org/c/openstack/kolla-ansible/+/799229/97 .

I will maintain package under DPMT team.

Thank you very much,
Michal Arbet (kevko)

Bug#1053252: lcov: Missing runtime dependency on libdatetime-perl and libcapture-tiny-perl

[Diego Escalante Urrelo]

Package: lcov
Version: 2.0-3
Severity: important
X-Debbugs-Cc: die...@gnome.org

When running `lcov` on a fresh instance of `unstable`:

```
$ lcov --rc lcov_branch_coverage=1 --directory _build --capture --initial 
--output-file bup
Can't locate DateTime.pm in @INC (you may need to install the DateTime module) 
(@INC contains: /usr/lib/lcov /etc/perl 
/usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 
/usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 
/usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 
/usr/share/perl/5.36 /usr/local/lib/site_perl) at /usr/lib/lcov/lcovutil.pm 
line 19.
BEGIN failed--compilation aborted at /usr/lib/lcov/lcovutil.pm line 19.
Compilation failed in require at /usr/bin/lcov line 102.
BEGIN failed--compilation aborted at /usr/bin/lcov line 102.

$ lcov --rc lcov_branch_coverage=1 --directory _build --capture --initial 
--output-file bup
Can't locate Capture/Tiny.pm in @INC (you may need to install the Capture::Tiny 
module) (@INC contains: /usr/lib/lcov /etc/perl 
/usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 
/usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 
/usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 
/usr/share/perl/5.36 /usr/local/lib/site_perl) at /usr/lib/lcov/lcovutil.pm 
line 14.
BEGIN failed--compilation aborted at /usr/lib/lcov/lcovutil.pm line 14.
Compilation failed in require at /usr/bin/lcov line 102.
BEGIN failed--compilation aborted at /usr/bin/lcov line 102.
```

I noticed a `Build-Dep` was added in:
  
https://salsa.debian.org/mckinstry/lcov/-/commit/7bf96e9fd753a4805686b1b84e03db8df1cb72fe

But seems the packages are missed as runtime dependencies anyway.

Installing the mentioned packages allows `lcov` to run as before.

Thanks


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lcov depends on:
ii  gcc  4:13.2.0-1
ii  libjson-perl 4.1-1
ii  libperlio-gzip-perl  0.20-1+b1
ii  perl 5.36.0-9

Versions of packages lcov recommends:
ii  libgd-perl [libgd-gd2-perl]  2.76-4+b1

lcov suggests no packages.

-- no debconf information

Bug#1052931: pyvenv-el: FTBFS: make: *** [debian/rules:4: binary] Error 25

[Manphiz]

control: tags -1 patch
control: forwarded -1 https://github.com/jorgenschaefer/pyvenv/issues/122
thanks

Lucas Nussbaum  writes:

> Source: pyvenv-el
> Version: 1.21+git20201124.37e7cb1-1
> Severity: serious
> Justification: FTBFS
> Tags: trixie sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-20230925 ftbfs-trixie
>
> Hi,
>
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
>
>
> Relevant part (hopefully):
>> make[1]: Entering directory '/<>'
>> skipping upstream build
>> make[1]: Leaving directory '/<>'
>>dh_elpa_test
>>  emacs -batch -Q -l package --eval "(add-to-list 'package-directory-list 
>> \"/usr/share/emacs/site-lisp/elpa\")" --eval "(add-to-list 
>> 'package-directory-list \"/usr/share/emacs/site-lisp/elpa-src\")" -f 
>> package-initialize -L . -L test --eval "(load-file \"test/test-helper.el\")" 
>> -l test/pyvenv-workon-home-test.el -l test/pyvenv-mode-test.el -l 
>> test/pyvenv-deactivate-test.el -l test/pyvenv-activate-test.el -l 
>> test/pyvenv-hook-dir-test.el -l test/pyvenv-virtualenv-list-test.el -l 
>> test/pyvenv-workon-test.el --eval \(ert-run-tests-batch-and-exit\)
>> Loading /<>/test/test-helper.el (source)...
>> 
>> Error: error ("Test ‘pyvenv-hook-dir’ redefined")
>>   mapbacktrace(#f(compiled-function (evald func args flags) #> -0xf7995a214517817>))
>>   debug-early-backtrace()
>>   debug-early(error (error "Test ‘pyvenv-hook-dir’ redefined"))
>>   error("Test `%s' redefined" pyvenv-hook-dir)
>>   ert-set-test(pyvenv-hook-dir #s(ert-test :name pyvenv-hook-dir 
>> :documentation nil :body (lambda nil (let ((process-environment (cons 
>> "VIRTUALENVWRAPPER_HOOK_DIR=/hook_dir" process-environment))) (let* ((fn-154 
>> #'equal) (args-155 (condition-case err (let ((signal-hook-function 
>> #'ert--should-signal-hook)) (list (pyvenv-hook-dir) "/hook_dir")) (error 
>> (progn (setq fn-154 #'signal) (list (car err) (cdr err))) (let 
>> ((value-156 'ert-form-evaluation-aborted-157)) (let (form-description-158) 
>> (if (unwind-protect (setq value-156 (apply fn-154 args-155)) (setq 
>> form-description-158 (nconc (list '(should (equal (pyvenv-hook-dir) 
>> "/hook_dir"))) (list :form (cons fn-154 args-155)) (if (eql value-156 
>> 'ert-form-evaluation-aborted-157) nil (list :value value-156)) (if (eql 
>> value-156 'ert-form-evaluation-aborted-157) nil (let* ((-explainer- (and t 
>> (ert--get-explainer 'equal (if -explainer- (list :explanation (apply 
>> -explainer- args-155)) nil) (ert--signal-should-execution 
>> form-description-158)) nil (ert-fail form-description-158))) value-156))) 
>> (let ((process-environment (append '("VIRTUALENVWRAPPER_HOOK_DIR" 
>> "WORKON_HOME=/workon_home") process-environment))) (let* ((fn-159 #'equal) 
>> (args-160 (condition-case err (let ((signal-hook-function 
>> #'ert--should-signal-hook)) (list (pyvenv-hook-dir) "/workon_home")) (error 
>> (progn (setq fn-159 #'signal) (list (car err) (cdr err))) (let 
>> ((value-161 'ert-form-evaluation-aborted-162)) (let (form-description-163) 
>> (if (unwind-protect (setq value-161 (apply fn-159 args-160)) (setq 
>> form-description-163 (nconc (list '(should (equal (pyvenv-hook-dir) 
>> "/workon_home"))) (list :form (cons fn-159 args-160)) (if (eql value-161 
>> 'ert-form-evaluation-aborted-162) nil (list :value value-161)) (if (eql 
>> value-161 'ert-form-evaluation-aborted-162) nil (let* ((-explainer- (and t 
>> (ert--get-explainer 'equal (if -explainer- (list :explanation (apply 
>> -explainer- args-160)) nil) (ert--signal-should-execution 
>> form-description-163)) nil (ert-fail form-description-163))) value-161))) 
>> (let ((process-environment (append '("VIRTUALENVWRAPPER_HOOK_DIR" 
>> "WORKON_HOME") process-environment))) (let* ((fn-164 #'equal) (args-165 
>> (condition-case err (let ((signal-hook-function #'ert--should-signal-hook)) 
>> (list (pyvenv-hook-dir) (expand-file-name "~/.virtualenvs"))) (error (progn 
>> (setq fn-164 #'signal) (list (car err) (cdr err))) (let ((value-166 
>> 'ert-form-evaluation-aborted-167)) (let (form-description-168) (if 
>> (unwind-protect (setq value-166 (apply fn-164 args-165)) (setq 
>> form-description-168 (nconc (list '(should (equal (pyvenv-hook-dir) 
>> (expand-file-name "~/.virtualenvs" (list :form (cons fn-164 args-165)) 
>> (if (eql value-166 'ert-form-evaluation-aborted-167) nil (list :value 
>> value-166)) (if (eql value-166 'ert-form-evaluation-aborted-167) nil (let* 
>> ((-explainer- (and t (ert--get-explainer 'equal (if -explainer- (list 
>> :explanation (apply -explainer- args-165)) nil) 
>> (ert--signal-should-execution form-description-168)) nil (ert-fail 
>> form-description-168))) value-166 :most-recent-result nil 
>> :expected-result-type :passed :tags nil :file-name 
>> "/<>/test/pyvenv-hook-dir-test.el"))
>>   load-with-code-conversion("/<>/test/pyvenv-hook-dir-test.el" 
>> "/<>/test/pyvenv-hook-dir-test.el" nil t)
>>   command-line-1(("-l" "package" "--eval" 

Bug#1014890: ITP: python3-looseversion -- Version numbering for anarchists and software realists

[Alban Browaeys]

Thank you.

I admit I lowered this packaging priority, as openmediavault did the
python-looseversion and salt 3006  on their side (on
https://github.com/openmediavault/packages/tree/master/pool/main/p/python-looseversion
and https://github.com/openmediavault/packages/tree/master/pool/main/s/salt
).

At the same time I have low level bugs on the related box and will
attempt to resolve them first as the box is in a specific state where I
can reproduce the bug.


Cheers,
Alban



Le lundi 19 juin 2023 à 16:54 -0400, Yaroslav Halchenko a écrit :
> Thank you Alban,
> 
> done -- join/finish up 
> https://salsa.debian.org/python-team/packages/python-looseversion
> please 
> 
> On Mon, 19 Jun 2023, Alban Browaeys wrote:
> 
> > on January 4th of 2023 you retitled this RFP to ITP.
> 
> > > ITP: python3-looseversion -- Version numbering for anarchists and
> > software realists
> 
> > Do you have an early package code or python3-looseversion to share
> > (on
> > debian salsa or else)?
> 
> > I will have to create such a package otherwise as salt 3006 depends
> > upon python3 looseversion (I am building it based upon the salt
> > 3005
> > deb pacakging from
> > openmediavault 
> > https://github.com/openmediavault/packages/tree/master/pool/main/s/
> > salt
> > ).
> > So even if you only did an early frame of it that would avoid
> > duplicate
> > effort.

Bug#1052131: [pkg-gnupg-maint] Bug#1052131: Bug#1052131: gnupg2: gpg incompatible with Yubikey 5 NFC and key storage

[Daniel Kahn Gillmor]

Hi Manoj--

On Mon 2023-09-25 19:01:45 -0400, Daniel Kahn Gillmor wrote:
> Control: forwarded 1052131 https://dev.gnupg.org/T6733
> Control: retitle 1052131 GnuPG's keytocard fails on Yubikey 5 NFC when PIN is 
> not default

I don't know whether you've seen over on the upstream bug but they were
unable to replicate the problem you've described here.  Is it possible
for you to try with a local stock build of GnuPG 2.2.40 (2.2.42) to see
whether you see the same problem?  That might help to rule out any of
the debian patches at least.  I don't have a Yubikey 5 NFC to test this
with, unfortunately.

--dkg


signature.asc
Description: PGP signature

Bug#1053248: pipewire: no sound (and hanging processes) without wireplumber

[Christoph Anton Mitterer]

Hey.

On Fri, 2023-09-29 at 20:13 -0400, Jeremy Bícha wrote:
> Please install pipewire-audio instead of pipewire directly.

a) That still leaves the problem of other processes freezing?

b) Shouldn't other packages, which now depend on
   pipewire-pulse|pulseaudio, then rather depend on pipewire-audio?
   Only GNOME packages do so as of now.

c) Would it perhaps be possible to have pipewire-audio only Recommend
   libspa-0.2-bluetooth ?

   I mean bluetooth audio devices is probably not the standard means of
   output for most typical computers, yet one gets quite a number of
   additional libraries just for it.
   Plus, over time there were quite a few attacks on BT.

Cheers,
Chris.

Bug#1053248: pipewire: no sound (and hanging processes) without wireplumber

[Jeremy Bícha]

On Fri, Sep 29, 2023 at 8:25 PM Christoph Anton Mitterer
 wrote:
> On Fri, 2023-09-29 at 20:13 -0400, Jeremy Bícha wrote:
> > Please install pipewire-audio instead of pipewire directly.
>
> a) That still leaves the problem of other processes freezing?

Please file separate bugs for separate issues.

Thank you,
Jeremy Bícha

Bug#1053251: linuxcnc-uspace: Uncommanded axis movement in MDI mode with some UIs

[andy pugh]

Package: linuxcnc-uspace

Version: 2.9.0~pre1+git20230208.f1270d6ed7-1

Severity: important

Tags: patch


Dear Maintainer,

The current version of LinuxCNC in Debian Bookworm contains a bug related
to axes which were not commanded to move moving in MSI mode.
This was fixed shortly after the snapshot that was included in Debian
Bookworm.

Error report on our forums:
https://forum.linuxcnc.org/qtvcp/48337-qtdragon-mdi-jogging-strange-diagonals
And in our bug tracker:
https://github.com/LinuxCNC/linuxcnc/issues/2587

A patch which fixes this specific issue is attached.

I hope to submit an updated snapshot containing many more updates to the
package to testing in the next few days but this is the most pressing bug
in stable.

-- System Information:

Debian Release: 12.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf, i386
Kernel: Linux 4.19.0-9-rt-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages linuxcnc-uspace depends on:
ii  blt  2.5.3+dfsg-4.1
ii  bwidget  1.9.16-1
ii  iptables 1.8.9-2
ii  libboost-python1.74.0 [libboost-python1.74.0-py311]  1.74.0+ds1-21
ii  libc62.36-9+deb12u1
ii  libcairo21.16.0-7
ii  libedit2 3.1-20221030-2
ii  libepoxy01.5.10-1
ii  libgcc-s112.2.0-14
ii  libglib2.0-0 2.74.6-2
ii  libgtk-3-0   3.24.37-2
ii  libgtk2.0-0  2.24.33-2
ii  libgtksourceview-3.0-dev 3.24.11-2+b1
ii  libmodbus5   3.1.6-2.1
ii  libpango-1.0-0   1.50.12+ds-1
ii  libpangocairo-1.0-0  1.50.12+ds-1
ii  libpython3.113.11.2-6
ii  libstdc++6   12.2.0-14
ii  libtirpc31.3.3+ds-1
ii  libtk8.6 8.6.13-2
ii  libudev-dev  252.12-1~deb12u1
ii  libudev1 252.12-1~deb12u1
ii  libusb-1.0-0 2:1.0.26-1
ii  libx11-6 2:1.8.4-2+deb12u1
ii  libxinerama1 2:1.1.4-3
ii  libxmu6  2:1.1.3-3
ii  mesa-utils   8.5.0-1
ii  procps   2:4.0.2-3
ii  psmisc   23.6-1
ii  python3  3.11.2-1+b1
ii  python3-cairo1.20.1-5+b1
ii  python3-configobj5.0.8-1
ii  python3-gi-cairo 3.42.2-3+b1
ii  python3-numpy1:1.24.2-1
ii  python3-opengl   3.1.6+dfsg-3
ii  python3-tk   3.11.2-3
ii  python3-xlib 0.33-2
ii  tcl-tclreadline [tclreadline]2.3.8-1
ii  tcl8.6   8.6.13+dfsg-2
ii  tclx8.4 [tclx]   8.4.1-4
ii  tk8.68.6.13-2
ii  udev 252.12-1~deb12u1

Versions of packages linuxcnc-uspace recommends:
ii  espeak  1.48.15+dfsg-3
ii  espeak-ng   1.51+dfsg-10
ii  gstreamer1.0-tools  1.22.0-2
pn  hostmot2-firmware-all   
ii  librsvg2-dev2.54.5+dfsg-1
ii  linux-image-rt-amd646.1.38-1
ii  linuxcnc-doc-en [linuxcnc-doc]  2.9.0~pre1+git20230208.f1270d6ed7-1
ii  pyqt5-dev-tools 5.15.9+dfsg-1
ii  python3-dbus1.3.2-4+b1
ii  python3-dbus.mainloop.pyqt5 5.15.9+dfsg-1
ii  python3-espeak  0.5-5+b1
ii  python3-opencv  4.6.0+dfsg-12
ii  python3-pil 9.4.0-1.1+b1
ii  python3-pil.imagetk 9.4.0-1.1+b1
ii  python3-poppler-qt5 21.3.0-2+b1
ii  python3-pyqt5   5.15.9+dfsg-1
ii  python3-pyqt5.qsci  2.13.3+dfsg-3
ii  python3-pyqt5.qtopengl  5.15.9+dfsg-1
ii  

Bug#1053250: RFP: cmykilluminatigames -- Many popular and fun games

[Trent Gamblin]

Package: wnpp
Severity: wishlist

Over a dozen OpenGL games MIT licensed. https://github.com/troutsneeze 
https://cmykilluminati.net.


I'm the developer and I can help but I'm not sure I'll be able to learn 
Debian packaging.


Stax is already in Debian since around 2000, some of the small games may 
not be necessarily added but I think there are some good ones.

Bug#1036083: bullseye-pu: package galera-4 26.4.14-0+deb11u1

[Otto Kekäläinen]

Sure. Let me polish a bit the latest upload in unstable, and then I will
prepare suitable versions of latest Galera for both Bookworm, Bullseye and
others

Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2

[Thorsten Alteholz]

On Fri, 29 Sep 2023, Adam D. Barratt wrote:

I should have spotted this before (particularly as we recently had the
same issue with another package) but debian/NEWS.Debian should simply
be debian/NEWS. dh_installchangelogs then renames it to NEWS.Debian in
the binary package.


ok, uploaded, I keep my fingers crossed.

  Thorsten

Bug#1052363: bullseye-pu: cups/2.3.3op2-3+deb11u4

[Thorsten Alteholz]

On Fri, 29 Sep 2023, Adam D. Barratt wrote:

I should have spotted this before (particularly as we recently had the
same issue with another package) but debian/NEWS.Debian should simply
be debian/NEWS. dh_installchangelogs then renames it to NEWS.Debian in
the binary package.


ok, uploaded, I keep my fingers crossed.

  Thorsten

Bug#1053248: pipewire: no sound (and hanging processes) without wireplumber

[Christoph Anton Mitterer]

Package: pipewire
Version: 0.3.80-2
Severity: normal

Hey there.

Recently, cinnamon-settings-daemon in version 5.8.1-2 started to prefer
pipewire(-pulse) over pulseaudio, so I thought cinnamon would be ready
for it and gave it a try.

That is, I've installed pipewire (and pipewire-pulse) but no recommended
packages, especially not wireplumber.

I further purged pulseaudio, but not pulseaudio-utils which pipewire-pulse
Suggests, and of course non of the dependencies from other packages,
like libpulse-mainloop-glib0, libpulse0 and libpulsedsp.

Restarted to get all potentially remaining processes removed.


After that no soundcards were found (just a Dummy device entry).

Worse, processes started to use sound (e.g. firefox, but also the "test
sound" thingy from Cinnamon's Audio Mixer), they seemed to freeze.
Firefox seems to have come back to live for short times (where I saw tabs
were continuing to load), but I couldn't do anything with it (no reaction).


Turned out that wireplumber was needed, with that I got my output device
back and sound works nicely.


Not sure whether any of the pipewire packages should depend on wireplumber...
or which part here requires it exactly... but people may run into trouble
without it.

And at least the part of freezing other processes seems like something that
shouldn't happen at all.


HTH,
Chris.



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages pipewire depends on:
ii  adduser  3.137
ii  init-system-helpers  1.65.2
ii  libpipewire-0.3-modules  0.3.80-2
ii  pipewire-bin 0.3.80-2

pipewire recommends no packages.

pipewire suggests no packages.

-- no debconf information

Bug#1053247: firefox: suggest pipewire-pulse as alternative

[Christoph Anton Mitterer]

Package: firefox
Version: 118.0-1
Severity: wishlist


Hey.

Numerous packages have started to suggest:
pipewire-pulse | pulseaudio
(or vice versa).


It seems firefox also works with pipewire-pulse, so maybe firefox should adopt
the same alternative?

Thanks,
Chris.

Bug#1053246: Security support ended for Xen 4.14 in Bullseye

[Hans van Kranenburg]

Package: debian-security-support
Version: 1:11+2023.05.04
Severity: normal

Hi,

Upstream security support for Xen 4.14 has ended recently. This also
means that security support for Debian Bullseye has ended.

The complexity of the software involved does not really allow for anyone
else than the upstream developers, with a deep understanding of the
inner workings of the hypervisor code, to apply/backport new patches.

For security-support-ended.deb11, this could be a line like:

xen 4.14.6-1 2023-09-21
https://xenbits.xen.org/docs/4.14-testing/SUPPORT.html#release-support

Note: This 4.14.6-1 package version is not visible for bullseye yet,
right now, in the archive. It was submitted for the bullseye point
release, and has just been accepted into it:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053177

Thanks,
Hans

Bug#1053245: fluidsynth: Fluidsynth starts at boot and blocks the sound device, no obvious way to disable it

[Patrick May]

Package: fluidsynth
Version: 2.3.1-2
Severity: critical
Justification: breaks unrelated software
X-Debbugs-Cc: dusthillresid...@gmail.com

Dear Maintainer,

I installed rosegarden, lmms, and the fluidsynth package. (I'm not sure which 
of these did it but presumably it's fluidsynth.)

Upon reboot, I noticed a fluidsynth process was running in the background and 
pulseaudio reported my audio device is "Dummy output", apparently because 
fluidsynth is starting before pulseaudio and claiming full control over the 
sound device.

So I ran this command as root:
 systemctl list-unit-files --state=enabled
expecting to find the name of the fluidsynth service in the list, so I could 
disable it.
It does not appear in the list at all.
So, looking further, I tried this command as root:
 systemctl | grep fluid
No mention of fluidsynth appears. But somehow it's starting itself at boot. And 
I have no obvious way of disabling it. 

I would say that this is pretty serious because it starts itself, you have no 
reasonable way of knowing how to stop it, and it takes full control of your 
audio device so you can't play any audio from any other apps.


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-12-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fluidsynth depends on:
ii  init-system-helpers  1.65.2
ii  libc62.36-9+deb12u1
ii  libfluidsynth3   2.3.1-2
ii  libglib2.0-0 2.74.6-2
ii  libsdl2-2.0-02.26.5+dfsg-1
ii  libsystemd0  252.12-1~deb12u1

Versions of packages fluidsynth recommends:
pn  qsynth  

fluidsynth suggests no packages.

-- no debconf information

Bug#1052211: marked as done (bookworm-pu: package electrum/4.3.4+dfsg1-1+deb12u1)

[Adam D. Barratt]

Control: reopen -1
Control: tags -1 pending

On Fri, 2023-09-29 at 21:06 +, Debian Bug Tracking System wrote:
> Your message dated Fri, 29 Sep 2023 21:02:31 +
> with message-id 
> and subject line Bug#1052211: fixed in electrum 4.3.4+dfsg1-1+deb12u1
> has caused the Debian Bug report #1052211,
> regarding bookworm-pu: package electrum/4.3.4+dfsg1-1+deb12u1
> to be marked as done.
> 

Please don't do that.

The bug will be closed, by the Release Team, once the update is
actually in stable, i.e. after a point release.

Until then, it should remain open.

Regards,

Adam

Bug#1053244: ITP: golang-sourcehut-rockorager-go-jmap -- A JMAP client library

[Robin Jarry]

Package: wnpp
Severity: wishlist
Owner: Robin Jarry 

* Package name: golang-sourcehut-rockorager-go-jmap
  Version : 0.3.0-1
  Upstream Author : Tim Culverhouse
* URL : https://git.sr.ht/~rockorager/go-jmap
* License : Expat
  Programming Lang: Go
  Description : A JMAP client library

A JMAP client library. Includes support for all core functionality (including
PushSubscription and EventSource event streams), mail, smime-verify, and MDN
specifications.

This is a new build dependency of aerc.

Bug#1053217: freetype 2.12.1+dfsg-5+deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053217 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: freetype
Version: 2.12.1+dfsg-5+deb12u2

Explanation: revert COLRv1 disabling

Bug#1052629: roundcube 1.6.3+dfsg-1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1052629 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: roundcube
Version: 1.6.3+dfsg-1~deb12u1

Explanation: new upstream stable release; fix OAuth2 authentication; fix cross 
site scripting issues [CVE-2023-43770]

Bug#1053130: glibc 2.36-9+deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053130 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: glibc
Version: 2.36-9+deb12u2

Explanation: fix the value of F_GETLK/F_SETLK/F_SETLKW with __USE_FILE_OFFSET64 
on ppc64el; fix a stack read overflow in getaddrinfo in no- mode 
[CVE-2023-4527]; fix use after free in getcanonname [CVE-2023-4806 
CVE-2023-5156]; fix _dl_find_object to return correct values even during early 
startup

Bug#1053102: curl 7.88.1-10+deb12u3 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053102 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: curl
Version: 7.88.1-10+deb12u3

Explanation: fix excessive memory consumption issue [CVE-2023-38039]

Bug#1052211: electrum 4.3.4+dfsg1-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1052211 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: electrum
Version: 4.3.4+dfsg1-1+deb12u1

Explanation: fix a Lightning security issue

Bug#1051543: grub2: Fails to load normal.mod from a XFS v5 parition.

[Sebastian Andrzej Siewior]

On 2023-09-27 21:45:03 [-0400], Jon DeVree wrote:
> I posted an updated v3 version of the patch:
> 
> https://lists.gnu.org/archive/html/grub-devel/2023-09/msg00110.html

Just rebuilt grub with v3 of the patch and I can confirm that it works.
Thank you.

Referencing the message-id or the link to lore
https://lore.kernel.org/all/20230928004354.32685-1-n...@vault24.org

makes it easier to grab the patch. The GNU list archive contains html
encoding among other things which make it imposible…

Sebastian

Bug#1051137: dgit 10.7+deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1051137 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: dgit
Version: 10.7+deb12u2

Explanation: prevent pushing older versions than are already in the archive

Bug#1040881: llvm-defaults 0.55.7~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1040881 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: llvm-defaults
Version: 0.55.7~deb12u1

Explanation: fix /usr/include/lld symlink; add Breaks against not 
co-installable packages for smoother upgrades from bullseye

Bug#1053243: prometheus-alertmanager: Please package the gui

[Bastien Roucariès]

Source: prometheus-alertmanager
Severity: important

Dear Maintainer,

Could you package the GUI.

ELM is now under debian

Bastien


-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel

Kernel: Linux 6.4.0-4-rt-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1053242: ibus: Keyboard input gets jumbled when typing fast

[Billy Croan]

Package: ibus
Version: 1.5.27-5
Severity: normal
Tags: upstream
X-Debbugs-Cc: bi...@croan.org

Dear Maintainer,

   * What led up to the situation?
I was trying to search a large (300GB) directory of documents or for one in
particular, by file name.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
typed a long word into nautilus to perform the search
   * What was the outcome of this action?
The letters were 'received' out of order unless I waited a full second for each
letter to appear before typing the next.
   * What outcome did you expect instead?
I expected to be able to type at my normal speed without reading and waiting
for each letter.

I tracked this down via https://gitlab.gnome.org/GNOME/nautilus/-/issues/2877
to an upstream bug in ibus: https://github.com/ibus/ibus/issues/2486

I am requesting a backport of ibus' fix to stable/bookworm:
https://github.com/ibus/ibus/pull/2532/commits

Or to update the version in bookworm to the latest upstream if that wouldn't
break anything.


-- Package-specific info:
ibus is /usr/bin/ibus
ibus-setup is /usr/bin/ibus-setup
im-config -l =>  ibus fcitx uim thai xim
im-config -m => 'default' 'missing' 'ibus' '' 'ibus'

XMODIFIERS=@im=ibus
GTK_IM_MODULE=ibus
QT_IM_MODULE=ibus
WAYLAND_DISPLAY=
XDG_CURRENT_DESKTOP=X-Cinnamon
XDG_MENU_PREFIX=
XDG_RUNTIME_DIR=/run/user/1000
XDG_SEAT=seat0
XDG_SESSION_CLASS=user
XDG_SESSION_DESKTOP=cinnamon
XDG_SESSION_ID=2
XDG_SESSION_TYPE=x11

== ls -l /usr/lib/ibus/ibus-* /usr/libexec/ibus-* ==
/bin/ls: cannot access '/usr/lib/ibus/ibus-*': No such file or directory
-rwxr-xr-x 1 root root  22832 Feb 13  2023 /usr/libexec/ibus-dconf
-rwxr-xr-x 1 root root  39256 Nov  8  2022 /usr/libexec/ibus-engine-hangul
-rwxr-xr-x 1 root root  43320 Feb 20  2023 /usr/libexec/ibus-engine-m17n
-rwxr-xr-x 1 root root  14640 Feb 13  2023 /usr/libexec/ibus-engine-simple
-rwxr-xr-x 1 root root 166192 Feb 13  2023 /usr/libexec/ibus-extension-gtk3
-rwxr-xr-x 1 root root  18736 Feb 13  2023 /usr/libexec/ibus-memconf
-rwxr-xr-x 1 root root  92464 Feb 13  2023 /usr/libexec/ibus-portal
-rwxr-xr-x 1 root root912 Nov  8  2022 /usr/libexec/ibus-setup-hangul
-rwxr-xr-x 1 root root  35128 Feb 20  2023 /usr/libexec/ibus-setup-m17n
-rwxr-xr-x 1 root root 121144 Feb 13  2023 /usr/libexec/ibus-ui-emojier
-rwxr-xr-x 1 root root 321904 Feb 13  2023 /usr/libexec/ibus-ui-gtk3
-rwxr-xr-x 1 root root 100280 Feb 13  2023 /usr/libexec/ibus-x11

== dpkg-query -l 'ibus*' ==
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name  VersionArchitecture Description
+++-=-==--==
ii  ibus  1.5.27-5   amd64Intelligent Input Bus 
- core
un  ibus-anthy(no description 
available)
un  ibus-array(no description 
available)
un  ibus-clutter  (no description 
available)
ii  ibus-data 1.5.27-5   all  Intelligent Input Bus 
- data files
un  ibus-doc  (no description 
available)
un  ibus-el   (no description 
available)
un  ibus-googlepinyin (no description 
available)
ii  ibus-gtk:amd641.5.27-5   amd64Intelligent Input Bus 
- GTK2 support
ii  ibus-gtk3:amd64   1.5.27-5   amd64Intelligent Input Bus 
- GTK3 support
ii  ibus-gtk4:amd64   1.5.27-5   amd64Intelligent Input Bus 
- GTK4 support
ii  ibus-hangul   1.5.4-2amd64Hangul engine for IBus
ii  ibus-m17n 1.4.19-1   amd64m17n engine for IBus
ii  ibus-mozc 2.28.4715.102+dfsg-2.2 amd64Mozc engine for IBus 
- Client of the Mozc input method
un  ibus-pinyin   (no description 
available)
un  ibus-qt5  (no description 
available)

=== gsettings ===
org.freedesktop.ibus.general dconf-preserve-name-prefixes 
['/desktop/ibus/engine/pinyin', '/desktop/ibus/engine/bopomofo', 
'/desktop/ibus/engine/hangul']
org.freedesktop.ibus.general embed-preedit-text true
org.freedesktop.ibus.general enable-by-default false
org.freedesktop.ibus.general engines-order @as []
org.freedesktop.ibus.general preload-engines ['xkb:us::eng']
org.freedesktop.ibus.general switcher-delay-time 400
org.freedesktop.ibus.general use-global-engine true
org.freedesktop.ibus.general use-system-keyboard-layout false
org.freedesktop.ibus.general use-xmodmap true
org.freedesktop.ibus.general version '1.5.27'
org.freedesktop.ibus.general xkb-latin-layouts ['af', 'af(fa-olpc)', 
'af(ps-olpc)', 'af(ps)', 'af(uz)', 'af(uz-olpc)', 'am', 'am(eastern)', 
'am(eastern-alt)', 

Bug#1053241: glibc: please apply upstream patch to fix slow fstat

[Fabio Pedretti]

Package: glibc
Version: 2.36-9+deb12u1
Severity: normal
X-Debbugs-Cc: pedretti.fa...@gmail.com

Dear Maintainer,

glibc uses a slow version of fstat. Details are documented
here: https://lwn.net/Articles/944214/

A patch to fix this was merged in glibc:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=551101e8240b7514fc646d1722f8b79c90362b8f

The patch applies cleanly and builds fine also on bookworm glibc.
Please consider apply it to fix slow fstat.

Thanks.

Bug#1053221: a new CVE popped up

[Hans-Christoph Steiner]

Control: retitle -1 bookworm-pu: package python-git/3.1.30-1+deb12u2

A new CVE and fix popped up right after I filled this.  The patch is also from 
upstream, and also has been shipped by the Debian LTS team.
diff --git a/debian/changelog b/debian/changelog
index dfaadbc..7d8905e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,24 @@
+python-git (3.1.30-1+deb12u2) stable; urgency=high
+
+  * Team upload.
+  * Fix CVE-2023-41040: Blind local file inclusion.
+
+ -- Hans-Christoph Steiner   Fri, 29 Sep 2023 20:43:31 +0200
+
+python-git (3.1.30-1+deb12u1) stable; urgency=medium
+
+  [ Hans-Christoph Steiner ]
+  * Team upload.
+  * CVE-2023-40267: Include patch from Ubuntu (Closes: #1043503)
+
+  [ Fabian Toepfer ]
+  * SECURITY UPDATE: RCE due to improper user input validation
+- debian/patches/CVE-2023-40267.patch: Block insecure non-multi
+  options in clone/clone_from.
+- CVE-2023-40267
+
+ -- Hans-Christoph Steiner   Fri, 29 Sep 2023 16:18:03 +0200
+
 python-git (3.1.30-1) unstable; urgency=medium
 
   [ Debian Janitor ]
diff --git a/debian/patches/CVE-2023-40267.patch b/debian/patches/CVE-2023-40267.patch
new file mode 100644
index 000..b733fb2
--- /dev/null
+++ b/debian/patches/CVE-2023-40267.patch
@@ -0,0 +1,60 @@
+From 5c59e0d63da6180db8a0b349f0ad36fef42aceed Mon Sep 17 00:00:00 2001
+From: Sylvain Beucler 
+Date: Mon, 10 Jul 2023 16:10:10 +0200
+Subject: [PATCH] Block insecure non-multi options in clone/clone_from
+ Follow-up to #1521
+
+---
+ git/repo/base.py  |  2 ++
+ test/test_repo.py | 24 +++-
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+--- python-git-3.1.30.orig/git/repo/base.py
 python-git-3.1.30/git/repo/base.py
+@@ -1188,6 +1188,8 @@ class Repo(object):
+ 
+ if not allow_unsafe_protocols:
+ Git.check_unsafe_protocols(str(url))
++if not allow_unsafe_options:
++Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=cls.unsafe_git_clone_options)
+ if not allow_unsafe_options and multi_options:
+ Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options)
+ 
+--- python-git-3.1.30.orig/test/test_repo.py
 python-git-3.1.30/test/test_repo.py
+@@ -281,6 +281,17 @@ class TestRepo(TestBase):
+ rw_repo.clone(tmp_dir, multi_options=[unsafe_option])
+ assert not tmp_file.exists()
+ 
++unsafe_options = [
++{"upload-pack": f"touch {tmp_file}"},
++{"u": f"touch {tmp_file}"},
++{"config": "protocol.ext.allow=always"},
++{"c": "protocol.ext.allow=always"},
++]
++for unsafe_option in unsafe_options:
++with self.assertRaises(UnsafeOptionError):
++rw_repo.clone(tmp_dir, **unsafe_option)
++assert not tmp_file.exists()
++
+ @with_rw_repo("HEAD")
+ def test_clone_unsafe_options_allowed(self, rw_repo):
+ tmp_dir = pathlib.Path(tempfile.mkdtemp())
+@@ -337,6 +348,17 @@ class TestRepo(TestBase):
+ Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option])
+ assert not tmp_file.exists()
+ 
++unsafe_options = [
++{"upload-pack": f"touch {tmp_file}"},
++{"u": f"touch {tmp_file}"},
++{"config": "protocol.ext.allow=always"},
++{"c": "protocol.ext.allow=always"},
++]
++for unsafe_option in unsafe_options:
++with self.assertRaises(UnsafeOptionError):
++Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)
++assert not tmp_file.exists()
++
+ @with_rw_repo("HEAD")
+ def test_clone_from_unsafe_options_allowed(self, rw_repo):
+ tmp_dir = pathlib.Path(tempfile.mkdtemp())
diff --git a/debian/patches/CVE-2023-41040.patch b/debian/patches/CVE-2023-41040.patch
new file mode 100644
index 000..2e194af
--- /dev/null
+++ b/debian/patches/CVE-2023-41040.patch
@@ -0,0 +1,69 @@
+From: Facundo Tuesca 
+Date: Tue, 5 Sep 2023 09:51:50 +0200
+Subject: Fix CVE-2023-41040
+
+This change adds a check during reference resolving to see if it
+contains an up-level reference ('..'). If it does, it raises an
+exception.
+
+This fixes CVE-2023-41040, which allows an attacker to access files
+outside the repository's directory.
+
+Origin: https://github.com/gitpython-developers/GitPython/commit/64ebb9fcdfbe48d5d61141a557691fd91f1e88d6
+Origin: https://github.com/gitpython-developers/GitPython/commit/65b8c6a2ccacdf26e751cd3bc3c5a7c9e5796b56
+Bug: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-41040
+---
+ git/refs/symbolic.py  |  2 ++
+ git/test/test_refs.py | 15 +++
+ 2 files changed, 17 insertions(+)
+
+--- a/git/refs/symbolic.py
 b/git/refs/symbolic.py
+@@ -168,6 +168,8 @@
+ """Return: (str(sha), 

Bug#1053240: bullseye-pu: package ghostscript/9.53.3~dfsg-7+deb11u6

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ghostscr...@packages.debian.org, car...@debian.org
Control: affects -1 + src:ghostscript

Hi stable release managers,

[ Reason ]
Fix two CVEs which we did mark no-dsa (though one might after more
thinking be a candiate). Fix CVE-2023-38559 and CVE-2023-43115.

[ Impact ]
CVE-2023-38559 and CVE-2023-43115 would remain open so far.

[ Tests ]
Performed manual test for CVE-2023-43115.

[ Risks ]
Should be low, following the upstream commits to resolve the issues
which are very targeted.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Apply upstream fixes to address the CVEs. Adjust checks on input and
for the second issue, prevent PostScript programs switching to the IJS
device after SAFER has been activated (and prevent changes to the
IjsServer parameter after SAFER has been activated).

[ Other info ]
None.

Regards,
Salvatore
diff -Nru ghostscript-9.53.3~dfsg/debian/changelog 
ghostscript-9.53.3~dfsg/debian/changelog
--- ghostscript-9.53.3~dfsg/debian/changelog2023-07-02 11:54:08.0 
+0200
+++ ghostscript-9.53.3~dfsg/debian/changelog2023-09-29 14:24:57.0 
+0200
@@ -1,3 +1,12 @@
+ghostscript (9.53.3~dfsg-7+deb11u6) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
+(Closes: #1043033)
+  * IJS device - try and secure the IJS server startup (CVE-2023-43115)
+
+ -- Salvatore Bonaccorso   Fri, 29 Sep 2023 14:24:57 +0200
+
 ghostscript (9.53.3~dfsg-7+deb11u5) bullseye-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru ghostscript-9.53.3~dfsg/debian/patches/020230717~d81b82c.patch 
ghostscript-9.53.3~dfsg/debian/patches/020230717~d81b82c.patch
--- ghostscript-9.53.3~dfsg/debian/patches/020230717~d81b82c.patch  
1970-01-01 01:00:00.0 +0100
+++ ghostscript-9.53.3~dfsg/debian/patches/020230717~d81b82c.patch  
2023-09-29 14:24:57.0 +0200
@@ -0,0 +1,28 @@
+From: Chris Liddell 
+Date: Mon, 17 Jul 2023 14:06:37 +0100
+Subject: Bug 706897: Copy pcx buffer overrun fix from devices/gdevpcx.c
+Origin: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f
+Bug-Debian: https://bugs.debian.org/1043033
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-38559
+
+Bounds check the buffer, before dereferencing the pointer.
+---
+ base/gdevdevn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/base/gdevdevn.c b/base/gdevdevn.c
+index 7b14d9c712b4..6351fb77ac75 100644
+--- a/base/gdevdevn.c
 b/base/gdevdevn.c
+@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, 
int step, gp_file * file
+ byte data = *from;
+ 
+ from += step;
+-if (data != *from || from == end) {
++if (from >= end || data != *from) {
+ if (data >= 0xc0)
+ gp_fputc(0xc1, file);
+ } else {
+-- 
+2.40.1
+
diff -Nru ghostscript-9.53.3~dfsg/debian/patches/020230824~8b0f200.patch 
ghostscript-9.53.3~dfsg/debian/patches/020230824~8b0f200.patch
--- ghostscript-9.53.3~dfsg/debian/patches/020230824~8b0f200.patch  
1970-01-01 01:00:00.0 +0100
+++ ghostscript-9.53.3~dfsg/debian/patches/020230824~8b0f200.patch  
2023-09-29 14:24:57.0 +0200
@@ -0,0 +1,53 @@
+From: Ken Sharp 
+Date: Thu, 24 Aug 2023 15:24:35 +0100
+Subject: IJS device - try and secure the IJS server startup
+Origin: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-43115
+
+Bug #707051 ""ijs" device can execute arbitrary commands"
+
+The problem is that the 'IJS' device needs to start the IJS server, and
+that is indeed an arbitrary command line. There is (apparently) no way
+to validate it. Indeed, this is covered quite clearly in the comments
+at the start of the source:
+
+ * WARNING: The ijs server can be selected on the gs command line
+ * which is a security risk, since any program can be run.
+
+Previously this used the awful LockSafetyParams hackery, which we
+abandoned some time ago because it simply couldn't be made secure (it
+was implemented in PostScript and was therefore vulnerable to PostScript
+programs).
+
+This commit prevents PostScript programs switching to the IJS device
+after SAFER has been activated, and prevents changes to the IjsServer
+parameter after SAFER has been activated.
+
+SAFER is activated, unless explicitly disabled, before any user
+PostScript is executed which means that the device and the server
+invocation can only be configured on the command line. This does at
+least 

Bug#1053239: bookworm-pu: package ghostscript/10.0.0~dfsg-11+deb12u2

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ghostscr...@packages.debian.org, car...@debian.org
Control: affects -1 + src:ghostscript

Hi stable release managers,

[ Reason ]
Fix two CVEs which we did mark no-dsa (though one might after more
thinking be a candiate). Fix CVE-2023-38559 and CVE-2023-43115.

[ Impact ]
CVE-2023-38559 and CVE-2023-43115 would remain open so far.

[ Tests ]
Performed manual test for CVE-2023-43115.

[ Risks ]
Should be low, following the upstream commits to resolve the issues
which are very targeted.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Apply upstream fixes to address the CVEs. Adjust checks on input and
for the second issue, prevent PostScript programs switching to the IJS
device after SAFER has been activated (and prevent changes to the
IjsServer parameter after SAFER has been activated).

[ Other info ]
None.

Regards,
Salvatore
diff -Nru ghostscript-10.0.0~dfsg/debian/changelog 
ghostscript-10.0.0~dfsg/debian/changelog
--- ghostscript-10.0.0~dfsg/debian/changelog2023-07-02 10:50:27.0 
+0200
+++ ghostscript-10.0.0~dfsg/debian/changelog2023-09-29 14:33:30.0 
+0200
@@ -1,3 +1,12 @@
+ghostscript (10.0.0~dfsg-11+deb12u2) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
+(Closes: #1043033)
+  * IJS device - try and secure the IJS server startup (CVE-2023-43115)
+
+ -- Salvatore Bonaccorso   Fri, 29 Sep 2023 14:33:30 +0200
+
 ghostscript (10.0.0~dfsg-11+deb12u1) bookworm-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru 
ghostscript-10.0.0~dfsg/debian/patches/0005-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch
 
ghostscript-10.0.0~dfsg/debian/patches/0005-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch
--- 
ghostscript-10.0.0~dfsg/debian/patches/0005-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch
  1970-01-01 01:00:00.0 +0100
+++ 
ghostscript-10.0.0~dfsg/debian/patches/0005-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch
  2023-09-29 14:17:17.0 +0200
@@ -0,0 +1,28 @@
+From: Chris Liddell 
+Date: Mon, 17 Jul 2023 14:06:37 +0100
+Subject: Bug 706897: Copy pcx buffer overrun fix from devices/gdevpcx.c
+Origin: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f
+Bug-Debian: https://bugs.debian.org/1043033
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-38559
+
+Bounds check the buffer, before dereferencing the pointer.
+---
+ base/gdevdevn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/base/gdevdevn.c b/base/gdevdevn.c
+index 7b14d9c712b4..6351fb77ac75 100644
+--- a/base/gdevdevn.c
 b/base/gdevdevn.c
+@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, 
int step, gp_file * file
+ byte data = *from;
+ 
+ from += step;
+-if (data != *from || from == end) {
++if (from >= end || data != *from) {
+ if (data >= 0xc0)
+ gp_fputc(0xc1, file);
+ } else {
+-- 
+2.40.1
+
diff -Nru 
ghostscript-10.0.0~dfsg/debian/patches/0006-IJS-device-try-and-secure-the-IJS-server-startup.patch
 
ghostscript-10.0.0~dfsg/debian/patches/0006-IJS-device-try-and-secure-the-IJS-server-startup.patch
--- 
ghostscript-10.0.0~dfsg/debian/patches/0006-IJS-device-try-and-secure-the-IJS-server-startup.patch
  1970-01-01 01:00:00.0 +0100
+++ 
ghostscript-10.0.0~dfsg/debian/patches/0006-IJS-device-try-and-secure-the-IJS-server-startup.patch
  2023-09-29 14:22:09.0 +0200
@@ -0,0 +1,58 @@
+From: Ken Sharp 
+Date: Thu, 24 Aug 2023 15:24:35 +0100
+Subject: IJS device - try and secure the IJS server startup
+Origin: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-43115
+
+Bug #707051 ""ijs" device can execute arbitrary commands"
+
+The problem is that the 'IJS' device needs to start the IJS server, and
+that is indeed an arbitrary command line. There is (apparently) no way
+to validate it. Indeed, this is covered quite clearly in the comments
+at the start of the source:
+
+ * WARNING: The ijs server can be selected on the gs command line
+ * which is a security risk, since any program can be run.
+
+Previously this used the awful LockSafetyParams hackery, which we
+abandoned some time ago because it simply couldn't be made secure (it
+was implemented in PostScript and was therefore vulnerable to PostScript
+programs).
+
+This commit prevents PostScript programs switching to the IJS device
+after SAFER has 

Bug#1053219: bookworm-pu: package lemonldap-ng/2.16.1+ds-deb12u2

[Salvatore Bonaccorso]

Hi Yadd,

On Fri, Sep 29, 2023 at 05:37:25PM +0400, Yadd wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: lemonldap...@packages.debian.org, y...@debian.org
> Control: affects -1 + src:lemonldap-ng
> 
> [ Reason ]
> Two new vulnerabilities have been dicovered and fixed in lemonldap-ng:
>  - an open redirection only when configuration is edited by hand and
>doesn't follow OIDC specifications
>  - a server-side-request-forgery (CVE-2023-44469) in OIDC protocol:
>A little-know feature of OIDC allows the OpenID Provider to fetch the
>Authorization request parameters itself by indicating a request_uri
>parameter. This feature is now restricted to a white list using this
>patch
> 
> [ Impact ]
> One low and one medium security issue.
> 
> [ Tests ]
> Patches includes test updates
> 
> [ Risks ]
> Outside of test changes, patches are not so big and the test coverage
> provided by upstream is good, so risk is moderate.
> 
> [ Checklist ]
>   [X] *all* changes are documented in the d/changelog
>   [X] I reviewed all changes and I approve them
>   [X] attach debdiff against the package in (old)stable
>   [X] the issue is verified as fixed in unstable
> 
> [ Changes ]
> - open redirection patch: just rejects requests with `redirect_uri` if
>   relying party configuration has no declared redirect URIs.
> - SSRF patch:
>   * add new configuration parameter to list authorized "request_uris"
>   * change the algorithm that manage request_uri parameter
> 
> Cheers,
> Xavier

> diff --git a/debian/NEWS b/debian/NEWS
> index b8955920b..5295a3cbb 100644
> --- a/debian/NEWS
> +++ b/debian/NEWS
> @@ -1,3 +1,13 @@
> +lemonldap-ng (2.16.1+ds-deb12u2) bullseye; urgency=medium


bookworm?

(but that said I guess that can be considered minor if time is tight
to get the upload in, but as well disclaimer, not part of the release
team)

Regards,
Salvatore

Bug#1053182: libvpx: diff for NMU version 1.12.0-1.1

[Salvatore Bonaccorso]

Hi Sebastian,

On Fri, Sep 29, 2023 at 04:00:17PM +0200, Sebastian Ramacher wrote:
> On 2023-09-28 23:14:20 +0200, Salvatore Bonaccorso wrote:
> > X-Debbugs-CC: Sebastian Ramacher 
> > 
> > Control: tags 1053182 + patch
> > Control: tags 1053182 + pending
> > 
> > 
> > Dear maintainer,
> > 
> > I've prepared an NMU for libvpx (versioned as 1.12.0-1.1) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I
> > should delay it longer.
> 
> Thanks for working on the fix! Please feel free to reschedule it so that
> it directly lands in unstable.

Thanks, done (as you noticed presumably). I did as well prepared
uploads for bookworm-security and bullseye-security already yesterday
(but needing to release the DSA yet).

Regards,
Salvatore

Bug#1053238: tracker-miners: Fails to build on many architectures, failed to load seccomp rules

[Jeremy Bícha]

Source: tracker-miners
Version: 3.4.5-1
Severity: serious
Tags: ftbfs sid
Forwarded: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/280

The latest version of tracker-miners fails to build on most of our
architectures. Reported upstream.

Thank you,
Jeremy Bícha

Bug#1053177: xen 4.14.6-1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053177 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: xen
Version: 4.14.6-1

Explanation: new upstream stable release; fix security issues [CVE-2023-20593 
CVE-2023-20569 CVE-2022-40982]

Bug#1053236: dpkg: [INTL:nl] Dutch translation for the dpkg package

[Frans Spiesschaert]

 
 
Package: dpkg 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the updated Dutch po file for the dpkg package. 
A draft has been posted to the debian-l10n-dutch mailing list allowing for
review. 
Please add it to your next package revision. 
It should be put as "po/nl.po" in your package build tree. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#1053235: dselect: [INTL:nl] Dutch translation for the dselect package

[Frans Spiesschaert]

 
 
Package: dselect 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the updated Dutch po file for the dselect package. 
A draft has been posted to the debian-l10n-dutch mailing list allowing for
review. 
Please add it to your next package revision. 
It should be put as "dselect/po/nl.po" in the package build tree of dpkg
source. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#1053233: O: lebiniou -- user-friendly, powerful music visualization / VJing tool

[Tobias Frost]

Package: wnpp

We've received the sad news that Olivier Girondel  has 
passed away.
If you want to continue their legacy, please consider adopting the package.

Maintaining a package requires time and skills. Please only adopt this
package if you will have enough time and attention to work on it.

If you want to be the new maintainer, please see
https://www.debian.org/devel/wnpp/#howto-o for detailed
instructions how to adopt a package properly.

Some information about this package:

Package: lebiniou
Binary: lebiniou
Version: 3.66.0-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper-compat (= 13), libglib2.0-dev, libfftw3-dev, 
libswscale-dev, libasound2-dev, libsndfile1-dev, libjack-dev | 
libjack-jackd2-dev, libavcodec-dev, libsdl2-dev, libavformat-dev, libpulse-dev, 
libavutil-dev, libmagickwand-dev, libjansson-dev, libulfius-dev, liblo-dev
Architecture: any
Standards-Version: 4.6.0.0
Format: 3.0 (quilt)
Files:
 4c7be7267029f5b2264fb7980d93109d 2129 lebiniou_3.66.0-1.dsc
 89fb6acf3878a62a1797363d885db069 990455 lebiniou_3.66.0.orig.tar.gz
 f740c29b7ab01e1d4b40db4493a80322 5976 lebiniou_3.66.0-1.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou
Vcs-Git: https://gitlab.com/lebiniou/lebiniou.git
Checksums-Sha256:
 081025c3da12cc2b6902a85c6225062797b79b91c81f207bb7ce727f84a5ab6f 2129 
lebiniou_3.66.0-1.dsc
 a74f22e13d943fd0aa7cb20dbbd7728fa93348634ad578605fb172c0e9ace60c 990455 
lebiniou_3.66.0.orig.tar.gz
 ca05c7f65ec98244d18e73aa342c6ae26f3575c066a8df928a11783c791282ea 5976 
lebiniou_3.66.0-1.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou deb graphics optional arch=any
Testsuite: autopkgtest
Testsuite-Triggers: ffmpeg, lebiniou-data
Directory: pool/main/l/lebiniou
Priority: source
Section: graphics

Package: lebiniou
Binary: lebiniou
Version: 3.54.1-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper-compat (= 13), libglib2.0-dev, libfftw3-dev, 
libswscale-dev, libfreetype6-dev, libasound2-dev, libsndfile1-dev, libjack-dev 
| libjack-jackd2-dev, libsdl2-ttf-dev, libavcodec-dev, libavformat-dev, 
libpulse-dev, libavutil-dev, libmagickwand-dev, libjansson-dev, libulfius-dev
Architecture: any
Standards-Version: 4.5.1
Format: 3.0 (quilt)
Files:
 051bce9b1ab7476c6c74cb264bac2a64 2141 lebiniou_3.54.1-1.dsc
 373dab84ca3b689a5cbeee7d5fb7d06b 1836857 lebiniou_3.54.1.orig.tar.gz
 a002bbf2136a759ef5a9c3248ca2a6a8 5036 lebiniou_3.54.1-1.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou
Vcs-Git: https://gitlab.com/lebiniou/lebiniou.git
Checksums-Sha256:
 7c4c90bd28f7d383ecf5c4e8467ffe2b2cca98b46032bd1049b33c8a8d593dde 2141 
lebiniou_3.54.1-1.dsc
 dcc0c59dd0f10e1b6c829ee88472f45bb34a26b4e4c5bec9ab0e32fec3b1d7b4 1836857 
lebiniou_3.54.1.orig.tar.gz
 7d14b1d17c2a2e0deb480fab1c0266e92cfaa60f93d0f063d6ade891cdee87a9 5036 
lebiniou_3.54.1-1.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou deb graphics optional arch=any
Testsuite: autopkgtest
Testsuite-Triggers: ffmpeg, lebiniou-data
Directory: pool/main/l/lebiniou
Priority: source
Section: graphics

Package: lebiniou
Binary: lebiniou
Version: 3.30-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 11), libglib2.0-dev, libfftw3-dev, libxml2-dev (>= 
2.6), libswscale-dev, libfreetype6-dev, libasound2-dev, libsndfile1-dev, 
libjack-dev | libjack-jackd2-dev, libsdl2-ttf-dev, libpulse-dev, 
libpnglite-dev, libavutil-dev, pandoc
Architecture: any
Standards-Version: 4.3.0
Format: 3.0 (quilt)
Files:
 526391d2443ae8f74687190126cf542f 2039 lebiniou_3.30-1.dsc
 37c7b6950d1a61f79fd29568fcf789ad 682870 lebiniou_3.30.orig.tar.gz
 6acfa381e28a378791933a0df7fe1862 3724 lebiniou_3.30-1.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou
Vcs-Git: https://gitlab.com/lebiniou/lebiniou.git
Checksums-Sha256:
 3fb7a854ed1e61bae4d8a5a8b6fd148e1a217d6e2a8250b945612a2f0f3a576b 2039 
lebiniou_3.30-1.dsc
 df1eb61ee268bd216b7a185d363055bcc1c9025cc632186df35cce99ef6a4d06 682870 
lebiniou_3.30.orig.tar.gz
 f956707f3f450892880c48228db0ca10aa512a06b94a5bab922c6b450d57d7c8 3724 
lebiniou_3.30-1.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou deb graphics optional arch=any
Testsuite: autopkgtest
Directory: pool/main/l/lebiniou
Priority: source
Section: graphics

Package: lebiniou
Binary: lebiniou
Version: 3.22-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 9), autotools-dev, libglib2.0-dev, libfftw3-dev, 
libxml2-dev (>= 2.6), libsdl-ttf2.0-dev, gawk, libswscale-dev, 
libfreetype6-dev, libasound2-dev, libjack-jackd2-dev, libpulse-dev, 
libpnglite-dev, libavutil-dev
Architecture: any
Standards-Version: 3.9.5
Format: 3.0 (quilt)
Files:
 4ea24d4cfebba3c5a5bb32c037ccf4ec 1881 lebiniou_3.22-1.dsc
 1b084bc973972736f1481512349f550e 616570 lebiniou_3.22.orig.tar.gz
 ba3768db3677d350b1ce8d5afcdf2d44 3936 lebiniou_3.22-1.debian.tar.xz
Checksums-Sha1:
 1633348fde54b4ef987630696875a7581085e46a 1881 lebiniou_3.22-1.dsc
 7056db6ab946e436f29739d51c10977f48572b67 616570 

Bug#824499: GPX Route vs. Track

[Stefan Kropp]

Hello,

I looked into the code. I *think* the menu is used to load GPX files
with a route and the button on the right ("Load"-Button) loads a track.

I do have a gpx file with a track. The "load route"-Button is not
working, but the "Load"-Button is working.

Unfortunately, I do not have a route-file. What I did, I used a gpx file
with tracks and replaced it via "%s/trk/rte/g". Now, the menu-Button is
loading a "route".

I'm not a GPX expert, but maybe this is not a bug. Improvement could
be to display a warning, when the file doesn't provide a route. 

-- 
Stefan
Instant Messaging via XMPP
Diese E-Mail wurde von einem Debian GNU/Linux System gesendet

Bug#1053234: O: extsmail -- enables the robust sending of e-mail to external commands

[Tobias Frost]

Package: wnpp

We've received the sad news that Olivier Girondel  has 
passed away.
If you want to continue their legacy, please consider adopting the package.

Maintaining a package requires time and skills. Please only adopt this
package if you will have enough time and attention to work on it.

If you want to be the new maintainer, please see
https://www.debian.org/devel/wnpp/#howto-o for detailed
instructions how to adopt a package properly.

Some information about this package:

Package: extsmail
Binary: extsmail
Version: 2.5-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper-compat (= 13), bison, flex, libbsd-dev
Architecture: any
Standards-Version: 4.6.0.0
Format: 3.0 (quilt)
Files:
 cc728d7f54a865825edb392264d5f506 1803 extsmail_2.5-1.dsc
 1139481810a5e3f75b4a2d8b550e157c 67418 extsmail_2.5.orig.tar.gz
 788ea923928359d05ec86d3c9d2cfde5 2520 extsmail_2.5-1.debian.tar.xz
Vcs-Browser: https://github.com/ltratt/extsmail
Checksums-Sha256:
 5a2d62a3d5b8eb8c4a947105688f79865fad64a7d4c1ed9f777b5d0852d213fa 1803 
extsmail_2.5-1.dsc
 a2c184a9365115f40190fe0e28866e6c6f816c6411006915e9a8072dec7c2079 67418 
extsmail_2.5.orig.tar.gz
 591b1e04ca01e0b3c232b758a742ffd6b9c95c9176f7d3432b56be2210256144 2520 
extsmail_2.5-1.debian.tar.xz
Homepage: https://tratt.net/laurie/src/extsmail/
Package-List: 
 extsmail deb mail optional arch=any
Testsuite: autopkgtest
Directory: pool/main/e/extsmail
Priority: source
Section: mail

Package: extsmail
Binary: extsmail
Version: 2.4-2
Maintainer: Olivier Girondel 
Build-Depends: debhelper-compat (= 12), bison, flex
Architecture: any
Standards-Version: 4.5.0
Format: 3.0 (quilt)
Files:
 4ecd896a4c972107c1ab2715ffbe046d 1789 extsmail_2.4-2.dsc
 ff703dcd4dc85acbbff9ee8aede9c25d 67888 extsmail_2.4.orig.tar.gz
 c545af39f2bdf99703351a8651a4f82d 2752 extsmail_2.4-2.debian.tar.xz
Vcs-Browser: https://github.com/ltratt/extsmail
Checksums-Sha256:
 dcf3729afcb68c9927a2fc979f11289290d5a8e288802ebc590d6e0b98d36d12 1789 
extsmail_2.4-2.dsc
 6e2544a3ee5160e9308299ae976365a7c98a1f01e861c630addba4fc4d3b1550 67888 
extsmail_2.4.orig.tar.gz
 1e5ab1f8dbcede2be78bd3085f2bba43ef3f2a32f11cf40629ab288f46eed9e0 2752 
extsmail_2.4-2.debian.tar.xz
Homepage: https://tratt.net/laurie/src/extsmail/
Package-List: 
 extsmail deb mail optional arch=any
Testsuite: autopkgtest
Directory: pool/main/e/extsmail
Priority: source
Section: mail

Package: extsmail
Binary: extsmail
Version: 1.9-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 9), bison, flex, dh-autoreconf
Architecture: any
Standards-Version: 3.9.5
Format: 3.0 (quilt)
Files:
 c6caf2786fd51256d6a5620a6805fd61 1708 extsmail_1.9-1.dsc
 2b381f0c92ced2699fae883c06052e8f 64037 extsmail_1.9.orig.tar.gz
 88efb21f1924db8bdd80e53ebe55e843 1876 extsmail_1.9-1.debian.tar.xz
Checksums-Sha1:
 4b181bee1e842043348c649a3d2d66d319cd349b 1708 extsmail_1.9-1.dsc
 a3286f28bbc6f6015b6834e613376c5f980cb568 64037 extsmail_1.9.orig.tar.gz
 ba5e443fe0afaad6ef306c331aad190118ff7a15 1876 extsmail_1.9-1.debian.tar.xz
Checksums-Sha256:
 0ea020b7b980440a0cbf7d383b2c3509a09018d73364cd3224204d48845220da 1708 
extsmail_1.9-1.dsc
 b61c9ae4bf88b941bc5d5d73c9bcd53d769c744ff2ecedae2d0b5cffcc2365cb 64037 
extsmail_1.9.orig.tar.gz
 7984550a0c2d11abab9bd84011d69966d78d576b769c2a4d6fefbc9959b42548 1876 
extsmail_1.9-1.debian.tar.xz
Homepage: http://tratt.net/laurie/src/extsmail/
Package-List: 
 extsmail deb mail extra arch=any
Directory: pool/main/e/extsmail
Priority: source
Section: mail

Package: extsmail
Binary: extsmail
Version: 2.0-2
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 9), bison, flex, dh-autoreconf
Architecture: any
Standards-Version: 3.9.6
Format: 3.0 (quilt)
Files:
 bffbbc5edfbb22ec1c4ccb38e8e67dfe 1708 extsmail_2.0-2.dsc
 a7100e7b324a41b327cd10f6a849f337 66991 extsmail_2.0.orig.tar.gz
 8fc3b8a53a6e15e7d6182430c8e9c662 1936 extsmail_2.0-2.debian.tar.xz
Checksums-Sha256:
 62596a3981d377868e996c2e3eb8b1bc74d22bd614ca9d5e8fa474d478df4db7 1708 
extsmail_2.0-2.dsc
 faeba1f1b000bce570121cf7b3f5f9f9cc794187e6841732e7fa26a9f8bdb357 66991 
extsmail_2.0.orig.tar.gz
 b2ee624063dc095177261062e8b044401891e4fefed7a0546271f391ca2d6244 1936 
extsmail_2.0-2.debian.tar.xz
Homepage: http://tratt.net/laurie/src/extsmail/
Package-List: 
 extsmail deb mail extra arch=any
Directory: pool/main/e/extsmail
Priority: source
Section: mail

Package: extsmail
Version: 2.5-1
Installed-Size: 109
Maintainer: Olivier Girondel 
Architecture: amd64
Depends: libbsd0 (>= 0.2.0), libc6 (>= 2.15)
Description-en: enables the robust sending of e-mail to external commands
 extsmail masquerades as the standard UNIX sendmail program, reading
 messages, and later piping them to user-defined commands.
 .
 In a sense, extsmail can be thought of as a very simple "tiny" sendmail
 (Think SSMTP, UUCP, ...)
 .
 A typical use is to allow e-mail to be piped via ssh to external servers
 running a full sendmail-compatible MTA. extsmail is designed to have
 sensible defaults, and configuring it is a 

Bug#1053231: O: lebiniou -- user-friendly, powerful music visualization / VJing tool

[Tobias Frost]

Package: wnpp

We've received the sad news that Olivier Girondel 
has passed away.  If you want to continue their legacy, please consider
adopting the package.

Maintaining a package requires time and skills. Please only adopt this
package if you will have enough time and attention to work on it.

If you want to be the new maintainer, please see
https://www.debian.org/devel/wnpp/#howto-o for detailed
instructions how to adopt a package properly.

Some information about this package:

Package: lebiniou
Binary: lebiniou
Version: 3.66.0-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper-compat (= 13), libglib2.0-dev, libfftw3-dev, 
libswscale-dev, libasound2-dev, libsndfile1-dev, libjack-dev | 
libjack-jackd2-dev, libavcodec-dev, libsdl2-dev, libavformat-dev, libpulse-dev, 
libavutil-dev, libmagickwand-dev, libjansson-dev, libulfius-dev, liblo-dev
Architecture: any
Standards-Version: 4.6.0.0
Format: 3.0 (quilt)
Files:
 4c7be7267029f5b2264fb7980d93109d 2129 lebiniou_3.66.0-1.dsc
 89fb6acf3878a62a1797363d885db069 990455 lebiniou_3.66.0.orig.tar.gz
 f740c29b7ab01e1d4b40db4493a80322 5976 lebiniou_3.66.0-1.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou
Vcs-Git: https://gitlab.com/lebiniou/lebiniou.git
Checksums-Sha256:
 081025c3da12cc2b6902a85c6225062797b79b91c81f207bb7ce727f84a5ab6f 2129 
lebiniou_3.66.0-1.dsc
 a74f22e13d943fd0aa7cb20dbbd7728fa93348634ad578605fb172c0e9ace60c 990455 
lebiniou_3.66.0.orig.tar.gz
 ca05c7f65ec98244d18e73aa342c6ae26f3575c066a8df928a11783c791282ea 5976 
lebiniou_3.66.0-1.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou deb graphics optional arch=any
Testsuite: autopkgtest
Testsuite-Triggers: ffmpeg, lebiniou-data
Directory: pool/main/l/lebiniou
Priority: source
Section: graphics

Package: lebiniou
Binary: lebiniou
Version: 3.54.1-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper-compat (= 13), libglib2.0-dev, libfftw3-dev, 
libswscale-dev, libfreetype6-dev, libasound2-dev, libsndfile1-dev, libjack-dev 
| libjack-jackd2-dev, libsdl2-ttf-dev, libavcodec-dev, libavformat-dev, 
libpulse-dev, libavutil-dev, libmagickwand-dev, libjansson-dev, libulfius-dev
Architecture: any
Standards-Version: 4.5.1
Format: 3.0 (quilt)
Files:
 051bce9b1ab7476c6c74cb264bac2a64 2141 lebiniou_3.54.1-1.dsc
 373dab84ca3b689a5cbeee7d5fb7d06b 1836857 lebiniou_3.54.1.orig.tar.gz
 a002bbf2136a759ef5a9c3248ca2a6a8 5036 lebiniou_3.54.1-1.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou
Vcs-Git: https://gitlab.com/lebiniou/lebiniou.git
Checksums-Sha256:
 7c4c90bd28f7d383ecf5c4e8467ffe2b2cca98b46032bd1049b33c8a8d593dde 2141 
lebiniou_3.54.1-1.dsc
 dcc0c59dd0f10e1b6c829ee88472f45bb34a26b4e4c5bec9ab0e32fec3b1d7b4 1836857 
lebiniou_3.54.1.orig.tar.gz
 7d14b1d17c2a2e0deb480fab1c0266e92cfaa60f93d0f063d6ade891cdee87a9 5036 
lebiniou_3.54.1-1.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou deb graphics optional arch=any
Testsuite: autopkgtest
Testsuite-Triggers: ffmpeg, lebiniou-data
Directory: pool/main/l/lebiniou
Priority: source
Section: graphics

Package: lebiniou
Binary: lebiniou
Version: 3.30-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 11), libglib2.0-dev, libfftw3-dev, libxml2-dev (>= 
2.6), libswscale-dev, libfreetype6-dev, libasound2-dev, libsndfile1-dev, 
libjack-dev | libjack-jackd2-dev, libsdl2-ttf-dev, libpulse-dev, 
libpnglite-dev, libavutil-dev, pandoc
Architecture: any
Standards-Version: 4.3.0
Format: 3.0 (quilt)
Files:
 526391d2443ae8f74687190126cf542f 2039 lebiniou_3.30-1.dsc
 37c7b6950d1a61f79fd29568fcf789ad 682870 lebiniou_3.30.orig.tar.gz
 6acfa381e28a378791933a0df7fe1862 3724 lebiniou_3.30-1.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou
Vcs-Git: https://gitlab.com/lebiniou/lebiniou.git
Checksums-Sha256:
 3fb7a854ed1e61bae4d8a5a8b6fd148e1a217d6e2a8250b945612a2f0f3a576b 2039 
lebiniou_3.30-1.dsc
 df1eb61ee268bd216b7a185d363055bcc1c9025cc632186df35cce99ef6a4d06 682870 
lebiniou_3.30.orig.tar.gz
 f956707f3f450892880c48228db0ca10aa512a06b94a5bab922c6b450d57d7c8 3724 
lebiniou_3.30-1.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou deb graphics optional arch=any
Testsuite: autopkgtest
Directory: pool/main/l/lebiniou
Priority: source
Section: graphics

Package: lebiniou
Binary: lebiniou
Version: 3.22-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 9), autotools-dev, libglib2.0-dev, libfftw3-dev, 
libxml2-dev (>= 2.6), libsdl-ttf2.0-dev, gawk, libswscale-dev, 
libfreetype6-dev, libasound2-dev, libjack-jackd2-dev, libpulse-dev, 
libpnglite-dev, libavutil-dev
Architecture: any
Standards-Version: 3.9.5
Format: 3.0 (quilt)
Files:
 4ea24d4cfebba3c5a5bb32c037ccf4ec 1881 lebiniou_3.22-1.dsc
 1b084bc973972736f1481512349f550e 616570 lebiniou_3.22.orig.tar.gz
 ba3768db3677d350b1ce8d5afcdf2d44 3936 lebiniou_3.22-1.debian.tar.xz
Checksums-Sha1:
 1633348fde54b4ef987630696875a7581085e46a 1881 lebiniou_3.22-1.dsc
 7056db6ab946e436f29739d51c10977f48572b67 616570 

Bug#1053232: O: lebiniou-data -- datafiles for Le Biniou

[Tobias Frost]

Package: wnpp

We've received the sad news that Olivier Girondel  has 
passed away.
If you want to continue their legacy, please consider adopting the package.

Maintaining a package requires time and skills. Please only adopt this
package if you will have enough time and attention to work on it.

If you want to be the new maintainer, please see
https://www.debian.org/devel/wnpp/#howto-o for detailed
instructions how to adopt a package properly.

Some information about this package:

Package: lebiniou-data
Binary: lebiniou-data
Version: 3.66.0-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper-compat (= 13)
Architecture: all
Standards-Version: 4.6.0.0
Format: 3.0 (quilt)
Files:
 a4f2d34d80ae65e412837a2fc7a98ced 1939 lebiniou-data_3.66.0-1.dsc
 ef46f42d4174c8a7188c815f3bdbe76f 54796745 lebiniou-data_3.66.0.orig.tar.gz
 43a8b0588a44c4492e1ac93850489e45 16408 lebiniou-data_3.66.0-1.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou-data
Vcs-Git: https://gitlab.com/lebiniou/lebiniou-data.git
Checksums-Sha256:
 4906da87c4063e176ece4150a2404e8aee185b603efb3c2d860b817d6f0c7813 1939 
lebiniou-data_3.66.0-1.dsc
 b1677d1176086f0f24b052b66eb73902feb6d9d20ef41f1c13e8a1bc278897c3 54796745 
lebiniou-data_3.66.0.orig.tar.gz
 3bcc0ac1d09d274c74a70cbc5480e65e8f9d9fd254c3533576c423a4d1bba59d 16408 
lebiniou-data_3.66.0-1.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou-data deb graphics optional arch=all
Testsuite: autopkgtest
Testsuite-Triggers: ffmpeg, lebiniou
Directory: pool/main/l/lebiniou-data
Priority: source
Section: graphics

Package: lebiniou-data
Binary: lebiniou-data
Version: 3.54.1-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper-compat (= 13)
Architecture: all
Standards-Version: 4.5.1
Format: 3.0 (quilt)
Files:
 e6cdcf0d8f35cacbceb0120a4dbe5133 1929 lebiniou-data_3.54.1-1.dsc
 d92bc8ed6ba125eecdf8e3bd4531aea1 10867490 lebiniou-data_3.54.1.orig.tar.gz
 f6bae46a36d0e0d25cfbac4141acd33b 10012 lebiniou-data_3.54.1-1.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou-data
Vcs-Git: https://gitlab.com/lebiniou/lebiniou-data.git
Checksums-Sha256:
 d76bd80605bf732718166fbc45795fc47f54c9f4d8e40d40c8a0c00175dccfb2 1929 
lebiniou-data_3.54.1-1.dsc
 db18fa0c0f11bf6dbfaefa7d5a52fb4a1ae8e6eaf5a2b7a15721bea70f87b741 10867490 
lebiniou-data_3.54.1.orig.tar.gz
 d241e3b28ee67d925f1705dcf261d793e3ad6d8735ba9ac758807a4aae4c3d5c 10012 
lebiniou-data_3.54.1-1.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou-data deb graphics optional arch=all
Testsuite: autopkgtest
Testsuite-Triggers: lebiniou
Directory: pool/main/l/lebiniou-data
Priority: source
Section: graphics

Package: lebiniou-data
Binary: lebiniou-data
Version: 3.28-2
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 11)
Architecture: all
Standards-Version: 4.3.0
Format: 3.0 (quilt)
Files:
 228b656c85857950eecca22f005a7e26 1903 lebiniou-data_3.28-2.dsc
 6b832d64971a444882ec1cc81ed68512 7675274 lebiniou-data_3.28.orig.tar.gz
 dea91633ad833b364c67515145ff150c 4480 lebiniou-data_3.28-2.debian.tar.xz
Vcs-Browser: https://gitlab.com/lebiniou/lebiniou-data
Vcs-Git: https://gitlab.com/lebiniou/lebiniou-data.git
Checksums-Sha256:
 87861aeffee4171609df1f394a8fbd3e74f52bf73a274ccfce65c1414465b8db 1903 
lebiniou-data_3.28-2.dsc
 ac3a76b4841bf4bf52a2628838b780a5fcf8b85874827071b956c512f175a5d8 7675274 
lebiniou-data_3.28.orig.tar.gz
 d4649aa0ee981b840fb6c188b7693c36b75fccbd16ace6a59b483991b864e3fc 4480 
lebiniou-data_3.28-2.debian.tar.xz
Homepage: https://biniou.net
Package-List: 
 lebiniou-data deb graphics optional arch=all
Testsuite: autopkgtest
Testsuite-Triggers: lebiniou
Directory: pool/main/l/lebiniou-data
Priority: source
Section: graphics

Package: lebiniou-data
Binary: lebiniou-data
Version: 3.11-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 9)
Architecture: all
Standards-Version: 3.9.5
Format: 3.0 (quilt)
Files:
 37716bbf8d28ee3eff770e98bb9713c2 1717 lebiniou-data_3.11-1.dsc
 b54ca46ce6472255f2fd17d00e3ccde8 7300480 lebiniou-data_3.11.orig.tar.gz
 a0e61a907457f86e813b3966d0feb1b8 4064 lebiniou-data_3.11-1.debian.tar.xz
Checksums-Sha1:
 6b4f66fa9a14c6c72e827436141fee790fd4 1717 lebiniou-data_3.11-1.dsc
 59d2ac59ef8a831b1d6c94038fcc8a9270f7dfa2 7300480 lebiniou-data_3.11.orig.tar.gz
 c3cf0e7ad874f7050e753aa105a75371aa6c89e0 4064 
lebiniou-data_3.11-1.debian.tar.xz
Checksums-Sha256:
 166dd9c207da0ba74a7d47ec5680cd396409c000878cb5ad3625e5adbc4b56e3 1717 
lebiniou-data_3.11-1.dsc
 e1fa60fc932efebb5b30cc929c97cd8f3d31d38842b0a71a847bf23b09564671 7300480 
lebiniou-data_3.11.orig.tar.gz
 b82dba3da16ba8a0d5878080ed9dca4d234e6eecb529e93cbdd6cb89511f90b7 4064 
lebiniou-data_3.11-1.debian.tar.xz
Homepage: http://biniou.net
Package-List: 
 lebiniou-data deb graphics extra
Directory: pool/main/l/lebiniou-data
Priority: source
Section: graphics

Package: lebiniou-data
Binary: lebiniou-data
Version: 3.11-1
Maintainer: Olivier Girondel 
Build-Depends: debhelper (>= 9)
Architecture: all

Bug#1053230: python3-httpx: Dependency version for httpcore

[Marc Glisse]

Package: python3-httpx
Version: 0.23.3-1
Severity: normal

Dear Maintainer,

when I run `pip check`, it prints among other things

httpx 0.23.3 has requirement httpcore<0.17.0,>=0.15.0, but you have httpcore 
0.17.3.

and that's indeed the information in 
/usr/lib/python3/dist-packages/httpx-0.23.3.dist-info/METADATA

This does not match the debian field "Depends:", which only requires
"python3-httpcore (>= 0.15.0)". This is problematic because in testing /
unstable, we only have python3-httpcore version 0.17.3-1 right now.

If the 2 versions don't work correctly together, I think this should be
reflected in debian dependencies. If they do work correctly together, it
would be nice to update METADATA to avoid scaring users.

-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'testing'), (500, 'stable'), (50, 'unstable-debug'), 
(50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-httpx depends on:
ii  python3   3.11.4-5+b1
ii  python3-certifi   2023.7.22-1
ii  python3-click 8.1.6-1
ii  python3-httpcore  0.17.3-1
ii  python3-pygments  2.15.1+dfsg-1
ii  python3-rfc3986   1.5.0-3
ii  python3-rich  13.3.1-2
ii  python3-sniffio   1.2.0-1

python3-httpx recommends no packages.

python3-httpx suggests no packages.

-- no debconf information

Bug#1053229: firefox-esr: Menubar and tabbar is colored like window-decoration

[M G Berberich]

image to show the problem:

top old, bottom new.

MfG
bmg

-- 
„Des is völlig wurscht, was heut beschlos- | M G Berberich
 sen wird: I bin sowieso dagegn!“  | m...@m-berberich.de
(SPD-Stadtrat Kurt Schindler; Regensburg)  | 

Bug#1052363: bullseye-pu: cups/2.3.3op2-3+deb11u4

[Adam D. Barratt]

On Thu, 2023-09-28 at 19:51 +0200, Thorsten Alteholz wrote:
> 
> On 27.09.23 20:33, Adam D. Barratt wrote:
> > Thanks; please go ahead.
> 
> great, thanks, ...
> 
> ... and uploaded.
> 

I should have spotted this before (particularly as we recently had the
same issue with another package) but debian/NEWS.Debian should simply
be debian/NEWS. dh_installchangelogs then renames it to NEWS.Debian in
the binary package.

Regards,

Adam

Bug#1036083: bullseye-pu: package galera-4 26.4.14-0+deb11u1

[Adam D. Barratt]

On Sat, 2023-09-23 at 21:51 +0100, Adam D. Barratt wrote:
> Control: tags -1 confirmed
> 
> On Tue, 2023-07-25 at 14:52 -0700, Otto Kekäläinen wrote:
> > Sorry - attached now.
> 
> Please go ahead; sorry for the delay.
> 
I should have spotted this before, but bookworm has galera-4 26.4.13-1. 
We can't have bullseye's version being newer than bookworm, so bookworm
would also need an update (with its own p-u request) before we can
accept the bullseye upload.

Regards,

Adam

Bug#1053225: firefox-esr 115.3.0esr (64-bit) - Wayland

[Stu]

Neglected to add in initial/previous report (sorry) have disabled any 
extensions in browser and also restarted in Safe Mode. Issue persists in 
both cases.

Bug#1052361: bookworm-pu: cups/2.4.2-3+deb12u2

[Adam D. Barratt]

On Thu, 2023-09-28 at 19:52 +0200, Thorsten Alteholz wrote:
> 
> On 27.09.23 20:32, Adam D. Barratt wrote:
> > Please go ahead.
> 
> great, thanks, ...
> 
> ... and uploaded.
> 

I should have spotted this before (particularly as we recently had the
same issue with another package) but debian/NEWS.Debian should simply
be debian/NEWS. dh_installchangelogs then renames it to NEWS.Debian in
the binary package.

Regards,

Adam

Bug#1053229: firefox-esr: Menubar and tabbar is colored like window-decoration

[M G Berberich]

Package: firefox-esr
Version: 115.3.0esr-1~deb12u1
Severity: minor

Dear Maintainer,

after update the menubar and the tabbar of the browserwindow are
colored like the window-decoration. This looks ugly.

The problem does not exist in 102.15.1esr-1~deb12u1


-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: 12.1
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.5 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de:nds:en_GB:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox-esr depends on:
ii  debianutils  5.7-0.4
ii  fontconfig   2.14.1-4
ii  libasound2   1.2.8-1+b1
ii  libatk1.0-0  2.46.0-5
ii  libc62.36-9+deb12u1
ii  libcairo-gobject21.16.0-7
ii  libcairo21.16.0-7
ii  libdbus-1-3  1.14.8-2~deb12u1
ii  libdbus-glib-1-2 0.112-3
ii  libevent-2.1-7   2.1.12-stable-8
ii  libffi8  3.4.4-1
ii  libfontconfig1   2.14.1-4
ii  libfreetype6 2.12.1+dfsg-5
ii  libgcc-s112.2.0-14
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.74.6-2
ii  libgtk-3-0   3.24.37-2
ii  libnspr4 2:4.35-1
ii  libnss3  2:3.87.1-1
ii  libpango-1.0-0   1.50.12+ds-1
ii  libstdc++6   12.2.0-14
ii  libvpx7  1.12.0-1
ii  libx11-6 2:1.8.4-2+deb12u1
ii  libx11-xcb1  2:1.8.4-2+deb12u1
ii  libxcb-shm0  1.15-1
ii  libxcb1  1.15-1
ii  libxcomposite1   1:0.4.5-1
ii  libxdamage1  1:1.1.6-1
ii  libxext6 2:1.3.4-1+b1
ii  libxfixes3   1:6.0.0-2
ii  libxrandr2   2:1.5.2-2+b1
ii  libxtst6 2:1.2.3-1.1
ii  procps   2:4.0.2-3
ii  zlib1g   1:1.2.13.dfsg-1

Versions of packages firefox-esr recommends:
ii  libavcodec-extra59 [libavcodec59]  7:5.1.3-1
ii  libavcodec58   7:4.4.2-1+b3

Versions of packages firefox-esr suggests:
ii  fonts-lmodern  2.005-1
ii  fonts-stix [otf-stix]  1.1.1-4.1
ii  libcanberra0   0.30-10
ii  libgssapi-krb5-2   1.20.1-2
pn  pulseaudio 

-- no debconf information

Bug#974629: aconnectgui: Please migrate to FLTK 1.3

[Bastian Germann]

Control: tags -1 patch

One solution is renaming the Window class.
I have attached a patch for your convenience.diff -u aconnectgui-0.9.0rc2-1/src/Connection.cxx aconnectgui-0.9.0rc2-1/src/Connection.cxx
--- aconnectgui-0.9.0rc2-1/src/Connection.cxx
+++ aconnectgui-0.9.0rc2-1/src/Connection.cxx
@@ -25,7 +25,7 @@
 
 int Connection::handle(int e)
 {
-	Window* window = (Window*) parent()->parent();
+	ACGWindow* window = (ACGWindow*) parent()->parent();
 	
 	if (e==FL_PUSH) {
 		if (window->IsDisconnecting()) {
diff -u aconnectgui-0.9.0rc2-1/src/Window.cxx aconnectgui-0.9.0rc2-1/src/Window.cxx
--- aconnectgui-0.9.0rc2-1/src/Window.cxx
+++ aconnectgui-0.9.0rc2-1/src/Window.cxx
@@ -16,7 +16,7 @@
 
 int aconnect_main(int argc,char** argv);
 
-void Window::Connect(int client,int port,int clientB,int portB)
+void ACGWindow::Connect(int client,int port,int clientB,int portB)
 {
 	Connector *a = 0,*b = 0;
 	
@@ -29,7 +29,7 @@
 	}
 }		
 
-void Window::Disconnect(
+void ACGWindow::Disconnect(
 int fromClientId,int fromPortId,int toClientId,int toPortId)
 {
 Connection* c = mConnections->Find(
@@ -45,7 +45,7 @@
 	}
 }
 
-void Window::Disconnect(Connection* c)
+void ACGWindow::Disconnect(Connection* c)
 {
 	mConnections->remove(c);
 	mConnections->redraw();
@@ -58,7 +58,7 @@
 	mConnections->redraw();
 }
 
-void Window::Connect(Connector* a,Connector* b)
+void ACGWindow::Connect(Connector* a,Connector* b)
 {
 	a->Unselect();
 	b->Unselect();
@@ -80,12 +80,12 @@
 	mConnections->Unclutter();
 }
 
-int Window::IsLegal(Connector* a,Connector* b)
+int ACGWindow::IsLegal(Connector* a,Connector* b)
 {
 	return a->Type()!=b->Type();
 }
 
-Client* Window::AddClient(snd_seq_client_info_t* cinfo)
+Client* ACGWindow::AddClient(snd_seq_client_info_t* cinfo)
 {
 	// some of this code should be in Window
 	Client* c= mClients->FindClient(snd_seq_client_info_get_client(cinfo));
@@ -107,7 +107,7 @@
 	}
 	return mCurClient;
 }
-Port* Window::AddPort(snd_seq_port_info_t* pinfo)
+Port* ACGWindow::AddPort(snd_seq_port_info_t* pinfo)
 {
 	// some of this code should be in Window
 	int dy = mCurClient->y()+mCurClient->h();
@@ -129,7 +129,7 @@
 	return mCurPort;
 }
 
-bool Window::HandleConnect(Connector* a,Connector* b)
+bool ACGWindow::HandleConnect(Connector* a,Connector* b)
 {
 	int argc;
 	char* argv[16];
@@ -147,7 +147,7 @@
 	return (aconnect_main(argc,argv)==0);
 }
 
-bool Window::HandleDisconnect(Connection* c)
+bool ACGWindow::HandleDisconnect(Connection* c)
 {
 	int argc;
 	char* argv[16];
@@ -169,7 +169,7 @@
 	return (aconnect_main(argc,argv)==0);
 }
 
-Window::Window():Fl_Window(300,33,"ALSA Sequencer")
+ACGWindow::ACGWindow():Fl_Window(300,33,"ALSA Sequencer")
 {
 	mClients = new Clients(0,33,140,0);
 	mConnections = new Connections(140,33,160,0);
@@ -253,13 +253,13 @@
 	snd_seq_nonblock(mHandle, 1);
 }
 
-Window::~Window()
+ACGWindow::~ACGWindow()
 {
 	snd_seq_close(mHandle);
 }
 
 
-void Window::Timeout(void)
+void ACGWindow::Timeout(void)
 {
 	int count;
 	snd_seq_event_t *ev;
@@ -347,10 +347,10 @@
 		}
 	} while (ev);
 
-	Fl::add_timeout(0.1,Window::TimeoutStatic,this);
+	Fl::add_timeout(0.1,ACGWindow::TimeoutStatic,this);
 }
 
-Window* patchbay = 0;
+ACGWindow* patchbay = 0;
 
 int main()
 {
@@ -359,7 +359,7 @@
 	
 	Fl::get_system_colors();
 	
-	patchbay = new Window;
+	patchbay = new ACGWindow;
 
 	/* NB the concept of input of aconnect and the  classes is reverse...
 	*/
@@ -380,7 +380,7 @@
 
 	patchbay->show();
 
-	Fl::add_timeout(0.1,Window::TimeoutStatic,patchbay);
+	Fl::add_timeout(0.1,ACGWindow::TimeoutStatic,patchbay);
 
 	Fl::run();
 }
diff -u aconnectgui-0.9.0rc2-1/src/Window.hxx aconnectgui-0.9.0rc2-1/src/Window.hxx
--- aconnectgui-0.9.0rc2-1/src/Window.hxx
+++ aconnectgui-0.9.0rc2-1/src/Window.hxx
@@ -12,7 +12,7 @@
 
 #include 
 
-class Window:public Fl_Window
+class ACGWindow:public Fl_Window
 {
 private:
 	Connections* mConnections;
@@ -32,8 +32,8 @@
 	int mClientId;
 
 public:
-	Window();
-	~Window();
+	ACGWindow();
+	~ACGWindow();
 
 	Connections* GetConnections(void) { return mConnections; }
 
@@ -74,7 +74,7 @@
 	
 	static void TimeoutStatic(void* ptr)
 	{
-		((Window*)ptr)->Timeout();
+		((ACGWindow*)ptr)->Timeout();
 	}
 	
 	void Timeout(void);
diff -u aconnectgui-0.9.0rc2-1/src/aconnect.cxx aconnectgui-0.9.0rc2-1/src/aconnect.cxx
--- aconnectgui-0.9.0rc2-1/src/aconnect.cxx
+++ aconnectgui-0.9.0rc2-1/src/aconnect.cxx
@@ -30,7 +30,7 @@
 
 #ifdef ACONNECT_GUI
 #include "Window.hxx"
-extern Window* patchbay;
+extern ACGWindow* patchbay;
 #endif
 
 static void error_handler(const char *file, int line, const char *function, int err, const char *fmt, ...)
@@ -127,7 +127,7 @@
 patchbay->FindOutput(addr->client, addr->port);
 			if (output)
 			{
-patchbay->Window::Connect(output,patchbay->GetCurPort()->Input());
+patchbay->ACGWindow::Connect(output,patchbay->GetCurPort()->Input());
 			}
 		}
 #else
only in patch2:
unchanged:
--- aconnectgui-0.9.0rc2-1.orig/src/Client.cxx
+++ 

Bug#1053228: picom: runs out of XIDs

[Gregor Zattler]

Package: picom
Version: 9.1-1
Severity: normal

Dear Maintainer,

I started ppicom in the background and used the graphical
environment.

I use picom in order to use alpha-transarency with emacs.  Today the
window of emacs does not show the background, although configured to do
so and it did in the past.

When I came back to the session X was gone and I see the following in my
(gnu) screen:


Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
[ 29.09.2023 19:01:43.703 x_create_picture_with_pictfmt_and_pixmap ERROR ] 
failed to create picture (X error 9 DRAWABLE request 139 minor 4 serial 1828440)
[ 29.09.2023 19:01:43.705 paint_one ERROR ] Window 0x01600019 is missing 
painting data.
Xlib: ignoring invalid extension event 161
Xlib: ignoring invalid extension event 161
[ 29.09.2023 19:01:43.871 x_new_id FATAL ERROR ] We seems to have run of XIDs. 
This is either a bug in the X server, or a resource leakage in the compositor. 
Please open an issue about this problem. The compositor will die.


There are plenty more of these "ignoring invalid extension" lines, some
with event 146 instead of 161.

   * What outcome did you expect instead?

To see the background image of my desktop through the emacs window,
picom not to crash.


I wouldn't know how to debug this, but am happy to answer questions.

Thanks, Gregor


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages picom depends on:
ii  libc62.36-9+deb12u1
ii  libconfig9   1.5-0.4
ii  libdbus-1-3  1.14.8-2~deb12u1
ii  libev4   1:4.33-1
ii  libgl1   1.6.0-1
ii  libpcre3 2:8.39-15
ii  libpixman-1-00.42.2-1
ii  libx11-6 2:1.8.4-2+deb12u1
ii  libx11-xcb1  2:1.8.4-2+deb12u1
ii  libxcb-composite01.15-1
ii  libxcb-damage0   1.15-1
ii  libxcb-glx0  1.15-1
ii  libxcb-image00.4.0-2
ii  libxcb-present0  1.15-1
ii  libxcb-randr01.15-1
ii  libxcb-render-util0  0.3.9-1+b1
ii  libxcb-render0   1.15-1
ii  libxcb-shape01.15-1
ii  libxcb-sync1 1.15-1
ii  libxcb-xfixes0   1.15-1
ii  libxcb-xinerama0 1.15-1
ii  libxcb1  1.15-1
ii  python3  3.11.2-1+b1

picom recommends no packages.

picom suggests no packages.

-- no debconf information

Bug#1053227: lieer 1.5 relies on a newer, unavailble version of python3-google-auth

[Jason Riedy]

Package: lieer
Version: 1.5-1
Severity: important

Dear Maintainer,

Updating lieer to 1.5 breaks on saving credentials. The reason is
that the python3-google-auth package is severely out of date. The
to_json method was added to 1.8, and the 2.x series is now over a
year old.

The only fix within lieer is to downgrade to 1.3.

-- System Information:
Debian Release: trixie/sid
  APT prefers oldstable-security
  APT policy: (500, 'oldstable-security'), (500, 'unstable'), (500, 'testing'), 
(500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lieer depends on:
ii  python3   3.11.4-5+b1
ii  python3-googleapi 1.7.12-1
ii  python3-notmuch   0.38-2
ii  python3-oauth2client  4.1.3-5
ii  python3-tqdm  4.64.1-1

lieer recommends no packages.

lieer suggests no packages.

-- no debconf information

Bug#974629: aconnectgui: Please migrate to FLTK 1.3

[Bastian Germann]

The build with fltk 1.3 fails with:

g++ -DHAVE_CONFIG_H -I.   -Wdate-time -D_FORTIFY_SOURCE=2  -g -O2 
-ffile-prefix-map=/home/bage/aconnectgui-0.9.0rc2-1.orig=. -fstack-protector-strong -Wformat 
-Werror=format-security -c -o Client.o Client.cxx

In file included from Client.cxx:1:
Window.hxx:15:7: error: using typedef-name ‘Window’ after ‘class’
   15 | class Window:public Fl_Window
  |   ^~
In file included from /usr/include/X11/Xlib.h:44,
 from /usr/include/FL/x.H:37,
 from /usr/include/FL/fl_draw.H:27,
 from FrameGroup.hxx:5,
 from Client.hxx:5,
 from Port.hxx:6,
 from Window.hxx:10:
/usr/include/X11/X.h:96:13: note: ‘Window’ has a previous declaration here
   96 | typedef XID Window;
  | ^~
Client.cxx: In member function ‘virtual int Clients::handle(int)’:
Client.cxx:162:46: error: request for member ‘GetConnections’ in ‘* patchbay’, which is of non-class 
type ‘Window’ {aka ‘long unsigned int’}

  162 | Connections* connections = patchbay->GetConnections();
  |  ^~
Client.cxx:164:37: error: request for member ‘IsConnecting’ in ‘* patchbay’, which is of non-class 
type ‘Window’ {aka ‘long unsigned int’}

  164 | if (e==FL_PUSH && patchbay->IsConnecting()) {
  | ^~~~
Client.cxx:182:63: error: request for member ‘IsLegal’ in ‘* patchbay’, which is of non-class type 
‘Window’ {aka ‘long unsigned int’}

  182 | if 
(patchbay->IsLegal(a,b)) {
  |   ^~~
Client.cxx:216:50: error: request for member ‘HandleConnect’ in ‘* patchbay’, which is of non-class 
type ‘Window’ {aka ‘long unsigned int’}

  216 | flag = patchbay->HandleConnect(a,b);
  |  ^
Client.cxx:218:50: error: request for member ‘HandleConnect’ in ‘* patchbay’, which is of non-class 
type ‘Window’ {aka ‘long unsigned int’}

  218 | flag = patchbay->HandleConnect(b,a);
  |  ^

Bug#1052902: yosys: FTBFS: make[2]: *** [Makefile:971: docs/gen_images] Error 2

[Daniel Gröber]

Hi Santiago,

On Fri, Sep 29, 2023 at 05:50:54PM +0200, Santiago Vila wrote:
> Well, "yosys" was one of the packages which FTBFS for me.
> It was version 0.23-6, and it failed in a different way.
> 
> But something tells me that this bug reported by Lucas
> could easily be another Makefile bug.
> 
> So, instead of trying to reproduce the problem by building
> the package in your machine, I suggest that you take the provided
> build log, collate it with the current Makefiles, and try to
> determine how could it happen at all.

I tried to diff the logs but latex is hillariously good at outputting
random interleaved chunks of text in an unpredictable order so that wasn't
really any help in seeing whats going on.

> For example, the build log says this:
> 
> I can't find file `verilog_flow.aux'.
> 
> The interesting question here would be:
> 
> Are you sure that the Makefiles are correctly written in
> such a way that the verilog_flow.aux file is always created
> before some other process tries to use it?

Upstream uses latexmk for calling pdflatex. That should usually take care
of such things properly, at least I haven't seen it fail like this before.

It's possible this is a make level concurrency issue but before I go down
that rabbit hole I want to exclude any of the more easily debugged
problems, like: different dependency versions which is trivial to diff
given the buildinfo file.

IMO these should be included in MBF FTBFS filings as a matter of course as
it's easily the most likeley reason for breakage.

Thanks,
--Daniel


signature.asc
Description: PGP signature

Bug#1053226: aconnectgui: Drop old menu file

[Bastian Germann]

Source: aconnectgui
Version: 0.9.0rc2-1-10.1

0.9.0rc2-1-10 claims to have removed the debian/menu file,
however it still exists in the current version. Please drop it (again?).

Bug#1053142: freetype proposed update breaks chromium

[Andres Salomon]

On Fri, Sep 29 2023 at 10:23:25 PM +10:00:00, Hugh McMaster 
 wrote:

Control: reassign 1053142 libfreetype6 2.12.1+dfsg-5+deb12u1

On Fri, 29 Sep 2023 10:37:22 +0200 Cord Beermann wrote:

 Hi,

 just wanted to give you a heads up on
 

 For me all chromium-Packages on stable die with a Segmentation 
Fault when

 libfreetype6 2.12.1+dfsg-5+deb12u1 is installed.

 Downgrading libfreetype6 to 2.12.1+dfsg-5 fixes it again.

 tested with chromium 114.0.5735.198-1~deb12u1, 
116.0.5845.180-1~deb12u1,

 117.0.5938.62-1~deb12u1

 Cord


Thanks. This is due to a bug in Chromium and a bug in FreeType.

I'm reverting the recent patch to FreeType to get Chromium going
again. The correct fix for FreeType has also been tested and verified,
and will be considered for bookworm after this weekend's 12.2 point
release.

Hugh


Just FYI, I uploaded a fixed chromium to bookworm-security yesterday. 
Whenever it finishes building,
the security team should issue the DSA and it should show up on 
mirrors.



https://salsa.debian.org/chromium-team/chromium/-/blob/bookworm/debian/changelog
https://salsa.debian.org/chromium-team/chromium/-/blob/bookworm/debian/patches/bookworm/freetype-COLRV1.patch

Bug#1053225: firefox-esr 115.3.0esr (64-bit) - Wayland

[Stu]

Package: firefox-esr

Version: 115.3.0esr (64-bit)

Following update to this latest version, when I now invoke the Bookmark 
menu by hovering over the corresponding Menu Bar entry, the window 
displayed is entirely Black instead of listing saved Bookmarks.


This error presents only when running this latest build of Firefox using 
Wayland. When the user created 'firefox.sh' file (which contains the 
line 'export MOZ_ENABLE_WAYLAND=1')  is removed from /etc/Profile.d and 
the user logs back in, the problem no longer presents when Firefox runs 
under a native xwayland session.


When the 'firefox.sh' file is returned to /etc/Profile.d and after 
logging out/in, the issue is evident once more.


I have encountered the same issue over the last several months while 
running Firefox under Fedora, Arch and Void Linux distributions with the 
same 'firefox.sh' configuration in place and successive updates to 
system, Wayland and Firefox have done nothing to negate the issue. 
Running Firefox-esr instead of Firefox did negate the problem occurring 
for some time until the issue became evident in esr builds also.


I am using a fully updated Debian GNU/ Linux 12 (bookworm) x86_64, 
kernel 6.1.0-12-amd64, Plasma 5.27.5.

Bug#1051065: weex: d/copyright: Incorrect upstream source

[Tobias Frost]

Control: tags -1 minor

On Fri, 1 Sep 2023 23:17:33 +0200 Bastian Germann 
wrote:
> Source: weex
> Severity: serious
> Version: 2.8.4.2
> 
> debian/copyright claims the upstream source is at
http://weex.sourceforge.net.
> I cannot find version 2.8.4, 2.8.4.1, or 2.8.4.2 at that website.
> Please fix the copyright file. If there are no such versions, please
fix your
> source format to be non-native and have a Debian revision.

This is not a RC bug, this does not make copyright information invalid,
and the source code is stored in the Debian archives, so there is access
to it. 

if a package is native, but should be non-native isn't RC either. It is
probably just a violation of best practices.

Bug#1053224: Please sync supported MIME types with nsxiv.desktop

[Jochen Sprickerhof]

Package: nsxiv
Version: 31-1
Severity: minor
Tags: patch

Hi,

can you please upload the attached patch to sync the MIME types?

Thanks!

Jochen


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nsxiv depends on:
ii  libc6   2.37-11
ii  libexif12   0.6.24-1+b1
ii  libfontconfig1  2.14.2-6
ii  libimlib2   1.12.0-2
ii  libx11-62:1.8.6-1
ii  libxft2 2.3.6-1

nsxiv recommends no packages.

Versions of packages nsxiv suggests:
ii  imagemagick-6.q16 [imagemagick]  8:6.9.11.60+dfsg-1.6
pn  libjpeg-progs
pn  rawtherapee  
ii  xclip0.13-2

-- no debconf information
>From 323c680387a91825c6da4ecbb3faded623820c77 Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof 
Date: Fri, 29 Sep 2023 18:01:21 +0200
Subject: [PATCH] debian/nsxiv.mime: sync supported MIME types with
 nsxiv.desktop

---
 debian/nsxiv.mime | 8 
 1 file changed, 8 insertions(+)

diff --git a/debian/nsxiv.mime b/debian/nsxiv.mime
index 21e35a3..f43c959 100644
--- a/debian/nsxiv.mime
+++ b/debian/nsxiv.mime
@@ -1,10 +1,18 @@
+image/avif; nsxiv %s; test=test -n "$DISPLAY"
 image/bmp; nsxiv %s; test=test -n "$DISPLAY"
 image/gif; nsxiv %s; test=test -n "$DISPLAY"
+image/heic; nsxiv %s; test=test -n "$DISPLAY"
+image/heif; nsxiv %s; test=test -n "$DISPLAY"
+image/jp2; nsxiv %s; test=test -n "$DISPLAY"
 image/jpeg; nsxiv %s; test=test -n "$DISPLAY"
 image/jpg; nsxiv %s; test=test -n "$DISPLAY"
+image/jxl; nsxiv %s; test=test -n "$DISPLAY"
+image/postscript; nsxiv %s; test=test -n "$DISPLAY"
 image/png; nsxiv %s; test=test -n "$DISPLAY"
+image/svg+xml; nsxiv %s; test=test -n "$DISPLAY"
 image/tiff; nsxiv %s; test=test -n "$DISPLAY"
 image/webp; nsxiv %s; test=test -n "$DISPLAY"
+image/x-bmp; nsxiv %s; test=test -n "$DISPLAY"
 image/x-portable-anymap; nsxiv %s; test=test -n "$DISPLAY"
 image/x-portable-bitmap; nsxiv %s; test=test -n "$DISPLAY"
 image/x-portable-graymap; nsxiv %s; test=test -n "$DISPLAY"
-- 
2.42.0

Bug#1052902: yosys: FTBFS: make[2]: *** [Makefile:971: docs/gen_images] Error 2

[Santiago Vila]

El 26/9/23 a las 16:50, Daniel Gröber escribió:

Hi Lucas,

On Tue, Sep 26, 2023 at 03:43:28PM +0200, Lucas Nussbaum wrote:

Source: yosys
Version: 0.33-5
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20230925 ftbfs-trixie

The full build log is available from:
http://qa-logs.debian.net/2023/09/25/yosys_0.33-5_unstable.log


Is the buildinfo file for the rebuild available somewhere too? I'd like to
diff the build environment against what the buildds had.


Hello. A few months ago I made the experiment of building
the archive with the new "make --shuffle" feature from make 4.4.

See:

https://trofi.github.io/posts/238-new-make-shuffle-mode.html

for details.

Well, "yosys" was one of the packages which FTBFS for me.
It was version 0.23-6, and it failed in a different way.

But something tells me that this bug reported by Lucas
could easily be another Makefile bug.

So, instead of trying to reproduce the problem by building
the package in your machine, I suggest that you take the provided
build log, collate it with the current Makefiles, and try to
determine how could it happen at all.

For example, the build log says this:

I can't find file `verilog_flow.aux'.

The interesting question here would be:

Are you sure that the Makefiles are correctly written in
such a way that the verilog_flow.aux file is always created
before some other process tries to use it?

Thanks.

Bug#974631: yacas: Please migrate to FLTK 1.3

[Bastian Germann]

I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.diff -Nru yacas-1.3.6/debian/changelog yacas-1.3.6/debian/changelog
--- yacas-1.3.6/debian/changelog2021-01-03 16:29:21.0 +0100
+++ yacas-1.3.6/debian/changelog2023-09-29 17:12:48.0 +0200
@@ -1,3 +1,12 @@
+yacas (1.3.6-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop outdated README.source. (Closes: #1053222)
+  * Drop unnecessary build dependency FLTK. (Closes: #974631)
+  * Partly fix cross build. (Closes: #924416)
+
+ -- Bastian Germann   Fri, 29 Sep 2023 17:12:48 +0200
+
 yacas (1.3.6-2.1) unstable; urgency=medium
 
   * Non maintainer upload by the Reproducible Builds team.
diff -Nru yacas-1.3.6/debian/control yacas-1.3.6/debian/control
--- yacas-1.3.6/debian/control  2015-12-26 15:54:07.0 +0100
+++ yacas-1.3.6/debian/control  2023-09-29 17:12:48.0 +0200
@@ -3,8 +3,7 @@
 Priority: extra
 Maintainer: Muammar El Khatib 
 Standards-Version: 3.9.6
-Build-Depends: libfltk1.1-dev,
-   debhelper (>=9),
+Build-Depends: debhelper (>=9),
docbook-to-man,
libgsl-dev,
automake,
diff -Nru yacas-1.3.6/debian/patches/03_cross.patch 
yacas-1.3.6/debian/patches/03_cross.patch
--- yacas-1.3.6/debian/patches/03_cross.patch   1970-01-01 01:00:00.0 
+0100
+++ yacas-1.3.6/debian/patches/03_cross.patch   2023-09-29 17:12:48.0 
+0200
@@ -0,0 +1,32 @@
+--- yacas-1.3.6.orig/configure.ac
 yacas-1.3.6/configure.ac
+@@ -15,6 +15,8 @@
+ AC_PROG_CC
+ AC_PROG_CPP
+ AC_PROG_CXX
++m4_defun([_LT_LANG_CXX_FOR_BUILD_CONFIG],[])dnl make LT_LANG happy
++AX_PROG_CXX_FOR_BUILD
+ 
+ AC_CHECK_PROG(have_perl, perl, yes, no)
+ AC_CHECK_PROG(have_pdflatex, pdflatex, yes, no)
+--- yacas-1.3.6.orig/manmake/Makefile.am
 yacas-1.3.6/manmake/Makefile.am
+@@ -11,13 +11,13 @@
+ ## PDF_DOCS   is either "pdf-docs" or empty
+ all-am: @BOOKS_HTML@ @PDF_DOCS@ hints
+ 
+-noinst_PROGRAMS = manripper removeduplicates
+-
+-manripper_SOURCES = manripper.cpp 
++manripper$(BUILD_EXEEXT): manripper.cpp
++  $(CXX_FOR_BUILD) -o $@ $^
+ 
+-removeduplicates_SOURCES = removeduplicates.cpp
++removeduplicates$(BUILD_EXEEXT): removeduplicates.cpp
++  $(CXX_FOR_BUILD) -o $@ $^
+ 
+-hints: manripper removeduplicates $(REFSOURCES) $(REFPROGSOURCES) 
ref.book.txt refprog.book.txt
++hints: manripper$(BUILD_EXEEXT) removeduplicates$(BUILD_EXEEXT) $(REFSOURCES) 
$(REFPROGSOURCES) ref.book.txt refprog.book.txt
+   rm -f hints.unsorted
+   for file in ref.book.txt $(REFSOURCES) refprog.book.txt 
$(REFPROGSOURCES); do \
+   ./manripper $(srcdir)/"$$file" >> hints.unsorted ; done
diff -Nru yacas-1.3.6/debian/patches/series yacas-1.3.6/debian/patches/series
--- yacas-1.3.6/debian/patches/series   2016-02-25 21:58:34.0 +0100
+++ yacas-1.3.6/debian/patches/series   2023-09-29 17:12:48.0 +0200
@@ -1 +1,2 @@
 02_reproducible-build.patch
+03_cross.patch
diff -Nru yacas-1.3.6/debian/README.source yacas-1.3.6/debian/README.source
--- yacas-1.3.6/debian/README.source2015-08-02 14:41:06.0 +0200
+++ yacas-1.3.6/debian/README.source1970-01-01 01:00:00.0 +0100
@@ -1,7 +0,0 @@
-dpatch:
-==
-The source package itself uses a mixture of dpatch and .diff.gz for the
-modifications of the upstream source. If you want to change something it is
-best to use the dpatch approach as documented in
-
- /usr/share/doc/dpatch/README.source.gz
diff -Nru yacas-1.3.6/debian/rules yacas-1.3.6/debian/rules
--- yacas-1.3.6/debian/rules2016-02-25 22:01:49.0 +0100
+++ yacas-1.3.6/debian/rules2023-09-29 17:12:48.0 +0200
@@ -31,7 +31,7 @@
 build-stamp:
dh_testdir
./makemake
-   CXXFLAGS="$(CXXFLAGS)" ./configure --prefix=/usr --with-numlib=native \
+   CXXFLAGS="$(CXXFLAGS)" dh_auto_configure -- --prefix=/usr 
--with-numlib=native \
--enable-server --sysconfdir=/etc --disable-rpath
CXXFLAGS="$(CXXFLAGS)" $(MAKE) sysconfdir=/etc
make texdocs

Bug#1053223: python3-ipython: Interactive embedding of ipython using the InteractiveShellEmbed method as documented, is broken

[L. Guruprasad]

Package: python3-ipython
Version: 8.14.0-1
Severity: normal
X-Debbugs-Cc: lgp171...@gmail.com

Dear Maintainer,

The IPython documentation has the following example on embedding it.
https://github.com/ipython/ipython/blob/8.14.0/examples/Embedding/embed_class_long.py

This example does not work with the python3-ipython package version 8.14.0-1 in
Debian unstable and throws an exception.

Here is a minimal example `ise.py` file which can reproduce this issue.

```
from IPython.terminal.embed import InteractiveShellEmbed


ipshell = InteractiveShellEmbed()
ipshell()
```

On running this script with `python3 ise.py`, it opens the IPython interactive
shell. Typing any statements and pressing enter to execute it, causes an
exception. Below is an instance of this error happening.

```
guruprasad@debian-sid:~$ python3 ise.py
Python 3.11.5 (main, Aug 29 2023, 15:31:31) [GCC 13.2.0]
Type 'copyright', 'credits' or 'license' for more information
IPython 8.14.0 -- An enhanced Interactive Python. Type '?' for help.


Unhandled exception in event loop:
  File "/usr/lib/python3.11/asyncio/events.py", line 80, in _run
self._context.run(self._callback, *self._args)
  File "/usr/lib/python3/dist-packages/prompt_toolkit/input/vt100.py", line 
162, in callback_wrapper
callback()
  File 
"/usr/lib/python3/dist-packages/prompt_toolkit/application/application.py", 
line 712, in read_from_input_in_context
context.copy().run(read_from_input)
  File 
"/usr/lib/python3/dist-packages/prompt_toolkit/application/application.py", 
line 692, in read_from_input
self.key_processor.process_keys()
  File 
"/usr/lib/python3/dist-packages/prompt_toolkit/key_binding/key_processor.py", 
line 272, in process_keys
self._process_coroutine.send(key_press)
  File 
"/usr/lib/python3/dist-packages/prompt_toolkit/key_binding/key_processor.py", 
line 187, in _process
self._call_handler(matches[-1], key_sequence=buffer[:])
  File 
"/usr/lib/python3/dist-packages/prompt_toolkit/key_binding/key_processor.py", 
line 322, in _call_handler
handler.call(event)
  File 
"/usr/lib/python3/dist-packages/prompt_toolkit/key_binding/key_bindings.py", 
line 124, in call
result = self.handler(event)
 ^^^
  File "/usr/lib/python3/dist-packages/IPython/terminal/shortcuts/__init__.py", 
line 405, in handle_return_or_newline_or_execute
return newline_or_execute_outer(shell)(event)
   ^^
  File "/usr/lib/python3/dist-packages/IPython/terminal/shortcuts/__init__.py", 
line 428, in newline_or_execute
status, indent = shell.check_complete(check_text)
 

Exception 'NoneType' object has no attribute 'check_complete'
Press ENTER to continue...
```

This breaks all the usages of the interactive shell embedding using the 
documented method.

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_IN.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-ipython depends on:
ii  python33.11.4-5+b1
ii  python3-backcall   0.2.0-4
ii  python3-decorator  5.1.1-5
ii  python3-jedi   0.18.2-1
ii  python3-matplotlib-inline  0.1.6-2
ii  python3-pexpect4.8.0-4
ii  python3-pickleshare0.7.5-5
ii  python3-prompt-toolkit 3.0.39-2
ii  python3-pygments   2.15.1+dfsg-1
ii  python3-setuptools 68.1.2-1
ii  python3-stack-data 0.6.2-3
ii  python3-traitlets  5.5.0-2

python3-ipython recommends no packages.

Versions of packages python3-ipython suggests:
pn  python-ipython-doc  

-- no debconf information

Bug#1053222: yacas: Outdated comments about dpatch in README.source

[Bastian Germann]

Source: yacas
Version: 1.3.6-2.1
Severity: minor

Please drop the dpatch notes in README.source which are not applicable anymore.

Bug#1053221: bookworm-pu: package python-git/3.1.30-1+deb12u1

[Hans-Christoph Steiner]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
Severity: normal

[ Reason ]

Fixes CVE-2023-40267 which can lead to RCE in specific configurations
when a malicious URL is fed to GitPython.  For example, this affects
the F-Droid buildserver, which accepts git URLs from users via merge
requests.

[ Impact ]

Everything should work as before, except for unsafe URLs will now
throw an exception.  That can be overridden using function arguments.

[ Tests ]

Sylvain Beucler fixed this first in Debian LTS buster. Canonical then created 
and shipped a patch, and includes additions to the existing test suite to cover 
the issues in CVE-2023-40267.  It is covered by the package's autopkgtest.  I 
also ran the test suite locally on a bookworm machine.


[ Risks ]

Risks are minimal since this patch has been shipped by Debian LTS and Ubuntu, 
and the original code has been released by upstream for a while now.  The

patch touches most of the core functionality, so bugs could break things.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

The patch is a refactoring of what upstream developed and shipped for 
CVE-2023-40267.diff --git a/debian/changelog b/debian/changelog
index dfaadbc..9b9ce45 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+python-git (3.1.30-1+deb12u1) stable; urgency=medium
+
+  [ Hans-Christoph Steiner ]
+  * Team upload.
+  * CVE-2023-40267: Include patch from Ubuntu (Closes: #1043503)
+
+  [ Fabian Toepfer ]
+  * SECURITY UPDATE: RCE due to improper user input validation
+- debian/patches/CVE-2023-40267.patch: Block insecure non-multi
+  options in clone/clone_from.
+- CVE-2023-40267
+
+ -- Hans-Christoph Steiner   Fri, 29 Sep 2023 16:18:03 +0200
+
 python-git (3.1.30-1) unstable; urgency=medium
 
   [ Debian Janitor ]
diff --git a/debian/patches/CVE-2023-40267.patch b/debian/patches/CVE-2023-40267.patch
new file mode 100644
index 000..b733fb2
--- /dev/null
+++ b/debian/patches/CVE-2023-40267.patch
@@ -0,0 +1,60 @@
+From 5c59e0d63da6180db8a0b349f0ad36fef42aceed Mon Sep 17 00:00:00 2001
+From: Sylvain Beucler 
+Date: Mon, 10 Jul 2023 16:10:10 +0200
+Subject: [PATCH] Block insecure non-multi options in clone/clone_from
+ Follow-up to #1521
+
+---
+ git/repo/base.py  |  2 ++
+ test/test_repo.py | 24 +++-
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+--- python-git-3.1.30.orig/git/repo/base.py
 python-git-3.1.30/git/repo/base.py
+@@ -1188,6 +1188,8 @@ class Repo(object):
+ 
+ if not allow_unsafe_protocols:
+ Git.check_unsafe_protocols(str(url))
++if not allow_unsafe_options:
++Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=cls.unsafe_git_clone_options)
+ if not allow_unsafe_options and multi_options:
+ Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options)
+ 
+--- python-git-3.1.30.orig/test/test_repo.py
 python-git-3.1.30/test/test_repo.py
+@@ -281,6 +281,17 @@ class TestRepo(TestBase):
+ rw_repo.clone(tmp_dir, multi_options=[unsafe_option])
+ assert not tmp_file.exists()
+ 
++unsafe_options = [
++{"upload-pack": f"touch {tmp_file}"},
++{"u": f"touch {tmp_file}"},
++{"config": "protocol.ext.allow=always"},
++{"c": "protocol.ext.allow=always"},
++]
++for unsafe_option in unsafe_options:
++with self.assertRaises(UnsafeOptionError):
++rw_repo.clone(tmp_dir, **unsafe_option)
++assert not tmp_file.exists()
++
+ @with_rw_repo("HEAD")
+ def test_clone_unsafe_options_allowed(self, rw_repo):
+ tmp_dir = pathlib.Path(tempfile.mkdtemp())
+@@ -337,6 +348,17 @@ class TestRepo(TestBase):
+ Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option])
+ assert not tmp_file.exists()
+ 
++unsafe_options = [
++{"upload-pack": f"touch {tmp_file}"},
++{"u": f"touch {tmp_file}"},
++{"config": "protocol.ext.allow=always"},
++{"c": "protocol.ext.allow=always"},
++]
++for unsafe_option in unsafe_options:
++with self.assertRaises(UnsafeOptionError):
++Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)
++assert not tmp_file.exists()
++
+ @with_rw_repo("HEAD")
+ def test_clone_from_unsafe_options_allowed(self, rw_repo):
+ tmp_dir = pathlib.Path(tempfile.mkdtemp())
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..325d25b
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2023-40267.patch

Bug#1051336: cecil: New upstream version available

[Tobias Frost]

Control: severity -1 wishlist

Bastian,

this is not how our procedures work. 

cecil has reverse dependencies and breaking them "just because this
package is outdates" is not a proper justification for a RC severity
bug.

-- 
Cheers,
tobi
 
On top, you are breaking reverse dependencies. 

On Wed, 6 Sep 2023 12:06:20 +0200 Bastian Germann 
wrote:
> Source: cecil
> Version: 0.9.5+dfsg-5.1
> Severity: serious
> 
> There are several new upstream versions available. Please import the
latest.
> I am filing this as serious because I doubt that anybody is
maintaining this package and it can be autoremoved.
> 
> 



signature.asc
Description: This is a digitally signed message part

Bug#1053176: colord: Team upload without team maintenance

[Tobias Frost]

On Thu, 28 Sep 2023 18:29:04 +0200 Bastian Germann 
wrote:
> Source: colord
> Version: 1.4.6-3
> Severity: important
> X-Debbugs-Cc: jbi...@ubuntu.com
> 
> Jeremy, you have uploaded a version of colord as team upload.
> The maintainer is not a team but Christopher James Halse Rogers who
seems
> to be missing in action. Can you please clarify the state of this
package?
> 
It has been actually been a team upload, as the package is collaborative
maintained, as it is on the debian group on salsa.

Reference:
https://wiki.debian.org/Salsa/Doc#Collaborative_Maintenance:_.22Debian.22_group


--
tobi

Bug#1053215: ITP: needrestart-gui -- web interface for needrestart

[Scott Kitterman]

On September 29, 2023 11:57:52 AM UTC, Thomas Goirand  wrote:
>Package: wnpp
>Severity: wishlist
>Owner: Thomas Goirand 
>X-Debbugs-Cc: debian-de...@lists.debian.org
>
>* Package name: needrestart-gui
>  Version : 0.0.1
>  Upstream Contact: Axel Jacquet 
>* URL : 
>https://salsa.debian.org/openstack-team/third-party/needrestart-gui
>* License : most-permissive
>  Programming Lang: Python
>  Description : web interface for needrestart
>
> This package provides a Python implementation to monitor services and provides
> a GUI to show their status and package versions. It uses in the background the
> needrestart package.
>
Is this for any service that needs restart or just for Openstack services?  If 
it's the latter (and glancing at the code, it seems it might be) then that 
ought to be in the package description.

Scott K

Bug#1053182: libvpx: diff for NMU version 1.12.0-1.1

[Sebastian Ramacher]

On 2023-09-28 23:14:20 +0200, Salvatore Bonaccorso wrote:
> X-Debbugs-CC: Sebastian Ramacher 
> 
> Control: tags 1053182 + patch
> Control: tags 1053182 + pending
> 
> 
> Dear maintainer,
> 
> I've prepared an NMU for libvpx (versioned as 1.12.0-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

Thanks for working on the fix! Please feel free to reschedule it so that
it directly lands in unstable.

Cheers

> 
> Regards,
> Salvatore

> diff -Nru libvpx-1.12.0/debian/changelog libvpx-1.12.0/debian/changelog
> --- libvpx-1.12.0/debian/changelog2022-07-09 15:20:25.0 +0200
> +++ libvpx-1.12.0/debian/changelog2023-09-28 23:07:11.0 +0200
> @@ -1,3 +1,11 @@
> +libvpx (1.12.0-1.1) unstable; urgency=high
> +
> +  * Non-maintainer upload.
> +  * encode_api_test: add ConfigResizeChangeThreadCount
> +  * VP8: disallow thread count changes (CVE-2023-5217) (Closes: #1053182)
> +
> + -- Salvatore Bonaccorso   Thu, 28 Sep 2023 23:07:11 +0200
> +
>  libvpx (1.12.0-1) unstable; urgency=medium
>  
>* Team upload
> diff -Nru 
> libvpx-1.12.0/debian/patches/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch
>  
> libvpx-1.12.0/debian/patches/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch
> --- 
> libvpx-1.12.0/debian/patches/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch
>  1970-01-01 01:00:00.0 +0100
> +++ 
> libvpx-1.12.0/debian/patches/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch
>  2023-09-28 23:07:11.0 +0200
> @@ -0,0 +1,89 @@
> +From: James Zern 
> +Date: Mon, 25 Sep 2023 18:53:41 -0700
> +Subject: encode_api_test: add ConfigResizeChangeThreadCount
> +Origin: 
> https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282
> +Bug-Debian: https://bugs.debian.org/1053182
> +Bug-Debian-Security: 
> https://security-tracker.debian.org/tracker/CVE-2023-5217
> +
> +Update thread counts and resolution to ensure allocations are updated
> +correctly. VP8 is disabled to avoid a crash.
> +
> +Bug: chromium:1486441
> +Change-Id: Ie89776d9818d27dc351eff298a44c699e850761b
> +---
> + test/encode_api_test.cc | 50 -
> + 1 file changed, 49 insertions(+), 1 deletion(-)
> +
> +--- a/test/encode_api_test.cc
>  b/test/encode_api_test.cc
> +@@ -304,7 +304,6 @@ TEST(EncodeAPI, SetRoi) {
> + 
> + void InitCodec(const vpx_codec_iface_t , int width, int height,
> +vpx_codec_ctx_t *enc, vpx_codec_enc_cfg_t *cfg) {
> +-  ASSERT_EQ(vpx_codec_enc_config_default(, cfg, 0), VPX_CODEC_OK);
> +   cfg->g_w = width;
> +   cfg->g_h = height;
> +   cfg->g_lag_in_frames = 0;
> +@@ -342,6 +341,7 @@ TEST(EncodeAPI, ConfigChangeThreadCount)
> + vpx_codec_ctx_t ctx = {};
> +   } enc;
> + 
> ++  ASSERT_EQ(vpx_codec_enc_config_default(iface, , 0), VPX_CODEC_OK);
> +   EXPECT_NO_FATAL_FAILURE(
> +   InitCodec(*iface, kWidth, kHeight, , ));
> +   if (IsVP9(iface)) {
> +@@ -353,6 +353,54 @@ TEST(EncodeAPI, ConfigChangeThreadCount)
> + 
> +   for (const auto threads : { 1, 4, 8, 6, 2, 1 }) {
> + cfg.g_threads = threads;
> ++EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, ))
> ++<< "iteration: " << i << " threads: " << threads;
> ++  }
> ++}
> ++  }
> ++}
> ++
> ++TEST(EncodeAPI, ConfigResizeChangeThreadCount) {
> ++  constexpr int kInitWidth = 1024;
> ++  constexpr int kInitHeight = 1024;
> ++
> ++  for (const auto *iface : kCodecIfaces) {
> ++SCOPED_TRACE(vpx_codec_iface_name(iface));
> ++if (!IsVP9(iface)) {
> ++  GTEST_SKIP() << "TODO(https://crbug.com/1486441) remove this 
> condition "
> ++  "after VP8 is fixed.";
> ++}
> ++for (int i = 0; i < (IsVP9(iface) ? 2 : 1); ++i) {
> ++  vpx_codec_enc_cfg_t cfg = {};
> ++  struct Encoder {
> ++~Encoder() { EXPECT_EQ(vpx_codec_destroy(), VPX_CODEC_OK); }
> ++vpx_codec_ctx_t ctx = {};
> ++  } enc;
> ++
> ++  ASSERT_EQ(vpx_codec_enc_config_default(iface, , 0), VPX_CODEC_OK);
> ++  // Start in threaded mode to ensure resolution and thread related
> ++  // allocations are updated correctly across changes in resolution and
> ++  // thread counts. See https://crbug.com/1486441.
> ++  cfg.g_threads = 4;
> ++  EXPECT_NO_FATAL_FAILURE(
> ++  InitCodec(*iface, kInitWidth, kInitHeight, , ));
> ++  if (IsVP9(iface)) {
> ++EXPECT_EQ(vpx_codec_control_(, VP9E_SET_TILE_COLUMNS, 6),
> ++  VPX_CODEC_OK);
> ++EXPECT_EQ(vpx_codec_control_(, VP9E_SET_ROW_MT, i),
> ++  VPX_CODEC_OK);
> ++  }
> ++
> ++  cfg.g_w = 1000;
> ++  cfg.g_h = 608;
> ++  EXPECT_EQ(vpx_codec_enc_config_set(, ), VPX_CODEC_OK)
> ++  << vpx_codec_error_detail();
> ++
> ++  cfg.g_w = 16;
> ++  cfg.g_h = 720;
> ++
> ++  for (const auto threads : { 1, 4, 8, 6, 2, 1 }) {
> ++cfg.g_threads = 

Bug#1053161: A lot of warning tex.el and latex.el and font-latex.el and ...

[Marcelo Laia]

On 29/09/23 at 04:36, Ikumi Keita wrote:


Install from ELPA?



I had never used ELPA before.



4. When the status of the package "auctex" is "available", type
  i x
  on the line "auctex" is. Then installing from ELPA would begin. After
  another few minutes, it would complete. Then it's ready.



Thank you so much!

After install, it have prompted out a message:

Warning (comp): tex-site.el:138:31: Warning: the function ‘BibTeX-auto-store’ 
is not known to be defined.

I C-x C-c and restarted emacs gui. That message go away.

After open my file.tex to edit it, the next message was prompted out:

Warning (comp): font-latex.el:857:43: Warning: ‘max-specpdl-size’ is an 
obsolete variable (as of 29.1).

I do a google search and found [1], so I think that in the next master
auctex release it you be fixed.

I am very grateful to you!

1. https://www.mail-archive.com/auctex-devel@gnu.org/msg15754.html

--
Marcelo

Bug#1053220: bullseye-pu: package lemonldap-ng/2.0.11+ds-4+deb11u5

[Yadd]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: lemonldap...@packages.debian.org, y...@debian.org
Control: affects -1 + src:lemonldap-ng

[ Reason ]
Two new vulnerabilities have been dicovered and fixed in lemonldap-ng:
 - an open redirection due to incorrect escape handling
 - an open redirection only when configuration is edited by hand and
   doesn't follow OIDC specifications
 - a server-side-request-forgery (CVE-2023-44469) in OIDC protocol:
   A little-know feature of OIDC allows the OpenID Provider to fetch the
   Authorization request parameters itself by indicating a request_uri
   parameter. This feature is now restricted to a white list using this
   patch

[ Impact ]
Two low and one medium security issue.

[ Tests ]
Patches includes test updates

[ Risks ]
Outside of test changes, patches are not so big and the test coverage
provided by upstream is good, so risk is moderate.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
- open redirection patch: use `URI->new($url)->as_string` in each
  redirections
- OIDC open redirection patch: just rejects requests with `redirect_uri` if
  relying party configuration has no declared redirect URIs.
- SSRF patch:
  * add new configuration parameter to list authorized "request_uris"
  * change the algorithm that manage request_uri parameter

Cheers,
Yadd
diff --git a/debian/NEWS b/debian/NEWS
index c4d7ee951..ba4a14a12 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,13 @@
+lemonldap-ng (2.0.11+ds-4+deb11u5) bullseye; urgency=medium
+
+  A little-know feature of OIDC allows the OpenID Provider to fetch the
+  Authorization request parameters itself by indicating a request_uri
+  parameter.
+  By default, this feature is now restricted to a white list. See
+  Relying-Party security option to fill this field.
+
+ -- Yadd   Fri, 29 Sep 2023 17:38:51 +0400
+
 lemonldap-ng (2.0.11+ds-4+deb11u4) bullseye; urgency=medium
 
   AuthBasic now enforces 2FA activation (CVE-2023-28862):
diff --git a/debian/changelog b/debian/changelog
index 5d2c62ac0..35d5599a4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+lemonldap-ng (2.0.11+ds-4+deb11u5) bullseye; urgency=medium
+
+  * Fix open redirection when OIDC RP has no redirect uris
+  * Fix open redirection due to incorrect escape handling
+  * Fix Server-Side-Request-Forgery issue in OIDC (CVE-2023-44469)
+
+ -- Yadd   Fri, 29 Sep 2023 16:35:14 +0400
+
 lemonldap-ng (2.0.11+ds-4+deb11u4) bullseye; urgency=medium
 
   * Fix 2FA issue when using AuthBasic handler (CVE-2023-28862)
@@ -19,7 +27,7 @@ lemonldap-ng (2.0.11+ds-4+deb11u2) bullseye; urgency=medium
 
 lemonldap-ng (2.0.11+ds-4+deb11u1) bullseye; urgency=medium
 
-  * Fix auth process in password-testing plugins (Closes: CVE-2021-20874)
+  * Fix auth process in password-testing plugins (Closes: #1005302, 
CVE-2021-40874)
 
  -- Yadd   Thu, 24 Feb 2022 15:16:09 +0100
 
diff --git a/debian/clean b/debian/clean
index 73f167814..cdb4a5ae4 100644
--- a/debian/clean
+++ b/debian/clean
@@ -1,3 +1,4 @@
+doc/pages/documentation/current/.buildinfo
 lemonldap-ng-manager/site/htdocs/static/js/conftree.js
 lemonldap-ng-manager/site/htdocs/static/struct.json
 lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
diff --git a/debian/patches/SSRF-issue.patch b/debian/patches/SSRF-issue.patch
new file mode 100644
index 0..dce756430
--- /dev/null
+++ b/debian/patches/SSRF-issue.patch
@@ -0,0 +1,627 @@
+Description: fix SSRF vulnerability
+ Issue described here: 
https://security.lauritz-holtmann.de/post/sso-security-ssrf/
+Author: Maxime Besson 
+Origin: upstream, 
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/383/diffs
+Bug: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998
+Forwarded: not-needed
+Applied-Upstream: 2.17.1, 
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/383/diffs
+Reviewed-By: Yadd 
+Last-Update: 2023-09-23
+
+--- a/doc/sources/admin/idpopenidconnect.rst
 b/doc/sources/admin/idpopenidconnect.rst
+@@ -278,6 +278,11 @@
+   the Session Browser.
+- **Allow OAuth2.0 Password Grant** (since version ``2.0.8``): Allow the 
use of the :ref:`Resource Owner Password Credentials Grant 
` by this client. This feature only works if you 
have configured a form-based authentication module.
+- **Allow OAuth2.0 Client Credentials Grant** (since version ``2.0.11``): 
Allow the use of the :ref:`Resource Owner Password Credentials Grant 
` by this client.
++   - **Allowed URLs for fetching Request Object**: (since version ``2.17.1``):
++ which URLs may be called by the portal to fetch the request object (see
++ `request_uri
++ 

Bug#1053219: bookworm-pu: package lemonldap-ng/2.16.1+ds-deb12u2

[Yadd]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: lemonldap...@packages.debian.org, y...@debian.org
Control: affects -1 + src:lemonldap-ng

[ Reason ]
Two new vulnerabilities have been dicovered and fixed in lemonldap-ng:
 - an open redirection only when configuration is edited by hand and
   doesn't follow OIDC specifications
 - a server-side-request-forgery (CVE-2023-44469) in OIDC protocol:
   A little-know feature of OIDC allows the OpenID Provider to fetch the
   Authorization request parameters itself by indicating a request_uri
   parameter. This feature is now restricted to a white list using this
   patch

[ Impact ]
One low and one medium security issue.

[ Tests ]
Patches includes test updates

[ Risks ]
Outside of test changes, patches are not so big and the test coverage
provided by upstream is good, so risk is moderate.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
- open redirection patch: just rejects requests with `redirect_uri` if
  relying party configuration has no declared redirect URIs.
- SSRF patch:
  * add new configuration parameter to list authorized "request_uris"
  * change the algorithm that manage request_uri parameter

Cheers,
Xavier
diff --git a/debian/NEWS b/debian/NEWS
index b8955920b..5295a3cbb 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,13 @@
+lemonldap-ng (2.16.1+ds-deb12u2) bullseye; urgency=medium
+
+  A little-know feature of OIDC allows the OpenID Provider to fetch the
+  Authorization request parameters itself by indicating a request_uri
+  parameter.
+  By default, this feature is now restricted to a white list. See
+  Relying-Party security option to fill this field.
+
+ -- Yadd   Fri, 29 Sep 2023 17:15:03 +0400
+
 lemonldap-ng (2.0.9+ds-1) unstable; urgency=medium
 
   CVE-2020-24660
diff --git a/debian/changelog b/debian/changelog
index cd4c8a023..148164a94 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+lemonldap-ng (2.16.1+ds-deb12u2) bookworm; urgency=medium
+
+  * Fix open redirection when OIDC RP has no redirect uris
+  * Fix Server-Side-Request-Forgery issue in OIDC (CVE-2023-44469)
+
+ -- Yadd   Fri, 29 Sep 2023 17:18:12 +0400
+
 lemonldap-ng (2.16.1+ds-deb12u1) bookworm; urgency=medium
 
   * Apply login control to auth-slave requests
diff --git a/debian/patches/SSRF-issue.patch b/debian/patches/SSRF-issue.patch
new file mode 100644
index 0..3c6ca8b51
--- /dev/null
+++ b/debian/patches/SSRF-issue.patch
@@ -0,0 +1,795 @@
+Description: fix SSRF vulnerability
+ Issue described here: 
https://security.lauritz-holtmann.de/post/sso-security-ssrf/
+Author: Maxime Besson 
+Origin: upstream, 
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/383/diffs
+Bug: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998
+Forwarded: not-needed
+Applied-Upstream: 2.17.1, 
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/383/diffs
+Reviewed-By: Yadd 
+Last-Update: 2023-09-22
+
+--- a/doc/sources/admin/idpopenidconnect.rst
 b/doc/sources/admin/idpopenidconnect.rst
+@@ -247,6 +247,11 @@
+   This feature only works if you have configured a form-based 
authentication module.
+-  **Allow OAuth2.0 Client Credentials Grant** (since version ``2.0.11``): 
Allow the use of the
+   :ref:`Client Credentials Grant ` by this 
client.
++   -  **Allowed URLs for fetching Request Object**: (since version 
``2.17.1``):
++  which URLs may be called by the portal to fetch the request object (see
++  `request_uri
++  
`__
++  in OIDC specifications). These URLs may use wildcards 
(``https://app.example.com/*``).
+-  **Authentication level**: Required authentication level to access this 
application
+-  **Access rule**: Lets you specify a :doc:`Perl rule` to 
restrict access to this client
+ 
+--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
 b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+@@ -4656,6 +4656,7 @@
+ oidcRPMetaDataOptionsComment  => { type => 'longtext' 
},
+ oidcRPMetaDataOptionsOfflineSessionExpiration => { type => 'int' },
+ oidcRPMetaDataOptionsRedirectUris => { type => 'text', },
++oidcRPMetaDataOptionsRequestUris  => { type => 'text', },
+ oidcRPMetaDataOptionsExtraClaims  => {
+ type=> 'keyTextContainer',
+ keyTest => qr/^[\x21\x23-\x5B\x5D-\x7E]+$/,
+--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
 b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm
+@@ -255,6 +255,7 @@
+ 

Bug#1003868: Debian 11

[Albert van der Veen]

In response to the bug report that covers 2.9.3-1+deb10u1: Is 
2.9.3-3+deb11u1 built with the option --enable-collection-global-lock?


Best,
Albert van der Veen

Bug#1053218: ITP: wf-shell -- Components around Wayfire compositor

[Boyuan Yang]

Package: wnpp
Owner: Boyuan Yang 
Severity: wishlist

* Package name: wf-shell
  Version : 0.7.0
  Upstream Contact: Iliya Bozhinov
* URL : https://github.com/WayfireWM/wf-shell
* License : MIT
  Programming Lang: C++
  Description : Components around Wayfire compositor

 Package wf-shell contains various components needed to build
 a fully functional DE based around wayfire. Currently it has only
 a GTK-based panel and background client.
 .
 Wayfire is a 3D Wayland compositor, inspired by Compiz and based on
 wlroots. It aims to create a customizable, extendable and lightweight
 environment without sacrificing its appearance.

Thanks,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#1043216: nagios-plugins-rabbitmq: please consider upgrading to 3.0 source format

[Bastian Germann]

I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.diff -Nru nagios-plugins-rabbitmq-1.2.0/Build.PL 
nagios-plugins-rabbitmq-1.2.0/Build.PL
--- nagios-plugins-rabbitmq-1.2.0/Build.PL  2023-09-29 15:11:59.0 
+0200
+++ nagios-plugins-rabbitmq-1.2.0/Build.PL  2014-07-06 20:51:08.0 
+0200
@@ -20,7 +20,7 @@
 "Getopt::Long" => 0,
},
recommends => {
-   "Monitoring::Plugin" => "0.37",
+   "Nagios::Plugin" => "0.33",
   },
configure_requires => {
   "Module::Build" => 0,
diff -Nru nagios-plugins-rabbitmq-1.2.0/debian/changelog 
nagios-plugins-rabbitmq-1.2.0/debian/changelog
--- nagios-plugins-rabbitmq-1.2.0/debian/changelog  2023-09-29 
15:11:59.0 +0200
+++ nagios-plugins-rabbitmq-1.2.0/debian/changelog  2023-09-29 
14:33:40.0 +0200
@@ -1,3 +1,10 @@
+nagios-plugins-rabbitmq (1:1.2.0-2.5) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Convert to source format 3.0. (closes: #1043216)
+
+ -- Bastian Germann   Fri, 29 Sep 2023 12:33:40 +
+
 nagios-plugins-rabbitmq (1:1.2.0-2.4) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru nagios-plugins-rabbitmq-1.2.0/debian/patches/namespace.patch 
nagios-plugins-rabbitmq-1.2.0/debian/patches/namespace.patch
--- nagios-plugins-rabbitmq-1.2.0/debian/patches/namespace.patch
1970-01-01 01:00:00.0 +0100
+++ nagios-plugins-rabbitmq-1.2.0/debian/patches/namespace.patch
2023-09-29 14:33:40.0 +0200
@@ -0,0 +1,362 @@
+Description: Move Plugin to namespace Monitoring
+---
+--- nagios-plugins-rabbitmq-1.2.0.orig/Build.PL
 nagios-plugins-rabbitmq-1.2.0/Build.PL
+@@ -20,7 +20,7 @@ my $build = Module::Build->new
+ "Getopt::Long" => 0,
+},
+recommends => {
+-   "Nagios::Plugin" => "0.33",
++   "Monitoring::Plugin" => "0.37",
+   },
+configure_requires => {
+   "Module::Build" => 0,
+--- nagios-plugins-rabbitmq-1.2.0.orig/scripts/check_rabbitmq_aliveness
 nagios-plugins-rabbitmq-1.2.0/scripts/check_rabbitmq_aliveness
+@@ -12,7 +12,7 @@
+ use strict;
+ use warnings;
+ 
+-use Nagios::Plugin ;
++use Monitoring::Plugin ;
+ use LWP::UserAgent;
+ use URI::Escape;
+ use JSON;
+@@ -31,8 +31,8 @@ $PROGNAME = basename($0);
+ #   http://nagiosplug.sourceforge.net/developer-guidelines.html#PLUGOPTIONS
+ 
+ 
+-# Instantiate Nagios::Plugin object (the 'usage' parameter is mandatory)
+-my $p = Nagios::Plugin->new(
++# Instantiate Monitoring::Plugin object (the 'usage' parameter is mandatory)
++my $p = Monitoring::Plugin->new(
+ usage => "Usage: %s [options] -H hostname",
+ license => "",
+ version => $VERSION,
+@@ -134,7 +134,7 @@ check_rabbitmq_aliveness [options] -H ho
+ Use the management interface of RabbitMQ to check that the server is alive.
+ It declares a test queue, then publishes and consumes a message.
+ 
+-It uses Nagios::Plugin and accepts all standard Nagios options.
++It uses Monitoring::Plugin and accepts all standard Nagios options.
+ 
+ =head1 OPTIONS
+ 
+@@ -208,7 +208,7 @@ signify WARNING, UNKNOWN or CRITICAL sta
+ 
+ =head1 SEE ALSO
+ 
+-See Nagios::Plugin(3)
++See Monitoring::Plugin(3)
+ 
+ The RabbitMQ management plugin is described at
+ http://www.rabbitmq.com/management.html
+--- nagios-plugins-rabbitmq-1.2.0.orig/scripts/check_rabbitmq_connections
 nagios-plugins-rabbitmq-1.2.0/scripts/check_rabbitmq_connections
+@@ -7,8 +7,8 @@
+ use strict;
+ use warnings;
+ 
+-use Nagios::Plugin qw(OK CRITICAL WARNING UNKNOWN);
+-use Nagios::Plugin::Functions qw(%STATUS_TEXT);
++use Monitoring::Plugin qw(OK CRITICAL WARNING UNKNOWN);
++use Monitoring::Plugin::Functions qw(%STATUS_TEXT);
+ use LWP::UserAgent;
+ use URI::Escape;
+ use JSON;
+@@ -20,7 +20,7 @@ $VERSION = '1.0';
+ use File::Basename;
+ $PROGNAME = basename($0);
+ 
+-my $p = Nagios::Plugin->new(
++my $p = Monitoring::Plugin->new(
+ usage => "Usage: %s [options] -H hostname",
+ license => "",
+ version => $VERSION,
+@@ -201,7 +201,7 @@ values are published as performance metr
+ 
+ Critical and warning thresholds can be set for each of the metric.
+ 
+-It uses Nagios::Plugin and accepts all standard Nagios options.
++It uses Monitoring::Plugin and accepts all standard Nagios options.
+ 
+ =head1 OPTIONS
+ 
+@@ -297,7 +297,7 @@ signify WARNING, UNKNOWN or CRITICAL sta
+ 
+ =head1 SEE ALSO
+ 
+-See Nagios::Plugin(3)
++See Monitoring::Plugin(3)
+ 
+ The RabbitMQ management plugin is described at
+ http://www.rabbitmq.com/management.html
+--- nagios-plugins-rabbitmq-1.2.0.orig/scripts/check_rabbitmq_objects
 nagios-plugins-rabbitmq-1.2.0/scripts/check_rabbitmq_objects
+@@ -8,7 +8,7 @@
+ use strict;
+ use warnings;
+ 
+-use Nagios::Plugin ;
++use Monitoring::Plugin ;
+ use LWP::UserAgent;
+ use URI::Escape;
+ use JSON;
+@@ -20,7 +20,7 @@ $VERSION = 

Bug#1049905: svgtune: please consider upgrading to 3.0 source format

[Bastian Germann]

I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.diff -Nru svgtune-0.3.1/debian/changelog svgtune-0.3.1/debian/changelog
--- svgtune-0.3.1/debian/changelog  2023-09-29 15:12:31.0 +0200
+++ svgtune-0.3.1/debian/changelog  2023-09-29 14:44:03.0 +0200
@@ -1,3 +1,11 @@
+svgtune (0.3.1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * Convert to source format 3.0 (Closes: #1049905)
++ Drop unnecessary .gbp.conf in package root
+
+ -- Bastian Germann   Fri, 29 Sep 2023 12:44:03 +
+
 svgtune (0.3.1-1) unstable; urgency=medium
 
   * Fresh upstream release with python3 fixes
diff -Nru svgtune-0.3.1/debian/source/format svgtune-0.3.1/debian/source/format
--- svgtune-0.3.1/debian/source/format  1970-01-01 01:00:00.0 +0100
+++ svgtune-0.3.1/debian/source/format  2023-09-29 14:44:03.0 +0200
@@ -0,0 +1 @@
+3.0 (quilt)
diff -Nru svgtune-0.3.1/.gbp.conf svgtune-0.3.1/.gbp.conf
--- svgtune-0.3.1/.gbp.conf 2023-09-29 15:12:31.0 +0200
+++ svgtune-0.3.1/.gbp.conf 1970-01-01 01:00:00.0 +0100
@@ -1,3 +0,0 @@
-[DEFAULT]
-debian-branch=debian
-upstream-branch=master

Bug#1043215: mrb: please consider upgrading to 3.0 source format

[Bastian Germann]

I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.diff -Nru mrb-0.3+nmu2/debian/changelog mrb-0.3+nmu3/debian/changelog
--- mrb-0.3+nmu2/debian/changelog   2022-04-21 15:33:07.0 +0200
+++ mrb-0.3+nmu3/debian/changelog   2023-09-29 14:30:06.0 +0200
@@ -1,3 +1,11 @@
+mrb (0.3+nmu3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Convert to source format 3.0.
+Closes: #1043215
+
+ -- Bastian Germann   Fri, 29 Sep 2023 12:30:06 +
+
 mrb (0.3+nmu2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru mrb-0.3+nmu2/debian/source/format mrb-0.3+nmu3/debian/source/format
--- mrb-0.3+nmu2/debian/source/format   1970-01-01 01:00:00.0 +0100
+++ mrb-0.3+nmu3/debian/source/format   2023-09-29 14:30:06.0 +0200
@@ -0,0 +1 @@
+3.0 (native)

Bug#1043214: memlockd: please consider upgrading to 3.0 source format

[Bastian Germann]

I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.diff -Nru memlockd-1.3/changes.txt memlockd-1.3/changes.txt
--- memlockd-1.3/changes.txt2023-09-29 15:11:12.0 +0200
+++ memlockd-1.3/changes.txt2023-09-29 14:24:22.0 +0200
@@ -1,3 +1,10 @@
+memlockd (1.3-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * Convert to source format 3.0, closes: #1043214
+
+ -- Bastian Germann   Fri, 29 Sep 2023 12:24:22 +
+
 memlockd (1.3-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru memlockd-1.3/debian/changelog memlockd-1.3/debian/changelog
--- memlockd-1.3/debian/changelog   2023-09-29 15:11:12.0 +0200
+++ memlockd-1.3/debian/changelog   2023-09-29 14:24:22.0 +0200
@@ -1,3 +1,10 @@
+memlockd (1.3-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * Convert to source format 3.0, closes: #1043214
+
+ -- Bastian Germann   Fri, 29 Sep 2023 12:24:22 +
+
 memlockd (1.3-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru memlockd-1.3/debian/source/format memlockd-1.3/debian/source/format
--- memlockd-1.3/debian/source/format   2023-09-29 15:11:12.0 +0200
+++ memlockd-1.3/debian/source/format   2023-09-29 14:24:19.0 +0200
@@ -1 +1 @@
-1.0
+3.0 (quilt)

Bug#1043213: mbw: please consider upgrading to 3.0 source format

[Bastian Germann]

I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.diff -Nru mbw-1.2.2/debian/changelog mbw-1.2.2/debian/changelog
--- mbw-1.2.2/debian/changelog  2023-09-29 15:10:49.0 +0200
+++ mbw-1.2.2/debian/changelog  2023-09-29 14:18:55.0 +0200
@@ -1,3 +1,13 @@
+mbw (1.2.2-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Convert to source format 3.0. (Closes: #1043213)
+
+  [ Helmut Grohne ]
+  * Fix FTCBFS: Let dh_auto_build pass cross tools to make. (Closes: #916488)
+
+ -- Bastian Germann   Fri, 29 Sep 2023 12:18:55 +
+
 mbw (1.2.2-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru mbw-1.2.2/debian/rules mbw-1.2.2/debian/rules
--- mbw-1.2.2/debian/rules  2023-09-29 15:10:49.0 +0200
+++ mbw-1.2.2/debian/rules  2023-09-29 14:18:55.0 +0200
@@ -24,7 +24,7 @@
dh_testdir
 
# Add here commands to compile the package.
-   CFLAGS="$(CFLAGS)" $(MAKE)
+   CFLAGS="$(CFLAGS)" dh_auto_build
#docbook-to-man debian/mbw.sgml > mbw.1
 
touch $@
diff -Nru mbw-1.2.2/debian/source/format mbw-1.2.2/debian/source/format
--- mbw-1.2.2/debian/source/format  1970-01-01 01:00:00.0 +0100
+++ mbw-1.2.2/debian/source/format  2023-09-29 14:18:55.0 +0200
@@ -0,0 +1 @@
+3.0 (quilt)

Bug#1053217: bookworm-pu: package freetype/2.12.1+dfsg-5+deb12u2

[Hugh McMaster]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: freet...@packages.debian.org
Control: affects -1 + src:freetype

[ Reason ]
This upload reverts a patch in FreeType 2.12+dfsg-5+deb12u1 that intended to
disable the experimental COLRv1 API but instead caused Chromium to segfault on
start-up.

A fix to the patch has been identified and verified but is out of scope due to
the timing of Debian 12.2.

[ Impact ]
Chromium will segfault on start-up, rendering the browser unusable.

[ Risks ]
None. This version disables the problematic patch, so Chromium starts as
expected.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
One-line patch to disable the problematic patch at build time.
diff -Nru freetype-2.12.1+dfsg/debian/changelog 
freetype-2.12.1+dfsg/debian/changelog
--- freetype-2.12.1+dfsg/debian/changelog   2023-09-25 19:45:10.0 
+1000
+++ freetype-2.12.1+dfsg/debian/changelog   2023-09-29 22:27:32.0 
+1000
@@ -1,3 +1,10 @@
+freetype (2.12.1+dfsg-5+deb12u2) bookworm; urgency=high
+
+  * debian/patches: Temporarily revert disable_COLRv1.patch to allow
+Chromium to start (Closes: #1053142).
+
+ -- Hugh McMaster   Fri, 29 Sep 2023 22:27:32 +1000
+
 freetype (2.12.1+dfsg-5+deb12u1) bookworm; urgency=medium
 
   * debian/patches: Disable COLRv1 support, which was unintentionally enabled
diff -Nru freetype-2.12.1+dfsg/debian/patches/series 
freetype-2.12.1+dfsg/debian/patches/series
--- freetype-2.12.1+dfsg/debian/patches/series  2023-09-25 19:45:10.0 
+1000
+++ freetype-2.12.1+dfsg/debian/patches/series  2023-09-29 22:02:16.0 
+1000
@@ -6,4 +6,4 @@
 fix-wild-free-svg.patch
 hardening.patch
 CVE-2023-2004.patch
-disable_COLRv1.patch
+#disable_COLRv1.patch

Bug#1053216: firefox-esr: changelog.Debian.gz missing important entries

[John Goerzen]

Package: firefox-esr
Version: 115.3.0esr-1~deb12u1
Severity: important

Hello,

After today's dist-upgrade on a bookworm machine, I had one update: firefox-esr.

apt's output showed:

Unpacking firefox-esr (115.3.0esr-1~deb12u1) over (102.15.1esr-1~deb12u1) ...

Given the recent number of security issues present in various browsers, I wanted
to see what vulnerabilities had already been addressed in 102.15.1esr-1~deb12u1,
and which were new.

However, there is no entry for any 102.15 version in debian/changelog at all.

The bottom of the file references running apt changelog firefox-esr; even though
the oldest entries in the changelog.Debian.gz were far older than 102.15, I
tried it, but this resulted in an error.

In short, the changelog.Debian.gz is missing entries for the firefox-esr version
journey that most users of Debian stable will experience.

Thanks!

-- Addons package information

-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firefox-esr depends on:
ii  debianutils  5.7-0.4
ii  fontconfig   2.14.1-4
ii  libasound2   1.2.8-1+b1
ii  libatk1.0-0  2.46.0-5
ii  libc62.36-9+deb12u1
ii  libcairo-gobject21.16.0-7
ii  libcairo21.16.0-7
ii  libdbus-1-3  1.14.8-2~deb12u1
ii  libdbus-glib-1-2 0.112-3
ii  libevent-2.1-7   2.1.12-stable-8
ii  libffi8  3.4.4-1
ii  libfontconfig1   2.14.1-4
ii  libfreetype6 2.12.1+dfsg-5
ii  libgcc-s112.2.0-14
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.74.6-2
ii  libgtk-3-0   3.24.37-2
ii  libnspr4 2:4.35-1
ii  libnss3  2:3.87.1-1
ii  libpango-1.0-0   1.50.12+ds-1
ii  libstdc++6   12.2.0-14
ii  libvpx7  1.12.0-1
ii  libx11-6 2:1.8.4-2+deb12u1
ii  libx11-xcb1  2:1.8.4-2+deb12u1
ii  libxcb-shm0  1.15-1
ii  libxcb1  1.15-1
ii  libxcomposite1   1:0.4.5-1
ii  libxdamage1  1:1.1.6-1
ii  libxext6 2:1.3.4-1+b1
ii  libxfixes3   1:6.0.0-2
ii  libxrandr2   2:1.5.2-2+b1
ii  libxtst6 2:1.2.3-1.1
ii  procps   2:4.0.2-3
ii  zlib1g   1:1.2.13.dfsg-1

Versions of packages firefox-esr recommends:
ii  libavcodec59  7:5.1.3-1

Versions of packages firefox-esr suggests:
ii  fonts-lmodern  2.005-1
pn  fonts-stix | otf-stix  
ii  libcanberra0   0.30-10
ii  libgssapi-krb5-2   1.20.1-2
pn  pulseaudio 

-- no debconf information

Bug#916475: ghdl: various suggestions to simplify the packaging

[Daniel Gröber]

Hi Nicolas,

On Wed, Dec 21, 2022 at 06:12:09PM +0100, Nicolas Boulenguez wrote:
> Four were ignored, probably because you are busy with the build
> failures.
> 
> Just in case, a rebased version is attached.

It's been a while since you submitted these patches and Andreas changed a
lot of the packaging since. Could you do me a favor and re-check if your
improvements were included in spirit/whole?

Me and Simon have put in some work to get ghdl_3.0.0 packaged and I'd love
to apply any of your changes that are still relevant.

Thanks,
--Daniel

Bug#1031338: (no subject)

[Sven Hartrumpf]

I would suggest to skip the version 14 and jump to a newer one (15.0.1) because 
other
severe bugs are fixed now:

https://github.com/ocrmypdf/OCRmyPDF/issues/1154
https://github.com/ocrmypdf/OCRmyPDF/issues/1010 (an endless process)

Greetings

Bug#1053142: freetype proposed update breaks chromium

[Hugh McMaster]

Control: reassign 1053142 libfreetype6 2.12.1+dfsg-5+deb12u1

On Fri, 29 Sep 2023 10:37:22 +0200 Cord Beermann wrote:
> Hi,
>
> just wanted to give you a heads up on
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053142
>
> For me all chromium-Packages on stable die with a Segmentation Fault when
> libfreetype6 2.12.1+dfsg-5+deb12u1 is installed.
>
> Downgrading libfreetype6 to 2.12.1+dfsg-5 fixes it again.
>
> tested with chromium 114.0.5735.198-1~deb12u1, 116.0.5845.180-1~deb12u1,
> 117.0.5938.62-1~deb12u1
>
> Cord

Thanks. This is due to a bug in Chromium and a bug in FreeType.

I'm reverting the recent patch to FreeType to get Chromium going
again. The correct fix for FreeType has also been tested and verified,
and will be considered for bookworm after this weekend's 12.2 point
release.

Hugh

Bug#1053215: ITP: needrestart-gui -- web interface for needrestart

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: needrestart-gui
  Version : 0.0.1
  Upstream Contact: Axel Jacquet 
* URL : 
https://salsa.debian.org/openstack-team/third-party/needrestart-gui
* License : most-permissive
  Programming Lang: Python
  Description : web interface for needrestart

 This package provides a Python implementation to monitor services and provides
 a GUI to show their status and package versions. It uses in the background the
 needrestart package.

Bug#1051592: Regression: Commit "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID" breaks ruleset loading in linux-stable

[Linux regression tracking (Thorsten Leemhuis)]

On 12.09.23 12:27, Florian Westphal wrote:
> Linux regression tracking (Thorsten Leemhuis)  
> wrote:
>> On 12.09.23 00:57, Pablo Neira Ayuso wrote:
>>> Userspace nftables v1.0.6 generates incorrect bytecode that hits a new
>>> kernel check that rejects adding rules to bound chains. The incorrect
>>> bytecode adds the chain binding, attach it to the rule and it adds the
>>> rules to the chain binding. I have cherry-picked these three patches
>>> for nftables v1.0.6 userspace and your ruleset restores fine.
>>> [...]
>>
>> H. Well, this sounds like a kernel regression to me that normally
>> should be dealt with on the kernel level, as users after updating the
>> kernel should never have to update any userspace stuff to continue what
>> they have been doing before the kernel update.
> 
> This is a combo of a userspace bug and this new sanity check that
> rejects the incorrect ordering (adding rules to the already-bound
> anonymous chain).
> 
> nf_tables uses a transaction allor-nothing model, this means that any
> error that occurs during a transaction has to be reverse/undo all the
> pending changes.  This has caused a myriad of bugs already.
> 
> So while this can be theoretically fixed in the kernel I don't see
> a sane way to do it.  Error unwinding / recovery from deeply nested
> errors is already too complex for my taste.
> 
>> Can't the kernel somehow detect the incorrect bytecode and do the right
>> thing(tm) somehow?
> 
> Theoretically yes, but I don't feel competent enough to do it, just look
> at all the UaF bugs of the past month.

Thx for the answer. FWIW, as this was a judgement call I mentioned this
in my last regression report to Linus; he didn't reply, so I guess it is
-- and will remove this issue from my tracking:

#regzbot resolve: can be solved by a nftables userspace update; not
nice, but likely best solution in this case
#regzbot ignore-activity

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
If I did something stupid, please tell me, as explained on that page.

Bug#1013356: fzf: Bash completions not active by default

[Christoph Anton Mitterer]

Hey folks.

I filed an issue upstream at:
https://github.com/junegunn/fzf/issues/3457

which describes the situation leading to this bug and discusses
possible solutions.

The main problem is IMO, that right now, fzf's completion.bash file
contains both, code for:
a. completing options for fzf itself (e.g. fzf --height)
b. completing other stuff (e.g. hostnames in ssh **, etc.)


While the code from (a) doen't strictly depend on bash-completion (but
only the completion functionality of bash), I'd still say there is some
benefit for that to go into:
  /usr/share/bash-completion/completions/fzf
namely, the on-demand loading, that means that the completion functions
for fzf *itself* are only loaded if necessary.


Howver, (b) MUST NOT go into /usr/share/bash-completion/completions/fzf
for at least two reasons:
- It doesn't work (as reported in this Debian bug), because the
  functions are there only loaded by bash-completion, if fzf *itself*
  is completed.
- There is not easy/good way for (non-root) users to disable the
  (b)-part, from there.
  This (being able to disable it) is however likely necessary, if a
  user wants to 1) simply not use the functionality at all or 2) use
  an alternative implementation for it, like e.g.:
  https://github.com/lincheney/fzf-tab-completion
  or
  https://github.com/rockandska/fzf-obc



How to move forward?

First we should wait what upstream thinks about
https://github.com/junegunn/fzf/issues/3457 .
There I propose the current completion.bash file to be split up in the
two functionalities described above, (a) and (b).

If upstream would agree, we should ship the file for the (a) part as:
/usr/share/bash-completion/completions/fzf
in order to utilise bash-completions on-demand loading

For the (b) part I'd say we should do the following:
- ship the file itself as some /usr/share/fzf
then either:
- leave it at the users to source that file in their .bashrc or so
or:
- somehow source it out-of-the-box in either /etc/profile.d/[0] or
  /etc/bash_completion.d/
  Either as symlink, or via some wrapper script.
  The latter could provide some easy way for the user to disable
  loading of the script (on a per-user basis)


If upstream would *not* want to split up the file, I'd say we do the
same than above, except that we cannot ship *anything* in
/usr/share/bash-completion/completions/ .
Thus, even the completion for fzf *itself* would need to be loaded via
the ways described above for the (b) part.

Of course Debian could on its own split up the file... but I guess that
would add quite some ugly maintenance burden no one wants.


Thanks,
Chris.


[0] Would require an additional test, whether the shell is really bash.

Bug#1053033: [Debichem-devel] Bug#1053033: jmol: FTBFS with default Java 21

[Pierre Gruet]

Control: tags -1 pending

Hi Emmanuel,

Le 29/09/2023 à 02:04, Emmanuel Bourg a écrit :
On Wed, 27 Sep 2023 11:03:16 +1300 Vladimir Petko  
wrote:



classes:
    [mkdir] Created dir: /<>/build/classes
    [javac] Compiling 1117 source files to /<>/build/classes
    [javac] warning: [options] bootstrap class path not set in 
conjunction with -source 7
    [javac] error: Source option 7 is no longer supported. Use 8 or 
later.
    [javac] error: Target option 7 is no longer supported. Use 8 or 
later.


This error no longer occurs with ant/1.10.14-1, but there is another
error caused by the addLast() method in the Lst class conflicting
with the newly introduced List.addLast() method. Changing the return
type of this method should fix the issue.




Thanks a lot for the hint, this actually allows one to build with 
openjdk-17 or openjdk-21. I had started imagining something more 
complicated...


Best,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1024695: Merge request

[Fabrice Bauzac-Stehly]

Hello,

At least a few of the warnings will be fixed by this merge request:
https://salsa.debian.org/emacsen-team/debian-el/-/merge_requests/6

Can we consider merging it?

Thanks!

Best regards

-- 
Fabrice Bauzac-Stehly
PGP 01EEACF8244E9C14B551C5256ADA5F189BD322B6

Bug#1053214: RFP: lustre -- distributed parallel, scalabe, high-performance, high-availability file system

[Ole Streicher]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-scie...@lists.debian.org

* Package name: lustre
  Upstream Author : Whamcloud
* URL : www.lustre.org
* License : GPLv2
  Programming Lang: C
  Description : Distributed parallel, scalable, high-performance file system

The Lustre file system is an open-source, parallel file system that
supports many requirements of leadership class HPC simulation
environments.

Lustre is used in a number of science institutes (including mine), so
having a Debian package would be quite handy for us.

Their distribution already come with some Debian files (and they
actually build Ubuntu packages), but they are not compliant to Debian
Policy, and they are very outdated (source format 1, declared standards
version 3.8.2), depending on tools that are not in Debian anymore
(dpatch). However, for the kernel modules, it is possible to build them
with dkms support.

The package includes both the client and the server side. However,
upstream builds the server package only for RHEL, already even just
having the client packages for Debian would be a big win.

Best regards

Ole

Bug#1022759: lintian: don't emit source-nmu-has-incorrect-version-number for stable updates

[Emilio Pozuelo Monfort]

Control: tags -1 patch

On Tue, 25 Oct 2022 11:56:33 +0200 Emilio Pozuelo Monfort  
wrote:

Package: lintian
Version: 2.104.0
Severity: normal
X-Debbugs-Cc: debian-rele...@lists.debian.org

Hi,

When preparing stable or security updates, the convention is to use debXuY
whether it is a NMU or not, without making it e.g. deb11u1.1. Thus please
stop emitting this tag when a stable update is detected.

no-nmu-in-changelog should keep being emitted.


See https://salsa.debian.org/lintian/lintian/-/merge_requests/481

Emilio

Bug#1043210: madwimax: please consider upgrading to 3.0 source format

[Bastian Germann]

I am uploading a NMU to DELAYED/10 in order to fix this.
debdiff is attached.diff -Nru madwimax-0.1.1/debian/changelog madwimax-0.1.1/debian/changelog
--- madwimax-0.1.1/debian/changelog 2023-09-29 13:06:14.0 +0200
+++ madwimax-0.1.1/debian/changelog 2023-09-29 12:54:58.0 +0200
@@ -1,3 +1,11 @@
+madwimax (0.1.1-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Convert to source format 3.0 (Closes: #1043210).
+  * Depend on dhcpcd-base instead of dhcp3-client (Closes: #680969, #1041062).
+
+ -- Bastian Germann   Fri, 29 Sep 2023 12:54:58 +0200
+
 madwimax (0.1.1-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru madwimax-0.1.1/debian/control madwimax-0.1.1/debian/control
--- madwimax-0.1.1/debian/control   2023-09-29 13:06:14.0 +0200
+++ madwimax-0.1.1/debian/control   2023-09-29 12:54:58.0 +0200
@@ -11,7 +11,7 @@
 Package: madwimax
 Architecture: any
 Depends: ${shlibs:Depends}
-Recommends: dhcp3-client | dhcp-client
+Recommends: dhcpcd-base | dhcp-client
 Description: user-space driver for mWiMAX equipment based on Samsung CMC-730
  madwimax is an experimental reverse-engineered Linux driver for
  mobile WiMAX (802.16e) devices based on Samsung CMC-730 chip. These
diff -Nru madwimax-0.1.1/debian/source/format 
madwimax-0.1.1/debian/source/format
--- madwimax-0.1.1/debian/source/format 1970-01-01 01:00:00.0 +0100
+++ madwimax-0.1.1/debian/source/format 2023-09-29 12:54:58.0 +0200
@@ -0,0 +1 @@
+3.0 (quilt)

Bug#1053211: migrationtools: Package misses dependency to package libfile-which-perl

[Andreas Grupp]

Package: migrationtools
Version: 48-1
Severity: important
X-Debbugs-Cc: gr...@lehrerfortbildung-bw.de

Dear Maintainer,

following the instructions on 
https://www.debian.org/doc/manuals/debian-handbook/sect.ldap-directory.en.html 
led to compilation problems with perl and I got the following output: Can't 
locate File/Which.pm in @INC

To solve the problem I installed the package libfile-which-perl. This solved 
the problem and I was able to follow the instructions above.

The page
https://www.debian.org/doc/manuals/debian-handbook/sect.ldap-directory.en.html
should mention that the additional package has to be installed, or even
better, the package migrationtools should have the dependency to package
libfile-which-perl.

-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages migrationtools depends on:
ii  ldap-utils [openldap-utils]  2.5.13+dfsg-5
ii  perl 5.36.0-7

migrationtools recommends no packages.

Versions of packages migrationtools suggests:
ii  slapd  2.5.13+dfsg-5

-- Configuration Files:
/etc/migrationtools/migrate_common.ph changed [not included]

-- no debconf information

Bug#1043203: libpam-chroot: please consider upgrading to 3.0 source format

[Bastian Germann]

I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.diff -Nru libpam-chroot-0.9/chroot.conf libpam-chroot-0.9/chroot.conf
--- libpam-chroot-0.9/chroot.conf   2023-09-29 12:52:00.0 +0200
+++ libpam-chroot-0.9/chroot.conf   2004-05-05 02:07:47.0 +0200
@@ -1,13 +1,6 @@
 # /etc/security/chroot.conf
-# This file determines where will pam_chroot restrict the
-# users for applications that use this module.
-# Users not listed in this configuration file will not
-# be chrooted.
-# The format of this configuration file is:
-#
+# format:
 # username chroot_dir
-#
-# For example:
 #foo   /home/foo
 
 # Or, if you've specified use_regex,
diff -Nru libpam-chroot-0.9/debian/changelog libpam-chroot-0.9/debian/changelog
--- libpam-chroot-0.9/debian/changelog  2023-09-29 12:52:00.0 +0200
+++ libpam-chroot-0.9/debian/changelog  2023-09-29 12:44:34.0 +0200
@@ -1,3 +1,11 @@
+libpam-chroot (0.9-5.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Convert to source format 3.0. (Closes: #1043203)
++ Move example to debian directory.
+
+ -- Bastian Germann   Fri, 29 Sep 2023 12:44:34 +0200
+
 libpam-chroot (0.9-5.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libpam-chroot-0.9/debian/example/chroot.conf 
libpam-chroot-0.9/debian/example/chroot.conf
--- libpam-chroot-0.9/debian/example/chroot.conf1970-01-01 
01:00:00.0 +0100
+++ libpam-chroot-0.9/debian/example/chroot.conf2023-09-29 
12:44:34.0 +0200
@@ -0,0 +1,3 @@
+# /etc/security/chroot.conf
+test   /chroot/directory
+
diff -Nru libpam-chroot-0.9/debian/example/chrooted-directory-tree.txt 
libpam-chroot-0.9/debian/example/chrooted-directory-tree.txt
--- libpam-chroot-0.9/debian/example/chrooted-directory-tree.txt
1970-01-01 01:00:00.0 +0100
+++ libpam-chroot-0.9/debian/example/chrooted-directory-tree.txt
2023-09-29 12:44:34.0 +0200
@@ -0,0 +1,38 @@
+/home/test/
+|-- bin
+|   |-- bash
+|   |-- ls
+|   |-- rbash
+|   `-- sh
+|-- dev
+|   |-- null
+|   |-- tty1
+|   |-- tty2
+|   |-- tty3
+|   |-- tty4
+|   |-- tty5
+|   |-- tty6
+|   |-- tty7
+|   |-- urandom
+|   `-- zero
+|-- home
+|   `-- test
+||-- .alias
+||-- .bash_history
+||-- .bash_profile
+||-- .bashrc
+||-- .cshrc
+|`-- .profile
+|-- lib
+   |-- ld-linux.so.2
+   |-- libc.so.6
+   |-- libdl-2.2.5.so
+   |-- libdl.so.2
+   |-- libncurses.so.4
+   |-- libncurses.so.4.2
+   |-- libncurses.so.5
+   |-- libncurses.so.5.2
+   |-- libpthread-0.9.so
+   |-- libpthread.so.0
+   |-- librt-2.2.5.so
+   `-- librt.so.1
diff -Nru libpam-chroot-0.9/debian/example/README.example 
libpam-chroot-0.9/debian/example/README.example
--- libpam-chroot-0.9/debian/example/README.example 1970-01-01 
01:00:00.0 +0100
+++ libpam-chroot-0.9/debian/example/README.example 2023-09-29 
12:44:34.0 +0200
@@ -0,0 +1,36 @@
+
+This is a sample configuration for the pam_chroot module.
+
+In order to make this work you need to: 
+
+1.- use setup-chrootdir.sh to create a directory in which
+the user will be chrooted (let's call it CHROOTDIR)
+A sample layout like the one it creates is provided in the
+chrooted-directory-tree.txt file
+
+WARNING! Make sure to have an open console in which to
+become superuser in case you mangle the files and cannot
+log-on to the system later on!
+
+2.- configure /etc/security/chroot.conf so that a given user
+(USERCHROOTED) is chrooted to CHROOTDIR when entering (in the
+sample configuration file CHROOTDIR=/chroot/directory)
+
+3.- add the following line to /etc/pam.d/login
+sessionrequired   pam_chroot.so debug
+
+4.- create USERCHROOTED in the system (/etc/passwd et al.) and
+have his home directory be /home/test 
+(real directory=CHROOTDIR/home/test)
+
+5.- add the neccesary .profile, .cshrc, .bash_profile files to
+the CHROOTDIR/home/test directory (fix permissions to your own
+needs/policy)
+
+6.- Try to enter the system as USERCHROOTED. You should be
+restricted to CHROOTDIR and have only a limited number of
+utilies (setup-chrootdir only provides 'ls')
+
+If it does not work check the syslog files to see the messages
+related to PAM (should include pam_chroot[]: session messages
+due to the 'debug' option being set)
diff -Nru libpam-chroot-0.9/debian/example/setup-chrootdir-rsync.sh 
libpam-chroot-0.9/debian/example/setup-chrootdir-rsync.sh
--- libpam-chroot-0.9/debian/example/setup-chrootdir-rsync.sh   1970-01-01 
01:00:00.0 +0100
+++ libpam-chroot-0.9/debian/example/setup-chrootdir-rsync.sh   2023-09-29 
12:44:34.0 +0200
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# Copyright (C) 2002  Andres Salomon 
+#
+# Create a chroot environment for allowing users to rsync.
+# This script is placed in the public domain.  Do with it what
+# you will.
+
+PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin"
+DIRECTORIES="bin dev lib usr/bin usr/lib"