Bug#969358: RFP: ssf -- Secure Socket Funneling - Network tool and toolkit

[Petter Reinholdtsen]

Package: wnpp
Severity: wishlist

* Package name: ssf
  Version : 3.0.0
  Upstream Author : olach...@protonmail.com
* URL : https://github.com/securesocketfunneling/ssf
* License : MIT
  Programming Lang: C++
  Description : Secure Socket Funneling - Network tool and toolkit

Simple and efficient ways to forward data from multiple sockets (TCP or
UDP) through a single secure TLS tunnel to a remote computer.  SSF is cross
platform (Windows, Linux, OSX). Features:
 * Local and remote TCP port forwarding
 * Local and remote UDP port forwarding
 * Local and remote SOCKS server
 * Local and remote shell through sockets
 * File copy
 * Native relay protocol
 * TLS connection with the strongest cipher-suites

Bug#966253: RFS: devtodo/0.1.20-8 [QA] -- hierarchical, prioritised todo list manager

[Adrian Bunk]

On Thu, Aug 27, 2020 at 11:47:30PM -0300, Carlos Henrique Lima Melara wrote:
> Hi, Adrian.

Hi Charles,

please always Cc people in the BTS, except for the maintainer noone gets 
automatically subscribed.

> On Thu, 27 Aug 2020 11:41:48 +0300 Adrian Bunk  wrote:
> > Looks good, except:
> > 
> > >* debian/rules: replaced override_dh_auto_install with 
> > > dh_bash-completion
> > >  for the installation of bash-completion code.
> > >...
> > 
> > This is not the correct name for the installed file:
> > /usr/share/bash-completion/completions/devtodo.bash-completion
> 
> I think that the phrase just looks a bit confusing (my bad). What
> I meant is replaced override_dh_auto_install with dh_bash-completion
> addon.

But it isn't doing the same.

What I meant is that debdiff says when comparing 0.1.20-7 with 0.1.20-8:

Files in first .deb but not in second
-
-rw-r--r--  root/root   /usr/share/bash-completion/completioins/devtodo

Files in second .deb but not in first
-
-rw-r--r--  root/root   
/usr/share/bash-completion/completions/devtodo.bash-completion

Your change fixes the typo in the directory name (good),
but it installs the file with the wrong name (bad).

> Also I'd like to apologize to you because another sponsor talked
> to me about this package through instant messaging. I'm terribly
> sorry cause I've changed the "need sponsor" on mentors website but
> forgotten to close the rfs or to inform in the bug.

No problem with that, happy to hear you have someone else to sponsor it.

> Cheers,
> Charles

cu
Adrian

Bug#965263: debian-installer: Script exected in preseed/late_command on dual CPU socket system sees only Single CPU socket

[Vasudev Kamath]

Vasudev Kamath  writes:

> Geert Stappers  writes:
>
>> On Sat, Jul 18, 2020 at 06:19:55PM +0530, Vasudev Kamath wrote:
>>> 
>>> Please let me know if you need more information.
>>> 
>>
>> Both kernel versions
>
> We mirror Debian repository on daily basis and found this bug with
> latest installer released with Stretch 9.12 and Buster 10.4.
>
> Buster: linux-image-4.19.0-9-amd64 (4.19.118-2+deb10u1)
> Stretch: linux-image-4.9.0-12-amd64 (4.9.210-1+deb9u1)

Is there anything else needed from my side?. I'm just curious to know
why numa node becomes single in installer.

Cheers,
Vasudev

Bug#969264: firmware-iwlwifi: failed to load iwl-debug-yoyo.bin (-2)

[riveravaldez]

Thanks a lot, Salvatore!

Your response has been really quick, informative and useful.

I'm under the impression that the issue with the Wi-Fi connection
pre-dates the upgrade in which I detected this warning - and so it
would be non-related and calling for a merge - , but still not sure.
I'll try to test the connection to find the cause of the problem. Any
hint about how/with which tool could I do that?

Thanks again, best regards.

Bug#969357: squid segfault

[js1]

Package: squid
Version: 4.6-1+deb10u4
Severity: normal

Dear Maintainer,

Squid segfaults but seems usable.  No segfaults until this current version 
(4.6-1+deb10u4). 

Here are some sample kern.log output:

Aug 31 11:02:17 chromebox kernel: [   12.642751] squid[509]: segfault at 
99e0981 ip 7ff47e3b29bd sp 7ffd2d4cb8a0 error 4 in 
libc-2.28.so[7ff47e35+148000]
Aug 31 11:02:27 chromebox kernel: [   22.692706] squid[733]: segfault at a51f 
ip 7f70452209bd sp 7ffdaa96f830 error 4 in 
libc-2.28.so[7f70451be000+148000]
Aug 31 11:17:53 chromebox kernel: [  948.885810] squid[849]: segfault at 173c 
ip 7f55c22c49bd sp 7ffe1ff323e0 error 4 in 
libc-2.28.so[7f55c2262000+148000]
Aug 31 11:18:03 chromebox kernel: [  958.912126] squid[4054]: segfault at 
546052f ip 7fba5140f9bd sp 7ffc62348330 error 4 in 
libc-2.28.so[7fba513ad000+148000]
Aug 31 11:18:23 chromebox kernel: [  978.941719] squid[4087]: segfault at 
8fd08e8 ip 7ff67de529bd sp 7ffc22d08c50 error 4 in 
libc-2.28.so[7ff67ddf+148000]
Aug 31 15:22:01 chromebox kernel: [   12.326735] squid[610]: segfault at 
99e0981 ip 7f779d2269bd sp 7ffde0b728b0 error 4 in 
libc-2.28.so[7f779d1c4000+148000]

-- System Information:
Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-10-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages squid depends on:
ii  adduser  3.118
ii  libc62.28-10
ii  libcap2  1:2.25-2
ii  libcom-err2  1.44.5-1+deb10u3
ii  libdb5.3 5.3.28+dfsg1-0.5
ii  libdbi-perl  1.642-1+b1
ii  libecap3 1.0.1-3.2
ii  libexpat12.2.6-2+deb10u1
ii  libgcc1  1:8.3.0-6
ii  libgnutls30  3.6.7-4+deb10u5
ii  libgssapi-krb5-2 1.17-3
ii  libkrb5-31.17-3
ii  libldap-2.4-22.4.47+dfsg-3+deb10u2
ii  libltdl7 2.4.6-9
ii  libnetfilter-conntrack3  1.0.7-1
ii  libnettle6   3.4.1-1
ii  libpam0g 1.3.1-5
ii  libsasl2-2   2.1.27+dfsg-1+deb10u1
ii  libstdc++6   8.3.0-6
ii  libxml2  2.9.4+dfsg1-7+b3
ii  logrotate3.14.0-4
ii  lsb-base 10.2019051400
ii  netbase  5.6
ii  squid-common 4.6-1+deb10u4

Versions of packages squid recommends:
ii  ca-certificates  20200601~deb10u1
ii  libcap2-bin  1:2.25-2

Versions of packages squid suggests:
ii  resolvconf   1.79
pn  smbclient
pn  squid-cgi
pn  squid-purge  
pn  squidclient  
pn  ufw  
pn  winbind  

-- Configuration Files:
/etc/squid/squid.conf changed:
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16# RFC1918 possible internal network
acl ssl_ports port 443
acl ssl_ports port 5222 # xmpp
acl safe_ports port 80  # http
acl safe_ports port 21  # ftp
acl safe_ports port 443 # https
acl safe_ports port 70  # gopher
acl safe_ports port 210 # wais
acl safe_ports port 1025-65535  # unregistered ports
acl safe_ports port 280 # http-mgmt
acl safe_ports port 488 # gss-http
acl safe_ports port 591 # filemaker
acl safe_ports port 777 # multiling http
acl connect method connect
acl ads dstdom_regex -i "/etc/squid/squid.adservers.regex"
http_access deny ads
http_access deny !safe_ports
http_access deny connect !ssl_ports
acl manager url_regex -i ^cache_object:// /squid-internal-mgr/
http_access allow localnet manager
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_replacement_policy heap LFUDA
maximum_object_size 500 MB
cache deny all
log_mime_hdrs off
coredump_dir /var/spool/squid
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire 
ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 
override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 
90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index\.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320
negative_dns_ttl 10 second

Bug#969356: safe-rm: Add support for csh/tcsh

[Francois Marier]

Package: safe-rm
Version: 0.12-11
Severity: wishlist
Tags: help

Right now safe-rm is enabled by default for interactive bash/dash shells due
to the fact that it drops a configuration blurb in /etc/profile.d/ which
overwrites the default PATH:

  https://salsa.debian.org/debian/safe-rm/-/blob/master/debian/safe-rm.sh

It would be good to add the equivalent configuration blurb for csh/tcsh.

I tried putting the following in /etc/profile.d/safe-rm.csh but it didn't
work:

  if ($?prompt) then
setenv PATH /usr/share/safe-rm/bin\:$PATH
set path = (/usr/share/safe-rm/bin $path)
  endif

and so I'm not sure exactly how to do this.

Francois

-- 
https://fmarier.org/

Bug#969306: Checking for interactive shells

[Francois Marier]

According to https://stackoverflow.com/questions/945302/, one can check for
the presence of an interactive KornShell using:

  [[ $- == *i* ]] && echo interactive || echo not interactive

Francois

-- 
https://fmarier.org/

Bug#969300: ITP: mmhelper -- A small program to help solving Mastermind puzzles.

[Paul Wise]

On Mon, Aug 31, 2020 at 3:12 PM jathan wrote:

> What does it mean "Control: reassign -1 wnpp" please?

Control: lines in mails to bugs are passed to the
cont...@bugs.debian.org email address and -1 in such lines means "the
current bug". The reassign command changes which bug a package is
assigned to. The wnpp package is where all WNPP bugs (ITP/RFP/O/etc)
are assigned.

https://www.debian.org/Bugs/server-control#reassign
https://wiki.debian.org/Glossary

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#969350: linux-image-4.19.0-10-amd64: Kernel regularly crashes - general protection fault in the network stack

[Antoine Sirinelli]

Package: src:linux
Version: 4.19.132-1
Severity: normal

Dear Maintainer,

I am experiencing regular kernel crashes with my system. The crashes
seems a bit random and linked to limited activity. Looking at the
backtrace, it seems to be coming from the network stack (bridge
netfilter?). I have indeed a bridge on the default interface to allow a
virtual machine (CentOS) to access the network. Docker is also running
its own bridges.

The bug does not seem to be triggered by high network loads (I can
transfert at 1 GBps during minutes on a NFS server without any crashes).
I have not been yet able to understand what is triggering it. It can
happen 2-3 times per day. This system is rather new (built 3 months ago)
and is only starting to be getting a bit more load.

I have recovered the kernel dump file using kdump let me know if you
need more details:

  KERNEL: /usr/lib/debug/vmlinux-4.19.0-10-amd64   
DUMPFILE: /var/crash/202008312230/dump.202008312230  [PARTIAL DUMP]
CPUS: 6
DATE: Mon Aug 31 22:29:12 2020
  UPTIME: 00:14:36
LOAD AVERAGE: 0.03, 0.09, 0.14
   TASKS: 402
NODENAME: frodo.intra.monte-stello.com
 RELEASE: 4.19.0-10-amd64
 VERSION: #1 SMP Debian 4.19.132-1 (2020-07-24)
 MACHINE: x86_64  (2900 Mhz)
  MEMORY: 7.7 GB
   PANIC: "general protection fault:  [#1] SMP NOPTI"
 PID: 0
 COMMAND: "swapper/3"
TASK: 9b9da5536ac0  (1 of 6)  [THREAD_INFO: 9b9da5536ac0]
 CPU: 3
   STATE: TASK_RUNNING (PANIC)

crash> dmesg
[0.00] microcode: microcode updated early to revision 0xd6, date = 
2020-04-23
[0.00] Linux version 4.19.0-10-amd64 (debian-ker...@lists.debian.org) 
(gcc version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.132-1 (2020-07-24)
[0.00] Command line: BOOT_IMAGE=/boot/vmlinuz-4.19.0-10-amd64 
root=UUID=3abb17c2-1566-4c96-9645-a49a9dfc19b4 ro quiet crashkernel=384M-:128M
[0.00] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point 
registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x008: 'MPX bounds registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x010: 'MPX CSR'
[0.00] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[0.00] x86/fpu: xstate_offset[3]:  832, xstate_sizes[3]:   64
[0.00] x86/fpu: xstate_offset[4]:  896, xstate_sizes[4]:   64
[0.00] x86/fpu: Enabled xstate features 0x1f, context size is 960 
bytes, using 'compacted' format.
[0.00] BIOS-provided physical RAM map:
[0.00] BIOS-e820: [mem 0x-0x00057fff] usable
[0.00] BIOS-e820: [mem 0x00058000-0x00058fff] reserved
[0.00] BIOS-e820: [mem 0x00059000-0x0009efff] usable
[0.00] BIOS-e820: [mem 0x0009f000-0x000f] reserved
[0.00] BIOS-e820: [mem 0x0010-0x3fff] usable
[0.00] BIOS-e820: [mem 0x4000-0x403f] reserved
[0.00] BIOS-e820: [mem 0x4040-0x73787fff] usable
[0.00] BIOS-e820: [mem 0x73788000-0x73788fff] ACPI NVS
[0.00] BIOS-e820: [mem 0x73789000-0x73789fff] reserved
[0.00] BIOS-e820: [mem 0x7378a000-0x7c4f2fff] usable
[0.00] BIOS-e820: [mem 0x7c4f3000-0x7df0cfff] reserved
[0.00] BIOS-e820: [mem 0x7df0d000-0x7e03efff] usable
[0.00] BIOS-e820: [mem 0x7e03f000-0x7e413fff] ACPI NVS
[0.00] BIOS-e820: [mem 0x7e414000-0x7ef02fff] reserved
[0.00] BIOS-e820: [mem 0x7ef03000-0x7effdfff] type 20
[0.00] BIOS-e820: [mem 0x7effe000-0x7effefff] usable
[0.00] BIOS-e820: [mem 0x7efff000-0x8fff] reserved
[0.00] BIOS-e820: [mem 0xe000-0xefff] reserved
[0.00] BIOS-e820: [mem 0xfe00-0xfe010fff] reserved
[0.00] BIOS-e820: [mem 0xfec0-0xfec00fff] reserved
[0.00] BIOS-e820: [mem 0xfed0-0xfed00fff] reserved
[0.00] BIOS-e820: [mem 0xfee0-0xfee00fff] reserved
[0.00] BIOS-e820: [mem 0xff00-0x] reserved
[0.00] BIOS-e820: [mem 0x0001-0x00026eff] usable
[0.00] NX (Execute Disable) protection: active
[0.00] efi: EFI v2.70 by American Megatrends
[0.00] efi:  ACPI 2.0=0x7e03f000  ACPI=0x7e03f000  SMBIOS=0x7edc3000  
SMBIOS 3.0=0x7edc2000  MEMATTR=0x79483018  MPS=0xfd980  ESRT=0x7b117018 
[0.00] secureboot: Secure boot could not be determined (mode 0)
[0.00] SMBIOS 3.1.1 present.
[0.00] DMI: To Be Filled By O.E.M. To Be Filled By O.E.M./

Bug#969355: cups-browsed.service Hangs on Shutdown

[Dan Letzeisen]

Package: cups-browsed
Version: 1.28.1-1
Severity: normal

Recently, my system has taken a while to shut down. From the log, it
looks like cups-browsed is taking the maximum 90 seconds to try and
stop/sigterm (and still fails, resulting in sigkill).

Aug 29 14:39:41 hostname avahi-daemon[648]: Disconnected from D-Bus,
exiting.
Aug 29 14:41:09 hostname systemd[1]: cups-browsed.service: State
'stop-sigterm' timed out. Killing.
Aug 29 14:41:09 hostname systemd[1]: cups-browsed.service: Main process
exited, code=killed, status=9/KILL

This began earlier this week, probably upon upgrade to
cups-filters/browsed 1.28.x
Another Debian sid user confirmed the issue occurs for them.

If there is more information I can provide, let me know. Thanks.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.16-towo.1-siduction-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cups-browsed depends on:
ii  cups-daemon  2.3.3-2
ii  init-system-helpers  1.58
ii  libavahi-client3 0.8-3
ii  libavahi-common3 0.8-3
ii  libavahi-glib1   0.8-3
ii  libc6    2.31-3
ii  libcups2 2.3.3-2
ii  libcupsfilters1  1.28.1-1
ii  libglib2.0-0 2.64.4-1
ii  libldap-2.4-2    2.4.51+dfsg-1
ii  lsb-base 11.1.0

Versions of packages cups-browsed recommends:
ii  avahi-daemon  0.8-3

cups-browsed suggests no packages.

-- no debconf information

Bug#264589:

[Thành Bùi]

Bug#922129: filemanager-actions: Incomplete debian/copyright?

[Chris Lamb]

Hi darkdragon,

> > I just ACCEPTed filemanager-actions from NEW but noticed it was
> > missing attribution in debian/copyright for at least Red Hat, Novell,
> > etc.
>
> Can you please clarify the problem upstream in
> https://gitlab.gnome.org/GNOME/filemanager-actions/-/issues/17 ?

Two quick things:

 * You say: "filemanager-actions has been removed from Debian/Ubuntu
   because of incomplete license/copyright information". This is not
   really true. The package was removed for reasons listed in #961824
   as far as I can tell; ie. it was unmaintained.

 * I filed this bug (#922129) due to an incomplete debian/copyright
   file. In other words, the file under the debian/ subdirectory, and
   not something that upstream could clarify. This might be why they
   are confused.

I am no longer a member of the ftpmaster team, so I won't be able to
help you any further. Good luck...


Regards,

--
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-

Bug#913542: teckit: Fails to build on Ubuntu's ppc64el (symbols)

[Norbert Preining]

Hi Hilmar,

> https://patches.ubuntu.com/t/teckit/teckit_2.5.8+ds2-5ubuntu2.patch

My latest upload has fixed the build onppc64el, but it still fails on
armel armhf s390x.

Guess that is shlib files and drop all symbols. It is anyway only
texlive using it at the moment.

Norbert

--
PREINING Norbert  https://www.preining.info
Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#969339: clang-11-examples includes no examples

[Raul Tambre]

Package: llvm-11-examples
Version: 1:11.0.0~+rc2-4
Severity: normal

The packages actually includes no examples.
It seems the llvm-X.Y-examples.examples.in is trying to get examples from a 
non-existant directory.
The "examples/*" should probably be "llvm/examples/*"

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-3-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages llvm-11-examples depends on:
ii  llvm-11-dev  1:11.0.0~+rc2-4

llvm-11-examples recommends no packages.

llvm-11-examples suggests no packages.

-- no debconf information

Bug#969350: linux-image-4.19.0-10-amd64: Kernel regularly crashes - general protection fault in the network stack

[Salvatore Bonaccorso]

Hi Antoine,

On Mon, Aug 31, 2020 at 11:03:47PM +0200, Antoine Sirinelli wrote:
> Package: src:linux
> Version: 4.19.132-1
> Severity: normal
> 
> Dear Maintainer,
> 
> I am experiencing regular kernel crashes with my system. The crashes
> seems a bit random and linked to limited activity. Looking at the
> backtrace, it seems to be coming from the network stack (bridge
> netfilter?). I have indeed a bridge on the default interface to allow a
> virtual machine (CentOS) to access the network. Docker is also running
> its own bridges.
> 
> The bug does not seem to be triggered by high network loads (I can
> transfert at 1 GBps during minutes on a NFS server without any crashes).
> I have not been yet able to understand what is triggering it. It can
> happen 2-3 times per day. This system is rather new (built 3 months ago)
> and is only starting to be getting a bit more load.

Thanks for the report. This looks the same as #966846, which we have
pending fixed in the packaging repository.

If you can expose the fixes for testing, then there are temporary and
inofficial 4.19.142-1 builds at
https://people.debian.org/~carnil/tmp/linux/4.19.142-1/ .

Regards,
Salvatore

Bug#969353: RFS: streamlink/1.5.0+dfsg-1~bpo10+1 -- CLI for extracting video streams from various websites to a video player

[Alexis Murzeau]

Package: sponsorship-requests
Severity: wishlist
X-Debbugs-CC: debian-backpo...@lists.debian.org

Dear mentors,

I am looking for a sponsor for my package "streamlink" into Debian
buster-backports repository for a new upstream release.

 * Package name: streamlink
   Version : 1.5.0+dfsg-1~bpo10+1
   Upstream Author : Streamlink Team
 * URL : https://streamlink.github.io/
 * License : BSD-2-clause, Apache-2.0, MIT/Expat, SIL-OFL-1.1
   Section : python

It builds those binary packages:

  python3-streamlink - Python module for extracting video streams from various 
websites
  python3-streamlink-doc - CLI for extracting video streams from various 
websites (documentation)
  streamlink - CLI for extracting video streams from various websites to a 
video player

To access further information about this package, please visit the
following URL:
  https://mentors.debian.net/package/streamlink


Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/s/streamlink/streamlink_1.5.0+dfsg-1~bpo10+1.dsc

More information about streamlink can be obtained at
https://streamlink.github.io/

Changes since the last upload to buster-backports:
streamlink (1.5.0+dfsg-1~bpo10+1) buster-backports; urgency=medium

  * Rebuild for buster-backports.

 -- Alexis Murzeau   Sun, 16 Aug 2020 16:37:43 +0200

streamlink (1.5.0+dfsg-1) unstable; urgency=medium

  * New upstream version 1.5.0+dfsg
  * Update patch remove_new_version_check
  * Update debhelper compat to 13

 -- Alexis Murzeau   Sun, 19 Jul 2020 22:28:57 +0200


Differences from testing package (1.5.0+dfsg-1):
  * Update d/README.source for buster-backports


Regards,
-- 
Alexis Murzeau
PGP: B7E6 0EBB 9293 7B06 BDBC  2787 E7BD 1904 F480 937F










signature.asc
Description: OpenPGP digital signature

Bug#969352: dh-python: pybuild flit: build path included in RECORD file (makes build non reproducible)

[Philip Rinn]

Package: dh-python
Version: 4.20200804
Severity: normal

Hi,

while I was working on packaging solo-python, I noticed, that using the flit
plugin for pybuild results in a RECORD file that includes the build path for a
file

[...]
solo/__pycache__/dfu.cpython-38.pyc,,
solo/fido2/__init__.py,sha256=0e13fe5ec32f9fff284ebe986d9367732bde267280c87f0ff38466e247e696e0,1518
/build/solo-python-0.0.26/debian/solo-
python/usr/bin/solo,sha256=6a0396bfbe0c7eb59498dc99bf08a013ebda611dd573740edaa4ad80961ae1de,91
solo_python-0.0.26.dist-
info/METADATA,sha256=92e4e62ef2ff499a82380ef2180ae39e7c435ce5b5682cf4ee06decc4bdd62cc,6022
[...]

This obviously makes the build unreproducible but might also have other side
effects (as the file mentioned is not present after installation).

I attached the full RECORD file and the build log.

Best,
Philip



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (600, 'testing'), (550, 'unstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dh-python depends on:
ii  python33.8.2-3
ii  python3-distutils  3.8.5-1

dh-python recommends no packages.

Versions of packages dh-python suggests:
ii  dpkg-dev  1.20.5
ii  libdpkg-perl  1.20.5

-- no debconf information


RECORD
Description: application/csv
dh clean --with python3 --buildsystem=pybuild
   dh_auto_clean -O--buildsystem=pybuild
   dh_autoreconf_clean -O--buildsystem=pybuild
   dh_clean -O--buildsystem=pybuild
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building solo-python using existing 
./solo-python_0.0.26.orig.tar.gz
dpkg-source: info: building solo-python in solo-python_0.0.26-1.debian.tar.xz
dpkg-source: info: building solo-python in solo-python_0.0.26-1.dsc
I: Generated dsc will be overwritten by build result; not generating 
changes file
I: Copying COW directory
I: forking: rm -rf /var/cache/pbuilder/build/cow.87317
I: forking: cp -al /var/cache/pbuilder/base.cow 
/var/cache/pbuilder/build/cow.87317
I: removed stale ilistfile /var/cache/pbuilder/build/cow.87317/.ilist
I: forking: chroot /var/cache/pbuilder/build/cow.87317 
cowdancer-ilistcreate /.ilist 'find . -xdev -path ./home -prune -o \( \( -type 
l -o -type f \) -a -links +1 -print0 \) | xargs -0 stat --format '%d %i ''
I: Invoking pbuilder
I: forking: pbuilder build --debbuildopts  --debbuildopts '  '-j5' '-d'' 
--buildplace /var/cache/pbuilder/build/cow.87317 --buildresult 
/home/philip/Debian --mirror http://ftp.de.debian.org/debian/ --distribution 
sid --extrapackages apt-utils --no-targz --internal-chrootexec 'chroot 
/var/cache/pbuilder/build/cow.87317 cow-shell' 
/home/philip/Debian/solo-python_0.0.26-1.dsc
W: /home/philip/.pbuilderrc does not exist
I: Running in no-targz mode
I: pbuilder: network access will be disabled during build
I: Current time: Mon Aug 31 22:48:40 CEST 2020
I: pbuilder-time-stamp: 1598906920
I: copying local configuration
W: --override-config is not set; not updating apt.conf Read the manpage 
for details.
I: mounting /proc filesystem
I: mounting /sys filesystem
I: creating /{dev,run}/shm
I: mounting /dev/pts filesystem
I: redirecting /dev/ptmx to /dev/pts/ptmx
I: Mounting /var/cache/pbuilder/local-apt/debs
I: policy-rc.d already exists
I: Obtaining the cached apt archive contents
I: Copying source file
I: copying [/home/philip/Debian/solo-python_0.0.26-1.dsc]
I: copying [/home/philip/Debian/solo-python_0.0.26.orig.tar.gz]
I: copying [/home/philip/Debian/solo-python_0.0.26-1.debian.tar.xz]
I: Extracting source
dpkg-source: warning: extracting unsigned source package 
(solo-python_0.0.26-1.dsc)
dpkg-source: info: extracting solo-python in solo-python-0.0.26
dpkg-source: info: unpacking solo-python_0.0.26.orig.tar.gz
dpkg-source: info: unpacking solo-python_0.0.26-1.debian.tar.xz
I: Not using root during the build.
I: Installing the build-deps
I: user script /var/cache/pbuilder/build/cow.87317/tmp/hooks/D05deps 
starting
Get:1 file:/var/cache/pbuilder/local-apt/debs ./ InRelease
Ign:1 file:/var/cache/pbuilder/local-apt/debs ./ InRelease
Get:2 file:/var/cache/pbuilder/local-apt/debs ./ Release
Ign:2 file:/var/cache/pbuilder/local-apt/debs ./ Release
Get:3 file:/var/cache/pbuilder/local-apt/debs ./ Packages
Ign:3 file:/var/cache/pbuilder/local-apt/debs ./ Packages
Get:3 file:/var/cache/pbuilder/local-apt/debs ./ Packages
Ign:3 file:/var/cache/pbuilder/local-apt/debs ./ Packages
Get:3 file:/var/cache/pbuilder/local-apt/debs ./ Packages
Ign:3 file:/var/

Bug#969351: RFS: jgmenu/4.2.1-1 [ITP] -- simple modern standalone X11 menu

[Leandro Cunha]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "jgmenu":

 * Package name: jgmenu
   Version : 4.2.1-1
   Upstream Author : Johan Malm 
 * URL : https://jgmenu.github.io
 * License : GPL-2
 * Vcs : https://salsa.debian.org/debian/jgmenu
   Section : x11

It builds those binary packages:

  jgmenu-xfce4-panel-applet - xfce4-panel applet for jgmenu
  jgmenu - simple modern standalone X11 menu

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/jgmenu/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/j/jgmenu/jgmenu_4.2.1-1.dsc

Changes for the initial release:

 jgmenu (4.2.1-1) unstable; urgency=low
 .
   * Initial release (Closes: #882210).

Regards,
--
  Leandro Cunha

Bug#950675: upstream does support doxygen-latex, but ...

[Aurelien Jarno]

On 2020-08-31 10:21, Paolo Greppi wrote:
> Hi Simon, thanks for revving the conversation on this bug. I'll summarize 
> below my points.
> 
> Il 20/08/20 11:08, Simon McVittie ha scritto:
> > On Wed, 05 Feb 2020 at 11:56:16 +0100, Paolo Greppi wrote:
> > ...
> > smcv
> > 
> 
> - in general printable documentation is less relevant now than it used to be
> 
> - but some people may still need it, so doxygen-latex is useful in general, 
> it mostly works fine, and we should try to keep it in Debian
> 
> - occasionally packages that build printable documentation (PDF or PS) with 
> doxygen-latex have tripped (and will trip in the future) on obscure bugs in 
> latex or doxygen or doxygen-latex or some-fancy-latex-plugin
> 
> - when this happens, I'll try to address it with the help of upstream, the 
> latex maintainer and the latex community, but it may take a long time to fix 
> or may be practically impossible to fix (because it's a messy tangle of old 
> software, or because some-fancy-latex-plugin is no more supported, or some 
> other obscure reason)
> 
> - when that takes really too long, on a case-by-case basis, and as a last 
> resort, I would suggest the maintainers of those specific packages to 
> (temporarily) drop PDF/PS documentation and only produce HTML docs, or to 
> work with their upstream to switch to other PDF/PS generation toolchains as 
> was suggested by Dimitri
> 
> In conclusion, I'll downgrade this bug to non-RC and if Aurelien is OK, I 
> propose to close it.

I have finally been able to get it working with some tweaks. I therefore
the bug can now be closed.

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#956936: Also impacts buster packages

[Joel Johnson]

Version: 5.0.0-4+deb10u1

I ran into this same issue on a buster system, with additional 
buster-backports packages installed. After digging through it appears 
that during a recent update the libvirt-daemon-system package was 
uninstalled without me noticing. Reinstalling the package also resolved 
the issue for me.


Joel

Bug#937085: [Pkg-mozext-maintainers] Bug#937085: mozilla-devscripts: Python2 removal in sid/bullseye

[Jann Haber]

Hi all,

I just updated the MR on Salsa for redland-bindings, it now successfully 
creates a python3-librdf package instead of the python-librdf package. This 
change still needs to be tested, however it looks good, since the build process 
runs without obvious errors. The upload to unstable I assume needs to be done 
together with mozilla-devscripts, once it is also converted to python3.
Benjamin, you have done some work on mozilla-devscripts and got stuck since 
redland-bindings were python2 only. Can you provide any insight on how to test 
the new package properly? What would be the next steps for mozilla-devscripts?

Best Regards,
Jann

On Sun, 30 Aug 2020 10:45:15 +0200 Jann Haber  wrote:
> I created an MR on Salsa to drive this a little bit forward. I found in the 
> output of configure, that it reported python -> no. This is likely the cause 
> of the python bindings missing later. The MR contains a patch to make 
> configure use python3. Then the compilation does not fail anymore.
> 
> I however still don't think it works correctly - dh_missing reports there are 
> missing files and 0 files in the python3 package. I'm not so experienced in 
> packaging, so I was unable to fix this, but maybe the finding above help 
> somebody else :)
> 
> https://salsa.debian.org/debian/redland-bindings/-/merge_requests/1
> 
> On Mon, 10 Feb 2020 14:47:36 -0500 Daniel Kahn Gillmor 
>  wrote:
> > On Sun 2019-11-03 22:50:59 +0100, Benjamin Drung wrote:
> > > I ported amo-changelog and xpi-repack to Python 3 in version 0.54, but I
> > > wasn't able to port all scripts, because there is no Python 3 version of
> > > redland-bindings (see Debian bug #780741).
> > 
> > Afaict, upstream redland-bindings claims to support python3:
> > http://librdf.org/bindings/RELEASE.html#rel1_0_17_1
> > 
> > see also http://bugs.librdf.org/mantis/view.php?id=549
> > 
> > but this is from many years ago, and afaict, there has been no
> > additional work upstream on redland bindings since then.
> > 
> > Worse, i've been unable to make any of this build against python3.  You
> > can see my (failed) attempts at preparing an NMU.  I've published them
> > to salsa on the WIP-python3 branch at
> > https://salsa.debian.org/debian/redland-bindings if anyone wants to try
> > to improve.
> > 
> > So at any rate, i don't see how to get a python3-librdf package easily
> > into debian to unblock the mozilla-devscripts transition to python3.
> > But i do note that python3-rdflib has been in debian for a
> > while. (that's a totally different RDF python module)
> > 
> > I haven't looked into it myself, but perhaps mozilla-devscripts could
> > drop the use of redland and use rdflib instead?
> > 
> > Sorry to not have more effective progress to suggest.  I'm probably not
> > going to have time to work more on this, but i wanted to note where i
> > got to, and where i got stuck if someone else wants to pick it up.
> > 
> >  --dkg
> 
> 

Bug#969224: cdimage.debian.org: Error installing Debian 10.5 from flash stick with Extlinux

[J.A. Bezemer]

retitle 969224 Archive main/installer-*/current/ has outdated kernels?
severity 969224 normal
thanks

Hi,

So the real problem is that the archive seems outdated w.r.t. DVD images. 
The DVD images themselves are consistent (since you report they work 
fine).


I'm doing customized usb sticks regularly, e.g. putting i386 and amd64 
installer DVD iso's plus several Live systems onto one big usb stick, with 
bootloader options to choose between them.


So I've bumped into this exact issue before, and I learned to always get 
everything from the same source. Specifically, get kernel and initrd 
directly from the .iso file that you use, by mounting it (-o loop), or 
extract them using isoinfo command (hint: -R option), or probably 7z will 
work too. While you're there, also study what the "official" bootloader is 
passing to the kernel commandline, and do something similar in your own 
bootloader config.


Best regards,
Anne Bezemer


On Sun, 30 Aug 2020,   wrote:

[..]


I think the problem is that the kernel versions for DVD and
installer-amd64/current/images/hd-media/ or
installer-amd64/current/images/hd-media/gtk/
ÿÿ initrd.gz
for Debian 10.4 and Debian 10.5
don't match.

for Debian 10.5
4.19.0-10 - the kernel versions for DVD
4.19.0-5  - the kernel versions for
http://ftp.nl.debian.org/debian/dists/Debian10.5/main/installer-amd64/current/images/hd-media/
or (for GTK)
http://ftp.nl.debian.org/debian/dists/Debian10.5/main/installer-amd64/current/images/hd-media/gtk/

ÿÿ Debian 10.4
4.19.0-9 - the kernel versions for ÿÿ DVD
4.19.0-5 - the kernel versions for
http://ftp.nl.debian.org/debian/dists/Debian10.4/main/installer-amd64/current/images/hd-media/
or (for GTK)
http://ftp.nl.debian.org/debian/dists/Debian10.4/main/installer-amd64/current/images/hd-media/gtk/

ÿÿ Debian 10.3
4.19.0-8 - the kernel versions for ÿÿ DVD
4.19.0-8 - the kernel versions for
http://ftp.nl.debian.org/debian/dists/Debian10.3/main/installer-amd64/current/images/hd-media/
or (for GTK)
http://ftp.nl.debian.org/debian/dists/Debian10.3/main/installer-amd64/current/images/hd-media/gtk/

For Debian 10.3 everything was established without problems.

Bug#938345: redland-bindings: Python2 removal in sid/bullseye

[Jann Haber]

Control: tags -1 patch

I created an MR in Salsa fixing this bug. It replaces the python-librdf package 
with a python3-librdf package.
The package seems to build correctly, however I'm unsure how to test it 
properly. Maybe first upload to experimental?

https://salsa.debian.org/debian/redland-bindings/-/merge_requests/1

On Fri, 30 Aug 2019 07:50:02 + Matthias Klose  wrote:
> Package: src:redland-bindings
> Version: 1.0.17.1+dfsg-1.3
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
> 
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the distribution, as discussed in
> https://lists.debian.org/debian-python/2019/07/msg00080.html
> 
> Your package either build-depends, depends on Python2, or uses Python2
> in the autopkg tests.  Please stop using Python2, and fix this issue
> by one of the following actions.
> 
> - Convert your Package to Python3. This is the preferred option.  In
>   case you are providing a Python module foo, please consider dropping
>   the python-foo package, and only build a python3-foo package.  Please
>   don't drop Python2 modules, which still have reverse dependencies,
>   just document them.
>   
>   This is the preferred option.
> 
> - If the package is dead upstream, cannot be converted or maintained
>   in Debian, it should be removed from the distribution.  If the
>   package still has reverse dependencies, raise the severity to
>   "serious" and document the reverse dependencies with the BTS affects
>   command.  If the package has no reverse dependencies, confirm that
>   the package can be removed, reassign this issue to ftp.debian.org,
>   make sure that the bug priority is set to normal and retitle the
>   issue to "RM: PKG -- removal triggered by the Python2 removal".
> 
> - If the package has still many users (popcon >= 300), or is needed to
>   build another package which cannot be removed, document that by
>   adding the "py2keep" user tag (not replacing the py2remove tag),
>   using the debian-pyt...@lists.debian.org user.  Also any
>   dependencies on an unversioned python package (python, python-dev)
>   must not be used, same with the python shebang.  These have to be
>   replaced by python2/python2.7 dependencies and shebang.
> 
>   This is the least preferred option.
> 
> If the conversion or removal needs action on another package first,
> please document the blocking by using the BTS affects command, like
> 
>   affects  + src:redland-bindings
> 
> If there is no py2removal bug for that reverse-dependency, please file
> a bug on this package (similar to this bug report).
> 
> If there are questions, please refer to the wiki page for the removal:
> https://wiki.debian.org/Python/2Removal, or ask for help on IRC
> #debian-python, or the debian-pyt...@lists.debian.org mailing list.
> 
> 

Bug#969340: nvme-cli: generate /etc/nvme/host* files at install time, not build time

[Dan Streetman]

v2 debdiff, with slight adjustment that may be better
diff -Nru --exclude package.bash-completion --exclude changelog --exclude control nvme-cli-1.12/debian/nvme-cli.postinst nvme-cli-1.12/debian/nvme-cli.postinst
--- nvme-cli-1.12/debian/nvme-cli.postinst	1969-12-31 19:00:00.0 -0500
+++ nvme-cli-1.12/debian/nvme-cli.postinst	2020-08-31 15:41:46.0 -0400
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = "configure" ]; then
+if [ ! -s /etc/nvme/hostnqn ]; then
+nvme gen-hostnqn > /etc/nvme/hostnqn
+fi
+
+if [ ! -s /etc/nvme/hostid ]; then
+uuidgen > /etc/nvme/hostid
+fi
+fi
+
+#DEBHELPER#
diff -Nru --exclude package.bash-completion --exclude changelog --exclude control nvme-cli-1.12/debian/rules nvme-cli-1.12/debian/rules
--- nvme-cli-1.12/debian/rules	2018-08-06 12:12:32.0 -0400
+++ nvme-cli-1.12/debian/rules	2020-08-31 14:11:23.0 -0400
@@ -7,6 +7,10 @@
 
 override_dh_auto_install:
 	dh_auto_install -- PREFIX=/usr
+	# Remove build-time unique id files, instead these will be
+	# generated by the postinst script
+	rm -f debian/nvme-cli/etc/nvme/hostid
+	rm -f debian/nvme-cli/etc/nvme/hostnqn
 
 override_dh_auto_test:
 	# Overriding auto test, since the tests require that the build machine

Bug#969015: radicale: ignores umask

[Forest]

>When using uwsgi, umask can be applied there.

Does that help anything? The init.d script also applies an appropriate
umask. The problem is that Radicale overrides it.

>I don't fell comfortable applying a backport when upstream don't want to 
>carry it either, and unfortunately it seems I am pretty much alone in 
>maintaining radicale for Debian nowadays :-(

Understood. I guess I'll patch locally and look forward to Bullseye. Thanks
for maintaining the package!

Bug#969349: buster-pu: package chrony/3.4-4+deb10u1

[Vincent Blut]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

[ Reason ]
chrony versions prior to 3.5.1 are vulnerable to a symlink race when 
creating the PID file. CVE-2020-14367 has been assigned to this 
vulnerability.

In accordance with Salvatore Bonaccorso from the security team, no DSA 
has been released.

[ Impact ]
Data loss and a denial of service due to the path traversal are possible 
in some cases.
While that sounds worrisome, this vulnerabilily can’t be exploited using 
the default configuration provided by chrony on Debian, that’s why the 
security team marked it as “unimportant”.

[ Tests ]
I manually tested the proposed update to ensure that chronyd still runs 
fine using the default PID file location and an alternative one where 
the vulnerability could be exploited. I can confirm that the issue is 
fixed by the proposed patch and that no regression appeared while 
testing.

[ Risks ]
Most of the other major distributions provide this patch now with no 
apparent problems, so the risks seem quite low.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Switch from fopen() to the open() function with the O_CREAT|O_EXCL flags 
to avoid following a symlink and writing the PID to an unexpected file 
when chronyd still has the root privileges.

[ Other info ]
I also took the oportunity to fix the autopkgtest of chrony which was 
failing on Buster since quite a while.

Cheers,
Vincent

-BEGIN PGP SIGNATURE-

iQJLBAEBCgA1FiEE/VQBlxWoTJPh4vI5ipzudlpxp4AFAl9NUNgXHHZpbmNlbnQu
ZGViaWFuQGZyZWUuZnIACgkQipzudlpxp4CUhA//drGMsuRybyVv99bmgdtEzxZu
uTsxCF2YL6W7aGxTJnKMfVYJ/PAtAbzjXWUZyYNkmL/vSsf+432slB2IYsDNzs5M
sAXUZkMl/G5BhQ8F25LwNQs7Xnplq0p5MZEcNF97P1G9RFIBjW4+7Rj5OHQDbxHr
odWcsgl9kSAQ/l7A8jJQODWd+n7/saeyUL3UHEiLiZUw/PWuOdxv/ekBtU6a4kzM
YWjCcuvzvRuoBZNIihWYCQcJfRdMdSGe/eehf3mfwAfTJB/PdapATiUGN7rFrnnM
jhjRfS9QlKBrOxKzsGdSaGz4JcmSc3VqOs2AmguQ3a11dWQ6kjc4PyQ+Un5aZ71M
9Qv/zG/P+YX8L56jYxQk+qBYsD/qP2/a2apVgMeEl146ECx1WdAm+vyBSJxgZYdM
sNmCDJfpR+2xg8CDcWQZFGmusbaDfgvD/wgU+STOWrvKkjo0M8pH7+aETmAEk7Wc
btyvooG44zL0OmQm0CAIISgMZpXXvFLyeLJcfv9HZSoc0GqcL2lrhrgsWHw7F8T0
VAOMC3IiAriuSJuIIfCZI7ZDVklCr/xZK4S1RwSIJXSY4RmWVqFh5mDTZFVQ2ZIl
2vJcQQJhnHy8q1N14nHEcBsNffEB/O5caerl7DBs8MpCgLyo+vMJ7ifUa/4xqpae
e8KuReDpa8ZtwLuDTCQ=
=lYFE
-END PGP SIGNATURE-
diff -Nru chrony-3.4/debian/changelog chrony-3.4/debian/changelog
--- chrony-3.4/debian/changelog 2019-03-18 19:35:34.0 +0100
+++ chrony-3.4/debian/changelog 2020-08-29 20:13:04.0 +0200
@@ -1,3 +1,15 @@
+chrony (3.4-4+deb10u1) buster; urgency=medium
+
+  * debian/patches/:
+- Add create-new-file-when-writing-pidfile.patch to prevent symlink race
+when writing to PID file (CVE-2020-14367).
+
+  * debian/tests/:
+- Fix a regression when running upstream-simulation-test-suite autopkgtest
+on Buster.
+
+ -- Vincent Blut   Sat, 29 Aug 2020 20:13:04 +0200
+
 chrony (3.4-4) unstable; urgency=medium
 
   * debian/patches/*:
diff -Nru chrony-3.4/debian/.gitlab-ci.yml chrony-3.4/debian/.gitlab-ci.yml
--- chrony-3.4/debian/.gitlab-ci.yml2019-03-18 19:35:34.0 +0100
+++ chrony-3.4/debian/.gitlab-ci.yml2020-08-26 18:41:29.0 +0200
@@ -1,20 +1,7 @@
-include: 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
 
-build:
-extends: .build-unstable
 
-reprotest:
-extends: .test-reprotest
-
-lintian:
-extends: .test-lintian
-
-autopkgtest:
-extends: .test-autopkgtest
-allow_failure: true
-
-piuparts:
-extends: .test-piuparts
-
-blhc:
-extends: .test-blhc
+variables:
+  RELEASE: 'buster'
diff -Nru chrony-3.4/debian/patches/create-new-file-when-writing-pidfile.patch 
chrony-3.4/debian/patches/create-new-file-when-writing-pidfile.patch
--- chrony-3.4/debian/patches/create-new-file-when-writing-pidfile.patch
1970-01-01 01:00:00.0 +0100
+++ chrony-3.4/debian/patches/create-new-file-when-writing-pidfile.patch
2020-08-26 18:41:29.0 +0200
@@ -0,0 +1,187 @@
+From f00fed20092b6a42283f29c6ee1f58244d74b545 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar 
+Date: Thu, 6 Aug 2020 09:31:11 +0200
+Subject: main: create new file when writing pidfile
+
+When writing the pidfile, open the file with the O_CREAT|O_EXCL flags
+to avoid following a symlink and writing the PID to an unexpected file,
+when chronyd still has the root privileges.
+
+The Linux open(2) man page warns about O_EXCL not working as expected on
+NFS versions before 3 and Linux versions before 2.6. Saving pidfiles on
+a distributed filesystem like 

Bug#969015: radicale: ignores umask

[Jonas Smedegaard]

Quoting Forest (2020-08-31 21:03:28)
> Upstream have acknowledged the bug and stated that they no longer want 
> to update Radicale 2.x. The bug is fixed in 3.x. Any chance Debian 
> will move to the new version soon?
> 
> https://github.com/Kozea/Radicale/pull/1096#issuecomment-683684617

bullseye is expected to get radicale 3.x.

buster will stay with radicale 2.x.

When using uwsgi, umask can be applied there.

I don't fell comfortable applying a backport when upstream don't want to 
carry it either, and unfortunately it seems I am pretty much alone in 
maintaining radicale for Debian nowadays :-(

Thanks for attempting to convince upstream to adopt the backported 
patch!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#966855: hexcurse: diff for NMU version 1.58-1.3

[Sudip Mukherjee]

Control: tags 966855 + patch
Control: tags 966855 + pending

Dear maintainer,

I've prepared an NMU for hexcurse (versioned as 1.58-1.3) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should cancel it.

--
Regards
Sudip

diff -Nru hexcurse-1.58/debian/changelog hexcurse-1.58/debian/changelog
--- hexcurse-1.58/debian/changelog  2020-03-29 19:36:45.0 +0100
+++ hexcurse-1.58/debian/changelog  2020-08-31 19:44:26.0 +0100
@@ -1,3 +1,10 @@
+hexcurse (1.58-1.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS with gcc-10. (Closes: #966855)
+
+ -- Sudip Mukherjee   Mon, 31 Aug 2020 19:44:26 
+0100
+
 hexcurse (1.58-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru hexcurse-1.58/debian/patches/gcc-10.patch 
hexcurse-1.58/debian/patches/gcc-10.patch
--- hexcurse-1.58/debian/patches/gcc-10.patch   1970-01-01 01:00:00.0 
+0100
+++ hexcurse-1.58/debian/patches/gcc-10.patch   2020-08-31 19:43:53.0 
+0100
@@ -0,0 +1,30 @@
+Description: Fix FTBFS
+
+Author: Sudip Mukherjee 
+Bug-Debian: https://bugs.debian.org/966855
+Forwarded: no
+
+---
+
+--- hexcurse-1.58.orig/include/hex.h
 hexcurse-1.58/include/hex.h
+@@ -126,7 +126,7 @@ extern char EBCDIC[256];
+ #define max(a,b) ((a) >(b) ? (a) : (b))
+ #endif
+ 
+-FILE *fpIN, *fpOUT;   /* global file ptrs   */
++extern FILE *fpIN, *fpOUT;/* global file ptrs 
  */
+ 
+ /* function prototypes */
+ 
+--- hexcurse-1.58.orig/src/file.c
 hexcurse-1.58/src/file.c
+@@ -18,6 +18,8 @@
+ 
\**/
+ #include "hex.h"
+ 
++FILE *fpIN, *fpOUT;
++
+ /***\
+  * Description: prints out a line of text to the screen*
+  *the current address line and both the  *
diff -Nru hexcurse-1.58/debian/patches/series 
hexcurse-1.58/debian/patches/series
--- hexcurse-1.58/debian/patches/series 2020-03-29 19:36:45.0 +0100
+++ hexcurse-1.58/debian/patches/series 2020-08-31 19:42:46.0 +0100
@@ -3,3 +3,4 @@
 0001-explicitly-mark-fallthrough-case.patch
 0001-fix-format-truncation-error-with-GCC-7.patch
 fix_ftbfs.patch
+gcc-10.patch

Bug#969305: [Pkg-zsh-devel] Bug#969305: zsh: safe-rm needs to be added to the default path of interactive shells to work

[Francois Marier]

On 2020-08-31 at 04:41:56, Daniel Shahaf wrote:
> I guess it should be in the zprofile file, guarded by a [[ -o interactive ]] 
> check.

>From the comment in /etc/zsh/zshrc:

  # This file is sourced only for interactive shells. It
  # should contain commands to set up aliases, functions,
  # options, key bindings, etc.

I thought it was a better fit, given that /etc/zsh/zprofile claims it's only
for login shells:

  # This file is sourced only for login shells (i.e. shells
  # invoked with "-" as the first character of argv[0], and
  # shells invoked with the -l flag.)

Or maybe I got that wrong?

> > However, I don't see a way for packages to do this. So I guess there would
> > be two ways to make this possible:
> > 
> > 1. The main /etc/zsh/zshrc script could source all .sh files in a new
> >/etc/zsh/zshrc.d/ directory.
> > 2. The /etc/zsh/zshrc that ships in Debian could include the above.
> > 
> > Are either of these something you'd be willing to consider?
> 
> I don't have an opinion one way or the other.
> 
> I do note that option #2 would cause a stat(2) call during shell startup
> for everyone who _doesn't_ use safe-rm.  Would that be a problem?
> (E.g., slower shell startup)

Good point about the extra stat. I honestly don't know whether that kind of
impact can even be reliably measured, but you're right that it would be
unnecessary for non-users of safe-rm.

> Probably not what you had in mind, but my first instinct here is to look
> for a shell-independent solution.  For example:

Indeed, that's an excellent approach and is in fact where I started.

> 3. Get the OS to add /usr/share/safe-rm/bin to $PATH before the user's
> shell is executed in the first place.  (On FreeBSD that'd be
> login.conf(5), but I don't know what the Linux equivalent is.)

That appears to be in /etc/login.defs, but without any way for a package to
configure.

There was a nice way to do that in the past given that /usr/bin was in front
of /bin in the path, but that became impossible once /usr/bin and /bin got
merged:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759410

> 4. Use dpkg-divert(8) to replace /bin/rm with a wrapper that calls
> either safe-rm or the diverted rm binary, depending on whether it's
> interactive or not.

That was my first attempt and it turned out to be extremely risky and hard
to get right:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489690

> If you don't already know them, see RM_STAR_SILENT and RM_STAR_WAIT in
> zshoptions(1).

Oh, that's very cool! A very good complement to safe-rm in fact since
that's not something safe-rm can do anything about since the shell expands
these globs before passing the paths to the rm command.

> P.S.  Compare #489646, about providing a directory for packages to drop
> completion files into.  (That didn't involve reimplementing
> run-parts(1), though; it was just a matter of adding a directory to
> a list of directories.)

Yes, having a /usr/share/zsh/vendor-config/ or similar would be very good.
It certainly doesn't have to live in /etc/.

Francois

-- 
https://fmarier.org/

Bug#969348: buster-pu: package node-bl/1.1.2-1+deb10u1

[Xavier Guimard]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
node-bl is vunerable to CVE-2020-8244 (#969309): A buffer over-read
vulnerability exists which could allow an attacker to supply user input
(even typed) that if it ends up in consume() argument and can become
negative, the BufferList state can be corrupted, tricking it into exposing
uninitialized memory via regular .slice() calls.

I simply imported upstream change
Origin: https://github.com/rvagg/bl/commit/d3e240e3
Bug:https://hackerone.com/reports/966347
Bug-Debian: https://bugs.debian.org/969309

[ Impact ]
Vulnerability stays.

[ Tests ]
Change is simple and test passed (during build)

[ Risks ]
Low risk: change isn't big and test passed

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
The patch just check better buffer size
diff --git a/debian/changelog b/debian/changelog
index c041e5a..462fb49 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-bl (1.1.2-1+deb10u1) buster; urgency=medium
+
+  * Team upload
+  * Add patch to fix over-read vulnerability (Closes: #969309, CVE-2020-8244)
+
+ -- Xavier Guimard   Mon, 31 Aug 2020 10:35:09 +0200
+
 node-bl (1.1.2-1) unstable; urgency=low
 
   * Team upload.
diff --git a/debian/patches/CVE-2020-8244.diff 
b/debian/patches/CVE-2020-8244.diff
new file mode 100644
index 000..5512d60
--- /dev/null
+++ b/debian/patches/CVE-2020-8244.diff
@@ -0,0 +1,53 @@
+Description: fix buffer over-read vulnerability
+ CVE-2020-8244:
+ A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and
+ <2.2.1 which could allow an attacker to supply user input (even
+ typed) that if it ends up in consume() argument and can become
+ negative, the BufferList state can be corrupted, tricking it into
+ exposing uninitialized memory via regular .slice() calls.
+Author: Matteo Collina 
+Origin: upstream, https://github.com/rvagg/bl/commit/d3e240e3
+Bug: https://hackerone.com/reports/966347
+Bug-Debian: https://bugs.debian.org/969309
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard 
+Last-Update: 2020-08-31
+
+--- a/bl.js
 b/bl.js
+@@ -159,18 +159,22 @@
+ 
+ if (bytes > l) {
+   this._bufs[i].copy(dst, bufoff, start)
++  bufoff += l
+ } else {
+   this._bufs[i].copy(dst, bufoff, start, start + bytes)
++  bufoff += l
+   break
+ }
+ 
+-bufoff += l
+ bytes -= l
+ 
+ if (start)
+   start = 0
+   }
+ 
++  // safeguard so that we don't return uninitialized memory
++  if (dst.length > bufoff) return dst.slice(0, bufoff)
++
+   return dst
+ }
+ 
+@@ -179,6 +183,11 @@
+ }
+ 
+ BufferList.prototype.consume = function consume (bytes) {
++  // first, normalize the argument, in accordance with how Buffer does it
++  bytes = Math.trunc(bytes)
++  // do nothing if not a positive number
++  if (Number.isNaN(bytes) || bytes <= 0) return this
++
+   while (this._bufs.length) {
+ if (bytes >= this._bufs[0].length) {
+   bytes -= this._bufs[0].length
diff --git a/debian/patches/series b/debian/patches/series
index 6d46f5b..762aa7d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 00-readable_stream.patch
 01-use_tap.patch
+CVE-2020-8244.diff

Bug#968519: dropbear-initramfs: race condition prevents launch at boot

[Forest]

Thanks, Guilhem.

Is anything more needed from me to get this fixed?

Bug#969015: radicale: ignores umask

[Forest]

Upstream have acknowledged the bug and stated that they no longer want to
update Radicale 2.x. The bug is fixed in 3.x. Any chance Debian will move to
the new version soon?

https://github.com/Kozea/Radicale/pull/1096#issuecomment-683684617

Bug#958565: (no subject)

[Philip Rinn]

owner 958565 !
retitle 958565 ITP: solo-python -- command line interface for SoloKeys
thanks



Seems to be easy to package so I'll just take it myself ;-)

Best
Philip

Bug#937255: pbgenomicconsensus: Python2 removal in sid/bullseye

[Moritz Mühlenhoff]

On Fri, Aug 30, 2019 at 07:30:23AM +, Matthias Klose wrote:
> Package: src:pbgenomicconsensus
> Version: 2.3.2-5
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
> 
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the distribution, as discussed in
> https://lists.debian.org/debian-python/2019/07/msg00080.html

Upstream development seems to have stalled, let's remove?

Cheers,
Moritz

Bug#937102: mysql-workbench: Python2 removal in sid/bullseye

[Moritz Mühlenhoff]

On Fri, Aug 30, 2019 at 07:27:37AM +, Matthias Klose wrote:
> Package: src:mysql-workbench
> Version: 8.0.17+dfsg-1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
> 
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the distribution, as discussed in
> https://lists.debian.org/debian-python/2019/07/msg00080.html

There's radio silence on https://bugs.mysql.com/bug.php?id=98839,
let's remove?

Cheers,
Moritz

Bug#937940: python-nemu: Python2 removal in sid/bullseye

[Moritz Mühlenhoff]

On Fri, Mar 27, 2020 at 11:57:00PM +0100, Moritz Mühlenhoff wrote:
> On Fri, Aug 30, 2019 at 07:42:40AM +, Matthias Klose wrote:
> > Package: src:python-nemu
> > Version: 0.3.1-1
> > Severity: normal
> > Tags: sid bullseye
> > User: debian-pyt...@lists.debian.org
> > Usertags: py2removal
> > 
> > Python2 becomes end-of-live upstream, and Debian aims to remove
> > Python2 from the distribution, as discussed in
> > https://lists.debian.org/debian-python/2019/07/msg00080.html
> 
> Hi Martina,
> given that you're also the upstream of python-nemu, are you planning
> to port it to Python 3 or should it be removed?

Gentle ping

Cheers,
Moritz
 

Bug#969347: RFP: bazel-platforms -- Bazel platforms values

[Olek Wojnar]

Package: wnpp
Severity: wishlist

* Package name: bazel-platforms
  Version : Latest
  Upstream Author : Google 
* URL : https://github.com/bazelbuild/platforms
* License : Apache
  Programming Lang: Configuration data
  Description : Bazel platforms values

All canonical constraint_setting()s, constraint_value()s and platform()s that
are universally useful across languages and Bazel projects.



For eventual packaging of non-bootstrap bazel packages.

Bug#936268: caldav-tester: Python2 removal in sid/bullseye

[Moritz Mühlenhoff]

On Fri, Jul 10, 2020 at 11:39:09PM +0200, Moritz Mühlenhoff wrote:
> On Mon, Jul 06, 2020 at 10:11:51PM +0200, Petter Reinholdtsen wrote:
> > I lack the capacity to port it to python 3 myself,
> 
> I guess we better remove it then, see below.
> 
> > but hope upstream
> > have done so already or will do it in time.  I have not had capacity to
> > track upstream developers either, so I do not know if this already
> > happened. :(
> 
> It seems abandoned by Apple, there are no material commits after 2016:
> https://github.com/apple/ccs-caldavtester/commits/master
> 
> More importantly the underlying Python lib is similarly stalled:
> https://github.com/apple/ccs-pycalendar/issues/1

Let's remove?

Cheers,
Moritz

Bug#969346: RFP: bazel-java-tools -- Bazel Tools for Java

[Olek Wojnar]

Package: wnpp
Severity: wishlist

* Package name: bazel-java-tools
  Version : javac14_v1.0
  Upstream Author : Google
* URL : https://github.com/bazelbuild/java_tools
* License : Apache
  Programming Lang: C++ and Java
  Description : Bazel Tools for Java

The tools used by Bazel to compile Java.



Ultimately needed for non-bootstrap bazel packages

Bug#969342: prometheus-blackbox-exporter: [INTL:nl] Dutch translation of debconf messages

[Frans Spiesschaert]

 
 
Package: prometheus-blackbox-exporter 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the Dutch translation of prometheus-blackbox-
exporter debconf messages. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as debian/po/nl.po in your package build tree. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#969343: freezer: [INTL:nl] Dutch translation of debconf messages

[Frans Spiesschaert]

 
 
Package: freezer 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the Dutch translation of freezer debconf
messages. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as debian/po/nl.po in your package build tree. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#969344: ddclient: [INTL:nl] Dutch translation of debconf messages

[Frans Spiesschaert]

 
 
Package: ddclient 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the updated Dutch translation of ddclient debconf
messages. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as debian/po/nl.po in your package build tree. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#969345: nvme-cli: debian/package.bash-completion not needed

[Dan Streetman]

Package: nvme-cli
Version: 1.9-1
Severity: minor

Dear Maintainer,

The debian/package.bash-completion file is not needed, as the bash
completion script is installed/packaged by the Makefile.

Bug#969341: knot-resolver: [INTL:nl] Dutch translation of debconf messages

[Frans Spiesschaert]

 
 
Package: knot-resolver 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the Dutch translation of knot-resolver debconf
messages. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as debian/po/nl.po in your package build tree. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#968467: RFP: python3-librosa -- module for audio and music processing

[Emmanuel Arias]

Hi,

I can help.

Do you plan to move librosa under python team?

In this case you should create the repository in the team.

Cheers,
Arias Emmanuel
@eamanu
yaerobi.com

Bug#969183: nvme-cli: bring debhelper compat to 13 and fix build deps

[Dan Streetman]

> This adds some build deps there were missing:
> uuid-dev

I should have also mentioned that without the uuid-dev package
installed at build time, the nvme command 'gen-hostnqn' can't be
built, so this patch does fix that.

Bug#969183: Fwd: Bug#969183: nvme-cli: bring debhelper compat to 13 and fix build deps

[Dan Streetman]

> This adds some build deps there were missing:
> uuid-dev

I should have also mentioned that without the uuid-dev package
installed at build time, the nvme command 'gen-hostnqn' can't be
built, so this patch does fix that.

Also this is related to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969340

and in Ubuntu, this bug:
https://bugs.launchpad.net/ubuntu/+source/nvme-cli/+bug/1867366

Bug#969331: rviz: [rospack] Error: no such package media_export

[Jochen Sprickerhof]

* Johannes Schauer  [2020-08-31 18:43]:

The only difference between before and after are the additional dbgsym packages
as well as the upgrade of libogre-1.9.0v5 to the newer binNMU version.

Thus, I guess a version constraint is not tight enough somewhere?


Afaik Debian doesn't guarantee this.

* Johannes 'josch' Schauer  [2020-08-31 16:54]:

-- System Information:
Debian Release: bullseye/sid
 APT prefers stable
 APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 'stable-updates'), 
(500, 'unstable'), (500, 'testing'), (1, 'experimental')


Uhm.. https://wiki.debian.org/DontBreakDebian

Please close if you agree.

Cheers Jochen


signature.asc
Description: PGP signature

Bug#969340: nvme-cli: generate /etc/nvme/host* files at install time, not build time

[Dan Streetman]

Package: nvme-cli
Version: 1.12-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu groovy ubuntu-patch

Dear Maintainer,

The nvme-cli package currently generates the /etc/nvme/hostnqn and
/etc/nvme/hostid files during the build, which results in the content
of the files being identical for all installed systems. Since these
files are supposed to contain ids unique to the installed system,
having them included in the binary package is incorrect, and instead
they should be generated during package install.

This patch removes the files from the binary package, and adds a postinst
to generate the files (if needed).

Note that this also requires the patch from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969183
because without that patch, the build doesn't include uuid-dev, and the
nvme 'gen-hostnqn' command is not able to be built.

This is also tracked in Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/nvme-cli/+bug/1867366

Thanks for considering the patch.
diff -Nru nvme-cli-1.12/debian/nvme-cli.postinst 
nvme-cli-1.12/debian/nvme-cli.postinst
--- nvme-cli-1.12/debian/nvme-cli.postinst  1969-12-31 19:00:00.0 
-0500
+++ nvme-cli-1.12/debian/nvme-cli.postinst  2020-08-31 14:11:37.0 
-0400
@@ -0,0 +1,11 @@
+#!/bin/sh -e
+
+if [ ! -s /etc/nvme/hostnqn ]; then
+nvme gen-hostnqn > /etc/nvme/hostnqn
+fi
+
+if [ ! -s /etc/nvme/hostid ]; then
+uuidgen > /etc/nvme/hostid
+fi
+
+exit 0
diff -Nru nvme-cli-1.12/debian/package.bash-completion 
nvme-cli-1.12/debian/package.bash-completion
--- nvme-cli-1.12/debian/package.bash-completion2017-02-06 
08:20:45.0 -0500
+++ nvme-cli-1.12/debian/package.bash-completion1969-12-31 
19:00:00.0 -0500
@@ -1 +0,0 @@
-bash_completion.d/nvme
diff -Nru nvme-cli-1.12/debian/rules nvme-cli-1.12/debian/rules
--- nvme-cli-1.12/debian/rules  2018-08-06 12:12:32.0 -0400
+++ nvme-cli-1.12/debian/rules  2020-08-31 14:11:23.0 -0400
@@ -7,6 +7,10 @@
 
 override_dh_auto_install:
dh_auto_install -- PREFIX=/usr
+   # Remove build-time unique id files, instead these will be
+   # generated by the postinst script
+   rm -f debian/nvme-cli/etc/nvme/hostid
+   rm -f debian/nvme-cli/etc/nvme/hostnqn
 
 override_dh_auto_test:
# Overriding auto test, since the tests require that the build machine

Bug#969338: qiv FTCBFS: strips with the build architecture strip

[Helmut Grohne]

Source: qiv
Version: 2.3.2-1
Tags: patch upstream
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

Now that #879108 is fixed, upstream introduced a new of breaking cross
builds: stripping with the build architecture strip via install -s.
Beyond breaking cross compilation, this also breaks
DEB_BUILD_OPTIONS=nostrip as well as generation of -dbgsym packages.
dh_auto_install therefore passes an INSTALL that ignores the -s flag,
but qiv doesn't have a substitutable install. The attached patch fixes
all of the above. Please consider applying it as well.

Helmut
--- qiv-2.3.2.orig/Makefile
+++ qiv-2.3.2/Makefile
@@ -55,6 +55,7 @@
 endif
 
 PKG_CONFIG ?= pkg-config
+INSTALL?= install
 #CFLAGS= -O0 -g -Wall
 CFLAGS= -O2 -Wall \
 	-fcaller-saves -ffast-math -fno-strength-reduce \
@@ -145,26 +146,26 @@
 install: $(PROGRAM)
 	@echo "Installing QIV..."
 	@if [ ! -e $(PREFIX)/bin ]; then \
-	  install -d -m 0755 $(PREFIX)/bin; \
+	  $(INSTALL) -d -m 0755 $(PREFIX)/bin; \
 	  echo install -d -m 0755 $(PREFIX)/bin; \
 fi
-	install -s -m 0755 $(PROGRAM) $(PREFIX)/bin
+	$(INSTALL) -s -m 0755 $(PROGRAM) $(PREFIX)/bin
 	@if [ ! -e $(PREFIX)/share/man/man1 ]; then \
 	  echo install -d -m 0755 $(PREFIX)/share/man/man1; \
-	  install -d -m 0755 $(PREFIX)/share/man/man1; \
+	  $(INSTALL) -d -m 0755 $(PREFIX)/share/man/man1; \
 	fi
-	install -m 0644 $(PROGRAM).1 $(PREFIX)/share/man/man1
+	$(INSTALL) -m 0644 $(PROGRAM).1 $(PREFIX)/share/man/man1
 	$(COMPRESS_PROG) $(PREFIX)/share/man/man1/$(PROGRAM).1
 	@if [ ! -e $(PREFIX)/share/pixmaps ]; then \
 	  echo install -d -m 0755 $(PREFIX)/share/pixmaps; \
-	  install -d -m 0755 $(PREFIX)/share/pixmaps; \
+	  $(INSTALL) -d -m 0755 $(PREFIX)/share/pixmaps; \
 	fi
-	install -m 0644 qiv.png $(PREFIX)/share/pixmaps/qiv.png
+	$(INSTALL) -m 0644 qiv.png $(PREFIX)/share/pixmaps/qiv.png
 	@if [ ! -e $(PREFIX)/share/applications ]; then \
 	  echo install -d -m 0755 $(PREFIX)/share/applications; \
-	  install -d -m 0755 $(PREFIX)/share/applications; \
+	  $(INSTALL) -d -m 0755 $(PREFIX)/share/applications; \
 	fi
-	install -m 0644 qiv.desktop $(PREFIX)/share/applications/qiv.desktop
+	$(INSTALL) -m 0644 qiv.desktop $(PREFIX)/share/applications/qiv.desktop
 	@if ./qiv -f ./intro.jpg ; \
 	then echo "-- Test Passed --" ; \
 	else echo "-- Test Failed --" ; \

Bug#969328: ITP: golang-github-mendersoftware-openssl -- OpenSSL bindings for Go

[Lluis Campos]

Package: wnpp
Severity: wishlist
Owner: Lluis Campos 

* Package name: golang-github-mendersoftware-openssl
  Version : 1.0.9-1
  Upstream Author : Mender
* URL : https://github.com/mendersoftware/openssl
* License : Apache-2.0
  Programming Lang: Go
  Description : OpenSSL bindings for Go

 OpenSSL bindings for Go. This project is a fork of Space Monkey Go OpenSSL
 bindings (https://github.com/spacemonkeygo/openssl) maintained by
 Northern.tech. The project has been extended to cover more OpenSSL
 function calls.

Required for the upcoming upstream update of mender package.

Bug#966633: [debian-mysql] Bug#966633: libmariadb3: In Perl, doing a ping() after a disconnect() causes a segfault using DBD::mysql

[Otto Kekäläinen]

> Hi, Otto,
>
> I did submit my patch to upstream and it was
> accepted into 3.1:
>
> https://github.com/mariadb-corporation/mariadb-connector-c/pull/144
>
> It would be great if you could apply this patch to your next
> minor update rather than waiting for 3.1, however, because it
> does fix a very annoying Perl DBD::mariadb problem as I
> mentioned in the original bug report.

Sure. Done in 
https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commit/42aa94496c3438a623cc1faf25e679f19bbfffc3
for Debian unstable.

Bug#969298: Kerberos authentication broken

[Eric Dorland]

* Ilias Tsitsimpis (ilias...@debian.org) wrote:
> Hi Eric,
> 
> On Sun, Aug 30, 2020 at 06:32PM, Eric Dorland wrote:
> > Kerberos authentication appears to be broken.
> > [...]
> > Versions of packages offlineimap depends on:
> > ii  python-imaplib2  2.57-5.1
> > ii  python-six   1.15.0-1
> > ii  python2  2.7.18-2
> > 
> > Versions of packages offlineimap recommends:
> > ii  python-socks  1.6.8+dfsg-1.1
> > 
> > Versions of packages offlineimap suggests:
> > pn  python-gssapi  
> 
> OfflineIMAP requires `python-gssapi` for Kerberos authentication, which
> is missing from your system. Could you please install `python-gssapi`
> and retry?

Ahh, it looks like python-gssapi has been removed from unstable :(

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

Bug#969331: rviz: [rospack] Error: no such package media_export

[Jochen Sprickerhof]

Hi josch,

* Johannes 'josch' Schauer  [2020-08-31 16:54]:

starting rviz on Debian unstable currently yields the following output:

[ INFO] [1598885512.042478573]: rviz version 1.14.1
[ INFO] [1598885512.042531596]: compiled against Qt version 5.14.2
[ INFO] [1598885512.042547093]: compiled against OGRE version 1.9.0 (Ghadamon)
[ INFO] [1598885512.052974842]: Forcing OpenGl version 0.
[ INFO] [1598885512.592152405]: Stereo is NOT SUPPORTED
[ INFO] [1598885512.592246596]: OpenGl version: 4.6 (GLSL 4.6).
[rospack] Error: no such package media_export
[librospack]: error while executing command


I get those as well.


zsh: segmentation fault  rviz


But I don't get this, but rviz starts normally for me. Can you attach 
gdb and get a backtrace?


Cheers Jochen


signature.asc
Description: PGP signature

Bug#965995: dnscrypt-proxy: Purging fails: rm: cannot remove '/etc/dnscrypt-proxy/dnscrypt-proxy.conf.dpkg-bak': Is a directory

[Eric Dorland]

* Axel Beckert (a...@debian.org) wrote:
> Package: dnscrypt-proxy
> Version: 2.0.44+ds1-2
> Severity: serious
> X-Debbugs-Cc: Axel Beckert 
> 
> Purging dnscrypt-proxy fails for me as follows (and IIRC I never changed
> anything from the default config, but the package might have a bit on
> history on that machine):
> 
> # dpkg --purge dnscrypt-proxy
> (Reading database ... 1190427 files and directories currently installed.)
> Purging configuration files for dnscrypt-proxy (2.0.44+ds1-2) ...
> rm: cannot remove '/etc/dnscrypt-proxy/dnscrypt-proxy.conf.dpkg-bak': Is a 
> directory
> dpkg: error processing package dnscrypt-proxy (--purge):
>  installed dnscrypt-proxy package post-removal script subprocess returned 
> error exit status 1
> Errors were encountered while processing:
>  dnscrypt-proxy
> 
> Might be just a missing "-r" to "rm" in the postrm script or so.

So this appears to be a bug related to a mess in the past where there
was a /etc/dnscrypt-proxy/dnscrypt-proxy.conf directory created at
some point. I'm using dpkg-maintscript-helper but it appears to
failing on this edge case.

-- 
Eric Dorland 
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93


signature.asc
Description: PGP signature

Bug#969337: libgradle-plugins-java: depends on a transitional package

[Damir R. Islamov]

Package: libgradle-plugins-java
Version: 4.4.1-12
Severity: normal

Dear Maintainer,

The package depends on a transitional `libplexus-container-default1.5-java'
instead of actual one `libplexus-container-default-java'.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.7.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libgradle-plugins-java depends on:
ii  ant-optional  1.10.8-1
ii  bnd   5.0.1-2
ii  junit44.12-8
ii  libantlr-java 2.7.7+dfsg-10
ii  libatinject-jsr330-api-java   1.0+ds1-5
ii  libbcpg-java  1.65-1
ii  libbsh-java   2.0b4-20
ii  libcommons-cli-java   1.4-1
ii  libdd-plist-java  1.20-1
ii  libdom4j-java 2.1.1-4
ii  libfindbugs-java  3.1.0~preview2-3
ii  libgoogle-gson-java   2.8.6-1
ii  libgradle-core-java   4.4.1-12
ii  libguice-java 4.2.3-1
ii  libjatl-java  0.2.3-1
ii  libjaxen-java 1.1.6-4
ii  libjcifs-java 1.3.19-2
ii  libjgit-java  3.7.1-6
ii  libjs-jquery  3.5.1+dfsg-4
ii  libmaven-resolver-java1.4.2-1
ii  libmaven3-core-java   3.6.3-1
ii  libobjenesis-java 3.1-1
ii  libplexus-component-annotations-java  2.1.0-1
ii  libplexus-container-default1.5-java   2.1.0-1
ii  libplexus-interpolation-java  1.26-1
ii  libplexus-utils2-java [libplexus-utils-java]  3.3.0-1
ii  libpolyglot-maven-java0.8~tobrien+git20120905-10
ii  librhino-java 1.7.7.1-1
ii  libsimple-http-java   4.1.21-1
ii  libwagon-file-java3.3.4-1
ii  libwagon-http-java3.3.4-1
ii  libxerces2-java   2.12.1-1
ii  testng6.9.12-4

libgradle-plugins-java recommends no packages.

libgradle-plugins-java suggests no packages.

-- no debconf information

Bug#969331: rviz: [rospack] Error: no such package media_export

[Johannes Schauer]

Quoting Jochen Sprickerhof (2020-08-31 18:31:58)
> * Johannes 'josch' Schauer  [2020-08-31 16:54]:
> >starting rviz on Debian unstable currently yields the following output:
> >
> >[ INFO] [1598885512.042478573]: rviz version 1.14.1
> >[ INFO] [1598885512.042531596]: compiled against Qt version 5.14.2
> >[ INFO] [1598885512.042547093]: compiled against OGRE version 1.9.0 
> >(Ghadamon)
> >[ INFO] [1598885512.052974842]: Forcing OpenGl version 0.
> >[ INFO] [1598885512.592152405]: Stereo is NOT SUPPORTED
> >[ INFO] [1598885512.592246596]: OpenGl version: 4.6 (GLSL 4.6).
> >[rospack] Error: no such package media_export
> >[librospack]: error while executing command
> 
> I get those as well.
> 
> >zsh: segmentation fault  rviz
> 
> But I don't get this, but rviz starts normally for me. Can you attach gdb and
> get a backtrace?

aha, so that was a red herring! I thought the segfault was due to the
media_export error message.

To get a better backtrace, I installed the dbgsym packages for rviz, librviz5d
and libogre-1.9.0v5. In the process, the package libogre-1.9.0v5 with version
1.9.0+dfsg1-12+b1 got replaced by version 1.9.0+dfsg1-12+b2.

Now it works.

The only difference between before and after are the additional dbgsym packages
as well as the upgrade of libogre-1.9.0v5 to the newer binNMU version.

Thus, I guess a version constraint is not tight enough somewhere?

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#969298: Kerberos authentication broken

[Ilias Tsitsimpis]

Hi Eric,

On Sun, Aug 30, 2020 at 06:32PM, Eric Dorland wrote:
> Kerberos authentication appears to be broken.
> [...]
> Versions of packages offlineimap depends on:
> ii  python-imaplib2  2.57-5.1
> ii  python-six   1.15.0-1
> ii  python2  2.7.18-2
> 
> Versions of packages offlineimap recommends:
> ii  python-socks  1.6.8+dfsg-1.1
> 
> Versions of packages offlineimap suggests:
> pn  python-gssapi  

OfflineIMAP requires `python-gssapi` for Kerberos authentication, which
is missing from your system. Could you please install `python-gssapi`
and retry?

-- 
Ilias

Bug#969336: libsaxonhe-java: Depends on a transitional package

[Damir R. Islamov]

Package: libsaxonhe-java
Version: 9.9.1.5+dfsg-1
Severity: normal

Dear Maintainer,

The Package debends on transitional libintellij-annotations-java
instead of actual libjetbrains-annotations-java.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.7.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libsaxonhe-java depends on:
ii  libdom4j-java2.1.1-4
ii  libicu4j-java62.1-2
ii  libintellij-annotations-java 20.0.0-1
ii  libjdom1-java1.1.3-2
ii  libxml-commons-resolver1.1-java  1.2-10
ii  libxom-java  1.2.10-1

libsaxonhe-java recommends no packages.

libsaxonhe-java suggests no packages.

-- no debconf information

Bug#967019: openjdk-13: FTBFS: tests failed, and then build hangs

[Matthias Klose]

Control: tags -1 + moreinfo
Control: severity -1 important

did a no-change build today in a fresh chroot on a local machine, which
succeeded.  Will recheck with the next upload.

Bug#969335: ITP: golang-github-rickb777-plural -- Simple Go API for Pluralisation

[Arun Kumar Pariyar]

Package: wnpp
Severity: wishlist
Owner: Arun Kumar Pariyar 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: golang-github-rickb777-plural
  Version : 1.2.1-1~exp1
* URL : https://github.com/rickb777/plural
* License : BSD-3-clause
  Programming Lang: Go
  Description : Simple Go API for Pluralisation

This package provides simple support for localising plurals in a flexible range
of different styles.

Bug#969333: roundcube-plugins-extra: thunderbird_labels requires an upgrade

[Ludovic CHEVALIER]

Package: roundcube-plugins-extra
Version: 1.3.8-20190219
Severity: grave
Tags: patch
Justification: renders package unusable

Dear Maintainer,

When I activate thunderbird_labels (that come from
roundcube-plugins-extra debian package), I can't go to my
?_task=settings page anymore.  For example, in Inbox folder, if I try
to set a label, roundcube returns:
 "Internal Server Error".
In server logs, I've got this message: FastCGI sent in stderr: "PHP message: PHP
 Fatal error:  Uncaught Error: Call to undefined function
 get_input_value() in
 /usr/share/roundcube/plugins/thunderbird_labels/thunderbird_labels.php:341

To fix this issue, I've moved
/usr/share/roundcube/plugins/thunderbird_labels/ folder and replace it
by the latest version of this plugin (
https://github.com/mike-kfed/roundcube-thunderbird_labels - v1.4.8 ).

Is it possible to make this version available in a further stable
package version?

Thanks.

--
Ludo

-- System Information:
Debian Release: 10.5
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages roundcube-plugins-extra depends on:
ii  libjs-jquery-mousewheel  1:3.1.13-2
ii  roundcube-core   1.3.15+dfsg.1-1~deb10u1

roundcube-plugins-extra recommends no packages.

Versions of packages roundcube-plugins-extra suggests:
pn  fail2ban  

-- no debconf information

Bug#964432: ruby-rails update destroy redmine issue number linking

[Mike Gabriel]

Hi Sylvain,

On  Mo 31 Aug 2020 12:34:07 CEST, Sylvain Beucler wrote:


Hi all,

On 03/08/2020 16:43, Utkarsh Gupta wrote:

On Mon, Aug 3, 2020 at 6:02 PM Sylvain Beucler  wrote:

This version is now impacted by new security issues, such as
CVE-2020-8163, so I would recommend upgrading anyway.  There is no place
to upload a new version (in particular, not in ELTS where neither rails
nor redmine are supported),


This is not part of Debian per-se, but rails was recently added back to
the list of supported packages in ELTS.

Mike (in Cc:) claimed the next upload, so this is an opportunity to
address a possible regression in CVE-2020-8164/CVE-2020-8165.

Cheers!
Sylvain


thanks for Cc:ing me! Will take a look into issues tackled above.

Greets,
Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgplUHF33AWAm.pgp
Description: Digitale PGP-Signatur

Bug#969334: ITP: golang-github-teambition-rrule-go -- Go library for working with recurrence rules for calendar dates.

[Arun Kumar Pariyar]

Package: wnpp
Severity: wishlist
Owner: Arun Kumar Pariyar 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: golang-github-teambition-rrule-go
  Version : 1.6.0-1~exp1
  Upstream Author : Teambition 
* URL : https://github.com/teambition/rrule-go
* License : MIT
  Programming Lang: Go
  Description : Go library for working with recurrence rules for calendar
dates.

The rrule module offers a complete implementation of the recurrence rules
documented in the iCalendar RFC. It is a partial port of the rrule module from
the excellent python-dateutil library.

Bug#969332: RFP: pulseaudio-module-xrdp - module for audio support through xrdp

[Alexander Volkov]

Package: wnpp
Severity: RFP


https://github.com/neutrinolabs/pulseaudio-module-xrdp

module-xrdp-sink is licensed under the Apache License, Version 2.0

module-xrdp-source is licensed under LGPL2+

Bug#969246: RFP: coffeine -- CLI tool to keep your [device|mobile phone] from blanking or suspending

[Andrej Shadura]

On Sun, 30 Aug 2020 00:46:40 +0200 Sebastian Spaeth
 wrote:
> Package: coffein
> Version: 0.2; reported 2020-08-29
> Severity: wishlist
> 
> * Package name : coffeine
> Version : 0.2
> Upstream Author : Sebastian Spaeth 
> * URL : https://gitlab.com/sspaeth/coffeine/
> * License : GPL-3+
> Description : Keeps your computer awake at day (& night)
> 
> ... as long as your desktop supports the org.freedesktop.ScreenSaver 
> standard.
> 
> Just type 'coffeine YOURPROGRAMHERE' to prevent the screensaver from 
> interrupting your video session or your system from suspending while you 
> apt dist-upgrade it.

We already have caffeine, do we need another program for the same
purpose with a confusingly similar (but different) name?

https://packages.qa.debian.org/c/caffeine.html

-- 
Cheers,
  Andrej

Bug#969300: ITP: mmhelper -- A small program to help solving Mastermind puzzles.

[jathan]

On 31/08/2020 02:43, Andrei POPESCU wrote:
> Control: reassign -1 wnpp
> 
> On Du, 30 aug 20, 18:26:01, jathan wrote:
>> Package: mmhelper
>> Severity: wishlist
>>
>>   * Package name: mmhelper
>> Version : 1.0
>> Upstream Author : Octavio Alvarez 
>>   * License : AGPL-3
>>   * URL : https://gitlab.com/alvarezp2000/mmhelper
>>   * Description : A small program to help solving Mastermind puzzles.
>>
>> A nice program to find the right code in the game Mastermind.
>>
>> -- 
>> Por favor evita enviarme adjuntos en formato de word o powerpoint, si
>> quieres saber porque lee esto:
>> http://www.gnu.org/philosophy/no-word-attachments.es.html
>> ¡Cámbiate a GNU/Linux! http://getgnulinux.org/es
>>
> 
> 
> Kind regards,
> Andrei
> 
Hi Andrei,

What does it mean "Control: reassign -1 wnpp" please?

Regards
Jathan

-- 
Por favor evita enviarme adjuntos en formato de word o powerpoint, si
quieres saber porque lee esto:
http://www.gnu.org/philosophy/no-word-attachments.es.html
¡Cámbiate a GNU/Linux! http://getgnulinux.org/es



signature.asc
Description: OpenPGP digital signature

Bug#969331: rviz: [rospack] Error: no such package media_export

[Johannes 'josch' Schauer]

Package: rviz
Version: 1.14.1+dfsg-1
Severity: grave
Justification: renders package unusable

Hi,

starting rviz on Debian unstable currently yields the following output:

[ INFO] [1598885512.042478573]: rviz version 1.14.1
[ INFO] [1598885512.042531596]: compiled against Qt version 5.14.2
[ INFO] [1598885512.042547093]: compiled against OGRE version 1.9.0 (Ghadamon)
[ INFO] [1598885512.052974842]: Forcing OpenGl version 0.
[ INFO] [1598885512.592152405]: Stereo is NOT SUPPORTED
[ INFO] [1598885512.592246596]: OpenGl version: 4.6 (GLSL 4.6).
[rospack] Error: no such package media_export
[librospack]: error while executing command
zsh: segmentation fault  rviz

Maybe triggered by this line?

https://sources.debian.org/src/ros-rviz/1.14.1+dfsg-1/src/rviz/ogre_helpers/render_system.cpp/?hl=316#L318

According to the package.xml, rviz depends on media_export but that one
is not packaged yet?

Thanks!

cheers, josch


-- System Information:
Debian Release: bullseye/sid
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 
'stable-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages rviz depends on:
ii  fonts-liberation   1:1.07.4-9
ii  libboost-filesystem1.71.0  1.71.0-6+b2
ii  libboost-thread1.71.0  1.71.0-6+b2
ii  libc6  2.31-2
ii  libclass-loader1d  0.5.0-1
ii  libconsole-bridge0.4   0.4.3+dfsg-1
ii  libgcc-s1  10.2.0-3
ii  libimage-transport0d   1.12.0-1+b1
ii  libinteractive-markers2d   1.12.0-3
ii  liblaser-geometry0d1.6.5-1+b1
ii  libmessage-filters1d   1.15.8+ds1-1
ii  libogre-1.9.0v51.9.0+dfsg1-12+b1
ii  libopengl0 1.3.1-1
ii  libqt5core5a   5.14.2+dfsg-4
ii  libqt5gui5 5.14.2+dfsg-4
ii  libqt5svg5 5.14.2-2
ii  libqt5widgets5 5.14.2+dfsg-4
ii  librosconsole3d1.14.2-1
ii  libroscpp-serialization0d  0.7.2-2
ii  libroscpp3d1.15.8+ds1-1
ii  libroslib0d1.15.4-2
ii  librostime1d   0.7.2-4
ii  librviz5d  1.14.1+dfsg-1
ii  libstdc++6 10.2.0-3
ii  libtf2-2d  0.7.2-3
ii  libtinyxml2-8  8.0.0+dfsg-2
ii  liburdf1d  1.13.2-2
ii  liburdfdom-world   1.0.3-1

rviz recommends no packages.

rviz suggests no packages.

-- no debconf information

Bug#969330: libpam-ssh-agent-auth: Authentication fails a random number of times before succeeding when ED25519 keys are used.

[Alexander Swen]

Package: libpam-ssh-agent-auth
Version: 0.10.3-3+b1
Severity: important
Tags: upstream

Dear Maintainer,

Please help me confirm the following to be a bug in
libpam-ssh-agent-auth. I am not 100% sure if it is. It may as well be a
fault in openssh-client as that runs the SSH-agent. But I can't prove.

   * What led up to the situation?

- Bought a new Yubikey 5 (F/W 5.2.3) that supports Eliptic Curve keys.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

- On the client machine I created a new GPG key of the EC type, Curve 25519 and
  put that on a Yubikey.
- Exported the SSH public key from the GPG key and added that to the
  `~/.ssh/authorized_keys` file on the target machine.

- On the target machine I inserted the following in `/etc/pam.d/sudo`:

  auth  sufficient  pam_ssh_agent_auth.so debug file=~/.ssh/authorized_keys 

- And created a file `/etc/sudoers.d/00_SSH_AUTH_OK` with these contents:
  Defaults env_keep += SSH_AUTH_SOCK

- I logged in using SSH from the source machine. After I verified that the
  ssh-agent was forwarded properly (using `ssh-add -l`) I tried to `sudo
  ls`.

- After `-` the password prompt of `sudo` and repeating the `sudo ls`
  command multiple times it succeeds.
- When using another Yubikey with a RSA key on it, the exact same
  configuration works without any failure.

   * What was the outcome of this action?

- sudo asked for my password.
- `/var/log/auth.log` contains:

Aug 31 16:29:05 buster sshd[1093]: rexec line 26: Deprecated option 
UsePrivilegeSeparation
Aug 31 16:29:05 buster sshd[1093]: Accepted publickey for alex from 172.17.2.83 
port 54290 ssh2: ED25519 SHA256:2jvA...
Aug 31 16:29:05 buster sshd[1093]: pam_unix(sshd:session): session opened for 
user alex by (uid=0)
Aug 31 16:29:05 buster systemd-logind[419]: New session 9 of user alex.
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: Beginning 
pam_ssh_agent_auth for user alex
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: Attempting 
authentication: `alex' as `alex' using /home/alex/.ssh/authorized_keys
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: Contacted ssh-agent of 
user alex (1000)
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: trying public key file 
/home/alex/.ssh/authorized_keys
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: auth_secure_filename: 
checking for uid: 1000
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: secure_filename: 
checking '/home/alex/.ssh'
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: secure_filename: 
checking '/home/alex'
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: secure_filename: 
terminating check at '/home/alex'
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: key_read: type mismatch 
expected 4 found 1
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: user_key_allowed: check 
options: 'ssh-rsa B3Nza...Some RSA key
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: key_type_from_name: 
unknown key type 'B3Nza...Some RSA key
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: key_read: missing keytype
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: user_key_allowed: 
advance: 'B3Nza...Some RSA key
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: matching key found: 
file/command /home/alex/.ssh/authorized_keys, line 2
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: Found matching ED25519 
key: 45:3f:...More fingerprint
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: Agent admitted failure 
to sign using the key.
Aug 31 16:29:06 buster sudo[1103]: pam_ssh_agent_auth: Failed Authentication: 
`alex' as `alex' using /home/alex/.ssh/authorized_keys

- The log looks the same when sudo succeeds (after trying several times), 
excpept for the last part:
Aug 31 16:35:27 buster sudo[1136]: pam_ssh_agent_auth: matching key found: 
file/command /home/alex/.ssh/authorized_keys, line 2
Aug 31 16:35:27 buster sudo[1136]: pam_ssh_agent_auth: Found matching ED25519 
key: 45:3f:...More fingerprint
Aug 31 16:35:27 buster sudo[1136]: pam_ssh_agent_auth: ssh_ed25519_verify: 
signature correct
Aug 31 16:35:27 buster sudo[1136]: pam_ssh_agent_auth: Authenticated: `alex' as 
`alex' using /home/alex/.ssh/authorized_keys

   * What outcome did you expect instead?

- I expected to have my Yubikey flashing and after I touched it get `ls`
  executed as `root` without being asked for a password, after the first
  time I tried.
- I expected that authentication would work the exact same way as with
  RSA keys.

-- System Information:
(The versions are exactly the same on both client and server)

Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/das

Bug#969329: systemd-cron: Special user nobody configured, this is not safe!

[Martin-Éric Racine]

Package: systemd-cron
Version: 1.5.14-2
Severity: important

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Since a recent upgrade, systemd complains loudly via dmesg:

[   45.787544] systemd[1]: /lib/systemd/system/cron-failure@.service:11: 
Special user nobody configured, this is not safe!
[   45.864175] systemd[1]: /lib/systemd/system/cron-failure@.service:11: 
Special user nobody configured, this is not safe!
[   45.918917] systemd[1]: /lib/systemd/system/cron-failure@.service:11: 
Special user nobody configured, this is not safe!
[   45.982802] systemd[1]: /lib/systemd/system/cron-failure@.service:11: 
Special user nobody configured, this is not safe!
[   46.036569] systemd[1]: /lib/systemd/system/cron-failure@.service:11: 
Special user nobody configured, this is not safe!

- -- Package-specific info:
- -- output of systemd-delta

- -- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (, 'testing'), (1101, 'stable'), (500, 'testing-debug')
Architecture: i386 (i586)

Kernel: Linux 5.7.0-2-686 (SMP w/1 CPU thread)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd-cron depends on:
ii  libc6 2.31-3
ii  python3   3.8.2-3
ii  systemd-sysv  246.2-1

Versions of packages systemd-cron recommends:
ii  nullmailer [mail-transport-agent]  1:2.2-3

systemd-cron suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAl9NDMcACgkQrh+Cd8S0
17Z7RQ/7BxKJ6sTSHCdRMxqDFLrwwt/kqlbc2sRijRNffqovnORTP9wZPJPRvUxA
gBMiqXTXx+Q5477x0+1euqVt2egvYxxx4xctADFryyXemGu1eDiPJZlHMT/3rHyY
R36RDVMD0DdTnXNoMmFaxIhMMbBUq4Q6SUU8XS/I344k760iYgXx9y2K4nZaaG0j
r7PYBdG5GPMAXbedYmonGCw+g4suWqEGasbowSk5MsCM3LR6iDP7NvB2C9tVS8gz
oCIbVQsn6alf10P+40qDJQpCC+qJyBWoq1DbXDHuH/loZshOYxqZ3bLbHD6KYa1z
h9U+kjXXjDvSRObunPoIrQ/knlUFWhhsl9tg0cu61K2EUAKHrGblb18+t74O4baK
YIgwXsSTu90DvRhlO6gs/BRCBToPYPAK+GZ7VVVGSTUvqgNXC+kgB12+gGMgn5Pc
stHrey16sc9MRMU74ts7xhDojiU/qsJGC16jnBt2Ywx81a2NIlf2MYnzLStoMDCt
aLZ/oeG5ZDyASG44fCaQAlJyiGVCOuCqbP/fIyXt5IBTXRsuQtIaUZcmK7z4iy/8
8dAbZoQaGGXLHJ0YbluNeJQaoOSXXOukkrcZzTAWCJlbzZG+zJNqKQzb+pOPTtJi
ROO1USJSfbjU1AeKs/o4OXYXF1bmtymgBQUYBg2PvNH4TUdoM/g=
=v9n/
-END PGP SIGNATURE-

Bug#969084: buildd.d.o: please don't use a tainted buildenv

[Holger Levsen]

On Thu, Aug 27, 2020 at 04:25:56PM +0200, Guillem Jover wrote:
> > thanks for that info! maybe dpkg could treat /usr/local not as tainted if 
> > the
> > only file in /usr/local is /usr/local/sbin/policy-rc.d ?
> While we could perhaps add an exception in the Debian vendor profile.
> It does look like this is working as intended? :)

yes, I believe the buildd admins thinks this works as intended.

> This is a local file
> that might affect the build, which is otherwise not trackable, say
> what "version" (with which changes) was being used, etc. 

this kind of policy-rc.d file only contains one relevant line, "exit 0".

> I think ideally
> this would be using a system pathname and be part of a package that gets
> then listed in the .buildinfo files.

I cannot comment on this except to say that I'd wish for some more pragmatism :(


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

"... the premise [is] that privacy is about hiding a wrong. It's not.
 Privacy is an inherent human right, and a requirement for maintaining
 the human condition with dignity and respect." (Bruce Schneier)


signature.asc
Description: PGP signature

Bug#968384: MDB Tools offer

[Nirgal Vourgère]

Hello Evan

I maintain the Debian package mdbtools.

I received a request to switch to your fork:
https://bugs.debian.org/968384

Brian has been mostly inactive these past years, so I guess this is the best 
thing to do, provided there are no DFSG problem in your fork.

I don't have a lot of time, unfortunately. Same problem always for volunteers...

I obviously would like to switch to an active fork, rather than the brian's one.

The deadline for me is 2021-01-12 [2], though obviously the earlier the better.

Cheers

[1] https://en.wikipedia.org/wiki/Debian_Free_Software_Guidelines
[2] https://lists.debian.org/debian-devel-announce/2020/03/msg2.html

On Monday, 31 August 2020 15:07:00 CEST Evan Miller wrote:
> Hi,
> 
> A couple of us have been making many bug fixes and improvements to MDB Tools 
> here . I'd like to know the status of 
> MDB Tools, and see if I can help with maintenance or just take over the 
> project. I have sent emails to brianb without success.
> 
> Thanks

Bug#969184: MiniSSDPd_INTERFACE_ADDRESS seems to be overwritten by whatever debconf knows

[smarios]

Hi all,

Package: minissdpd
Version: 1.5.20190824-1

I'm also affected by this bug. I was able to confirm that the old 
information comes from debconf. Using the following scrip, you can see 
the old interface information used (needs to be run as root).


!#/bin/sh -e
. /usr/share/debconf/confmodule
db_get minissdpd/listen
echo $RET

As far as I can tell, although  the /etc/default/minissdpd is sourced at 
line 25 in /var/lib/dpkg/info/minissdpd.config, in line 38 the 
MiniSSDPd_INTERFACE_ADDRESS is overwritten.


Hope this helps,

Bug#962623: ImportError: cannot import name 'parse_qs' from 'cgi' (/usr/lib/python3.8/cgi.py)

[Hermann Lauer]

This is a multi-part MIME message sent by reportbug.


--===0522418674==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: graphite-web
Followup-For: Bug #962623

Dear Maintainer,

please upgrade to 1.1.7 available upstream and replace 
debian/patches/settings_debian.patch
with the appended version.

This makes 1.1.7 working in testing(bullseye).

Thanks a lot,
 greetings
   Hermann

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (40, 'unstable')
Architecture: armhf (armv7l)

Kernel: Linux 5.7.8 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages graphite-web depends on:
ii  adduser 3.118
ii  python3 3.8.2-3
ii  python3-cairo   1.16.2-4
ii  python3-cairocffi   0.9.0-4
ii  python3-django  2:2.2.15-2
ii  python3-django-tagging  1:0.4.5-3
ii  python3-pyparsing   2.4.7-1
ii  python3-simplejson  3.17.0-1
ii  python3-six 1.15.0-1
ii  python3-tz  2020.1-2
ii  python3-urllib3 1.25.9-1
ii  python3-whisper 1.1.4-2

graphite-web recommends no packages.

Versions of packages graphite-web suggests:
pn  graphite-carbon  
pn  libapache2-mod-wsgi-py3  
pn  python3-ldap 
pn  python3-memcache 
pn  python3-mysqldb  

-- Configuration Files:
/etc/graphite/local_settings.py changed [not included]

-- no debconf information

--===0522418674==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="settings_debian.patch"

# HG changeset patch
# Parent  bc853f64d61b2a37516e59c5c8edff74c78feccd

diff --git a/webapp/graphite/settings.py b/webapp/graphite/settings.py
--- a/webapp/graphite/settings.py
+++ b/webapp/graphite/settings.py
@@ -20,6 +20,9 @@
 from warnings import warn
 from importlib import import_module
 
+# Debian add etc/graphite into path
+sys.path.append('/etc/graphite')
+
 from django import VERSION as DJANGO_VERSION
 try:
 from django.urls import reverse_lazy
@@ -221,7 +224,7 @@
 FLUSHRRDCACHED = ''
 
 ## Load our local_settings
-SETTINGS_MODULE = os.environ.get('GRAPHITE_SETTINGS_MODULE', 
'graphite.local_settings')
+SETTINGS_MODULE = os.environ.get('GRAPHITE_SETTINGS_MODULE', 'local_settings')
 try:
   globals().update(import_module(SETTINGS_MODULE).__dict__)
 except ImportError:

--===0522418674==--

Bug#969320: aflplusplus: please make the build reproducible

[Chris Lamb]

Hi Raphael,

> The issue is actually in llvm_mode/GNUMakefile. On one line we expect the
> binary in the current directory but it's actually built in the parent
> directory.

Ahh, of course there would be *two* versions of the manpage generation
snippet in the same source package.

Thanks for explaining (and fixing…) this.


Regards,

--
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org 🍥 chris-lamb.co.uk
   `-

Bug#774149:

[Barr Julian Marshall]

Ich habe mich wegen der Dringlichkeit dieser Frage entschlossen, Sie zu
kontaktieren. Ich bin Julian Marshall, Rechtsanwalt. Ich persönlich bin ein
Treuhandagent von Dr. Edwin, einem weithin bekannten unabhängigen
Auftragnehmer hier in Lome Togo, der mit seiner Frau und seiner einzigen
Tochter bei einem Autounfall starb. Ich habe Sie kontaktiert, um mich bei
der Rückführung von zwei Millionen fünfhunderttausend Dollar auf Ihr Konto
zu unterstützen. Bitte kontaktieren Sie mich für weitere Informationen zu
diesem Thema.

Bug#969320: aflplusplus: please make the build reproducible

[Raphael Hertzog]

Hi,

On Mon, 31 Aug 2020, Chris Lamb wrote:
> Whilst working on the Reproducible Builds effort [0] we noticed that
> aflplusplus could not be built reproducibly.

The reprotest CI job fails too and seems to show other issues:
https://salsa.debian.org/pkg-security-team/aflplusplus/-/jobs/964936/raw

I couldn't easily figure out the reason...

> Here is the variation in the manpage
> 
> │ │ │ │ │ -.B afl-clang-fast \- /bin/sh: 1: ./afl-clang-fast: not found
> │ │ │ │ │ +.B afl-clang-fast \- /bin/sh: ./afl-clang-fast: No such file or 
> directory
> 
> This is, I think, because we do not build or keep these variants on
> non-x86 systems, so the call in the Makefile fails with the above
> message. This then varies depending on the user's shell that /bin/sh
> symlinks to (!), rendering the package reproducible.

The issue is actually in llvm_mode/GNUMakefile. One one line we expect the
binary in the current directory but it's actually built in the parent
directory.

> There is also a variation in these manpages based on the build date:
> 
> │ │ │ │ │ -.TH afl-clang-fast 8 2021-10-03 afl++
> │ │ │ │ │ +.TH afl-clang-fast 8 2020-08-31 afl++
> 
> ... but I can't quite see why as you do appear to be using the
> SOURCE_DATE_EPOCH environment variable. It may not matter if we don't
> even ship them, hence why I'm not immediately investigating this
> angle.

It does matter as we ship them on i386/amd64!

The issue is that llvm_mode/GNUMakefile is not using SOURCE_DATE_EPOCH.

Here's the patch I'm adding to git and submitting to upstream:

diff --git a/llvm_mode/GNUmakefile b/llvm_mode/GNUmakefile
index 1a8c9f43..380397f2 100644
--- a/llvm_mode/GNUmakefile
+++ b/llvm_mode/GNUmakefile
@@ -28,6 +28,8 @@ MAN_PATH?= $(PREFIX)/share/man/man8
 
 VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' 
-f2)
 
+BUILD_DATE  ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 
2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 2>/dev/null || 
date -u "+%Y-%m-%d")
+
 ifeq "$(shell uname)" "OpenBSD"
   LLVM_CONFIG ?= $(BIN_PATH)/llvm-config
   HAS_OPT = $(shell test -x $(BIN_PATH)/opt && echo 0 || echo 1)
@@ -440,10 +442,10 @@ install: all
 
 vpath  % ..
 %.8: %
-   @echo .TH $* 8 `date "+%Y-%m-%d"` "afl++" > ../$@
+   @echo .TH $* 8 $(BUILD_DATE) "afl++" > ../$@
@echo .SH NAME >> ../$@
@echo -n ".B $* \- " >> ../$@
-   @./$* -h 2>&1 | head -n 1 | sed -e "s/$$(printf '\e')[^m]*m//g" >> ../$@
+   @../$* -h 2>&1 | head -n 1 | sed -e "s/$$(printf '\e')[^m]*m//g" >> 
../$@
@echo >> ../$@
@echo .SH SYNOPSIS >> ../$@
@../$* -h 2>&1 | head -n 3 | tail -n 1 | sed 's/^\.\///' >> ../$@

Filed here: https://github.com/AFLplusplus/AFLplusplus/pull/535

Cheers,
-- 
  ⢀⣴⠾⠻⢶⣦⠀   Raphaël Hertzog 
  ⣾⠁⢠⠒⠀⣿⡁
  ⢿⡄⠘⠷⠚⠋The Debian Handbook: https://debian-handbook.info/get/
  ⠈⠳⣄   Debian Long Term Support: https://deb.li/LTS

Bug#897308: O: ruby-setup -- the setup.rb install tool for Ruby

[Chris Hofstaedtler]

Control: reassign -1 ftp.debian.org
Control: retitle -1 RM: ruby-setup -- ROM; superseded by builtin tooling
Control: tags -1 + moreinfo

* Chris Hofstaedtler  [200831 13:10]:
> * Antonio Terceiro :
> > currently only two packages depend on ruby-setup to build: ruby-tioga
> > and ruby-facets.
> [..]
> > - remove ruby-setup from the archive
> 
> For some reason, ruby-meta Build-Depends-Indep on ruby-setup, too.
> 
> The current list of packages appears to be:
> 
>   # Broken Build-Depends:
>   gem2deb: ruby-setup
>   ruby-extlib: ruby-setup
>   ruby-moneta: ruby-setup
>   ruby-tioga: ruby-setup

Okay, I've fixed ruby-extlib and ruby-moneta, the dependencies were
spurious. ruby-tioga needs work, and then gem2deb can drop support
for setup.rb.

Interested parties can search for setup.rb usage with:
  https://codesearch.debian.net/search?q=rubysetuprb

Chris

Bug#969327: gem2deb: please drop setup.rb support

[Chris Hofstaedtler]

Source: gem2deb
Version: 1.2.1

Hi,

ruby-tioga is the last package to use the "rubysetuprb" code, please
remove this from gem2deb, once ruby-tioga has been fixed.

Thanks,
Chris

Bug#960650: InspIRCd Security Advisories 2019-02 and 2020-01

[Christian Barcenas]

Control: retitle -1 InspIRCd Security Advisories 2019-02 and 2020-01

In addition to the 2020-01 advisory I also noticed that this package
hasn't yet patched the 2019-02 advisory which is a similar crash/DoS
bug. (https://docs.inspircd.org/security/2019-02/)

2019-02 and 2020-01 both affect versions 2.0.27-1 (buster) and 3.4.0-2
(bullseye and sid). For buster, we should prepare a 2.0.27-1+deb10u1
upload to address both advisories. For unstable, we can probably just
update to the latest upstream version v3.7.0.

As inspircd seems to be transitioning maintainers (see #939424), I
would be happy to help here. I have already prepared the packaging
changes. I just need to verify that I cannot reproduce the bug, and
will require a DD to sponsor my uploads and someone from the Debian
Security team to help me with the upload to buster-security.

Christian

Bug#969326: src:ruby-tioga: Please remove ruby-setup build dependency

[Chris Hofstaedtler]

Package: src:ruby-tioga
Version: 1.19.1-2
Severity: important

Control: block 897308 by -1

ruby-tioga uses ruby-setup to build, howewer ruby-setup is really old
technology and should go away. see #897308 for more details.

Please remove the ruby-setup dependency.

Chris

Bug#969123: webext-ublock-origin: FF80 broke ublock again

[Christoph Anton Mitterer]

On Mon, 2020-08-31 at 10:12 +0200, Markus Koschany wrote:
> remove
> ~/.mozilla/firefox to create a new profile to get it working again.

Doesn't really sound like a "solution" to me (well except than taking
it as a trigger to finally move away from crappy FF).

It seems to have become fashion nowadays for *zilla to completely break
user setups every few versions... first breakage of thousands of
"legacy" add-ons... and now they even break their webext addon and the
only solution is re-creating a profile directory for which these is no
proper migration procedure and where most data is stored in some binary
format?!


Cheers,
Chris.

Bug#969142: frobby: FTBFS with doxygen 1.8.19

[Torrance, Douglas]

On 8/31/20 3:35 AM, Paolo Greppi wrote:
> Il 30/08/20 13:57, Torrance, Douglas ha scritto:
>> After adding graphviz to Build-Depends, I get a build error a bit
>> further down:
>>
>>> cd bin/develDoc/latexPdf; for f in `ls *.eps`; do epstopdf $f; done # 
>>> Cygwin fix
>>> /bin/sh: 1: cd: can't cd to bin/develDoc/latexPdf
>>> ls: cannot access '*.eps': No such file or directory
>>> cd bin/develDoc/latexPdf/; make refman.pdf; mv refman.pdf ../develDoc.pdf
>>> /bin/sh: 1: cd: can't cd to bin/develDoc/latexPdf/
>>> make[3]: Entering directory '/root/frobby'
>>> make[3]: *** No rule to make target 'refman.pdf'.  Stop.
>>> make[3]: Leaving directory '/root/frobby'
>>> mv: cannot stat 'refman.pdf': No such file or directory
>>> make[2]: *** [Makefile:279: develDocPdf] Error 1
>>> make[2]: Leaving directory '/root/frobby'
>>> dh_auto_build: error: make -j1 "INSTALL=install --strip-program=true" all 
>>> library doc develDoc MODE=shared library=libfrobby.so.0.0.0 returned exit 
>>> code 2
>>> make[1]: *** [debian/rules:13: override_dh_auto_build] Error 25
>>> make[1]: Leaving directory '/root/frobby'
>>> make: *** [debian/rules:10: binary] Error 2
>>> dpkg-buildpackage: error: debian/rules binary subprocess returned exit 
>>> status 2
>>> debuild: fatal error at line 1182:
>>> dpkg-buildpackage -us -uc -ui failed
>>
>> I'll investigate further and try and figure out what's going on.
>>
>> Doug
> 
> Thanks for the info, this is very interesting.
> 
> It looks like doxygen fails to create the bin/develDoc/latexPdf/ dir in the 
> preceding line of the Makefile:
> https://salsa.debian.org/science-team/frobby/-/blob/master/Makefile#L280
> 
> I have manually tried this command from the develDocHtml target:
> cat doc/doxygen.conf doc/doxHtml|doxygen -
> 
> and it apparently succeeds, but produces empty documentation in 
> bin/develDoc/html
> 
> These commands work:
> 
>rm -rf Doxyfile
>cat doc/doxygen.conf doc/doxHtml > Doxyfile
>doxygen
> 
> while "doxygen -" is broken due to a known doxygen 1.8.19 bug, see:
> https://github.com/doxygen/doxygen/issues/7951#issuecomment-671370005
> 
> This is serious so I'll now release 1.8.19 to unstable and simultaneously 
> file a RC bug in the BTS to block it.
> 
> According to upstream, this has been fixed in the doxygen version 1.8.20 
> which they already released.
> I plan to package it ASAP so I suggest you wait for that and not patch your 
> Makefile.

Sounds good -- thanks for the information!

Doug

Bug#897308: O: ruby-setup -- the setup.rb install tool for Ruby

[Chris Hofstaedtler]

* Antonio Terceiro :
> currently only two packages depend on ruby-setup to build: ruby-tioga
> and ruby-facets.
[..]
> - remove ruby-setup from the archive

For some reason, ruby-meta Build-Depends-Indep on ruby-setup, too.

The current list of packages appears to be:

  # Broken Build-Depends:
  gem2deb: ruby-setup
  ruby-extlib: ruby-setup
  ruby-moneta: ruby-setup
  ruby-tioga: ruby-setup

Chris

Bug#969325: x2goserver-x2goagent: coredump SIGSEGV in Poller::updateDamagedAreas() () from /lib/arm-linux-gnueabihf/libXcompshad.so.3

[x2gUsr]

Package: x2goserver-x2goagent
Version: 4.1.0.3-4
Severity: important
Tags: upstream

Dear Maintainer,

   * What led up to the situation?
 - Connecting from x86 x2go client (testing/bullseye repo) to x2go local 
desktop on armhf hardware (stable/buster repo).

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
 - The error only occurs when connecting to the local XFCE desktop (desktop 
sharing, both view only and full access - using the same user to connect to the 
user's session). Creating a standalone XFCE session works fine.
 - The error happens on a stock stable Debian (buster) running 
5.7.0-0.bpo.2-armmp-lpae #1 SMP Debian 5.7.10-1~bpo10+1 (2020-07-30) armv7l 
GNU/Linux on odroid-xu4, DE is XFCE. I've tried x2go components from 
buster-backports and X2Go Repository 
https://wiki.x2go.org/doku.php/wiki:repositories:raspbian, they all have 
SIGSEGV problem.

   * What was the outcome of this action?
 - Desktop sharing session ended when the connection is established. Client 
(running on x86) popped up a windows saying "The connection with the remote 
server was shut down. Please check the state of your network connection."

 - On armhf x2go server ~/.x2go/[session]/session.log showed
NXTransKeeper: WARNING! Parent process appears to be dead. Exiting keeper.
Warning: Parent process appears to be dead. Exiting keeper.

 - A file named "core" was created in home directory.

"file core" outputs "core: ELF 32-bit LSB core file, ARM, version 1 (SYSV), 
SVR4-style, from 'x2goagent -nolisten tcp -nolisten tcp -S -auth 
/home/xxx/.Xauthority -shadow', real uid: 1000, effective uid: 1000, real gid: 
1000, effective gid: 1000, execfn: '/usr/bin/x2goagent', platform: 'v7l'"

"gdb /usr/bin/x2goagent core" outputs
Core was generated by `x2goagent -nolisten tcp -nolisten tcp -S -auth 
/home/xxx/.Xauthority -shadow'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xb6d78c54 in Poller::updateDamagedAreas() () from 
/lib/arm-linux-gnueabihf/libXcompshad.so.3

(gdb) bt full
#0  0xb6d78c54 in Poller::updateDamagedAreas() () from 
/lib/arm-linux-gnueabihf/libXcompshad.so.3
No symbol table info available.
#1  0xb6d78e64 in Poller::getEvents() () from 
/lib/arm-linux-gnueabihf/libXcompshad.so.3
No symbol table info available.
#2  0x04000500 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

   * What outcome did you expect instead?
 - Desktop sharing session works - it does not end as soon as connection is 
established.


-- System Information:
Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 5.7.0-0.bpo.2-armmp-lpae (SMP w/8 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages x2goserver-x2goagent depends on:
ii  nxagent  2:3.5.99.19-3+deb10u2

x2goserver-x2goagent recommends no packages.

Versions of packages x2goserver-x2goagent suggests:
ii  x2goserver  4.1.0.3-4

-- no debconf information

Bug#969324: mutt feature request add configure option

[Arsen STASIC]

Package: mutt
Version: 1.10.1-2.1+deb10u3
Tags: patch

I would like to suggest to add following configure option: --enable-autocrypt
See attached patch.

cheers
arsen
--- rules	2020-08-31 13:45:40.687982484 +0200
+++ rules.new	2020-08-31 13:47:07.467719148 +0200
@@ -21,6 +21,7 @@
 		--enable-pop			\
 		--enable-sidebar		\
 		--enable-dotlock		\
+		--enable-autocrypt		\
 		--disable-fmemopen		\
 		\
 		--with-curses			\

Bug#969319: [Pkg-utopia-maintainers] Bug#969319: wifi cannot connect after combined suspend & gateway reboot

[Michael Biebl]

Am 31.08.20 um 12:22 schrieb Lyndon Brown:
> Package: network-manager
> Version: 1.26.2-1
> Severity: important
> 
> I'm on Debian Sid, with network manager configured to use iwd. I have
> an Intel AX200 wifi card.
> 

Can you reproduce that with wpasupplicant?




signature.asc
Description: OpenPGP digital signature

Bug#936336: coz-profiler: Python2 removal in sid/bullseye

[Lluís Vilanova]

On Wed, Aug 12, 2020 at 3:27 PM Petter Reinholdtsen  wrote:
> I've managed to fix my key problems, and can do the upload.
>
> Is it ready to go in?

New releases of coz-profiler and libelfin are now available. Let me
prepare an upstream merge and I'll ping back here.

Cheers,
Lluis

Bug#881056: (no subject)

[Arnaud Gomes]

Hello,

This bug is still present in buster, any reason not to fix it?

-- 
Arnaud Gomes
AdminSys Octopuce

Bug#966898: binutils-avr: FTBFS: elf.c:706:35: error: overflow in conversion from ‘unsigned int’ to ‘int’ changes value from ‘num_group = 4294967295’ to ‘-1’ [-Werror=overflow]

[Gregor Riepl]

> > elf.c: In function ‘setup_group’:
> > elf.c:706:35: error: overflow in conversion from ‘unsigned int’ to ‘int’ 
> > changes value from ‘num_group = 4294967295’ to ‘-1’ [-Werror=overflow]
> >   706 | elf_tdata (abfd)->num_group = num_group = -1;

Upstream bug is here:
https://sourceware.org/bugzilla/show_bug.cgi?id=25717

This was fixed upstream by:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=cda7e5603f6efd7c3716e45cc6ea11b70dd8daae

Looks like it's caused by GCC 10 being more picky about signedness.

> > In file included from elf.c:45:
> > elf.c: In function ‘elfcore_write_linux_prpsinfo32’:
> > elf-linux-psinfo.h:73:7: warning: ‘strncpy’ output may be truncated copying 
> > 16 bytes from a string of length 16 [-Wstringop-truncation]

This and the rest of the errors are false positives occurring from GCC 8
onwards. They have been silenced upstream:

https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=5a6312e8c015d4a98020038f3b6e144db230f3ca

https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b9f26d2e29bb56a0404216c5612d6d7fee54a769

https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d99b4b92c8ed0f7ef98f370bbf65a360ed66ad7b

https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=602f16570454a1597c2af28af66852133432d1f2

(there may be other patches as well)

Related bug reports:
https://sourceware.org/bugzilla/show_bug.cgi?id=23146
(can't find any that describe the original problem)

Also, please note that elf-linux-psinfo.h was renamed to
elf-linux-core.h upstream:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=de64ce13a78669f094d6909fce51d210e2f9d2c0

Perhaps it's time to replace the outdated Atmel versions of avr-gcc
avr-binutils and avr-libc in favour of the upstream versions?

Bug#969323: (no subject)

[Bernhard Schmidt]

Package: ftp.debian.org
Severity: normal

Dear FTP-masters,

please remove src:pjproject from unstable due to the reasons outlined
in Bug#925263

---
as the sole Uploader of src:pjproject for the last two years I think we should
not release Buster with src:pjproject.

Reasons:
- pjsip is a library where a lot of functionality and behaviour is selected at
  compile time using #define statements. Most of these define statements alter
  the ABI due to changing structs, which makes it ill-suited as a system wide
  library to be used by several programs.
  - Consequently, src:ring (now called jami) has always been built against an
embedded copy and src:asterisk also switched to an embedded copy, both
tailored to their needs. There are no other source packages depending on
src:pjproject left
- python-pjproject shipped by the same source package includes the old pjsua
  module that has been deprecated according to
  https://trac.pjsip.org/repos/wiki/Python_SIP_Tutorial . There is no rdep in 
the
  Debian archive. We don't package the newer pjsua2 module.
- Due to the gone rdeps the version currently in the archive is not the latest
  upstream version.
- Upstream sometimes mixes security fixes with large scale code
  refactoring/formatting, which makes security updates more painful than they
  need to be. We don't want to have this additional work for Buster when it's
  not necessary. Note that at least Asterisk upstream has published security
  advisories for issues in pjsip before and has patched them by adding the fix 
as
  patch to the Asterisk source, which makes it much easier to follow.
---

Thanks,
Bernhard

Bug#968104: openafs-client: Upgrade of openfs-client break until reboot

[Jose M Calhariz]

Hi Benjamin,

reply inline.

On Sun, Aug 30, 2020 at 05:28:15PM -0700, Benjamin Kaduk wrote:
> Hi Jose,
> 
> Sorry that I missed this when it first came in.
> A couple notes inline, if you still remember much about the original
> report...
> 
> On Sat, Aug 08, 2020 at 06:32:07PM +0100, Jose M Calhariz wrote:
> > Package: openafs-client
> > Version: 1.8.6-1~dsi10+1
> > Severity: normal
> > 
> > Hi,
> > 
> > I have made a "private backport" of openafs software from bullseye to
> > buster.  So this means is the first time for me that I am upgrading 
> > openafs client 1.8.x on live systems.  Where in the past this worked 
> 
> To clarify: are you upgrading from 1.6.x to 1.8.x, or merely updating from
> one 1.8.x version to a newer 1.8.x version?

I am doing an "apt upgrade" to upgrade openafs-1.8.2 to newer 1.8.6 on
Debian 10.  In the mix there was an kernel update with a new ABI.

Maybe a stand alone upgrade of openafs 1.8.2 to 1.8.6 works as
intended.

> 
> > without problems for openafs 1.4 and 1.6, now the openafs client stops
> > working and I need to do a reboot.
> > 
> > What I am requesting is that if possible to do a live upgrade of the
> > software and the client does not stop working even if it is necessary 
> > to work with the old software until a reboot.
> 
> What you are requesting is what is supposed to happen, so I'm unpleasantly
> surprised to hear that it is not happening.
> 
> Once I hear back about the problematic scenario I can try to reproduce in a
> local VM.

I have a local openafs cell just for tests where I can do more tests,
If you need more information.


> 
> Thanks,
> 
> Ben
> 


Kind regards
Jose M Calhariz


-- 
--
Ame muito as pessoas, mas nunca tanto ao ponto de ter medo
de perde-las
-- Zinder


signature.asc
Description: PGP signature

Bug#969322: akonadi-ews account password is not stored

[Eric Valette]

Source: akonadi
Version: 4:20.04.1-2+b1
Severity: normal
Tags: upstream, patch

When you create an EWS calendar, the password is not stored in kdewallet 
meaning,
you cannot konnet or see any apointment. Kmail would also fail for the same 
reason...

This bug is reported upstream and a fix is proposed.

https://bugs.kde.org/show_bug.cgi?id=393002

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.61 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)

Bug#910354: pjproject: please make the build reproducible

[Bernhard Schmidt]

Am 31.08.20 um 13:03 schrieb Chris Lamb:

Dear Chris,

>> Source: pjproject
>> Version: 2.7.2~dfsg-4
>> Tags: patch
> 
> There hasn't seem to be any update on this bug in 696 days, in which
> time the Reproducible Builds effort has come on a long way.
> 
> Would you consider applying this patch and uploading?

Sorry, actually I'm considering RMing pjproject, there is no rdep in
Debian that is using this. It is embedded into Asterisk, which cannot
use the packaged libraries for several reasons.

Bernhard

Bug#969081: gyp should not stay under pkg-js umbrella

[Emmanuel Arias]

Hi,

IMO seems to be a package that could be perfectly into python-team

But would be nice listen to a more experienced team member.

Cheers,
Emmanuel

On 8/30/20 8:45 AM, Jérémy Lal wrote:
> 
> 
> Le jeu. 27 août 2020 à 11:48, Xavier Guimard  > a écrit :
> 
> Package: gyp
> Version: 0.1+20200513gitcaa6002-1
> Severity: normal
> 
> Hi,
> 
> gyp is currently maintain under pkg-js umbrella. This package is a cross
> platform tool written in Python and stored in salsa.d.o/debian/ area.
> Then I don't understand the link with pkg-js team.
> 
> 
> Good point !
> 
> Let's ask debian-python if gyp could be team-maintained there.
> 
> Jérémy
> 


0xFA9DEC5DE11C63F1.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Bug#969310: New upstream release available

[Julian Gilbey]

On Mon, Aug 31, 2020 at 03:34:36PM +0800, Martin Michlmayr wrote:
> Package: anki
> Severity: wishlist
> 
> The version in Debian is pretty out of date.

Yes, I am aware.  Upstream have decided to start using Rust as part of
the new version, and figuring out how to package it is turning out to
be pretty tricky.  (Among other things, they have used modified
versions of various Rust crates.)  Any help with this task is more
than welcome!

Best wishes,

   Julian

Bug#885063: cairomm: please make the build reproducible

[Chris Lamb]

Dear Maintainer,

> Source: cairomm
> Version: 1.8.4-3
> Tags: patch

There hasn't seem to be any update on this bug in 982 days, in which
time the Reproducible Builds effort has come on a long way.

Would you consider applying this patch and uploading?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#835816: rt-extension-customfieldsonupdate: please make the build (mostly) reproducible

[Chris Lamb]

Chris Lamb wrote:

> [..]

Gentle ping on this?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#909782: libinput: please make the build reproducible

[Chris Lamb]

Dear Maintainer,

> Source: libinput
> Version: 1.12.6-2+deb10u1
> Tags: patch

There hasn't seem to be any update on this bug in 703 days, in which
time the Reproducible Builds effort has come on a long way.

Would you consider applying this patch and uploading?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#910354: pjproject: please make the build reproducible

[Chris Lamb]

Dear Maintainer,

> Source: pjproject
> Version: 2.7.2~dfsg-4
> Tags: patch

There hasn't seem to be any update on this bug in 696 days, in which
time the Reproducible Builds effort has come on a long way.

Would you consider applying this patch and uploading?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-