Bug#987906: release-notes: mention non-deterministic SCSI device probing?

2021-05-24 Thread Lucas Nussbaum 
Hi,

On 24/05/21 at 21:38 +0200, Paul Gevers wrote:
> On 01-05-2021 22:55, Lucas Nussbaum wrote:
> > One of the change that occured in the kernel side since bullseye that is
> > SCSI device probing is now non-deterministic.
> > 
> > We have been bitten by that at $dayjob because we were still relying on
> > disks ordering (sda, sdb) in some stuff.
> > 
> > There's a discussion about that in
> > https://lore.kernel.org/lkml/59eedd28-25d4-7899-7c3c-89fe7fdd4...@acm.org/t/
> > 
> > The change occured upstream in kernel 5.3.
> 
> How does the attached proposed text look?

Looks good, except for s/deteministic/deterministic/

Thanks!

- Lucas


signature.asc
Description: PGP signature

Bug#989069: nvidia-driver: Crash when displayport is plugged.

2021-05-24 Thread Christian Marillat 
Package: nvidia-driver
Version: 460.80-1
Severity: Serious

Dear Maintainer,

Bug report done against the testing 460.73.01-1 package as the unstable
package 460.80-1 is unusable.

Computer doesn't start when my display is plugged to the displayport.

Computer crash when I plug the same display on the displayport.

I can't access this computer by ssh as this machine is really crashed.

Tested with 460.80-1 from unstable and 465.27-1 from experimental.

Also tested with 5.10.38-1 kernel, same crash.

Bug already reported upstream here :

https://forums.developer.nvidia.com/t/465-24-02-page-fault/175782

Feel free to reassign to the right package.

Christian

-- Package-specific info:
uname -a:
Linux christian.marillat.net 5.11.22-2 #40 SMP Sun May 23 08:45:54 CEST 2021 
x86_64 GNU/Linux

/proc/version:
Linux version 5.11.22-2 (r...@christian.marillat.net) (gcc (Debian 10.2.1-6) 
10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #40 SMP Sun May 23 
08:45:54 CEST 2021

/proc/driver/nvidia/version:
NVRM version: NVIDIA UNIX x86_64 Kernel Module  460.73.01  Thu Apr  1 21:40:36 
UTC 2021
GCC version:  gcc version 10.2.1 20210110 (Debian 10.2.1-6) 

lspci 'display controller [030?]':
0a:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP107 [GeForce GTX 
1050] [10de:1c81] (rev a1) (prog-if 00 [VGA controller])
Subsystem: Micro-Star International Co., Ltd. [MSI] GP107 [GeForce GTX 
1050] [1462:8c97]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: nvidia
Kernel modules: nvidia

dmesg:
[0.045860] Console: colour VGA+ 80x25
[0.365393] pci :0a:00.0: vgaarb: setting as boot VGA device
[0.365393] pci :0a:00.0: vgaarb: VGA device added: 
decodes=io+mem,owns=io+mem,locks=none
[0.365393] pci :0a:00.0: vgaarb: bridge control possible
[0.365393] vgaarb: loaded
[2.635943] Linux agpgart interface v0.103
[2.762543] input: HDA NVidia HDMI as 
/devices/pci:00/:00:03.1/:0a:00.1/sound/card0/input0
[2.762565] input: HDA NVidia HDMI as 
/devices/pci:00/:00:03.1/:0a:00.1/sound/card0/input1
[7.274159] nvidia: loading out-of-tree module taints kernel.
[7.274169] nvidia: module license 'NVIDIA' taints kernel.
[7.294554] nvidia-nvlink: Nvlink Core is being initialized, major device 
number 246
[7.294833] nvidia :0a:00.0: vgaarb: changed VGA decodes: 
olddecodes=io+mem,decodes=none:owns=io+mem
[7.410665] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  460.73.01  Thu 
Apr  1 21:40:36 UTC 2021
[7.433030] nvidia-modeset: Loading NVIDIA Kernel Mode Setting Driver for 
UNIX platforms  460.73.01  Thu Apr  1 21:32:31 UTC 2021
[7.452395] [drm] [nvidia-drm] [GPU ID 0x0a00] Loading driver
[7.452398] [drm] Initialized nvidia-drm 0.0.0 20160202 for :0a:00.0 on 
minor 0
[   17.828776] caller _nv000708rm+0x1af/0x200 [nvidia] mapping multiple BARs

Device node permissions:
crw-rw+ 1 root video226,   0 May 25 07:00 /dev/dri/card0
crw-rw+ 1 root render   226, 128 May 25 07:00 /dev/dri/renderD128
crw-rw-rw-  1 root root 195, 254 May 25 07:00 /dev/nvidia-modeset
crw-rw-rw-  1 root root 195,   0 May 25 07:00 /dev/nvidia0
crw-rw-rw-  1 root root 195, 255 May 25 07:00 /dev/nvidiactl

/dev/dri/by-path:
total 0
lrwxrwxrwx 1 root root  8 May 25 07:00 pci-:0a:00.0-card -> ../card0
lrwxrwxrwx 1 root root 13 May 25 07:00 pci-:0a:00.0-render -> ../renderD128

/dev/nvidia-caps:
total 0
cr 1 root root 247, 1 May 25 07:00 nvidia-cap1
cr--r--r-- 1 root root 247, 2 May 25 07:00 nvidia-cap2
video:x:44:marillat,vdr

OpenGL and NVIDIA library files installed:
-rw-r--r-- 1 root root 2436 Aug 29  2020 /etc/X11/xorg-old.conf
-rw-r--r-- 1 root root 2606 May 23 15:58 /etc/X11/xorg.conf
lrwxrwxrwx 1 root root   15 May 24 09:00 /etc/alternatives/glx -> 
/usr/lib/nvidia
lrwxrwxrwx 1 root root   49 May 24 09:00 
/etc/alternatives/glx--libEGL.so-x86_64-linux-gnu -> 
/usr/lib/mesa-diverted/x86_64-linux-gnu/libEGL.so
lrwxrwxrwx 1 root root   51 May 24 09:00 
/etc/alternatives/glx--libEGL.so.1-x86_64-linux-gnu -> 
/usr/lib/mesa-diverted/x86_64-linux-gnu/libEGL.so.1
lrwxrwxrwx 1 root root   48 May 24 09:00 
/etc/alternatives/glx--libGL.so-x86_64-linux-gnu -> 
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so
lrwxrwxrwx 1 root root   48 May 24 09:00 
/etc/alternatives/glx--libGL.so-x86_64-linux-gnu -> 
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so
lrwxrwxrwx 1 root root   48 May 24 09:00 
/etc/alternatives/glx--libGL.so.1-i386-linux-gnu -> 
/usr/lib/mesa-diverted/i386-linux-gnu/libGL.so.1
lrwxrwxrwx 1 root root   48 May 24 09:00 
/etc/alternatives/glx--libGL.so.1-i386-linux-gnu -> 
/usr/lib/mesa-diverted/i386-linux-gnu/libGL.so.1
lrwxrwxrwx 1 root root   50 May 24 09:00

Bug#989068: ITP: object-cloner -- Java Object cloning library with extensible strategies

2021-05-24 Thread James Valleroy 
Package: wnpp
Severity: wishlist
Owner: James Valleroy 
X-Debbugs-Cc: debian-de...@lists.debian.org, jvalle...@mailbox.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: object-cloner
  Version : 0.2
  Upstream Author : Kamran Zafar 
* URL : https://github.com/kamranzafar/object-cloner
* License : Apache-2.0
  Programming Lang: Java
  Description : Java Object cloning library with extensible strategies

Java Object cloning library. Supports extensible shallow and deep object 
cloning strategies.

This is a dependency of jcl-core, which is needed for jitsi-videobridge 
(#757769).

-BEGIN PGP SIGNATURE-

iQJKBAEBCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAmCsQAIWHGp2YWxsZXJv
eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICFruD/4zg6yWVl23R7dOM1luCYbeNvqE
4taWwKioPpHk9xIUCctZ2zEAqun77svvaqeXj83GBjUliF/r1PoXnf2aPPxXHpAp
1nTvEqe9i6SRrRIRQcUtVi45prBR6XXNNXkJUJvjIVMN7W31wfSirhbJpdqMATBl
Xb5b6+i9LgPanNP2bZ66wM7+2zzfPeULV7V3w6QKa9WijUP9jHWmj05ZP173P4MS
ZKJhYdtItsNDYWdrGoENex7PqfgdJhWA3pnoJa9uUwxpWkWvL5ZbTH9GLESrZ7Bi
3HWlk1s8pz2wT54XkxNkAJXen3YuT5j9k8DvbCsFWNENN0khFcYszCJKGpA1r+45
6/4iGG7WSfIZfZb4gD9jssHgbti1T8JwM8eLAESch4FLl6ozwsXoKV0JtREcJxTH
sBykzOJx1tc97+3aChHf41gj6JgNtB2tc9y3F9e/RmhPxo3Ek1F0zOMOXlMQ8SlY
/RR6ME89yV6UrnZAK6aXoQaIOyc9Lv9MnEbTlDpBXDWZTogBAis1vNrTAe+fYCpr
cGygzaVGW4LsiG61cSTQpQV73EyA9+4ALn8UxH/zEbxUX9B8KIcV07XGX9HJiXl6
v8DrM7efmngWMHnZjdudb6gOnV2b1lNs0SL8pcVoSxnzma2l6MaXf/Zi5uhSyD2Z
i8CvvkM0JW2gK47xDw==
=kF9F
-END PGP SIGNATURE-

Bug#988886: adminer: CVE-2021-29625: XSS in doc_link

2021-05-24 Thread Salvatore Bonaccorso 
On Mon, May 24, 2021 at 10:43:50PM +0200, Moritz Mühlenhoff wrote:
> Am Fri, May 21, 2021 at 12:39:42PM +0200 schrieb Alexandre Rossi:
> > bullseye : this bug is not RC, so no update.
> 
> Security bugs can still be fixed in they are sensibly backportable,
> even if not RC. Simply upload to unstable and ask for an unblock.

Just to be clear, ideally if there are other changes in the new
upstream version, only a targetted fix at this stage, so that the
unblock can be granted.

Regards,
Salvatore

Bug#989066: torrent no fun

2021-05-24 Thread dduehren 
Package: installation-reports

See comments

Boot method: 

Image version: 

Date: 

 

Machine: 

Processor:

Memory:

Partitions: 

 

Output of lspci -knn (or lspci -nn):

 

Base System Installation Checklist:

[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

 

Initial boot:   [ ]

Detect network card:[ ]

Configure network:  [ ]

Detect CD:  [ ]

Load installer modules: [ ]

Detect hard drives: [ ]

Partition hard drives:  [ ]

Install base system:[ ]

Clock/timezone setup:   [ ]

User/password setup:[ ]

Install tasks:  [ ]

Install boot loader:[ ]

Overall install:[ ]

 

Comments/Problems:

It's far easier to just download an image than to try to figure out how to
download via bittorrent.  The downloads are small enough that I can wait for
them to download.  I spent much more time finding a non-malware bittorrent
client for Windows where I'm creating a ISO USB for a Debian based Zoom
kiosk type install.  You should make download by bit torrent an option not a
requirement.  Obviously this bothered me enough to send this email.

Bug#989066: torrent no fun

2021-05-24 Thread Lou Poppler 
On Mon, 2021-05-24 at 15:19 -0700, ddueh...@verizon.net wrote:
> 
> Comments/Problems:
> 
> It’s far easier to just download an image than to try to figure out how to 
> download via bittorrent.
  The downloads are small enough that I can wait for them to download.  I spent 
much more time finding
 a non-malware bittorrent client for Windows where I’m creating a ISO USB for a 
Debian based Zoom kiosk
 type install.  You should make download by bit torrent an option not a 
requirement.  
Obviously this bothered me enough to send this email.

You don't mention where you started looking, or what image you downloaded,
but there is not any requirement to download via bittorrent.

Look here:  https://cdimage.debian.org/cdimage/

Bug#989063: open-invaders: Sometimes segfaults during gameplay due to array overrun

2021-05-24 Thread John G 
Package: open-invaders
Version: 0.3-4.3+b1
Severity: normal
Tags: patch

Dear Debian QA Team,

The program occasionally segfaults during gameplay. A core 
dump shows that the problem is caused by the collision 
detection routine writing out of bounds on an array.

Specifically, collision_detection() in collision.cc cycles 
through an array explosionbits[] of 500 particles, but does 
not check for wraparound every time it increments the 
current_particle counter. The attached patch fixes the bug 
by moving the wraparound check to immediately after the 
increment.

Thanks for considering,
John G.


-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages open-invaders depends on:
ii  libaldmb1   1:0.9.3-6+b3
ii  liballegro4.4   2:4.4.2-13
ii  libc6   2.28-10
ii  libdumb11:0.9.3-6+b3
ii  libgcc1 1:8.3.0-6
ii  libstdc++6  8.3.0-6
ii  open-invaders-data  0.3-4.3

open-invaders recommends no packages.

open-invaders suggests no packages.

-- no debconf information


fix-particle-array-bug.patch
Description: Binary data

Bug#980963: dpkg: Please add ARC architecture

2021-05-24 Thread Vineet Gupta 
Hi Guillem,

On 3/26/21 10:39 AM, Vineet Gupta wrote:
> On 3/4/21 3:56 PM, Vineet Gupta wrote:
>>> Also just to make sure, the GNU triplets are:
>>>
>>>     arc-linux-gnu
>>>     arceb-linux-gnu
>>> No ABI modifiers (stuff like “eabi”) for the libc part (“gnu“) right?
>> Actually it seems we are missing hardfloat here: ARC glibc/gcc support
>> it very well and should be default for any reasonable performance.
>>
>> So I think we should add
>>      arc-linux-gnuhf
>>      arceb-linux-gnuhf
>>
>> BTW I have oce question: where does one select what default toggles to
>> build the entire software stack with (say -mcpu etc). Does this rely
>> on toolchain driver default to DRTH. One of my problems with
>> rebootstrap was gcc driver defaulting to our legacy cpu. I've cured it
>> there (and planning to upstream the gcc driver patch).
> So here's the lay of the land, apologies for the long email, and if
> some/most of below is not directly relevant to dpkg bug, but I'll
> provide the background so we are all on same page.
>
> We've had 3 revisions of the ISA and ensuing multiple processors in last
> 15 years:
>
> ISA Implementations/Processors (Linux capable)
> -- ---
> ARCompact    ARC700
> ARCv2    HS38x/HS48x
> ARCv3:32-bit  HS58MP
> ARCv3:64-bit  HS68MP
>
> - ARCompact is legacy and no new development needed including debian port.
> - Code for one ISA is not compatible with priors, mainly due to addition
> of new instructions. In fact given the configurability of the ISA itself
> (for better or worse), one could end up 2 non-compatible variants of
> same ISA (think double load/store instructions in ARCv2). But the port
> can assume the all encompassing super-set of the ISA as baseline.
> - ARCv3 is currently under development / pre-production but should be
> kept in mind as it is knocking on the door already.
>
> In terms of the ABI critical flavors: there's little/big endian and
> soft/hard-float.
> - Again big endian debian is not needed - mainly because of number of
> customer engagements and resourcing needed to support it
> - ARCv2 hard-float ABI is same as soft - FPU shares the same register
> file so the calling conventions are same. However the triplet is
> different arc-linux-gnuhf [1] as libraries for hard won't run on a
> soft-float system due to lack of emulation etc.
> - ARCv3 does have a dedicated FP register file so there's soft and hard ABIs
>
> So given all of this, I'd like to propose ARCv2 port with hard-float as
> baseline. We don't bother with Big-endian. A soft-float would be
> desirable for debugging and fall-back but not necessary from feature pov.
>
> I'm open to port names as maintainers feel appropriate - but stick with
> current triplets arc-gnu-linux / arc-gnu-linuxhf for ARCv2.
> For ARCv3, we could have arc64* / arc32*
>
> Please let me know if this makes sense.
>
> Once we agree, we can start off with requesting changes to GNU config
> project.

Further to my msg on IRC, we've gotten pretty far along with ARC 
rebootstrap [1]. It seems to build 151 packages before failing for perl 
and I see similar outcome for riscv64 (which is weird as perl should be 
supported there.

Anyhow this is just a polite ping to make some progress on ARC.

Thx,
-Vineet

[1] https://salsa.debian.org/vineetgarc/rebootstrap

Bug#950150: Still present in bullseye

2021-05-24 Thread awq6mmxgfse 
Dear maintainer

this exact behavior is still present in the current bullseye build under
Gnome (Wayland).

'apt policy audacity
audacity:
 ...
  Version table:
 2.4.2~dfsg0-4 -1
990 http://deb.debian.org/debian bullseye/main amd64 Packages
300 http://deb.debian.org/debian unstable/main amd64 Packages
'

Can this please be fixed ?

Or can the launcher shortcut point to 'GDK_BACKEND=x11 audacity' - which
fixes the not working cursor also.

Regards

Marc

Bug#989053: debdelta: Problems with signatures

2021-05-24 Thread Ilari Halminen 
Package: debdelta
Version: 0.62
Severity: normal

Dear Maintainer,

I cannot use debdelta at all, because it complains of missing 
signatures. I do not know if the problems has something to do with my 
systems special options like still using inittab. I have included a file 
with all messages so you may see the problem. I do not know not often report 
any bug, so at least wanted to send that raport just for you.

With best wishes
Ilari Halminen 
(from Finland)

-- System Information:
Debian Release: 10.9
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), 
LANGUAGE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages debdelta depends on:
ii  binutils2.31.1-16
ii  bzip2   1.0.6-9.2~deb10u1
ii  libbz2-1.0  1.0.6-9.2~deb10u1
ii  libc6   2.28-10
ii  python  2.7.16-1
ii  zlib1g  1:1.2.11.dfsg-1

Versions of packages debdelta recommends:
ii  bsdiff   4.3-21
ii  gnupg-agent  2.2.12-1+deb10u1
ii  gnupg2   2.2.12-1+deb10u1
ii  gpg-agent [gnupg-agent]  2.2.12-1+deb10u1
ii  lzma 9.22-2.1
ii  python-apt   1.8.4.3
ii  python-debian0.1.35
ii  xdelta   1.1.3-9.2
ii  xdelta3  3.0.11-dfsg-1+b1
ii  xz-utils [lzma]  5.2.4-1

Versions of packages debdelta suggests:
ii  debdelta-doc  0.62

-- no debconf information
   GPG> [GNUPG:] PLAINTEXT 74 0 

   GPG> [GNUPG:] NEWSIG

   GPG> gpg: Signature made ma 24. toukokuuta 2021 11.51.18 EEST

   GPG> gpg:using RSA key 
455BA6F8FD63790B456F3681082884AABE75FB8A

   GPG> [GNUPG:] ERRSIG 082884AABE75FB8A 1 10 01 1621846278 9 
455BA6F8FD63790B456F3681082884AABE75FB8A

   GPG> [GNUPG:] NO_PUBKEY 082884AABE75FB8A

   GPG> gpg: Allekirjoitusta ei voi tarkistaa: No public key

 Error: applying of delta for libx11-xcb1 failed:  : 
/var/cache/apt/archives/libx11-xcb1_2%3a1.6.7-1+deb10u1_2%3a1.6.7-1+deb10u2_amd64.debdelta:
 the signature file _gpgmaker fails as follows: ('GPG_VERIFY_FAILED', 
'/tmp/debdeltaCt9G5a//PATCH/_gpgmaker') (non retriable) 
   GPG> [GNUPG:] PLAINTEXT 74 0 

   GPG> [GNUPG:] NEWSIG

   GPG> gpg: Signature made ma 24. toukokuuta 2021 11.51.16 EEST

   GPG> gpg:using RSA key 
455BA6F8FD63790B456F3681082884AABE75FB8A

   GPG> [GNUPG:] ERRSIG 082884AABE75FB8A 1 10 01 1621846276 9 
455BA6F8FD63790B456F3681082884AABE75FB8A

   GPG> [GNUPG:] NO_PUBKEY 082884AABE75FB8A

   GPG> gpg: Allekirjoitusta ei voi tarkistaa: No public key

 Error: applying of delta for libx11-xcb1:i386 failed:  : 
/var/cache/apt/archives/libx11-xcb1_2%3a1.6.7-1+deb10u1_2%3a1.6.7-1+deb10u2_i386.debdelta:
 the signature file _gpgmaker fails as follows: ('GPG_VERIFY_FAILED', 
'/tmp/debdelta4m0uLS//PATCH/_gpgmaker') (non retriable) 
Downloaded, time  0.17sec, speed 28kB/sec, 
libx11-data_2%3a1.6.7-1+deb10u1_2%3a1.6.7-1+deb10u2_all.debdelta
   GPG> [GNUPG:] PLAINTEXT 74 0 

   GPG> [GNUPG:] NEWSIG

   GPG> gpg: Signature made ma 24. toukokuuta 2021 11.50.17 EEST

   GPG> gpg:using RSA key 
455BA6F8FD63790B456F3681082884AABE75FB8A

   GPG> [GNUPG:] ERRSIG 082884AABE75FB8A 1 10 01 1621846217 9 
455BA6F8FD63790B456F3681082884AABE75FB8A

   GPG> [GNUPG:] NO_PUBKEY 082884AABE75FB8A

   GPG> gpg: Allekirjoitusta ei voi tarkistaa: No public key

 Error: applying of delta for libx11-data failed:  : 
/var/cache/apt/archives/libx11-data_2%3a1.6.7-1+deb10u1_2%3a1.6.7-1+deb10u2_all.debdelta:
 the signature file _gpgmaker fails as follows: ('GPG_VERIFY_FAILED', 
'/tmp/debdeltanean8a//PATCH/_gpgmaker') (non retriable) 
Downloaded, time  0.49sec, speed 174kB/sec, 
libx11-6_2%3a1.6.7-1+deb10u1_2%3a1.6.7-1+deb10u2_amd64.debdelta
   GPG> [GNUPG:] PLAINTEXT 74 0 

   GPG> [GNUPG:] NEWSIG

   GPG> gpg: Signature made ma 24. toukokuuta 2021 11.50.19 EEST

   GPG> gpg:using RSA key 
455BA6F8FD63790B456F3681082884AABE75FB8A

   GPG> [GNUPG:] ERRSIG 082884AABE75FB8A 1 10 01 1621846219 9 
455BA6F8FD63790B456F3681082884AABE75FB8A

   GPG> [GNUPG:] NO_PUBKEY 082884AABE75FB8A

   GPG> gpg: Allekirjoitusta ei voi tarkistaa: No public key

 Error: applying of delta for libx11-6 failed:  : 
/var/cache/apt/archives/libx11-6_2%3a1.6.7-1+deb10u1_2%3a1.6.7-1+deb10u2_amd64.debdelta:
 the signature file _gpgmaker fails as follows: ('GPG_VERIFY_FAILED', 
'/tmp/debdeltacxLHOR//PATCH/_gpgmaker') (non retriable) 
Downloaded, time  0.29sec, speed 321kB/sec, 
libx11-6_2%3a1.6.7-1+deb10u1_2%3a1.6.7-1+deb10u2_i386.debdelta
   GPG> [GNUPG:] PLAINTEXT 74 0 

   GPG> [GNUPG:] NEWSIG

   GPG> gpg: Signature made ma 24. toukokuuta 2021 11.50.13 EEST

   GPG> gpg:using RSA key

Bug#987377: rescue-mode: when in graphical mode, locks up one prompt before the shell

2021-05-24 Thread Cyril Brulebois 
Hi Étienne,

Étienne Mollier  (2021-05-24):
> I admit having checkout out from time to time some of the other open
> bugs blocking the release of d-i for bullseye, although I haven't been
> following accurately wether the appropriate fix landed in daily builds
> yet, so thanks for your ping in that matter.

It's been a huge maze! Hopefully we might have found a lifeline. :D

> Using the daily build 202105024-1, I confirm the above tests I redid
> worked fine. I tested on virtual machine, and double checked SCSI and
> LVM devices test cases on the W500.  All good!

Woohoo! Thanks for confirming.

I did run a bunch of tests[1] but didn't re-do rescue mode since I was
feeling quite confident the issue disappeared for real… I'm glad you
have positive results as well!

 1. 
https://salsa.debian.org/installer-team/cdebconf/-/merge_requests/12#note_240698

> Thank you all for your tenure work on this tangled issue!

No worries, thanks for the extra testing, always welcome in addition to
having nice people like Simon provide patches, explanations, guidance,
etc. on the GTK/Pango/etc. side!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#988814: unblock: gtk+2.0/2.24.33-2

2021-05-24 Thread Cyril Brulebois 
Hi again,

Cyril Brulebois  (2021-05-21):
> Paul Gevers  (2021-05-20):
> > Ok from my side. As this upload is to fix the d-i issue I'm pretty
> > sure that debian-boot is also fine, but I promised kibi this morning
> > that I'll follow the process and wait for an explicit ACK from their
> > side.
> 
> Yes, please don't rush it into testing.
> 
> I'm currently debugging a regression from bullseye that's seen with
> the combination of updated udebs from both cdebconf and gtk+2.0. After
> a few attempts, I'd say that's an issue with cdebconf, but I'd rather
> have that confirmed before we start getting packages into bullseye.
> 
> (Basically we have the obvious benefits from no longer hanging, but
> also a buggy focus; I'll track this in a separate bug report once I
> know a little bit more, and loop Simon back in.)

OK, I think we're good now, the regression was detailed in:
  https://bugs.debian.org/988951

and that was addressed thanks to a different approach in cdebconf
regarding the original bugfix (trying not to run into gtk+2.0's infinite
loop, which itself is avoided thanks to the gtk+2.0 patch, what a maze),
as discussed in:
  https://salsa.debian.org/installer-team/cdebconf/-/merge_requests/12

Once cdebconf was updated with this new approach, I've tested d-i built
against unstable's udebs, and it seems to be working quite nicely, see
tests listed in this comment:
  
https://salsa.debian.org/installer-team/cdebconf/-/merge_requests/12#note_240698

I'm happy to have gtk+2.0 migrate to testing as soon as seems reasonable
from the release team point of view. Ditto for cdebconf, but I can file
a separate request for that, as is customary for unblock requests.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#989067: CVE-2021-32613

2021-05-24 Thread Moritz Muehlenhoff 
Package: radare2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team 

CVE-2021-32613
https://github.com/radareorg/radare2/issues/18679
https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc

Cheers,
 Moritz

Bug#905456: Please create new list debian-clojure

2021-05-24 Thread Utkarsh Gupta 
Hi Alex,

On Mon, May 24, 2021 at 11:22 PM Alexander Wirt  wrote:
> > Ack, please send me the gpg encrypted list of subscribers and I will
> > provide the new list asap.
> jftr, I created the list, it is ready to use. I will import the
> subscribers as soon as I receive them.

Thanks a bunch! \o/

Attaching the subscribers' list with your and Elana's key. Let me know
if you need anything else.


- u


members.enc
Description: Binary data

Bug#989065: Show packages from next-point-release.txt in source package overview

2021-05-24 Thread Moritz Muehlenhoff 
Package: security-tracker
Severity: wishlist

https://security-tracker.debian.org/tracker/source-package/foo shows
CVEs tagged  as "vulnerable (no DSA)". If there's an update
pending (i.e. if a CVE is listed in data/next-point-release.txt) it
could instead be presented as "pending for next point release".

Cheers,
 Moritz

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-24 Thread Bill Allombert 
On Mon, May 24, 2021 at 08:44:55PM +0200, Paul Gevers wrote:
> Hi,
> 
> On 23-05-2021 08:55, Bill Allombert wrote:
> > On Sat, May 22, 2021 at 11:01:54PM +0200, Paul Gevers wrote:
> >> Hi Bill,
> >>
> >> On 22-05-2021 21:42, Bill Allombert wrote:
> >>> Do you have a list of packages whose upgrade triggers this issue ?
> >>
> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?att=2;bug=988003;filename=Samantha_upgrade_logs.tar.gz;msg=5
> >> has a dpkg-get-selection file with the list of installed packages.
> > 
> > Unfortunately, I do not have enough diskspace try to reproduce it
> > right now.
> > 
> > Generally to find out why a package foo is not upgraded, one do
> > apt-get install guile-2.2-libs
> > and see what apt reports.
> 
> I have used the dpkg-get-selections as input in a stable lxc, changed
> the distribution to bullseye, done an $(apt upgrade --without-new-pkgs)
> and then tried to run $(apt-get install guile-2.2-libs). Please find the
> output below. I *guess* the suspecting things are the pieces which "will
> be removed". Do we see anything suspicious?
> 
> I'll keep the container for some days (if I don't need the disk space).

Thanks, this useful.

Could you also do it after the first 'apt-get full-upgrade' to compare ?
We should get a much smaller set of packages.

Cheers,
Bill

Bug#989064: curl: output of -w accidentally in microseconds

2021-05-24 Thread Bernd Zeimetz 
Package: curl
Version: 7.74.0-1.2
Severity: serious
Tags: patch upstream

Hi,

ymmv, but as there are probably zillions of scripts out there parsing
the output of curl -w, I think switching to microseconds accidentally
will break enough things to warrant a serious bug.

Upstream bug is
https://github.com/curl/curl/issues/6321
its fixed in 7.75.0 with the patches mentioned in the github issue.

Please apply before bullseye will be relased.

Thanks,

Bernd

-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Bug#989057: udev doesn't create /dev/fd symlink

2021-05-24 Thread Michael Biebl 

Am 24.05.2021 um 22:32 schrieb Mikulas Patocka:



On Mon, 24 May 2021, Michael Biebl wrote:


Am 24.05.2021 um 21:26 schrieb Mikulas Patocka:


Init: sysvinit (via /sbin/init)


systemd does create those symlinks.
I was told, sysvinit (initscripts) would do the same.

Can you reproduce the issue with systemd as PID 1?


With systemd, the virtual machine doesn't boot at all:

[0.00] Linux version 5.10.0-7-amd64 (debian-ker...@lists.debian.org) 
(gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 
2.35.2) #1 SMP Debian 5.10.38-1 (2021-05-20)
...
[4.104601] systemd[1]: Mounted POSIX Message Queue File System.
[  OK  106248] EXT4-fs (vda1): re-mounted. Opts: errors=remount-ro
0m] Mounted 107636] ext4 filesystem being remounted at / supports timestamps 
until 2038 (0x7fff)
1;39mPOSIX Message Queue File System.
[4.111005] systemd[1]: sys-kernel-config.mount: Mount process exited, 
code=exited, status=32/n/a
[4.113135] systemd[1]: sys-kernel-config.mount: Failed with result 
'exit-code'.
[4.117080] systemd[1]: Failed to mount /sys/kernel/config.
[FAILED] Failed to mount /sys/kernel/config.
See 'systemctl status sys-kernel-config.mount' for details.
[4.119687] systemd[1]: Dependency failed for Local File Systems.
[DEPEND] Dependency failed for Local File Systems.
[4.120938] systemd[1]: local-fs.target: Job local-fs.target/start failed 
with result 'dependency'.
[4.121961] systemd[1]: local-fs.target: Triggering OnFailure= dependencies.
[4.123401] systemd[1]: Unnecessary job for /dev/ttyS0 was removed.
...
[  OK  ] Finished Wait for network to be configured by ifupdown.
[  OK  ] Reached target Network is Online.
You are in emergency mode. After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or "exit"
to boot into default mode.
Pro zah?jen? ?dr?by je t?eba zadat heslo u?ivatele root
(nebo stiskn?te Control-D, abyste pokra?ovali): [5.248793] 
memmap_init_zone_device initialised 16777216 pages in 420ms
[5.314247] powernow_k8: Power state transitions not supported
[5.315583] powernow_k8: Power state transitions not supported
[5.317332] powernow_k8: Power state transitions not supported
[5.318399] powernow_k8: Power state transitions not supported
[5.319780] powernow_k8: Power state transitions not supported
[5.320470] powernow_k8: Power state transitions not supported
[5.321808] powernow_k8: Power state transitions not supported
[5.322814] powernow_k8: Power state transitions not supported
[5.323401] powernow_k8: Power state transitions not supported
[5.324588] powernow_k8: Power state transitions not supported
[5.326584] powernow_k8: Power state transitions not supported
[5.327963] powernow_k8: Power state transitions not supported
[5.331546] has_svm: can't execute cpuid_800a
[5.331999] kvm: no hardware support
[5.505193] powernow_k8: Power state transitions not supported
[5.507146] powernow_k8: Power state transitions not supported
[5.508985] powernow_k8: Power state transitions not supported
[5.510166] powernow_k8: Power state transitions not supported
[5.511310] powernow_k8: Power state transitions not supported
[5.512435] powernow_k8: Power state transitions not supported
[5.513593] powernow_k8: Power state transitions not supported
[5.514754] powernow_k8: Power state transitions not supported
...


Looks like a hardware / kernel problem.




OpenPGP_signature
Description: OpenPGP digital signature

Bug#989061: Update protobuf to new upstream 3.15.5 or later

2021-05-24 Thread Pirate Praveen 

Package: ruby-google-protobuf
Version: 3.14.0-1
Severity: wishlist

I'm trying to update ruby-pg-query to 2.0.3 (required for gitlab 
13.12.0) and build fails with


/usr/lib/ruby/vendor_ruby/rubygems/dependency.rb:307:in `to_specs': 
Could not find 'google-protobuf' (~> 3.15.5) among 57 total gem(s) 
(Gem::MissingSpecError)


Please update protobuf to 3.15.5 or later. I'd be happy to help with 
the update if required.

Bug#989062: CVE-2021-25287 CVE-2021-25288 CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678

2021-05-24 Thread Moritz Muehlenhoff 
Source: pillow
Version: 8.1.2+dfsg-0.1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team 

Fixed in experimental, but open for bullseye/sid:

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87

Cheers,
 Moritz

Bug#987430: upgrade-reports: KDE Plasma without panels and without background after upgrade from Buster to Bullseye

2021-05-24 Thread Norbert Preining 
Hi Malvin,

> > > I have now upgraded three different machines from (fully updated) Buster
> > > to Bullseye, and all three times KDE Plasma was not usable afterwards.

And I have now tried the update myself, successfully:
- install debian buster wit KDE desktop
- log into plasma, play around
- do as you suggested
apt upgrade --without-new-pkgs && apt full-upgrade
- reboot
- log into plasma, this takes a bit of time in my VM, but
  at the end Plasma is running without visual glitches and errors.

Are you sure you have rebooted after the update?

And, the question is even more interesting now:

> Do you know which set of packages you had installed? Which meta-package?

Best

Norbert

--
PREINING Norbert  https://www.preining.info
Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#989060: CVE-2021-28902 CVE-2021-28903 CVE-2021-28904 CVE-2021-28905 CVE-2021-28906

2021-05-24 Thread Moritz Muehlenhoff 
Source: libyang
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team 

CVE-2021-28906
https://github.com/CESNET/libyang/issues/1455

CVE-2021-28905
https://github.com/CESNET/libyang/issues/1452

CVE-2021-28904
https://github.com/CESNET/libyang/issues/1451

CVE-2021-28903
https://github.com/CESNET/libyang/issues/1453

CVE-2021-28902
https://github.com/CESNET/libyang/issues/1454

Cheers,
 Moritz

Bug#989057: udev doesn't create /dev/fd symlink

2021-05-24 Thread Mikulas Patocka 



On Mon, 24 May 2021, Michael Biebl wrote:

> Am 24.05.2021 um 21:26 schrieb Mikulas Patocka:
> 
> > Init: sysvinit (via /sbin/init)
> 
> systemd does create those symlinks.
> I was told, sysvinit (initscripts) would do the same.
> 
> Can you reproduce the issue with systemd as PID 1?

With systemd, the virtual machine doesn't boot at all:

[0.00] Linux version 5.10.0-7-amd64 (debian-ker...@lists.debian.org) 
(gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 
2.35.2) #1 SMP Debian 5.10.38-1 (2021-05-20)
...
[4.104601] systemd[1]: Mounted POSIX Message Queue File System.
[  OK  106248] EXT4-fs (vda1): re-mounted. Opts: errors=remount-ro
0m] Mounted 107636] ext4 filesystem being remounted at / supports timestamps 
until 2038 (0x7fff)
1;39mPOSIX Message Queue File System.
[4.111005] systemd[1]: sys-kernel-config.mount: Mount process exited, 
code=exited, status=32/n/a
[4.113135] systemd[1]: sys-kernel-config.mount: Failed with result 
'exit-code'.
[4.117080] systemd[1]: Failed to mount /sys/kernel/config.
[FAILED] Failed to mount /sys/kernel/config.
See 'systemctl status sys-kernel-config.mount' for details.
[4.119687] systemd[1]: Dependency failed for Local File Systems.
[DEPEND] Dependency failed for Local File Systems.
[4.120938] systemd[1]: local-fs.target: Job local-fs.target/start failed 
with result 'dependency'.
[4.121961] systemd[1]: local-fs.target: Triggering OnFailure= dependencies.
[4.123401] systemd[1]: Unnecessary job for /dev/ttyS0 was removed.
...
[  OK  ] Finished Wait for network to be configured by ifupdown.
[  OK  ] Reached target Network is Online.
You are in emergency mode. After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or "exit"
to boot into default mode.
Pro zah?jen? ?dr?by je t?eba zadat heslo u?ivatele root
(nebo stiskn?te Control-D, abyste pokra?ovali): [5.248793] 
memmap_init_zone_device initialised 16777216 pages in 420ms
[5.314247] powernow_k8: Power state transitions not supported
[5.315583] powernow_k8: Power state transitions not supported
[5.317332] powernow_k8: Power state transitions not supported
[5.318399] powernow_k8: Power state transitions not supported
[5.319780] powernow_k8: Power state transitions not supported
[5.320470] powernow_k8: Power state transitions not supported
[5.321808] powernow_k8: Power state transitions not supported
[5.322814] powernow_k8: Power state transitions not supported
[5.323401] powernow_k8: Power state transitions not supported
[5.324588] powernow_k8: Power state transitions not supported
[5.326584] powernow_k8: Power state transitions not supported
[5.327963] powernow_k8: Power state transitions not supported
[5.331546] has_svm: can't execute cpuid_800a
[5.331999] kvm: no hardware support
[5.505193] powernow_k8: Power state transitions not supported
[5.507146] powernow_k8: Power state transitions not supported
[5.508985] powernow_k8: Power state transitions not supported
[5.510166] powernow_k8: Power state transitions not supported
[5.511310] powernow_k8: Power state transitions not supported
[5.512435] powernow_k8: Power state transitions not supported
[5.513593] powernow_k8: Power state transitions not supported
[5.514754] powernow_k8: Power state transitions not supported
...

it says that it's waiting for root password, but it locks up.

Mikulas

Bug#988886: adminer: CVE-2021-29625: XSS in doc_link

2021-05-24 Thread Moritz Mühlenhoff 
Am Fri, May 21, 2021 at 12:39:42PM +0200 schrieb Alexandre Rossi:
> bullseye : this bug is not RC, so no update.

Security bugs can still be fixed in they are sensibly backportable,
even if not RC. Simply upload to unstable and ask for an unblock.

Cheers,
Moritz

Bug#989045: gnome-control-center: Region+Language panel segfault after trying to add new input source

2021-05-24 Thread Simon McVittie 
On Mon, 24 May 2021 at 16:46:54 +0100, Will Tuladhar-Douglas wrote:
> Whenever gnome control panel is open to the Language and Region screen,
> if one selects the "+" icon to add a new input source, there's a
> segfault.

This isn't crashing for me, but I might be able to get
somewhere with it if you can provide a backtrace from the crash?
https://wiki.debian.org/HowToGetABacktrace might be useful information.

Thanks,
smcv

Bug#989059: intel-mkl: autopkgtest regression since February 2021: libgcc-8-dev removed

2021-05-24 Thread Paul Gevers 
Source: intel-mkl
Version: 2020.4.304-1
User: debian...@lists.debian.org
Usertags: regression
X-Debbugs-CC: debian...@lists.debian.org

Dear maintainer,

Your package has an autopkgtest, great! However, since the beginning of
this year it started to fail [1]. Looking at the error, it's because
libgcc-8-dev was removed. Can you fix the situation?

Paul

[1] https://ci.debian.net/packages/i/intel-mkl/

https://ci.debian.net/data/autopkgtest/testing/i386/i/intel-mkl/12570784/log.gz

autopkgtest [18:33:06]: test command3: preparing testbed
autopkgtest [18:33:21]:  test bed setup
Get:1 http://deb.debian.org/debian testing InRelease [146 kB]
Get:2 http://deb.debian.org/debian-debug testing-debug InRelease [40.3 kB]
Get:3 http://incoming.debian.org/debian-buildd
buildd-testing-proposed-updates InRelease [24.0 kB]
Get:4 http://deb.debian.org/debian testing/main Sources.diff/Index [63.6 kB]
Get:5 http://deb.debian.org/debian testing/main i386 Packages.diff/Index
[63.6 kB]
Get:6 http://deb.debian.org/debian testing/main Sources
T-2021-05-24-1400.51-F-2021-05-24-1400.51.pdiff [33 B]
Get:6 http://deb.debian.org/debian testing/main Sources
T-2021-05-24-1400.51-F-2021-05-24-1400.51.pdiff [33 B]
Get:7 http://deb.debian.org/debian testing/main i386 Packages
T-2021-05-24-1400.51-F-2021-05-24-1400.51.pdiff [33 B]
Get:7 http://deb.debian.org/debian testing/main i386 Packages
T-2021-05-24-1400.51-F-2021-05-24-1400.51.pdiff [33 B]
Fetched 337 kB in 5s (62.2 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists...
Building dependency tree...
Reading state information...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
autopkgtest [18:33:29]: testbed dpkg architecture: i386
Reading package lists...
Building dependency tree...
Reading state information...
Correcting dependencies...Starting pkgProblemResolver with broken count: 1
Starting 2 pkgProblemResolver with broken count: 1
Investigating (0) autopkgtest-satdep:i386 < 0 @iU mK Nb Ib >
Broken autopkgtest-satdep:i386 Depends on libgcc-8-dev:i386 < none @un H >
  Removing autopkgtest-satdep:i386 because I can't find libgcc-8-dev:i386
Broken autopkgtest-satdep:i386 Depends on libgcc-7-dev:i386 < none @un H >
  Removing autopkgtest-satdep:i386 because I can't find libgcc-7-dev:i386
Broken autopkgtest-satdep:i386 Depends on libgcc-6-dev:i386 < none @un H >
  Removing autopkgtest-satdep:i386 because I can't find libgcc-6-dev:i386
  Or group remove for autopkgtest-satdep:i386
Done
 Done
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
The following additional packages will be installed:
  build-essential cpp cpp-10 g++ g++-10 gcc gcc-10 libasan6 libatomic1
  libc-dev-bin libc6-dev libcc1-0 libcrypt-dev libgcc-10-dev libgomp1
libisl23
  libitm1 libmpc3 libmpfr6 libnsl-dev libquadmath0 libstdc++-10-dev
  libtirpc-dev libubsan1 linux-libc-dev
Suggested packages:
  cpp-doc gcc-10-locales g++-multilib g++-10-multilib gcc-10-doc
gcc-multilib
  manpages-dev autoconf automake libtool flex bison gdb gcc-doc
  gcc-10-multilib glibc-doc libstdc++-10-doc
Recommended packages:
  manpages manpages-dev libc-devtools
The following packages will be REMOVED:
  autopkgtest-satdep
The following NEW packages will be installed:
  build-essential cpp cpp-10 g++ g++-10 gcc gcc-10 libasan6 libatomic1
  libc-dev-bin libc6-dev libcc1-0 libcrypt-dev libgcc-10-dev libgomp1
libisl23
  libitm1 libmpc3 libmpfr6 libnsl-dev libquadmath0 libstdc++-10-dev
  libtirpc-dev libubsan1 linux-libc-dev
0 upgraded, 25 newly installed, 1 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 52.8 MB of archives.
After this operation, 190 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian testing/main i386 libc-dev-bin i386
2.31-12 [278 kB]
Get:2 http://deb.debian.org/debian testing/main i386 linux-libc-dev i386
5.10.28-1 [1,319 kB]
Get:3 http://deb.debian.org/debian testing/main i386 libcrypt-dev i386
1:4.4.18-4 [116 kB]
Get:4 http://deb.debian.org/debian testing/main i386 libtirpc-dev i386
1.3.1-1 [201 kB]
Get:5 http://deb.debian.org/debian testing/main i386 libnsl-dev i386
1.3.0-2 [70.6 kB]
Get:6 http://deb.debian.org/debian testing/main i386 libc6-dev i386
2.31-12 [3,776 kB]
Get:7 http://deb.debian.org/debian testing/main i386 libisl23 i386
0.23-1 [699 kB]
Get:8 http://deb.debian.org/debian testing/main i386 libmpfr6 i386
4.1.0-3 [2,045 kB]
Get:9 http://deb.debian.org/debian testing/main i386 libmpc3 i386
1.2.0-1 [49.9 kB]
Get:10 http://deb.debian.org/debian testing/main i386 cpp-10 i386
10.2.1-6 [9,052 kB]
Get:11 http://deb.debian.org/debian testing/main i386 cpp i386
4:10.2.1-1 [19.8 kB]
Get:12 http://deb.debian.org/debian testing/main i386 libcc1-0 i386
10.2.1-6 [48.5 kB]
Get:13 http://deb.debian.org/debian testing/main

Bug#932177: Please include apparmor profile directly in the package

2021-05-24 Thread Eduard Bloch 
Hallo,
* Laurent Bigonville [Tue, Jul 16 2019, 11:55:52AM]:
> Package: apt-cacher-ng
> Version: 3.2-2
> Severity: wishlist
>
> Hi,
>
> Currectly, the apparmor-profiles-extra package includes a profile for
> apt-cacher-ng (/etc/apparmor.d/usr.sbin.apt-cacher-ng)
>
> IMVHO, it would be better if it was included (and maintained) directly
> inside the apt-cacher-ng.
>
> Could you please see at moving the profile in this package?

Yes.

In case you have instructions on the proper process to get this fixed,
please let me know. Just creating a replacement for their conffile feels
like the wrong way to go.

Some apparmor weirdness has hit me on one of my systems recently and I
would like to have it solved properly. I worked around that with
/etc/apparmor.d/local/usr.sbin.apt-cacher-ng for now but it's messy.

I actually don't like apparmor people secretly creating a profile for
apt-cacher-ng instead of telling the maintainer to fix it properly. On
the other hand, apparmor maintenance seems to be a case for the MIA
team, their contact address is still an Alioth mailing list.

Best regards,
Eduard.

Bug#989057: udev doesn't create /dev/fd symlink

2021-05-24 Thread Michael Biebl 

Am 24.05.2021 um 21:26 schrieb Mikulas Patocka:


Init: sysvinit (via /sbin/init)


systemd does create those symlinks.
I was told, sysvinit (initscripts) would do the same.

Can you reproduce the issue with systemd as PID 1?

Bug#989058: dumpasn1: new upstream version 20200928

2021-05-24 Thread Daniel Kahn Gillmor 
Package: dumpasn1
Version: 20191022-2
Severity: wishlist
Tags: patch

Peter Gutmann released dumpasn1 20200928 last year.  It'd be great to
have it in debian, as it includes a default configuration with many more
OIDs than the version currently patched.

I looked into the packaging and it looks like a straightforward upgrade.

In reviewing the two outstanding patches, i realized that they're
actually the same feature (handling non-ASCII strings) -- one was a
cleanup of the other patch, so i consolidated them.

I also updated to dh 13, trimmed out unused files for debian packaging,
added a couple build-time and runtime tests to exercise the non-ASCII
handling.

I'm attaching a consolidated diff here, but I've pushed my edits to the
debian/experimental branch in salsa so the individual commits have
better detail.

Mathieu, given that you're listed at
https://wiki.debian.org/LowThresholdNmu, i'll probably NMU the update to
experimental DELAYED/7 shortly unless I hear an objection (i'm sure this
kind of change is too much to expect in unstable during the freeze).
Feel free to reject it if there are problems, my feelings won't be hurt,
and I'd be happy to learn what you prefer.

Regards,

--dkg

diff --git a/debian/changelog b/debian/changelog
index 59fab36..996f357 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+dumpasn1 (20200928-0.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload
+  * New upstream release
+  * use https:// in debian-specific files
+  * move to idiomatic dh 13
+  * bump standards-version to 4.5.1 (no changes needed)
+  * Rules-Requires-Root: no
+  * add hardening features
+  * build and clean up generated manpage
+  * d/copyright: move to DEP 5
+  * drop unneeded files from debian/
+  * wrap-and-sort -ast
+  * add tests (both build-time and autopkgtest) covering certificates
+with UTF8Strings and BMPStrings
+  * get-orig-source: avoid using deprecated $GZIP env var
+  * refresh and consolidate patches
+
+ -- Daniel Kahn Gillmor   Mon, 24 May 2021 14:13:11 -0400
+
 dumpasn1 (20191022-2) unstable; urgency=medium
 
   * d/rules: Make sure to build man page during build
@@ -27,13 +47,13 @@ dumpasn1 (20170309-1) unstable; urgency=medium
 
 dumpasn1 (20150808-3) unstable; urgency=medium
 
-  * Really fix segfaults on valid certificate. Closes: #840771 
+  * Really fix segfaults on valid certificate. Closes: #840771
 
  -- Mathieu Malaterre   Thu, 20 Oct 2016 09:18:29 +0200
 
 dumpasn1 (20150808-2) unstable; urgency=medium
 
-  * Fix segfaults on valid certificate. Closes: #840771 
+  * Fix segfaults on valid certificate. Closes: #840771
   * Bump Std-Vers to 3.9.8, no changes needed
 
  -- Mathieu Malaterre   Wed, 19 Oct 2016 20:33:47 +0200
@@ -120,4 +140,3 @@ dumpasn1 (20020612-1) unstable; urgency=low
   * Initial Release.
 
  -- Oliver Kurth   Mon,  2 Sep 2002 17:13:04 +0200
-
diff --git a/debian/clean b/debian/clean
index bdc3274..b2eca8a 100644
--- a/debian/clean
+++ b/debian/clean
@@ -1,2 +1,4 @@
 dumpasn1
 Makefile
+debian/dumpasn1.1
+dumpasn1.o
diff --git a/debian/compat b/debian/compat
deleted file mode 100644
index ec63514..000
--- a/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-9
diff --git a/debian/control b/debian/control
index 4870ded..a3ebc8b 100644
--- a/debian/control
+++ b/debian/control
@@ -2,15 +2,21 @@ Source: dumpasn1
 Section: utils
 Priority: optional
 Maintainer: Mathieu Malaterre 
-Build-Depends: debhelper (>= 9), help2man
-Homepage: http://www.cs.auckland.ac.nz/~pgut001/
+Build-Depends:
+ debhelper-compat (= 13),
+ help2man,
+ valgrind ,
+Homepage: https://www.cs.auckland.ac.nz/~pgut001/
 Vcs-Git: https://salsa.debian.org/debian/dumpasn1.git
 Vcs-Browser: https://salsa.debian.org/debian/dumpasn1
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
+Rules-Requires-Root: no
 
 Package: dumpasn1
 Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
 Description: ASN.1 object dump program
  An ASN.1 object dump program which will dump data encoded using any of the
  ASN.1 encoding rules in a variety of user-specified formats.
diff --git a/debian/copyright b/debian/copyright
index 7c6df59..3844b49 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,27 +1,38 @@
-This package was debianized by Oliver Kurth  on
-Mon,  2 Sep 2002 17:13:04 +0200.
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: dumpasn1
+Upstream-Contact: Peter Gutmann 
+Source: https://www.cs.auckland.ac.nz/~pgut001/
 
-It was downloaded from http://www.cs.auckland.ac.nz/~pgut001/
+Files: *
+Copyright: 1997-2020 dumpasn1 authors, including Peter Gutmann,
+ David Kemp,
+ Matthew Hamrick,
+ Bruno Couillard,
+ Hallvard Furuseth,
+ Geoff Thorpe,
+ David Boyce,
+ John Hughes,
+ 'Life is hard, and then you die',
+ Hans-Olof Hermansson,
+ Tor Rustad,
+ Kjetil Barvik,
+ James Sweeny,
+ Chris Ridd,
+ David Lemley,
+ John Tobey,
+ James Manger,
+ Igor Perminov
+License:

Bug#987906: release-notes: mention non-deterministic SCSI device probing?

2021-05-24 Thread Paul Gevers 
Control: tags -1 patch

Hi,

On 01-05-2021 22:55, Lucas Nussbaum wrote:
> One of the change that occured in the kernel side since bullseye that is
> SCSI device probing is now non-deterministic.
> 
> We have been bitten by that at $dayjob because we were still relying on
> disks ordering (sda, sdb) in some stuff.
> 
> There's a discussion about that in
> https://lore.kernel.org/lkml/59eedd28-25d4-7899-7c3c-89fe7fdd4...@acm.org/t/
> 
> The change occured upstream in kernel 5.3.

How does the attached proposed text look?

Paul
From df7f0fb0480b40306464b9cb38299209577f8220 Mon Sep 17 00:00:00 2001
From: Paul Gevers 
Date: Mon, 24 May 2021 21:37:03 +0200
Subject: [PATCH] issues.dbk: scsi order non-deterministic

Closes: #987906
---
 en/issues.dbk | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/en/issues.dbk b/en/issues.dbk
index 43c9534e..a763a016 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -408,6 +408,17 @@ data = ${lookup{$local_part}lsearch{/some/path/$domain_data/aliases}}
 
   
 
+  
+SCSI device probing is non-deterministic
+
+  Due to changes in Linux, the probing of SCSI devices is no
+  longer deteministic. This can be an issue for installations that
+  rely on the disk order. The https://lore.kernel.org/lkml/59eedd28-25d4-7899-7c3c-89fe7fdd4...@acm.org/;>Linux
+  Kernel Mail List suggests two solutions.
+
+  
+
   
   Things to do post upgrade before rebooting
   
-- 
2.30.2



OpenPGP_signature
Description: OpenPGP digital signature

Bug#989057: udev doesn't create /dev/fd symlink

2021-05-24 Thread Mikulas Patocka 
Package: udev
Version: 248.3-1
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

I ran lvm2 testsuite and every test fails. I analyzed the problem, it turns out
that the "/dev/fd" symlink is missing and bash depends on it when processing
redirects from processes. Non-working redirects cause testsuite failures.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Type this command:
bash -c 'cat < <(echo x)'

   * What was the outcome of this action?

bash: line 1: /dev/fd/63: No such file or directory

   * What outcome did you expect instead?

It should print the letter 'x'

The symlin /dev/fd should point to /proc/self/fd

*** End of the template - remove these template lines ***


-- Package-specific info:

-- System Information:
Debian Release: 11.0
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32, riscv64

Kernel: Linux 5.12.0 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages udev depends on:
ii  adduser  3.118
ii  dpkg 1.20.9
ii  libacl1  2.2.53-10
ii  libblkid12.36.1-7
ii  libc62.31-12
ii  libkmod2 28-1
ii  libselinux1  3.1-3
ii  libudev1 248.3-1
ii  util-linux   2.36.1-7

udev recommends no packages.

udev suggests no packages.

Versions of packages udev is related to:
pn  systemd  

-- debconf information:
  udev/sysfs_deprecated_incompatibility:
  udev/new_kernel_needed: false
  udev/title/upgrade:
  udev/reboot_needed:
P: /devices/LNXSYSTM:00
L: 0
E: DEVPATH=/devices/LNXSYSTM:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXSYSTM:
E: USEC_INITIALIZED=2353104
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXPWRBN:00
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00
E: SUBSYSTEM=acpi
E: DRIVER=button
E: MODALIAS=acpi:LNXPWRBN:
E: USEC_INITIALIZED=2353831
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXPWRBN:00/input/input3
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00/input/input3
E: SUBSYSTEM=input
E: PRODUCT=19/0/1/0
E: NAME="Power Button"
E: PHYS="LNXPWRBN/button/input0"
E: PROP=0
E: EV=3
E: KEY=10 0 0 0
E: MODALIAS=input:b0019vp0001e-e0,1,k74,ramlsfw
E: USEC_INITIALIZED=2382582
E: ID_INPUT=1
E: ID_INPUT_KEY=1
E: ID_PATH=acpi-LNXPWRBN:00
E: ID_PATH_TAG=acpi-LNXPWRBN_00

P: /devices/LNXSYSTM:00/LNXPWRBN:00/input/input3/event2
N: input/event2
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00/input/input3/event2
E: SUBSYSTEM=input
E: DEVNAME=/dev/input/event2
E: MAJOR=13
E: MINOR=66
E: USEC_INITIALIZED=2537330
E: ID_INPUT=1
E: ID_INPUT_KEY=1
E: ID_PATH=acpi-LNXPWRBN:00
E: ID_PATH_TAG=acpi-LNXPWRBN_00
E: TAGS=:power-switch:
E: CURRENT_TAGS=:power-switch:

P: /devices/LNXSYSTM:00/LNXSYBUS:00
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXSYBUS:
E: USEC_INITIALIZED=2354117
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:00
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=2355483
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:01
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:01
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=2355074
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:02
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:02
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=2355905
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:03
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:03
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=2355129
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:04
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:04
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=2355133
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:05
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:05
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=2355058
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:06
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:06
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=2354817
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:07
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/LNXCPU:07
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=2355478
E:

Bug#989047: lynx: broken handling (double slashes) of relative links

2021-05-24 Thread Thomas Dickey 
On Mon, May 24, 2021 at 07:21:45PM +0200, Thorsten Glaser wrote:
> Package: lynx
> Version: 2.9.0dev.6-2
> Severity: normal
> X-Debbugs-Cc: t...@mirbsd.de
> 
> Affected: Lynx Version 2.9.0dev.6 (Debian 2.9.0dev.6-2)
> Not affected: Lynx Version 2.8.8dev.16-MirOS-0AB8.1
> 
> $ lynx http://www.mirbsd.org/permalinks/wlog2020_e20210207.htm
> 
> In Advanced mode, naviate to link #68 “locale(1)” and watch the
> status bar.
> 
> Affected:
> -more- http://www.mirbsd.org//htman/i386/man1/locale.htm  
>
> 
> Not affected:
> -more- http://www.mirbsd.org/htman/i386/man1/locale.htm   
>
> 
> So this is a recent regression.

That's since three and a half years ago (perhaps a more recent
version is okay).

2017-07-10 (2.8.9dev.16)
2020-09-05 (2.9.0dev.6)
 
> Corresponding HTML source:
> 
> […]
> In a next step libc will have a binary toggle between C
>  and C.UTF-8 (somewhat again),  href="../htman/i386/man1/locale.htm" class="manlink">locale(1) and
> […]

-- 
Thomas E. Dickey 
https://invisible-island.net
ftp://ftp.invisible-island.net


signature.asc
Description: PGP signature

Bug#988998: lava: autopkgtest needs update for new version of pyyaml

2021-05-24 Thread Paul Gevers 
Control: tags -1 - moreinfo

Hi Stefano,

On 23-05-2021 01:42, Stefano Rivera wrote:
> Hi Paul (2021.05.22_15:22:35_-0400)
>> Currently this regression is blocking the migration of pyyaml to testing
>> [1]. Of course, pyyaml shouldn't just break your autopkgtest (or even
>> worse, your package), but it seems to me that the change in pyyaml was
>> intended and your package needs to update to the new situation.

Lava got fixed in unstable and I expect it to migrate (will keep an eye).

Unblocked.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#989056: rabbitmq-server: CVE-2021-22116: improper input validation may lead to DoS

2021-05-24 Thread Salvatore Bonaccorso 
Source: rabbitmq-server
Version: 3.8.9-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for rabbitmq-server.

CVE-2021-22116[0]:
| improper input validation may lead to DoS

Reference is at [1] though this does not provide any further
information on the fixing commit only that all versions prior to
3.8.16 are affected. [2] is as well not helpful.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-22116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22116
[1] https://tanzu.vmware.com/security/cve-2021-22116
[2] https://github.com/rabbitmq/rabbitmq-server/compare/v3.8.15...v3.8.16

Please adjust the affected versions in the BTS as needed.

Can you try to get more information on the issue?

Regards,
Salvatore

Bug#989055: libapache2-mod-auth-openidc: CVE-2021-20718

2021-05-24 Thread Salvatore Bonaccorso 
Source: libapache2-mod-auth-openidc
Version: 2.4.4.1-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libapache2-mod-auth-openidc.

CVE-2021-20718[0]:
| mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a
| denial-of-service (DoS) condition via unspecified vectors.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-20718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20718
[1] https://jvn.jp/en/jp/JVN49704918/index.html
[2] 
https://github.com/zmartzone/mod_auth_openidc/commit/5ef1b0a74208fcb43a16795d0afc94c3d54cd120

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#989054: puma: CVE-2021-29509: Keepalive Connections Causing Denial Of Service in puma

2021-05-24 Thread Salvatore Bonaccorso 
Source: puma
Version: 4.3.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for puma, it is caused due
to an incomplete fix for CVE-2019-16770.

CVE-2021-29509[0]:
| Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The
| fix for CVE-2019-16770 was incomplete. The original fix only protected
| existing connections that had already been accepted from having their
| requests starved by greedy persistent-connections saturating all
| threads in the same process. However, new connections may still be
| starved by greedy persistent-connections saturating all threads in all
| processes in the cluster. A `puma` server which received more
| concurrent `keep-alive` connections than the server had threads in its
| threadpool would service only a subset of connections, denying service
| to the unserved connections. This problem has been fixed in `puma`
| 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue.
| This is not advised when using `puma` without a reverse proxy, such as
| `nginx` or `apache`, because you will open yourself to slow client
| attacks (e.g. slowloris). The fix is very small and a git patch is
| available for those using unsupported versions of Puma.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-29509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29509
[1] https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
[2] https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1

2021-05-24 Thread Paul Gevers 
Hi Roger,

On 24-05-2021 19:05, Roger Shimizu wrote:
>> control: retitle -1 unblock: broadcom-sta/6.30.223.271-17
>>
>> unblock broadcom-sta/6.30.223.271-17
> 
> ping.
> 
> I'm asking because this package is marked as autoremoval from testing
> on June 8th.

Although of course slightly annoying for you, you can postpone
autoremoval by showing activity in the RC bug that triggered the
autoremoval process. Don't leave this to the last hours, the information
may not pass to the right place in time.

> Is there any concern regarding to the unblocking?

I haven't looked at it yet. We'll get to it.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#989052: wims-lti: [INTL:nl] Dutch translation of debconf messages

2021-05-24 Thread Frans Spiesschaert 
 
 
Package: wims-lti 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the updated Dutch translation of wims-lti debconf
messages. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as debian/po/nl.po in your package build tree. 
 
-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-24 Thread Paul Gevers 
Hi,

On 23-05-2021 08:55, Bill Allombert wrote:
> On Sat, May 22, 2021 at 11:01:54PM +0200, Paul Gevers wrote:
>> Hi Bill,
>>
>> On 22-05-2021 21:42, Bill Allombert wrote:
>>> Do you have a list of packages whose upgrade triggers this issue ?
>>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?att=2;bug=988003;filename=Samantha_upgrade_logs.tar.gz;msg=5
>> has a dpkg-get-selection file with the list of installed packages.
> 
> Unfortunately, I do not have enough diskspace try to reproduce it
> right now.
> 
> Generally to find out why a package foo is not upgraded, one do
> apt-get install guile-2.2-libs
> and see what apt reports.

I have used the dpkg-get-selections as input in a stable lxc, changed
the distribution to bullseye, done an $(apt upgrade --without-new-pkgs)
and then tried to run $(apt-get install guile-2.2-libs). Please find the
output below. I *guess* the suspecting things are the pieces which "will
be removed". Do we see anything suspicious?

I'll keep the container for some days (if I don't need the disk space).

Paul

root@stable:/# apt-get install guile-2.2-libs
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer
required:
  libcodec2-0.8.1 libnvpair1linux libuutil1linux libzfs2linux libzpool2linux
  linux-headers-4.19.0-16-common python3.7-minimal
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  binutils binutils-common binutils-x86-64-linux-gnu coinor-libcbc3
coinor-libcoinmp1v5 cpp
  cpp-10 cups cups-client cups-core-drivers cups-daemon cups-ipp-utils
fcitx-frontend-qt5
  firebird3.0-common firebird3.0-common-doc firebird3.0-server-core
firebird3.0-utils
  fonts-urw-base35 g++ g++-10 gcc gcc-10 gcc-10-base gdc gdc-10 gfortran
gfortran-10
  gir1.2-gst-plugins-base-1.0 gir1.2-gstreamer-1.0 gnat gnat-10
gstreamer1.0-plugins-bad
  hplip hplip-data libalgorithm-diff-xs-perl libapt-pkg6.0 libasan6
libatomic1 libavcodec58
  libavfilter7 libavformat58 libavresample4 libavutil56 libbabl-0.1-0
libbinutils
  libbrlapi0.8 libc-bin libc-dev-bin libc6 libc6-dbg libc6-dev
libc6-i386 libcairo-perl
  libcbor0 libcc1-0 libcodec2-0.9 libcrypt-dev libcrypt1 libcryptsetup12
libctf-nobfd0
  libctf0 libcups2 libcupsimage2 libdav1d4 libdc1394-25
libdouble-conversion3 libdvdread8
  libextutils-depends-perl libextutils-pkgconfig-perl libfbclient2
libffi7 libfido2-1
  libfile-fcntllock-perl libfluidsynth2 libgc1 libgcc-10-dev libgcc-s1
libgdk-pixbuf-2.0-0
  libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common
libgegl-0.4-0
  libgfortran-10-dev libgfortran5 libgirepository-1.0-1 libglib-perl
libglib2.0-0
  libglib2.0-bin libgnat-10 libgnat-util10 libgnutls30 libgomp1 libgpgmepp6
  libgphobos-10-dev libgphobos-dev libgphobos1 libgstreamer-gl1.0-0
  libgstreamer-plugins-bad1.0-0 libgstreamer-plugins-base1.0-0
libgstreamer1.0-0
  libhogweed6 libhpmud0 libhtml-parser-perl libib-util libicu67 libilmbase25
  libinstpatch-1.0-2 libip4tc2 libisl23 libitm1 libjson-c5
libkf5archive5 libkf5attica5
  libkf5auth-data libkf5codecs-data libkf5codecs5 libkf5completion-data
libkf5completion5
  libkf5config-data libkf5configcore5 libkf5configgui5
libkf5configwidgets-data
  libkf5coreaddons-data libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-data
  libkf5dbusaddons5 libkf5guiaddons5 libkf5i18n-data libkf5i18n5
libkf5iconthemes-data
  libkf5itemviews-data libkf5itemviews5 libkf5jobwidgets-data
libkf5jobwidgets5
  libkf5notifications-data libkf5notifications5 libkf5parts-data
libkf5service-data
  libkf5service5 libkf5textwidgets-data libkf5wallet-data libkf5wallet5
  libkf5widgetsaddons-data libkf5widgetsaddons5 libkf5windowsystem-data
libkf5windowsystem5
  libkf5xmlgui-data libkwalletbackend5-5 liblocale-gettext-perl liblsan0
libltc11
  libmailutils7 libmd4c0 libmfx1 libmpdec3 libmysofa1 libnet-dbus-perl
libnet-ssleay-perl
  libnettle8 libnm0 libnma-common libnma0 libnsl-dev libnsl2
libnss-mymachines libnss-nis
  libnss-nisplus libobjc4 libopenexr25 libopenni2-0 libp11-kit0
libpango-perl libperl5.32
  libpocketsphinx3 libpostproc55 libpython3-stdlib libpython3.9
libpython3.9-minimal
  libpython3.9-stdlib libqt5core5a libqt5dbus5 libqt5designer5
libqt5gui5 libqt5help5
  libqt5multimedia5 libqt5multimedia5-plugins libqt5multimediagsttools5
  libqt5multimediawidgets5 libqt5network5 libqt5opengl5 libqt5positioning5
  libqt5printsupport5 libqt5qml5 libqt5qmlmodels5 libqt5quick5
libqt5script5 libqt5sensors5
  libqt5sql5 libqt5sql5-sqlite libqt5svg5 libqt5test5 libqt5texttospeech5
  libqt5waylandclient5 libqt5waylandcompositor5 libqt5webchannel5
libqt5webkit5
  libqt5widgets5 libqt5x11extras5 libqt5xml5 libquadmath0 librabbitmq4
libraw20
  libreadline8 librubberband2 libsane-hpaio libsdl2-2.0-0 libsnmp40
libsphinxbase3
  libsrt1.4-gnutls libstdc++-10-dev libstdc++6 libsvn-perl
libswresample3 libswscale5
  libsystemd0 libtdb1 libtext-charwidth-perl libtext-iconv-perl

Bug#989040: linux-image-5.10.0-6-amd64: Missing CONFIG_AMD_MEM_ENCRYPT in kernel config makes SEV booting impossible

2021-05-24 Thread Louis Bouchard 

Package: src:linux
Version: 5.10.28-1
Severity: important

Dear Kernel team,

As previously reported in bug #959069 
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959069) for kernel 
5.5.0-2, the config parameter CONFIG_AMD_MEM_ENCRYPT is missing and, 
hence, booting an Debian Buster image in a SEV enabled VM is impossible.


No log may be provided as GRUB2 simply returns to the menu upon trying 
to boot the kernel.


Compilation of the kernel currently present in the testing pocket with 
this option enabled allows the kernel to boot normally.


Please include this kernel parameter so Debian Buster may be booted out 
of the box in a SEV enabled VM.


Kind regards,

...Louis Bouchard

-- Package-specific info:
** Version:
Linux version 5.10.0-6-amd64 (debian-ker...@lists.debian.org) (gcc-10 
(Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 
2.35.2) #1 SMP Debian 5.10.28-1 (2021-04-09)


** Command line:
BOOT_IMAGE=/boot/vmlinuz-5.10.0-6-amd64 
root=UUID=2a32edc5-aef2-4dcc-93ee-9cd605341279 ro console=tty0 
console=ttyS0,115200 earlyprintk=ttyS0,115200 scsi_mod.use_blk_mq=Y


** Not tainted

** Kernel log:
[1.157475] virtio_net virtio0 enp0s1: renamed from eth0
[1.160360] ahci :00:1f.2: version 3.0
[1.161125] ahci :00:1f.2: AHCI 0001. 32 slots 6 ports 1.5 
Gbps 0x3f impl SATA mode

[1.162382] ahci :00:1f.2: flags: 64bit ncq only
[1.164175] scsi host1: ahci
[1.164778] scsi host2: ahci
[1.165438] scsi host3: ahci
[1.166113] scsi host4: ahci
[1.166971] scsi host5: ahci
[1.167592] scsi host6: ahci
[1.168067] ata1: SATA max UDMA/133 abar m4096@0x9000 port 
0x9100 irq 31
[1.169210] ata2: SATA max UDMA/133 abar m4096@0x9000 port 
0x9180 irq 31
[1.170158] ata3: SATA max UDMA/133 abar m4096@0x9000 port 
0x9200 irq 31
[1.170983] ata4: SATA max UDMA/133 abar m4096@0x9000 port 
0x9280 irq 31
[1.171765] ata5: SATA max UDMA/133 abar m4096@0x9000 port 
0x9300 irq 31
[1.172612] ata6: SATA max UDMA/133 abar m4096@0x9000 port 
0x9380 irq 31

[1.180922] sd 0:0:0:0: Power-on or device reset occurred
[1.182051] sd 0:0:0:0: [sda] 19531250 512-byte logical blocks: (10.0 
GB/9.31 GiB)

[1.182860] sd 0:0:0:0: [sda] 4096-byte physical blocks
[1.183439] sd 0:0:0:0: [sda] Write Protect is off
[1.183945] sd 0:0:0:0: [sda] Mode Sense: 63 00 00 08
[1.183988] sd 0:0:0:0: [sda] Write cache: enabled, read cache: 
enabled, doesn't support DPO or FUA

[1.185019] sd 0:0:0:0: [sda] Optimal transfer size 4194304 bytes
[1.217913]  sda: sda1 sda14 sda15
[1.219876] sd 0:0:0:0: [sda] Attached SCSI disk
[1.485700] ata2: SATA link down (SStatus 0 SControl 300)
[1.487349] ata3: SATA link down (SStatus 0 SControl 300)
[1.488903] ata5: SATA link down (SStatus 0 SControl 300)
[1.490509] ata6: SATA link down (SStatus 0 SControl 300)
[1.492179] ata4: SATA link down (SStatus 0 SControl 300)
[1.493897] ata1: SATA link down (SStatus 0 SControl 300)
[1.671112] EXT4-fs (sda1): mounted filesystem with ordered data 
mode. Opts: (null)
[1.760312] Not activating Mandatory Access Control as 
/sbin/tomoyo-init does not exist.

[1.966827] systemd[1]: Inserted module 'autofs4'
[2.018048] systemd[1]: systemd 241 running in system mode. (+PAM 
+AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP 
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN 
-PCRE2 default-hierarchy=hybrid)

[2.023560] systemd[1]: Detected virtualization kvm.
[2.024855] systemd[1]: Detected architecture x86-64.
[2.044339] systemd[1]: Set hostname to .
[2.324858] systemd[1]: Reached target Remote File Systems.
[2.327595] systemd[1]: Started Forward Password Requests to Wall 
Directory Watch.

[2.331404] systemd[1]: Reached target System Time Synchronized.
[2.334587] systemd[1]: Listening on udev Kernel Socket.
[2.337157] systemd[1]: Listening on Journal Socket (/dev/log).
[2.340047] systemd[1]: Created slice system-getty.slice.
[2.396217] EXT4-fs (sda1): re-mounted. Opts: discard,errors=remount-ro
[2.407729] EXT4-fs (sda1): resizing filesystem from 2408634 to 
2408634 blocks
[2.434805] systemd-journald[459]: Received request to flush runtime 
journal from PID 1
[2.562550] input: Power Button as 
/devices/LNXSYSTM:00/LNXPWRBN:00/input/input4

[2.571579] pstore: Using crash dump compression: deflate
[2.572711] pstore: Registered efi as persistent store backend
[2.575821] iTCO_vendor_support: vendor-support=0
[2.581114] sd 0:0:0:0: Attached scsi generic sg0 type 0
[2.581344] ACPI: Power Button [PWRF]
[2.587588] iTCO_wdt: Intel TCO WatchDog Timer Driver v1.11
[2.588563] iTCO_wdt: Found a ICH9 TCO device (Version=2, TCOBASE=0x0660)
[2.590081] iTCO_wdt: initialized. heartbeat=30 sec (nowayout=0)
[2.673312] cryptd: max_cpu_qlen set to 1000
[2.693446] AVX2

Bug#989051: mrc: FTBFS on hppa - obj/mrc_rsrc.o created with wrong OS/ABI

2021-05-24 Thread John David Anglin 
Source: mrc
Version: 1.2.3-2
Severity: normal

Dear Maintainer,

The build fails with the following error:

make[1]: Entering directory '/<>'
>> mrc.cpp
>> dummy.cpp
g++ -std=c++17 -o mrc-bootstrap obj/mrc.o obj/dummy.o -L/usr/lib/hppa-linux-gnu 
-lboost_program_options 
./mrc-bootstrap -o obj/mrc_rsrc.o mrsrc.h
g++ -std=c++17 -o mrc obj/mrc.o obj/mrc_rsrc.o -L/usr/lib/hppa-linux-gnu 
-lboost_program_options 
/usr/bin/ld: unknown architecture of input file `obj/mrc_rsrc.o' is 
incompatible with hppa1.1 output
collect2: error: ld returned 1 exit status
make[1]: *** [GNUmakefile:87: mrc] Error 1

As far as I can tell, this occurs because obj/mrc_rsrc.o is created with the
wrong OS/ABI:

dave@mx3210:~/debian/mrc/mrc-1.2.3$ file obj/mrc_rsrc.o
obj/mrc_rsrc.o: ELF 32-bit MSB relocatable, PA-RISC, 1.1 version 1 (SYSV), not 
stripped

SYSV should be GNU/Linux:

dave@mx3210:~/debian/mrc/mrc-1.2.3$ file obj/mrc.o
obj/mrc.o: ELF 32-bit MSB relocatable, PA-RISC, 1.1 version 1 (GNU/Linux), with 
debug_info, not stripped

Not sure why this happens.

Regards,
Dave Anglin

-- System Information:
Debian Release: 11.0
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable')
Architecture: hppa (parisc64)

Kernel: Linux 5.10.39+ (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#989050: syncplay: Please consider splitting the package into a client and server package

2021-05-24 Thread Johannes Schauer Marin Rodrigues 
Package: syncplay
Version: 1.6.7+repack1-5
Severity: normal

Hi,

currently, the syncplay package includes the client as well as the
server. This means that a server installation also includes the heavy
dependencies that are only needed for the client. Installing syncplay on
a bare-bones Debian system requires 867 MB of additional disk space. If
the Python qt and the mpv|vlc Dependencies are omitted, only 68 MB
additional disk space is required. That's more than an order of
magnitude less. Besides the disk space, additional packages also
increase the attack surface of a server, especially the multimedia
packages required for mpv, vlc and qt.

Please consider creating a syncplay-server package with reduced
dependencies.

Thanks!

cheers, josch

Bug#989049: debspawn: privilege escalation via uid reuse

2021-05-24 Thread Helmut Grohne 
Package: debspawn
Severity: serious
Justification: security hole
Tags: security

When building a package using debspawn, it dynamically allocates a
system user that is used to perform the build. Since system users are
allocated sequentially, the chosen uid is very likely to collide with a
uid outside the nspawn container. This enables two possible privilege
escalations:

 * If an unprivileged user is entitled to perform builds via debspawn,
   she gains privileges of the build uid inside the container and this
   is an expected part of the security model of debspawn. However that
   same uid is very likely used outside of the container for a different
   purpose (usually a system daemon). A number of resources are shared
   between the outer os and the container despite being separated by a
   pid namespace. For instance, resource limits are shared. It is very
   likely that a privilege escalation from the build user inside the
   container to the service user (with same uid) is possible. The
   culprit here is the accidental sharing of uids for two different
   purposes.
 * Likewise, the privilege escalation works in the other direction. The
   service that shares its uid with the build user can simply kill build
   processes with any signal or change arbitrary files in the build
   tree. Again, it is the sharing of a uid that enables this.

I basically see two options for fixing this:
 * The build user is forced to use a uid that is not allocated
   elsewhere. pbuilder follows this approach and fixes a uid that is not
   normally allocated.
 * A user namespace would remap the uid space inside the container to a
   high, private uid range. While the build uid inside the container
   would equal a system user outside, the namespace would still separate
   them.

FD: Initial disclosure to Matthias and the security team happened on May
11th. Both agreed to publish the issue.

Helmut

Bug#983727: thinkfan should not ship an example in /etc/thinkfan.yaml

2021-05-24 Thread Michael Biebl 

Am 24.05.21 um 19:00 schrieb Michael Biebl:

Fwiw, I would do the following:
- Move /etc/thinkpad.yaml to /usr/share/doc/thinkpad/examples
- Do not remove /etc/thinkpad.conf (automatically) on upgrades


Or at least only remove it when it is unmodified[1] and do *not* rename 
it to dpkg-bak when modified. "dpkg-maintscript-helper rm_conffile" 
doesn't give you this behaviour [2], so you'd have to do it manually.


Regards,
Michael

[1] I *think* the default thinkpad.conf as previously shipped, did not 
really work out of the box. So removing it when unmodified seems safe.
[2] I think such a mode would be useful in dpkg-maintscript-helper. 
Probaly worth a wishlist bug report against dpkg.




OpenPGP_signature
Description: OpenPGP digital signature

Bug#989048: userv: client doesn't accept numeric UID on command line (probable doc bug)

2021-05-24 Thread Ben Harris 

Package: userv
Version: 1.2.0
Severity: normal

Dear Ian,

The userv spec, describing the command-line interface, says:


service-user specifies which user is to provide the service. The user
may be a login name or a numeric uid, or - to indicate that the
service user is to be the same as the calling user.


However, the option to provide a numeric UID doesn't work:

wraith:~$ id
uid=12528(bjh21) gid=12528(bjh21) groups=12528(bjh21)
wraith:~$ userv 12528 foo
userv: failure: requested service user `12528' is not a user

As far as I can tell, this is an error in the specification: there is 
nothing in the userv client code that even tries to handle a numeric UID 
passed on the command line.  The same error appears in the manual page.


-- System Information:
Debian Release: 11.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 5.10.0-5-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE 
not set

Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages userv depends on:
ii  libc6  2.31-12

userv recommends no packages.

userv suggests no packages.

-- no debconf information

--
Ben Harris, University of Cambridge Information Services.

Bug#989047: lynx: broken handling (double slashes) of relative links

2021-05-24 Thread Thorsten Glaser 
Package: lynx
Version: 2.9.0dev.6-2
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

Affected: Lynx Version 2.9.0dev.6 (Debian 2.9.0dev.6-2)
Not affected: Lynx Version 2.8.8dev.16-MirOS-0AB8.1

$ lynx http://www.mirbsd.org/permalinks/wlog2020_e20210207.htm

In Advanced mode, naviate to link #68 “locale(1)” and watch the
status bar.

Affected:
-more- http://www.mirbsd.org//htman/i386/man1/locale.htm
 

Not affected:
-more- http://www.mirbsd.org/htman/i386/man1/locale.htm 
 

So this is a recent regression.

Corresponding HTML source:

[…]
In a next step libc will have a binary toggle between C
 and C.UTF-8 (somewhat again), locale(1) and
[…]


-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 
'unstable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages lynx depends on:
ii  libbsd0   0.11.3-1
ii  libbz2-1.01.0.8-4
ii  libc6 2.31-12
ii  libgnutls30   3.7.1-4
ii  libidn11  1.33-3
ii  libncursesw6  6.2+20201114-2
ii  libtinfo6 6.2+20201114-2
ii  lynx-common   2.9.0dev.6-2
ii  zlib1g1:1.2.11.dfsg-2

Versions of packages lynx recommends:
ii  mime-support  3.66

lynx suggests no packages.

-- no debconf information

Bug#988627: unblock: broadcom-sta/6.30.223.271-16.1

2021-05-24 Thread Roger Shimizu 
> control: retitle -1 unblock: broadcom-sta/6.30.223.271-17
>
> unblock broadcom-sta/6.30.223.271-17

ping.

I'm asking because this package is marked as autoremoval from testing
on June 8th.
Is there any concern regarding to the unblocking?
Thank you!

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

Bug#983727: thinkfan should not ship an example in /etc/thinkfan.yaml

2021-05-24 Thread Michael Biebl 
Fwiw, I would do the following:
- Move /etc/thinkpad.yaml to /usr/share/doc/thinkpad/examples
- Do not remove /etc/thinkpad.conf (automatically) on upgrades
- Put up a big fat NEWS entry with instructions how to convert from
/etc/thinkpad.conf to /etc/thinkpad.yaml

I know, this will leave /etc/thinkpad.conf as obsolete conffile in
/var/lib/dpkg/status (and piuparts will probably complain), but that is an
ok compromise I think.

This will ensure, that users upgrading from the old version continue to have
a working setup and they can convert to the new format on their own.

Regards,
Michael



signature.asc
Description: This is a digitally signed message part

Bug#905456: Please create new list debian-clojure

2021-05-24 Thread Alexander Wirt 


Hi,

> On Wed, 10 Mar 2021 14:23:10 -0800 Elana Hashman  wrote:
> > On 2021-03-10 11:34, Alexander Wirt wrote:
> > > [...]
> > > Uh, oh. Yeah, please.
> >
> > There's been no objections since this email was last sent -- anyone on
> > the list who does not want to be migrated over to the new list, speak
> > now (privately emailing me) or forever hold your peace.
> 
> It's been a while since this^^, do you think we can proceed with the list
> creation/migration? Or are there still any blockers?
Ack, please send me the gpg encrypted list of subscribers and I will
provide the new list asap.

Thanks a lot

Alex

Bug#988967: unblock: mercurial/5.6.1-3

2021-05-24 Thread Stefano Rivera 
Control: retitle -1 unblock: mercurial/5.6.1-4

Made one more change to get a build on mips64el:

mercurial (5.6.1-4) unstable; urgency=medium

  * Revert -mno-lra workaround on mips64el, #871514 was fixed. Fixes
occasional FTBFS on mips64el.

 -- Stefano Rivera   Sun, 23 May 2021 08:37:06 -0400

It has now built on all release architectures.

diff --git a/debian/rules b/debian/rules
index 49272a8e..d6a5d5bc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -10,10 +10,6 @@
 PYVERS=$(shell py3versions -vs)
 PYVER_DEFAULT=$(shell py3versions -vd)
 include /usr/share/dpkg/architecture.mk
-ifeq ($(DEB_HOST_ARCH),mips64el)
-# Work around #871514
-export DEB_CFLAGS_MAINT_APPEND = -mno-lra
-endif
 
 override_dh_python3:
dh_python3 --shebang=/usr/bin/python3

unblock mercurial/5.6.1-4

SR

-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Bug#989046: libcurl3-gnutls: Please consider packaging 7.76.1

2021-05-24 Thread Colm Buckley 
Package: libcurl3-gnutls
Version: 7.74.0-1.2~bpo10+1
Severity: important

Dear Maintainer,

This bug - https://github.com/curl/curl/issues/6825 - is possibly the
underlying cause of #831756 and #987187. Given the importance of
the git workflow in particular, I'd like to request that you consider
packaging 7.76.1 (which fixes this issue) for buster-bpo.

The stable version does not seem to suffer from this problem.

Thanks,

Colm

-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (900, 'stable-updates'), (900, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-0.bpo.5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libcurl3-gnutls depends on:
ii  libbrotli11.0.7-2+deb10u1
ii  libc6 2.28-10
ii  libcom-err2   1.46.2-1~bpo10+2
ii  libgnutls30   3.6.7-4+deb10u6
ii  libgssapi-krb5-2  1.17-3+deb10u1
ii  libidn2-0 2.0.5-1+deb10u1
ii  libk5crypto3  1.17-3+deb10u1
ii  libkrb5-3 1.17-3+deb10u1
ii  libldap-2.4-2 2.4.57+dfsg-2~bpo10+1
ii  libnettle63.4.1-1
ii  libnghttp2-14 1.36.0-2+deb10u1
ii  libpsl5   0.20.2-2
ii  librtmp1  2.4+20151223.gitfa8646d.1-2
ii  libssh2-1 1.8.0-2.1
ii  zlib1g1:1.2.11.dfsg-1

Versions of packages libcurl3-gnutls recommends:
ii  ca-certificates  20200601~deb10u2

libcurl3-gnutls suggests no packages.

-- no debconf information

Bug#980171: marked as pending in obs-studio

2021-05-24 Thread Jonathan Rubenstein 

Bug #980171 in obs-studio reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/multimedia-team/obs-studio/-/commit/bc9e9f60da6c180164c699f0dc850e2af3232cfb


This bug really shouldn't make it into bullseye. Can't this fix get past 
the freeze?

Bug#989045: gnome-control-center: Region+Language panel segfault after trying to add new input source

2021-05-24 Thread Will Tuladhar-Douglas 

Package: gnome-control-center
Version: 1:3.38.4-1
Severity: normal



-- System Information
Debian Release: 11.0
Kernel Version: Linux taksaka 5.10.0-7-amd64 #1 SMP Debian 5.10.38-1
(2021-05-20) x86_64 GNU/Linux


Package info:
Package: gnome-control-center
Status: install ok installed
Priority: optional
Section: gnome
Installed-Size: 5734
Maintainer: Debian GNOME Maintainers

Architecture: amd64
Version: 1:3.38.4-1
Depends: libaccountsservice0 (>= 0.6.40), libatk1.0-0 (>= 1.12.4), libc6 (>=
2.29), libcairo2 (>= 1.14.0), libcheese-gtk25 (>= 3.18.0), libcheese8 (>=
3.28.0), libcolord-gtk1 (>= 0.1.24), libcolord2 (>= 1.4.3), libcups2 (>= 1.7.0),
libepoxy0 (>= 1.0), libfontconfig1 (>= 2.12.6), libgdk-pixbuf-2.0-0 (>= 2.25.2),
libglib2.0-0 (>= 2.63.1), libgnome-bluetooth13 (>= 3.18.2), libgnome-desktop-3-
19 (>= 3.32.2-2ubuntu2), libgoa-1.0-0b (>= 3.25.3), libgoa-backend-1.0-1 (>=
3.25.3), libgsound0 (>= 1.0.1), libgtk-3-0 (>= 3.22.20), libgtop-2.0-11 (>=
2.22.3), libgudev-1.0-0 (>= 232), libhandy-1-0 (>= 0.90), libibus-1.0-5 (>=
1.5.2), libkrb5-3 (>= 1.8+dfsg), libmalcontent-0-0 (>= 0.8.0), libmm-glib0 (>=
0.7.991), libnm0 (>= 1.23.90), libnma0 (>= 1.8.0), libpango-1.0-0 (>= 1.37.2),
libpangocairo-1.0-0 (>= 1.18.0), libpolkit-gobject-1-0 (>= 0.103), libpulse-
mainloop-glib0 (>= 13.0~), libpulse0 (>= 13.0~), libpwquality1 (>= 1.1.0),
libsecret-1-0 (>= 0.7), libsmbclient (>= 2:4.0.3+dfsg1), libsoup2.4-1 (>=
2.41.90), libudisks2-0 (>= 2.0.0), libupower-glib3 (>= 0.99.8), libwacom2 (>=
1.1), libwayland-server0 (>= 1.0.2), libx11-6, libxi6 (>= 2:1.2.99.4), libxml2
(>= 2.7.4), accountsservice, apg, colord (>= 0.1.30), desktop-base (>= 10.0.0),
desktop-file-utils, gnome-control-center-data (<< 1:3.39), gnome-control-center-
data (>= 1:3.38.4-1), gnome-desktop3-data, gnome-settings-daemon (>= 3.37),
gsettings-desktop-schemas (>= 3.37.1)
Recommends: cups-pk-helper, gnome-online-accounts (>= 3.25.3), gnome-user-docs,
gnome-user-share, gkbd-capplet, iso-codes, libcanberra-pulse, policykit-1, rygel
| rygel-tracker, system-config-printer-common (>= 1.4), malcontent-gui, network-
manager-gnome (>= 0.9.8), libnss-myhostname, cracklib-runtime, pulseaudio-
module-bluetooth, realmd
Suggests: gnome-software | gnome-packagekit, gstreamer1.0-pulseaudio,
libcanberra-gtk-module, libcanberra-gtk3-module, x11-xserver-utils

Bug summary:
Whenever gnome control panel is open to the Language and Region screen,
if one selects the "+" icon to add a new input source, there's a
segfault.

Running it inside GDB gives the following information:

Reading symbols from gnome-control-center...
(No debugging symbols found in gnome-control-center)
(gdb) run
Starting program: /usr/bin/gnome-control-center 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffea9ab700 (LWP 56969)]
[New Thread 0x7fffea1aa700 (LWP 56970)]
[New Thread 0x7fffe8890700 (LWP 56971)]
[New Thread 0x7fffe20f2700 (LWP 56972)]
[New Thread 0x7fffe18f1700 (LWP 56973)]
[Detaching after fork from child process 56975]
[Thread 0x7fffe18f1700 (LWP 56973) exited]
[Thread 0x7fffe20f2700 (LWP 56972) exited]

Thread 1 "gnome-control-c" received signal SIGSEGV, Segmentation fault.
__strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-
unaligned.S:31
31  ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S: No such file or
directory.

Bug#989044: rule change for 4 syslog rotations

2021-05-24 Thread Marc Haber 
Package: aide-common
Severity: normal

https://salsa.debian.org/debian/aide/-/merge_requests/2

Debian has switched to keeping only 4 rotations of syslog instead of 7.

Unfortunately this rule change won't make it to bullseye.

Greetings
Marc

Bug#988707: qthid-fcd-controller: triggers lintian autoreject tag 'bogus-mail-host'

2021-05-24 Thread Antoine Beaupré 
On 2021-05-18 15:45:52, Andreas Beckmann wrote:
> Source: qthid-fcd-controller
> Version: 4.1-5
> Severity: serious
>
> Hi,
>
> src:qthid-fcd-controller triggers the lintian autoreject tag 
> 'bogus-mail-host',
> i.e. if the package would be reuploaded today without changes, it would
> be automatically rejected by ftp-master.
>
> https://lintian.debian.org/tags/bogus-mail-host
>
> E Uploaders anar...@koumbit.og

Thanks for catching this. I haven't used that email address in a long
time now, and this should definitely be changed, probably to
anar...@debian.org.

That said, I'm not sure this package still belongs in Debian at
all... I barely remember uploading it, and I can't quite find the
upstream source anymore. The homepage does still exist, at least, but
points to a different upstream, with different version numbers... and
it's archived too...

Maybe we should just remove this one?

Considering that I'm just the uploader here (?), I'll let the maintainer
(in cc) decide.

a.

-- 
A man is none the less a slave because he is allowed to choose a new
master once in a term of years.
 - Lysander Spooner

Bug#989043: squid: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808

2021-05-24 Thread Salvatore Bonaccorso 
Source: squid
Version: 4.13-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for squid.

CVE-2021-31806[0], CVE-2021-31807[1], CVE-2021-31808[2], see the SuSE
bug as well at [3].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-31806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806
[1] https://security-tracker.debian.org/tracker/CVE-2021-31807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807
[2] https://security-tracker.debian.org/tracker/CVE-2021-31808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808
[3] https://bugzilla.suse.com/show_bug.cgi?id=1185916
[4] 
http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#989042: CVE-2021-3544 CVE-2021-3545 CVE-2021-3546

2021-05-24 Thread Moritz Muehlenhoff 
Package: qemu
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team 

Multiple low severity vhost-user-gpu, none merged yet:

CVE-2021-3544: multiple memory leaks
CVE-2021-3545: information disclosure due to uninitialized memory reads
CVE-2021-3546: out-of-bounds write in virgl_cmd_get_capset()

https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html

Cheers,
 Moritz

Bug#988729: [Pkg-rust-maintainers] Bug#988729: CVE-2021-21299

2021-05-24 Thread Moritz Mühlenhoff 
Am Wed, May 19, 2021 at 07:39:55PM +0200 schrieb Fabian Grünbichler:
> On May 18, 2021 8:42 pm, Moritz Muehlenhoff wrote:
> > Source: rust-hyper
> > Severity: grave
> > Tags: security
> > X-Debbugs-Cc: Debian Security Team 
> > 
> > CVE-2021-21299:
> > https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
> > https://rustsec.org/advisories/RUSTSEC-2021-0020.html
> 
> FWIW, (rust-hyper) doesn't have any rdeps in bullseye AFAICT[1], so it 
> could either be ignored there or removed from bullseye without 
> consequences.

No strong opinion, but if there are really no rdeps yet, it's probably better
to hint it out of testing.

Cheers,
Moritz

Bug#989038: kactivitymanagerd: KDE settings "activities:current" drives all activities to show the last "current activity" I setted

2021-05-24 Thread kmchen 
Package: kactivitymanagerd
Version: 5.20.5-1
Severity: important
X-Debbugs-Cc: t...@webologix.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Not shure but I think it happend with Bullseye version.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
I defined several activities. 
Defined differents links to each activity
The choice "Show files associated with the current activity" does not exist in 
Locations Desktop systemsettings
Instead, choosed "activities:current" as the "Custom location" for all 
activities. 

   * What was the outcome of this action?
All activities show the last "current activity" I setted (right clic on desktop 
> locations > custom locations > activities:current.
For instance if I define a "custom location" for activity x, all activities 
show activity x links on their desktop.
Now, if I define a "custom location" for activity y, all activities show 
activity y links on their desktop

   * What outcome did you expect instead?
Each activity should show its own links on desktop.
That works fine on Ubuntu 20.04

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-4-rt-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kactivitymanagerd depends on:
ii  kio5.78.0-4
ii  libc6  2.31-12
ii  libkf5configcore5  5.78.0-4
ii  libkf5coreaddons5  5.78.0-4
ii  libkf5crash5   5.78.0-3
ii  libkf5dbusaddons5  5.78.0-2
ii  libkf5globalaccel-bin  5.78.0-3
ii  libkf5globalaccel5 5.78.0-3
ii  libkf5i18n55.78.0-2
ii  libkf5kiocore5 5.78.0-4
ii  libkf5service-bin  5.78.0-2
ii  libkf5service5 5.78.0-2
ii  libkf5windowsystem55.78.0-2
ii  libkf5xmlgui5  5.78.0-2
ii  libqt5core5a   5.15.2+dfsg-5
ii  libqt5dbus55.15.2+dfsg-5
ii  libqt5gui5 5.15.2+dfsg-5
ii  libqt5sql5 5.15.2+dfsg-5
ii  libqt5sql5-sqlite  5.15.2+dfsg-5
ii  libqt5widgets5 5.15.2+dfsg-5
ii  libqt5xml5 5.15.2+dfsg-5
ii  libstdc++6 10.2.1-6

kactivitymanagerd recommends no packages.

kactivitymanagerd suggests no packages.

-- no debconf information

Bug#989041: eterm: CVE-2021-33477

2021-05-24 Thread Salvatore Bonaccorso 
Source: eterm
Version: 0.9.6-6
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 0.9.6-5

Hi,

The following vulnerability was published for eterm.

Strictly speaking the severity to RC is overrated, but I think it is
sensible to make sure that the fix lands in bullseye. For buster the
issue is marked no-dsa and could be fixed via an upcoming point
release.

For reference see the rxvt-unicode fix (which disables the code).

CVE-2021-33477[0]:
| rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow
| (potentially remote) code execution because of improper handling of
| certain escape sequences (ESC G Q). A response is terminated by a
| newline.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-33477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33477

Regards,
Salvatore

Bug#988696: installation-reports: No network management in LXDE task

2021-05-24 Thread Andriy Grytsenko 
Thank you everyone for the analysis. Will check how to make it work
correctly, let fix it on the next upload.

Bug#989032: mirror listing update for debian.qontinuum.space

2021-05-24 Thread Qontinuum 
Okay, thank you.

I also added mips, mipsel, mips64el and s390x to the mirror (I don't know if 
you have seen it since I forgot to mention it in the comments section)

\ Original Message 
On May 24, 2021, 9:09 AM, Peter Palfrader < wea...@debian.org> wrote:
reassign 989032 [www.debian.org][]
retitle 989032 Monaco missing from countries list
tags 989032 = patch
thanks
Qontinuum schrieb am Monday, dem 24. May 2021:
> Submission-Type: update
> Site: debian.qontinuum.space
> Type: leaf
> Archive-architecture: amd64 arm64 armel armhf i386 mips mips64el mipsel 
> powerpc ppc64el s390x
> Archive-http: /debian/
> Archive-rsync: debian/
> Maintainer: Qontinuum 
> Country: MC Monaco
> Comment: I also mirror \`source'
> I have been added in the mirrors list but there is no country above my server.
All our mirrors carry sources, so that's not listed specifically.
The country missing is a bug in the website creation. I have prepared a
patch and I'm reassigning the bug.
cf. 
[https://salsa.debian.org/webmaster-team/webwml/-/merge\_requests/691][https_salsa.debian.org_webmaster-team_webwml_-_merge_requests_691]
Cheers,
\--
\| .''\`. \*\* Debian \*\*
Peter Palfrader \| : :' : The universal
https://www.palfrader.org/ \| \`. \`' Operating System
\| \`- https://[www.debian.org][]/


[www.debian.org]: http://www.debian.org
[https_salsa.debian.org_webmaster-team_webwml_-_merge_requests_691]: 
https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/691

publickey - EmailAddress(s=qontinuum.dev@protonmail.ch) - 0x7D4EBBCD.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Bug#988998: lava: diff for NMU version 2020.12-4.1

2021-05-24 Thread stefanor 
Hi Antonio (2021.05.24_11:58:22_+)
> The lava upstream tests caught a problem with this patch on buster,
> please cancel the delayed upload.

Cancelled. Great, I missed that. And your upstream PR :)

SR

-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Bug#989039: cdebootstrap: fails to bootstrap Devuan (bug in HTTP implementation)

2021-05-24 Thread Simon Richter 
Package: cdebootstrap
Version: 0.7.8+b1
Severity: normal

Hi,

I've tried to bootstrap a Devuan system, with

cdebootstrap \
--verbose \
--keyring /tmp/devuan-archive-keyring.gpg \
beowulf /target http://deb.devuan.org/merged

This successfully downloads one package, then fails to get the next.
Repeated invocations get one more package each.

This seems to be related to the redirect processing in the Devuan archive:
unchanged packages come from Debian. cdebootstrap follows the redirect, but
then requests the next file from the same host again, but uses the path
from the Packages file without any prefix.

E.g.

[Devuan server]
-> GET /merged/pool/DEBIAN/main/z/zlib/zlib1g_1.2.11.dfsg-1_amd64.deb
<- 302 Found

[Debian server]
-> GET /debian/pool/main/z/zlib/zlib1g_1.2.11.dfsg-1_amd64.deb
<- 200 Okay
-> GET /pool/DEBIAN/main/d/dpkg/dpkg_1.19.7_amd64.deb
<- 404 Not Found

   Simon

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-security'), (500, 
'testing-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages cdebootstrap depends on:
ii  debian-archive-keyring  2021.1.1
ii  gpgv2.2.27-1
ii  libbz2-1.0  1.0.8-4
ii  libc6   2.31-11
ii  libcurl3-gnutls 7.74.0-1.2
ii  libdebian-installer-extra4  0.121
ii  libdebian-installer40.121
ii  liblzma55.2.5-2
ii  zlib1g  1:1.2.11.dfsg-2

cdebootstrap recommends no packages.

Versions of packages cdebootstrap suggests:
pn  qemu-user-static  

-- no debconf information

Bug#988688: linux-source-5.10: Lenovo ThinkPad Yoga 260 fails to suspend and resume

2021-05-24 Thread Kenichiro MATOHARA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

sorry.
I made a mistake in the address, so I will resend it.

- 
> Could you please provide the kernel logs from when you tried to
> suspend your machine?

suspended it as follows and extracted it from log file.

> $ sudo mount -o remount,sync /
> $ sync
> $ logger SUSPEND; systemctl suspend

Attached as `yoga-260_suspend.log.xz`

- --
KenichiroMATOHARA
mailto:mato...@gmail.com
https://matoken.org/
.O.
..O
OOO

On 2021-05-18 at 14:45, mato...@gmail.com wrote:
> On Tue, May 18, 2021 at 07:04:37AM +0200, Salvatore Bonaccorso wrote:
> > Could you please provide the kernel logs from when you tried to
> > suspend your machine?
>
> suspended it as follows and extracted it from log file.
>
> > $ sudo mount -o remount,sync /
> > $ sync
> > $ logger SUSPEND; systemctl suspend
>
> Attached as `yoga-260_suspend.log`
-BEGIN PGP SIGNATURE-
Version: FlowCrypt Email Encryption 8.0.7
Comment: Seamlessly send and receive encrypted email

wsFzBAEBCgAGBQJgq6MTACEJEDtUyq7ZqVn0FiEEuLUgs5x+A1yxiwH/O1TK
rtmpWfSPOg//VFO92MQqN34Ev5N+gZeonUjP/fG/YCiB2Y8fWhOI3VyoGMq2
zdKDC8cl5o0+HfArWbCVI2tMyfw+imen/utmBBOxlGdKWsJDDKUyG63g4WHi
2HSUGG9qCrXMZhHxyiZ+nMYFrnktrGnaMuyDjtyHBIj1iaagq2hJtBs1Rvc2
c4ROy1rSXfx9t9mwix9jnLpEkZpA8TtxaxaelZqqOBFXAyWmdBe79uvLBino
NBtK8+89yyVXyARjRkx2sTwSKJhtSZg4nEX87RIzmRYmqiiP9wOMxU2reF2x
R+I6i/1Q4OWc0EE/u7vVC84xlxkexfOcGRNy7/vzQX3lPL+eOSwV7rwBIMte
8gxE8BpsC9j6PNARV4I+KjjHI47K2Ier34QSTkMnP9opcW+PZTobSCpp9BRH
dSCLtcSmmTtgsbSHw479GBFJ5K4VACADuGnNRsKPTzm5k7/lEtp5ebgBoPXt
LcqRaloR73OJYSreMN4a1BY8lt+RyTVb981EHW0S0yHscdnaay4YIclupMFc
eATPLry6+5oIv9l7ZeQVgItucL7sjbQOMX9fpu25/0+brVNC88QeYzqSkxU3
H0u3hjgWhpaKxB5/3DMScebAUeZpVth3LD661Ihm+qOa5TYzzTNelsq8laOz
+cz4OYhFYKwTY81qgY0GgskcVwg1xSSusA0=
=TFHm
-END PGP SIGNATURE-


yoga-260_suspend.log.xz
Description: application/xz


0x3B54CAAED9A959F4.asc
Description: application/pgp-keys

Bug#988574: linux-image-armmp-lpae: ethernet on orange pi plus does not work

2021-05-24 Thread Salvatore Bonaccorso 
Hi,

FTR, pending now in 
https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/fixes-for-5.13

Salvatore

Bug#988992: ds9 WCS

2021-05-24 Thread Ole Streicher 

Hi Peter, William,

thank you for the detailed report, and for the sample file in the Debian 
bug report. The effect also happens with the (debianized) version 8.3b1 
which is in Debian Experimental. I don't think this directly connected 
to WCS: The output we see here is


%1.8G

which looks much like outputting a format string instead itself instead 
of the formatted string (see attached image). When one changes the 
setting for "Precision --> Coordinates --> Linear" from 8 to 5, the 
output changes to "%1.5G", which shows that it is really the format 
string, built from the precision setting. However, I still was unable to 
find the place in the code where the format is used to print the output.


William, can I ask you to point me to that location in the source? I 
promise that I will do the rest of debugging myself :-)


Best

Ole


On 23.05.21 18:45, Peter Teuben wrote:

Hi Bill

thanks for some useful info on what goes on behind the scenes in ds9

     I now use 8.3b1 actually, and as long as I have your binaries it 
never bit me.  It was when I was using a virgin laptop with just 
ubuntu/debian packages. And  I could not easily upgrade my ubuntu to use 
8.2 or 8.3, i have to do some fiddling with some apt setting, and given 
that my laptop was effectively bricked after yesterdays disaster, I'm in 
no mood to experiment on other machines.


But Ole has the file and debian debug report, and he could see if 8.3b 
is also effected by this, i.e. if it's a WCS issue.  Or maybe I need to 
learn to write a better WCS :-(


peter

PS:   my laptop bricking could also be a hardware error, I'm not blaming 
the firmware update and/or the debian bug reporter that seems to have 
de-installed some dell specific things. It's an SSD, but the health 
reporter only claimed 3% of the spares were taken.


On 5/23/21 12:10 PM, William Joye wrote:

All

The current official release is v8.2. It is based on Tcl/Tk 8.6.10. 
I’ve also released v8.3b1, which is based on Tcl/Tk 8.6.11.


I can’t really say why the change in WCS behavior, other than we are 
talking about binaries over 2+ years old. The current version uses AST 
8.7.1 for all WCS support. I no longer try to ‘fix’ screwed up WCS 
definitions. You get what the FITS file creator defined, screwed up or 
not.


Also, lots of 2D data out there with 3D WCS defs, along with 3D data 
cubes with 2D WCS defs. DS9 will blindly display what AST calculates, 
as ‘David Berry’ knows best :-)


Also, DS9 needs OPENSSL 1.0.x, while the default for most ports now is 
1.1.x. I don’t know how Debian/Ubuntu is handling this. In my 
binaries, I compile 1.0.x and statically link.


Peter, you should upgrade to at least 8.2 or 8.3b1, as it has so many 
bug fixes and new features, including Dark Mode and Prism.


And Ole, thanks for maintaining the DS9 ports for Debian and Ubuntu.

Bill


On May 22, 2021, at 10:02 AM, Peter Teuben  wrote:

hi Bill

  i usually grab the ds9 binaries from your site (now via 
google), but ubuntu also offers a  package "saods9".  Sadly it has a 
different approach, which is killing some of my WCS application. 
Maybe Ole knows the provenance of this.


It runs /usr/share/saods9/library/ds9.tcl directly via wish. Yours is 
a true executable, at least as far as I can see.


For most RA-DEC-FREQ stuff I use, this is not an issue, but for some 
more non-standard slicing of cubes I wind up making my own CTYPE's:



CTYPE1  = 'RADIUS  ' /
CTYPE2  = 'VELO-LSR'
CTYPE3  = 'Z   '   /


and this works fine on yours , I can read off the WCS values. but for 
the ds9 from ubuntu/debian (still at v8.1) I get to see the value


%1.8G

in the top left panel where the WCS is "named".


And one more item about WCS I wondered about.

Incidentally, the labeling of the axis, where I see "FK5" for our 
cubes, I get to see "RADIUS-Z-SPEC..."  the last word is cut off 
because there is not enough space. But it's SPECTRUM. And I wondered 
why Z was mentioned before SPECTRUM.


If I make the cube a 2D image, so take the "Z" axis away, the label 
reads "RADIUS-SPECTRUM"


But if I change VELO-LSR to PHI, it correctly reads R-PHI in my 
case.  So i guess VELO-LSR is the SPECTRUM axis, but then why was Z 
listed before SPECTRUM earlier when I had a 3D cube with the Z axis 
only 1 in length


best,


- peter

Bug#988789: diffoscope: .so files are compared using a binary diff in Android APKs

2021-05-24 Thread Chris Lamb 
Chris Lamb wrote:

> > APKs (Android app files) often contain Linux ELF shared library files, e.g.
> > lib/arm64-v8a/libtor.so.  These are only compared using a binary diff, but 
> > they
> > should use the shared library comparison.  The output looks like:
>
> It would be great to fix this for you. Could you provide some example
> APK files so I can reproducible what you are currently seeing but also
> confirm that any changes actually solve your problem?

Just wondering if you got this mail? If it helps, I've filed this on
Salsa as well [0] so all our issues are in one place -- it might be
more straightforward to attach files there instead of via email, but
I'm happy to add them there myself.


Best wishes,

--
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#988998: lava: diff for NMU version 2020.12-4.1

2021-05-24 Thread Antonio Terceiro 
Hi,

On Sun, May 23, 2021 at 11:53:56AM -0400, Stefano Rivera wrote:
> Control: tags 988998 + pending
> 
> Dear maintainer,
> 
> I've prepared an NMU for lava (versioned as 2020.12-4.1) and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.

Thanks for looking into this.

The lava upstream tests caught a problem with this patch on buster,
please cancel the delayed upload.

I will handle it myself after I adapt the patch to also work on buster,
as this will make my life easier later when rebasing the patches for a
new upstream version.


signature.asc
Description: PGP signature

Bug#987377: rescue-mode: when in graphical mode, locks up one prompt before the shell

2021-05-24 Thread Étienne Mollier 
Hi Cyril,

Cyril Brulebois, on 2021-05-24:
> Étienne Mollier  (2021-04-28):
> >   Device   en_US  fr_FR
> >   /dev/sdb1ok ok
> >   /dev/nvme0n1p1   ok ok
> >   /dev/md/0ok ok
> >   /dev/debian-vg/root  ok ok
[...]
> I'm not sure whether you followed the recent developments on the
> cdebconf and gtk+2.0 side, but we're slowly reaching a point where stuff
> should just work again.

I admit having checkout out from time to time some of the other
open bugs blocking the release of d-i for bullseye, although I
haven't been following accurately wether the appropriate fix
landed in daily builds yet, so thanks for your ping in that
matter.

> If you try daily builds (built against unstable), the problem should not
> appear. Depending on which build you grab, it might still be affected by
> #988951 (another cdebconf upload happened a few minutes, to avoid that
> issue entirely).
> 
> Feel free to confirm! :)

Using the daily build 202105024-1, I confirm the above tests I
redid worked fine.  I tested on virtual machine, and double
checked SCSI and LVM devices test cases on the W500.  All good!

Thank you all for your tenure work on this tangled issue!

Have a nice day,  :)
-- 
Étienne Mollier 
Fingerprint:  8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
Sent from /dev/tty1, please excuse my verbosity.


signature.asc
Description: PGP signature

Bug#988789: diffoscope: .so files are compared using a binary diff in Android APKs

2021-05-24 Thread Chris Lamb 
forwarded 988789 
https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/259
thanks

I've forwarded this upstream here:

  https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/259


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#989032: mirror listing update for debian.qontinuum.space

2021-05-24 Thread Peter Palfrader 
Qontinuum schrieb am Monday, dem 24. May 2021:

> I also added mips, mipsel, mips64el and s390x to the mirror (I don't know if 
> you have seen it since I forgot to mention it in the comments section)

I hadn't, thanks for the reminder.

Cheers,
-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#987686: webkit2gtk breaks balsa autopkgtest: xwd: error: No window with name Balsa exists!

2021-05-24 Thread Alberto Garcia 
Control: tags -1 patch

On Fri, May 21, 2021 at 09:52:53PM +0200, Paul Gevers wrote:
> Oh, with the current downgraded dependency the issue is gone.

You can also fix it with the attached patch, it's probably the easiest
solution.

Berto
diff --git a/debian/tests/screenshot b/debian/tests/screenshot
index f0fe88f..e21d2fb 100755
--- a/debian/tests/screenshot
+++ b/debian/tests/screenshot
@@ -6,7 +6,7 @@ balsa_setup
 
 printf 'working directory: %s\n' "$workdir"
 
-xvfb-run bash -c 'NO_AT_BRIDGE=1 balsa --check-mail & sleep 2 ; xwd -name Balsa | gm convert - $workdir/current.png; killall balsa; wait %1; true'
+xvfb-run bash -c 'DBUS_SESSION_BUS_ADDRESS="" NO_AT_BRIDGE=1 balsa --check-mail & sleep 2 ; xwd -name Balsa | gm convert - $workdir/current.png; killall balsa; wait %1; true'
 
 gm compare -metric mse "$workdir/current.png" debian/tests/orig-screenshot.png

Bug#941814: libpopt: leaks memory for leftover arguments

2021-05-24 Thread Milan Broz 
Hello,

what's the status of the fix/patch in this bug?

We see many leaks for cryptsetup in valgrind tests if running under Debian
(while other distros apparently do not have this problem) and it seems
all reported problems are with poptGetNextOpt ...

Thanks,
Milan

Bug#950488: buster-pu: package kronosnet/1.8-2

2021-05-24 Thread Michal Arbet 
Dear Release team, Adam,

I also came across bugs that are in the buster version, and the last answer
from the release team is from April 26 2020.

Can you please comment ?
Can it be uploaded to buster-updates ?

It would be nice to close this bug with a decision to let Debian users know
about it.

Thank you

Sincerely,
Michal Arbet (kevko)

Bug#987766: unblock: open-iscsi/2.1.3-2

2021-05-24 Thread Cyril Brulebois 
Hi,

Ritesh Raj Sarraf  (2021-05-24):
> Dear Release Team and Paul,
> 
> I am hopeful that this recent upload of open-iscsi at version 2.1.3-5
> is proper. I request an unblock of this version so that the d-i issue
> is fixed.
> 
> The patch was prepared in close co-ordination with Cyril from d-i team.
> 
> The current migration status on the tracker page looks okay to me.
> The debdiff in between the versions from Testing and Unstable are
> attached with this email
> 
> Thanks,
> Ritesh
> 
> On Fri, 2021-05-14 at 21:56 +0200, Paul Gevers wrote:
> > Hi Ritesh,
> > 
> > On 12-05-2021 18:27, Ritesh Raj Sarraf wrote:
> > > The package has been uploaded to Unstable. It has built proper on
> > > all
> > > supported architectures. You may want to consider unblocking this
> > > build
> > > revision.
> > 
> > The armhf udeb package has an unmet dependency.
> > 
> > Paul

I'm obviously biased here, but I think the proposed package should be
better than what we have in bullseye. I don't have any open-iscsi setup
to perform run-time tests though.



Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#987766: unblock: open-iscsi/2.1.3-2

2021-05-24 Thread Ritesh Raj Sarraf 
Control: retitle -1 unblock: open-iscsi/2.1.3-5


Dear Release Team and Paul,

I am hopeful that this recent upload of open-iscsi at version 2.1.3-5
is proper. I request an unblock of this version so that the d-i issue
is fixed.

The patch was prepared in close co-ordination with Cyril from d-i team.

The current migration status on the tracker page looks okay to me.
The debdiff in between the versions from Testing and Unstable are
attached with this email

Thanks,
Ritesh

On Fri, 2021-05-14 at 21:56 +0200, Paul Gevers wrote:
> Hi Ritesh,
> 
> On 12-05-2021 18:27, Ritesh Raj Sarraf wrote:
> > The package has been uploaded to Unstable. It has built proper on
> > all
> > supported architectures. You may want to consider unblocking this
> > build
> > revision.
> 
> The armhf udeb package has an unmet dependency.
> 
> Paul
> 

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System
diff -Nru open-iscsi-2.1.3/debian/changelog open-iscsi-2.1.3/debian/changelog
--- open-iscsi-2.1.3/debian/changelog	2021-02-08 00:53:13.0 +0530
+++ open-iscsi-2.1.3/debian/changelog	2021-05-20 19:52:30.0 +0530
@@ -1,3 +1,26 @@
+open-iscsi (2.1.3-5) unstable; urgency=medium
+
+  [ Cyril Brulebois ]
+  * [3b8b2d8] Revert "Set architecture for build to linux-any"
+  * [1297e50] Adjust dh_auto_install and dh_makeshlibs overrides for the conditional udeb.
+
+ -- Ritesh Raj Sarraf   Thu, 20 May 2021 19:52:30 +0530
+
+open-iscsi (2.1.3-4) unstable; urgency=medium
+
+  * [8142984] Set architecture for build to linux-any. This ensures that the
+library is built on the right set of architectures and dh_makeshlibs is
+invoked appropriately. (Closes: #987858)
+
+ -- Ritesh Raj Sarraf   Tue, 04 May 2021 21:45:56 +0530
+
+open-iscsi (2.1.3-3) unstable; urgency=medium
+
+  * [47645a5] Make open-iscsi-udeb compatible with d-i.
+Thanks to Cyril Brulebois (Closes: #987568)
+
+ -- Ritesh Raj Sarraf   Thu, 29 Apr 2021 13:43:35 +0530
+
 open-iscsi (2.1.3-2) unstable; urgency=medium
 
   * [c3b7109] Fix FTCBFS:
diff -Nru open-iscsi-2.1.3/debian/control open-iscsi-2.1.3/debian/control
--- open-iscsi-2.1.3/debian/control	2021-02-08 00:53:13.0 +0530
+++ open-iscsi-2.1.3/debian/control	2021-05-20 19:52:23.0 +0530
@@ -144,8 +144,6 @@
 Package-Type: udeb
 Depends: ${misc:Depends},
  ${shlibs:Depends},
- libopeniscsiusr,
- udev,
  scsi-modules
 Description: Configure iSCSI
  The Open-iSCSI project is a high-performance, transport independent,
diff -Nru open-iscsi-2.1.3/debian/rules open-iscsi-2.1.3/debian/rules
--- open-iscsi-2.1.3/debian/rules	2021-02-08 00:53:13.0 +0530
+++ open-iscsi-2.1.3/debian/rules	2021-05-20 19:52:23.0 +0530
@@ -9,6 +9,8 @@
 include /usr/share/dpkg/pkg-info.mk
 export KBUILD_BUILD_TIMESTAMP = @$(SOURCE_DATE_EPOCH)
 
+UDEB := $(filter open-iscsi-udeb,$(shell dh_listpackages))
+
 %:
 	dh $@
 
@@ -59,6 +61,7 @@
 	mkdir -p debian/iscsiuio/usr/share/initramfs-tools/hooks
 	cp -p debian/extra/iscsiuio.initramfs.hook debian/iscsiuio/usr/share/initramfs-tools/hooks/iscsiuio
 
+ifneq ($(UDEB),)
 	@# open-iscsi-udeb
 	dh_install -p open-iscsi-udeb usr/iscsid sbin/
 	dh_install -p open-iscsi-udeb usr/iscsistart sbin/
@@ -69,6 +72,10 @@
 	dh_install -p open-iscsi-udeb debian/open-iscsi-udeb.start sbin/iscsi-start
 	dh_install -p open-iscsi-udeb debian/open-iscsi-udeb.finish-install usr/lib/finish-install.d/10open-iscsi
 
+	# Ship shared libraries along with the executable in a single udeb
+	dh_install -p open-iscsi-udeb libopeniscsiusr/libopeniscsiusr*.so.* usr/lib/${DEB_HOST_MULTIARCH}
+endif
+
 override_dh_installinit:
 	dh_installinit -p open-iscsi --name=iscsid
 	dh_installinit -p open-iscsi
@@ -96,3 +103,10 @@
 
 override_dh_missing:
 	dh_missing --fail-missing
+
+override_dh_makeshlibs:
+ifneq ($(UDEB),)
+	dh_makeshlibs --add-udeb=open-iscsi-udeb
+else
+	dh_makeshlibs
+endif


signature.asc
Description: This is a digitally signed message part

Bug#989032: mirror listing update for debian.qontinuum.space

2021-05-24 Thread Qontinuum 
Package: mirrors
Severity: minor
User: mirr...@packages.debian.org
Usertags: mirror-list

Submission-Type: update
Site: debian.qontinuum.space
Type: leaf
Archive-architecture: amd64 arm64 armel armhf i386 mips mips64el mipsel powerpc 
ppc64el s390x
Archive-http: /debian/
Archive-rsync: debian/
Maintainer: Qontinuum 
Country: MC Monaco
Comment: I also mirror `source'
 I have been added in the mirrors list but there is no country above my server.
 




Trace Url: http://debian.qontinuum.space/debian/project/trace/
Trace Url: 
http://debian.qontinuum.space/debian/project/trace/ftp-master.debian.org
Trace Url: 
http://debian.qontinuum.space/debian/project/trace/debian.qontinuum.space

Bug#988214: fixed in rails 2:6.0.3.7+dfsg-1

2021-05-24 Thread Utkarsh Gupta 
Hi Paul,

On Wed, 19 May 2021 22:12:59 +0200 Paul Gevers  wrote:
> This new rails version renewed its versioned dependency on ruby-marcel.
> The new ruby-marcel version doesn't look like a targeted fix, so it
> doesn't fit the freeze policy. If I read the changelog correctly, this
> dependency is there to give rails a more relaxed license. I think such a
> change is not really needed at this stage of the freeze, does rails
> still work with the old version of ruby-marcel and can the version bump
> be reverted?

Apologies, I missed (naturally because it wasn't copied) the conversation
on this bug prior to opening an unblock request for both.

Whilst I agree that ruby-marcel isn't really a targeted fix, I believe the
bump was necessary to maintain sanity with future bug-fix releases of rails.
I've been trying to maintain rails from sid (back to jessie), ensuring that the
CVEs are at least timely fixed. During that course, I've hit a lot of bumps
because of the version gaps, et al, so in this release I wanted rails to be
at par with its supported bug-fix only release (that is, the 6.0.3.x branch).

6.0.3.6 brings in an unusual change by bumping ruby-marcel to 1.0.0. But
after a lot of testing, sanity checking, et al, I found that the changes in
marcel are a no-op, that is, it doesn't really affect how marcel was before
and it is now. Marcel wanted to drop mimemagic dependency and so they
introduced a Magic class (Marcel::Magic) for mime type detection.

I know that it doesn't go along with the freeze policy atm, but I also believe
that it's not really something that'd actually cause problems. IIUC, the
bump doesn't really affect much but just does things differently internally.
So is this edge case worth giving an exception along those lines?

The bump shall yield nothing but (really) help in providing support to rails
for the next couple of years in/for bullseye (at least while it's
still supported).
Let me know what you think? Thanks!


- u

Bug#987641: Bug#988830: [pre-approval] unblock e2fsprogs [Was: Bug#987641: e2fsprogs: FTBFS on armel/armhf with a 64-bit kernel]

2021-05-24 Thread Cyril Brulebois 
Theodore Y. Ts'o  (2021-05-20):
> The real world corner cases are if you are using a 32-bit arm binary
> on a 64-bit binary, and if you are using a sparc64 system (not an
> officially supported Debian arch).  I'm not sure if misaligned pointer
> accesses are allowed in arm-32 kernel code, but it's definitely not
> supported on sparc64, so there is also a kernel-side patch which
> needed for those platforms that will be in 5.13 (landing upstream in
> 2-3 weeks).

Alignment on arm is “fun”. Again, not an expert, but the summary here
matches my vague recollection:
  https://wiki.debian.org/ArchitectureSpecificsMemo#Alignment
 

Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#905456: Please create new list debian-clojure

2021-05-24 Thread Utkarsh Gupta 
Hi Alex,

On Wed, 10 Mar 2021 14:23:10 -0800 Elana Hashman  wrote:
> On 2021-03-10 11:34, Alexander Wirt wrote:
> > [...]
> > Uh, oh. Yeah, please.
>
> There's been no objections since this email was last sent -- anyone on
> the list who does not want to be migrated over to the new list, speak
> now (privately emailing me) or forever hold your peace.

It's been a while since this^^, do you think we can proceed with the list
creation/migration? Or are there still any blockers?

Let me know if I can help. Thanks!

Bug#989037: unblock: rails/2:6.0.3.7+dfsg-1

2021-05-24 Thread Utkarsh Gupta 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-r...@lists.debian.org

Hello,

Rails was recently affected by 3 CVEs (CVE-2021-2290{2,4} and CVE-2021-22885).

I'm attaching a filtered diff for your review; the diff is really
small and minimal which should be clear by looking at it. The only
caveat is that it needs ruby-marcel, which has an unblock request
(#989036) opened a few minutes ago.

rails has been in unstable for around 9 days now[1]; I've done some
testing and it all works OK w/ Bullseye, so it should be good to go.
[1]: https://tracker.debian.org/pkg/rails

The command used to filter the debdiff is as follows:
filterdiff --exclude='*/Gemfile.lock' --exclude='*/CHANGELOG.md'
--exclude='*/gem_version.rb' --exclude='*/package.json'
--exclude='*/test/*' ../rails.debdiff

Let me know if you need any other information from my end. Thanks!

- u


rails_filtered.debdiff
Description: Binary data

Bug#988969: kdenlive crashes on start with "Cyclic dependency detected between" message

2021-05-24 Thread Dennis Filder 
Control: retitle -1 kdenlive: fails to start natively under Wayland with 
"QWaylandGLContext::makeCurrent: eglError: 3009, this: 0x555c4734dcc0"
Control: tag -1 upstream
Control: severity -1 wishlist
X-Debbugs-CC: mar...@kucharczyk.im

I'm lowering the severity since native Wayland support in kdenlive is
very far away[1], so you'll need to use it with XWayland, e.g. by
running:

QT_QPA_PLATFORM=xcb kdenlive

Reraise if the issue persists with XWayland.

--
1: https://kdenlive.org/en/2021/05/review-of-the-first-kdenlive-video-cafe/

Bug#989036: unblock: ruby-marcel/1.0.1+dfsg-2

2021-05-24 Thread Utkarsh Gupta 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-r...@lists.debian.org

Hello,

We had to bump ruby-marcel to a newer version because the mimemagic
dependency - which relies on GPL-licensed mime type data from
freedesktop.org’s shared-mime-info project - is removed. Marcel now
directly uses mime type data adapted from the Apache Tika project,
distributed under the Apache License. This is the only major change
here + some other bug fixes to get everything working.

ruby-marcel has been in unstable for around 9 days now[1]; I've done
some testing and it all works OK w/ Bullseye, so it should be good to
go.
[1]: https://tracker.debian.org/pkg/ruby-marcel

Since this is licensing + bug fix, I believe it'd be a good idea to
have this included in Bullseye; this is also needed for rails to be
unblocked (another separate request).

Attaching a filtered debdiff for your review. The command used to
filter the debdiff is as follows:
filterdiff --exclude='*/APACHE-LICENSE' --exclude='*/.*'
--exclude='*/data/*' --exclude='*/script/*' --exclude='*/test/*'
--exclude='*/Gemfile.lock' --exclude='*/README.md'
../ruby-marcel.debdiff

Let me know if you need any other information from my end. Thanks!


- u


ruby-marcel_filtered.debdiff
Description: Binary data

Bug#989035: nyx: leaks memory

2021-05-24 Thread Dennis Filder 
Package: nyx
Version: 2.1.0-2.1
Severity: normal

nyx leaks memory, 262144 (== 64*4096) bytes every 5 seconds in my case.
Under Buster it didn't.

Running

  strace -e trace=mmap -v -ttt -f -p $(pgrep nyx)

shows calls to

  99483: mmap(NULL, 262144, ...)

every 5 seconds.  Running

  dd if=/proc/$(pgrep nyx)/task/99483/mem bs=4096 count=64 
skip=$((0x7f37bfe8/4096))|xxd

tells me it's the information from the Connection window.  Running
(which needs 6cd89c4[1] applied first):

  nyx --debug /tmp/nyx.debug

reveals that nyx queries the circuit information ("GETINFO
circuit-status") into a variable LAST_RETRIEVED_CIRCUITS every 5
seconds in
/usr/lib/python3/dist-packages/nyx/panel/connection.py:_update

I suspect something prevents the allocated data from being GCed.

N.B.: I also tested with onioncircuits to see if the bug might be in
stem, but it showed no sign of leaking.

--
1: 
https://gitweb.torproject.org/nyx.git/commit/?id=6cd89c4e13239f170c07c559a2653b7e25e47744

Bug#890947: Tag #890947 as unreproducible

2021-05-24 Thread James Lu 
Control: tag 890947 + unreproducible

I forgot to follow up with this formally. I've tried changing settings
like font, background, etc. from l-g-g-s locally and never got any sort
of truncation issues.

I suspect that if this happens again, the app will log some errors,
maybe in ~/.xsession-errors or the terminal if you run l-g-g-s from one?

Best,
James

Bug#989034: wifi-qr: Pointless package description

2021-05-24 Thread Eduard Bloch 
Package: wifi-qr
Version: 0.2-1
Severity: normal

Dear Maintainer,

   * What led up to the situation?

I was looking for a tool which shares files from PC to Android phone,
maybe sending the link via QR.

   * What was the outcome of this action?

apt search has found your package. But reading the description adds more
questions that it answers. Let's see what it says:

>> Description: WiFi Share and Connect with QR

What does that mean? Share WHAT? Share the WiFi connection? Is this
about tethering or something similar? How shall the reader know?

>> Xiaomi Android phones has started using QR to use WiFi for sharing.

Nice bit of information but how does that help me to understand what
your package does?

>> The idea was to get started with Bash, from Android to PC or PC to

WHOSE idea, and what was the intention behind that idea??

>> Mobile, and use Interface for zenity

What is "the Interface"? Do you mean a "user interface using zenity
dialogs" or similar?

>> , QR for zbar and qrencode,

What does "QR for zbar" mean? Who is zbar and why do I need QR for him I
just want to share data? Ant what is "qrencode" about??

>>  and nmcli from Network-Manager for Network. For security,
>> you can use WPA, WPA2, WEP, Open and share with the Hidden Network.

I don't even know yet what this package is good for, and now you ask
user to think about security already??

>> QR code does not support LDAP Network and VPN.
>> Android can easily generate WiFi QR, but iOS isn't quite so sure.

Who is not sure? Android? Mr. Data? This package is no sure? What does
that mean? If certain versions support a feature subset, please describe
that version range or refer to helpful documentation, but not this
"thing XY is not sure".

   * What outcome did you expect instead?

Reading a useful description which describes the actual functionality of
the package.

Summary:
Please improve it and ask actual users to proofread it!

Best regards,
Eduard.

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=de_DE.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#983357: Netinst crashes xen domU when loading kernel

2021-05-24 Thread Michael Biebl 

Hi Phillip

Am 24.05.2021 um 06:19 schrieb Cyril Brulebois:

trigger to cold plug all devices.  Both scripts are set -e.  The Xen
Virtual Keyboard driver and at least one other driver have always failed
to trigger due to having absurdly long modalias, but the error used to
be ignored.  The kernel now returns the error to udevadm


So this is a change in behaviour in the kernel?
What happens if you boot the installed system? Does udevadm trigger fail 
there as well?


I feel a bit uneasy changing the udev start script this late in the 
release cycle (especially when it appears like covering up an issue 
someplace else).


I'll let Marco make the judgement on this though, as he has the most 
experience with those udev udeb start scripts as the original author.


Michael

Bug#989032: mirror listing update for debian.qontinuum.space

2021-05-24 Thread Peter Palfrader 
reassign 989032 www.debian.org
retitle 989032 Monaco missing from countries list
tags 989032 = patch
thanks

Qontinuum schrieb am Monday, dem 24. May 2021:

> Submission-Type: update
> Site: debian.qontinuum.space
> Type: leaf
> Archive-architecture: amd64 arm64 armel armhf i386 mips mips64el mipsel 
> powerpc ppc64el s390x
> Archive-http: /debian/
> Archive-rsync: debian/
> Maintainer: Qontinuum 
> Country: MC Monaco
> Comment: I also mirror `source'
>  I have been added in the mirrors list but there is no country above my 
> server.

All our mirrors carry sources, so that's not listed specifically.

The country missing is a bug in the website creation.  I have prepared a
patch and I'm reassigning the bug.

cf. https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/691

Cheers,
-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/

Bug#988724: firefox: Firefox 88 unusable on intel gpu

2021-05-24 Thread Kamil Jońca 



Mike Hommey  writes:
>
> Can you also provide about:support content for that working firefox 88?


Application Basics
--

Name: Firefox
Version: 88.0.1
Build ID: 20210504152106
Distribution ID:
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
OS: Linux 5.10.0-6-amd64 #1 SMP Debian 5.10.28-1 (2021-04-09)
Multiprocess Windows: 1/1
Fission Windows: 0/1 Disabled by default
Remote Processes: 10
Enterprise Policies: Inactive
Google Location Service Key: Found
Google Safebrowsing Key: Found
Mozilla Location Service Key: Found
Safe Mode: false

Crash Reports for the Last 3 Days
-

Firefox Features


Name: DoH Roll-Out
Version: 2.0.0
ID: doh-roll...@mozilla.org

Name: Firefox Screenshots
Version: 39.0.0
ID: screensh...@mozilla.org

Name: Form Autofill
Version: 1.0
ID: formautof...@mozilla.org

Name: Picture-In-Picture
Version: 1.0.0
ID: pictureinpict...@mozilla.org

Name: Web Compatibility Interventions
Version: 21.0.0
ID: webcom...@mozilla.org

Name: WebCompat Reporter
Version: 1.4.0
ID: webcompat-repor...@mozilla.org

Remote Features
---

bug-1680034-rollout-shirley-feature-roll-out-81-to-83-release-81-83: active
bug-1703186-rollout-http3-support-release-88-89: active

Remote Processes


Type: Web Content
Count: 8 / 8

Type: Privileged About
Count: 1

Type: Extension
Count: 1

Add-ons
---

Name: Amazon.com
Type: extension
Version: 1.3
Enabled: true
ID: amazondot...@search.mozilla.org

Name: Bing
Type: extension
Version: 1.3
Enabled: true
ID: b...@search.mozilla.org

Name: Cookie Quick Manager
Type: extension
Version: 0.5rc2
Enabled: true
ID: {60f82f00-9ad5-4de5-b31c-b16a47c51558}

Name: DuckDuckGo
Type: extension
Version: 1.1
Enabled: true
ID: d...@search.mozilla.org

Name: Firefox Multi-Account Containers
Type: extension
Version: 7.3.0
Enabled: true
ID: @testpilot-containers

Name: Google
Type: extension
Version: 1.1
Enabled: true
ID: goo...@search.mozilla.org

Name: KeePassXC-Browser
Type: extension
Version: 1.7.8.1
Enabled: true
ID: keepassxc-brow...@keepassxc.org

Name: NoScript
Type: extension
Version: 11.2.8
Enabled: true
ID: {73a6fe31-595d-460b-a920-fcc0f8843232}

Name: uBlock Origin
Type: extension
Version: 1.35.2
Enabled: true
ID: ublo...@raymondhill.net

Name: Wikipedia (en)
Type: extension
Version: 1.1
Enabled: true
ID: wikipe...@search.mozilla.org

Graphics


Features
Compositing: WebRender
Asynchronous Pan/Zoom: wheel input enabled; scrollbar drag enabled; keyboard 
enabled; autoscroll enabled; smooth pinch-zoom enabled
WebGL 1 Driver WSI Info: GLX 1.4 GLX_VENDOR(client): Mesa Project and SGI 
GLX_VENDOR(server): SGI Extensions: GLX_ARB_create_context 
GLX_ARB_create_context_no_error GLX_ARB_create_context_profile 
GLX_ARB_create_context_robustness GLX_ARB_fbconfig_float 
GLX_ARB_framebuffer_sRGB GLX_ARB_get_proc_address GLX_ARB_multisample 
GLX_EXT_buffer_age GLX_EXT_create_context_es2_profile 
GLX_EXT_create_context_es_profile GLX_EXT_fbconfig_packed_float 
GLX_EXT_framebuffer_sRGB GLX_EXT_import_context GLX_EXT_swap_control 
GLX_EXT_swap_control_tear GLX_EXT_texture_from_pixmap GLX_EXT_visual_info 
GLX_EXT_visual_rating GLX_INTEL_swap_event GLX_MESA_copy_sub_buffer 
GLX_MESA_query_renderer GLX_MESA_swap_control GLX_OML_swap_method 
GLX_OML_sync_control GLX_SGIS_multisample GLX_SGIX_fbconfig GLX_SGIX_pbuffer 
GLX_SGIX_visual_select_group GLX_SGI_make_current_read GLX_SGI_swap_control 
GLX_SGI_video_sync IsWebglOutOfProcessEnabled: 0
WebGL 1 Driver Renderer: Intel -- Mesa Intel(R) UHD Graphics 620 (WHL GT2)
WebGL 1 Driver Version: 4.6 (Compatibility Profile) Mesa 20.3.5
WebGL 1 Driver Extensions: GL_ARB_multisample GL_EXT_abgr GL_EXT_bgra 
GL_EXT_blend_color GL_EXT_blend_minmax GL_EXT_blend_subtract 
GL_EXT_copy_texture GL_EXT_subtexture GL_EXT_texture_object GL_EXT_vertex_array 
GL_EXT_compiled_vertex_array GL_EXT_texture GL_EXT_texture3D 
GL_IBM_rasterpos_clip GL_ARB_point_parameters GL_EXT_draw_range_elements 
GL_EXT_packed_pixels GL_EXT_point_parameters GL_EXT_rescale_normal 
GL_EXT_separate_specular_color GL_EXT_texture_edge_clamp 
GL_SGIS_generate_mipmap GL_SGIS_texture_border_clamp GL_SGIS_texture_edge_clamp 
GL_SGIS_texture_lod GL_ARB_framebuffer_sRGB GL_ARB_multitexture 
GL_EXT_framebuffer_sRGB GL_IBM_multimode_draw_arrays 
GL_IBM_texture_mirrored_repeat GL_3DFX_texture_compression_FXT1 
GL_ARB_texture_cube_map GL_ARB_texture_env_add GL_ARB_transpose_matrix 
GL_EXT_blend_func_separate GL_EXT_fog_coord GL_EXT_multi_draw_arrays 
GL_EXT_secondary_color GL_EXT_texture_env_add GL_EXT_texture_filter_anisotropic 
GL_EXT_texture_lod_bias GL_INGR_blend_func_separate GL_NV_blend_square 
GL_NV_light_max_exponent GL_NV_texgen_reflection GL_NV_texture_env_combine4 
GL_S3_s3tc GL_SUN_multi_draw_arrays GL_ARB_texture_border_clamp 
GL_ARB_texture_compression GL_EXT_framebuffer_object 
GL_EXT_texture_compression_s3tc GL_EXT_texture_env_combine 
GL_EXT_texture_env_dot3

Bug#987430: upgrade-reports: KDE Plasma without panels and without background after upgrade from Buster to Bullseye

2021-05-24 Thread Norbert Preining 
Hi Malvin,

> > I have now upgraded three different machines from (fully updated) Buster
> > to Bullseye, and all three times KDE Plasma was not usable afterwards.

Interesting.

Do you know which set of packages you had installed? Which meta-package?

> > The problem goes away after reinstalling everything that is installed
> > and has "plasma" in the name, but unfortunately I cannot say which of

This is even stranger. Did you see **new** packages being installed
during the apt install --reinstall session?

Ah and yes, you did reboot before logging into the updated system,
right? Or did you do the update from a running Plasma session?

Best

Norbert

--
PREINING Norbert  https://www.preining.info
Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13