Bug#998419: kodi: CVE-2021-42917

2021-11-03 Thread Salvatore Bonaccorso 
Hi Vasyl,

On Wed, Nov 03, 2021 at 10:05:01PM +, Vasyl Gello wrote:
> Control: fixed -1 2:19.3+dfsg1-1
> Control: found -1 2:19.1+dfsg2-2~bpo10+1-1
> 
> Hi Salvatore!
> 
> This bug was fixed in 19.3 upstream, and the sid/bookworm version is not 
> vulnerable.

Yes you are right, that was an error on my side, checking the source,
upstream commit and where the fix was included, thanks for correcting,
and apologies for the bad tracking at first. I double checked what
happened, and it was defintively that I got confused about the
inclusion from the upstream commit and not realizing it is in 19.3
already.

> I would like to upload 19.3 to stable-pu or stable-sec but the
> approval from SRM is pending for 19.2.
> 
> Is it possible to upload 2:19.3+dfsg1-1 to stable-sec as a whole package?
> Or I have to apply the patch for 2:19.1+dfsg2-2 and upload -3?

I'm not yet sure the issue would warrant a security update per se, but
the question can be answered for both DSA and update via a point
release: 2:19.3+dfsg1-1 could not enter directly bullseye. If you do a
rebase to the 19.3 upstream then this would be either a "rebuild"
approach 2:19.3+dfsg1-1~deb11u1 (if no other changes to packaging to
be done) or if you import 19.3 on top of the current bullseye
packaging because there were other changes not suitable in meanwhile,
then 2:19.3+dfsg1-0+deb11u1 to have it sorting before 2:19.3+dfsg1-1.

The general strategy is to cherry-pick commits, but as you know there
are some sources with exceptions to that rule for stable updates,
firefox, linux, mariadb, php, ffmpeg are such cases, and they have
some guarantee from CI and testsuies, promises about stabilities
(e.g. no new features, bugfix only branches, etc ...).

If you are discussing this already with SRM then this is indeed the
way to go to see if they agree on your proposal to follow the 19.x
series for kodi for bullseye.

Samewise for buster, by cherry-picking the fix, be it for an upcoming
point release or a DSA.

I cannot answer the question for stretch directly, but I see that LTS
will would like to issue a DLA for it.

Regards,
Salvatore

Bug#998431: patchage: Segmentation Fault

2021-11-03 Thread Alexandre Lymberopoulos 
Package: patchage
Version: 1.0.0~dfsg0-0.2
Severity: important

Hi,

I'm moving to pipewire and, in order to keep things clean, intend to
remove pulseaudio and jack (please tell me if I
shouldn't). Connections between inputs and outputs are managed with
qjackctl by now and I heard of patchage, but it segfaults everytime I
try to run it here. Below is the output on the terminal:

Loading UI file /usr/share/patchage/patchage.ui

(patchage:24834): Gdk-WARNING **: 00:52:39.493: gdk_window_set_icon_list: icons 
too large
No configuration file present
Segmentation fault

Installing ladish doen't help. If any extra information is needed
please let me know.

Best, Alexandre

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages patchage depends on:
ii  libasound21.2.5.1-1
ii  libatk1.0-0   2.36.0-2
ii  libatkmm-1.6-1v5  2.28.2-1
ii  libc6 2.32-4
ii  libcairo2 1.16.0-5
ii  libcairomm-1.0-1v51.12.2-4
ii  libfontconfig12.13.1-4.2
ii  libfreetype6  2.11.0+dfsg-1
ii  libganv-1-1v5 1.8.0-1
ii  libgcc-s1 [libgcc1]   11.2.0-10
ii  libgdk-pixbuf2.0-02.40.2-2
ii  libglib2.0-0  2.70.0-3
ii  libglibmm-2.4-1v5 2.66.2-1
ii  libgtk2.0-0   2.24.33-2
ii  libgtkmm-2.4-1v5  1:2.24.5-4+b1
ii  libjack-jackd2-0 [libjack-0.125]  1.9.19~dfsg-2
ii  libpango-1.0-01.48.10+ds1-1
ii  libpangocairo-1.0-0   1.48.10+ds1-1
ii  libpangoft2-1.0-0 1.48.10+ds1-1
ii  libpangomm-1.4-1v52.46.1-1
ii  libsigc++-2.0-0v5 2.10.4-2
ii  libstdc++611.2.0-10

Versions of packages patchage recommends:
ii  jackd  5+nmu1

Versions of packages patchage suggests:
pn  ladish  

-- no debconf information

Bug#992495: segfault in av1_cyclic_refresh_free()

2021-11-03 Thread Boyuan Yang 
Control: tags -1 +moreinfo +unreproducible

Hi,

I could not reproduce this issue on current Debian 11 Stable, Debian Testing
and Debian Unstable. Could you verify that this is still crashing on your
devices? If yes, please also consider providing the exact .jpg file that would
trigger the crashing.

Thanks,
Boyuan Yang

On Thu, 19 Aug 2021 13:04:23 +0200 Philipp Marek 
wrote:
> Package: libaom0
> Version: 1.0.0.errata1-3
> Severity: normal
> X-Debbugs-Cc: phil...@marek.priv.at
> 
> When using libaom0 (via ImageMagick's "convert" or gimp), it crashes 
> when writing a avif:
> 
> 
> $ gdb ... --args convert 20210812_215114.jpg 20210812_215114.avif
> 
> Thread 1 "convert" received signal SIGSEGV, Segmentation fault.
> 0x74451b64 in av1_cyclic_refresh_free (cr=0x0) at
./av1/encoder/aq_cyclicrefresh.c:83
> 83  ./av1/encoder/aq_cyclicrefresh.c: Datei oder Verzeichnis nicht
gefunden.
> #0  0x74451b64 in av1_cyclic_refresh_free (cr=0x0) at
./av1/encoder/aq_cyclicrefresh.c:83




signature.asc
Description: This is a digitally signed message part

Bug#998428: dbus-session-bus-common: Deprecated option in /usr/share/dbus-1/session.conf

2021-11-03 Thread Nelson A. de Oliveira 
Package: dbus-session-bus-common
Version: 1.13.18-2
Severity: normal

Hi!

While starting the D-Bus User Message Bus it's possible to see:

=
dbus-broker-launch[5405]: Policy to allow eavesdropping in 
/usr/share/dbus-1/session.conf +31: Eavesdropping is deprecated and ignored
dbus-broker-launch[5405]: Policy to allow eavesdropping in 
/usr/share/dbus-1/session.conf +33: Eavesdropping is deprecated and ignored
=

Probably it should be updated.

Thank you!

Best regards,
Nelson

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-- no debconf information

Bug#998429: at-spi2-core: Deprecated option in /usr/share/defaults/at-spi2/accessibility.conf

2021-11-03 Thread Nelson A. de Oliveira 
Package: at-spi2-core
Version: 2.42.0-2
Severity: normal

Hi!

While starting the Accessibility services bus it's possible to see:

=
at-spi-bus-launcher[5820]: Policy to allow eavesdropping in 
/usr/share/defaults/at-spi2/accessibility.conf +15: Eavesdropping is deprecated 
and ignored
at-spi-bus-launcher[5820]: Policy to allow eavesdropping in 
/usr/share/defaults/at-spi2/accessibility.conf +17: Eavesdropping is deprecated 
and ignored
=

Probably it should be updated.

Thank you!

Best regards,
Nelson


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages at-spi2-core depends on:
ii  libatspi2.0-0  2.42.0-2
ii  libc6  2.32-4
ii  libdbus-1-31.13.18-2
ii  libglib2.0-0   2.70.0-3
ii  libsystemd0249.5-2
ii  libx11-6   2:1.7.2-2+b1
ii  libxtst6   2:1.2.3-1

at-spi2-core recommends no packages.

at-spi2-core suggests no packages.

-- no debconf information

Bug#998427: iwd: Deprecated option in /usr/share/dbus-1/system.d/iwd-dbus.conf

2021-11-03 Thread Nelson A. de Oliveira 
Package: iwd
Version: 1.19-1
Severity: minor

Hi!

While booting the system it's possible to see this:

=
dbus-broker-launch[2169]: Deprecated policy context in 
/usr/share/dbus-1/system.d/iwd-dbus.conf +21. The 'at_console' context is 
deprecated and will be ignored in the future.
=

Probably this should be updated?

Thank you!

Best regards,
Nelson

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages iwd depends on:
ii  libc6 2.32-4
ii  libreadline8  8.1-2

Versions of packages iwd recommends:
ii  dbus [dbus-system-bus] 1.13.18-2
ii  dbus-broker [dbus-system-bus]  29-3
pn  wireless-regdb 

iwd suggests no packages.

-- no debconf information

Bug#997016: RFS: swtpm/0.7.0-rc2-1 [ITA] -- Libtpms-based TPM emulator

2021-11-03 Thread Seunghun Han 
Hi Bastian,

On Thu, Nov 4, 2021 at 6:43 AM Bastian Germann  wrote:
> Can you explain why it builds on amd64 when it is docker related?
I'm sorry that I didn't explain it in detail. The previous build error
occurred at GitLab runner, and I found it was a docker environment. To
have the identical environment, I pulled the docker image of GitLab
runner, built the package, and ran tests of it. Then some of the tests
failed, and I thought some test cases didn't work in a container
environment like docker. But, they work well in native, and I thought
it could be a trivial issue.

> The failing build is on i386 and also fails natively on my i386 machine.
> It looks a bit like Y2K38 triggering...
I'm sorry. I missed the point that i386 means 32bit system. I agree
with your opinion about Y2K and should find the reason and the
solution.

> I am also not sure if you are allowed to write in /tmp on package building. I 
> will check that.
Everyone has write access right to /tmp directory, so I guess the
package also has it.


Best regards,

Seunghun

Bug#998240: Bug#954916: another breakage due to LaTeX changes?

2021-11-03 Thread Norbert Preining 
Hi Joseph,

last year you helped fixing a strange lgrind.dtx file:

On Wed, 25 Mar 2020, Joseph Wright wrote:
> On 25/03/2020 11:03, Enrico Gregorio wrote:
> > > Where can we find lgrind.dtx?
> > http://mirrors.ctan.org/support/lgrind/lgrind.dtx

> The structure of the .dtx is ... unusual. It's got the \begin{document} in
> the 'input' stage and the \end{document} 'as normal'. The result is "%" ends
> up with the 'wrong' catcode, which is where the issue arises: what should be
> a comment in the .def is not any longer. It can be fixed by making the .dtx
> 'normal', i.e. moving the \begin{document} line, but I'm not sure if that is
> an acceptable fix.

You send a simple patch, and that worked all nicely till TeX Live 2021,
and now the same lgrind.dtx (patched version is attached) fails again.

The error message is comes from this part of the code:

% The meta-symbols and their meanings are:
% \begin{description}
% \item[\$] The end of a line
% \item[\^] The beginning of a line
% \item[$\backslash$d] A delimiter (space, tab, newline, start of line)
% \item[$\backslash$a] Matches any string of symbols (like `.*' in lex)
***

And the error is:
[8]
! Missing } inserted.

}
l.540 % \item[\^]
  The beginning of a line
? X


Any suggestion again? As said, it was working till Dezember 2020 ;-)

All the best

Norbert

--
PREINING Norbert  https://www.preining.info
Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
% \iffalse
%
% This is LGrind.DTX. This was written by:
%
% -  Van Jacobson, Lawrence Berkeley Laboratory (based on
%vgrind by Dave Presotto & William Joy of UC Berkeley),
%the original written for \TeX.
% -  Jerry Leichter of Yale University, modifications for \LaTeX.
% -  George V. Reilly of Brown University, renamed to lgrind
% -  Michael Piefel, Humboldt-University Berlin, for \LaTeXe
%and a thousand little changes
%
% \fi
% \iffalse
%% Based on Van Jacobson's ``tgrindmac'', a macro package for TeX.
%% Modified, 1987 by Jerry Leichter. Put '@' in all internal names.
%% Modified, 1991 by George Reilly. Changed name from tgrind to lgrind.
%% Modified, 1995 by Michael Piefel. Made it work with \LaTeXe.
%%  -1999Hundreds of bells and whistles. No changelog here.
%
%<*dtx>
\ProvidesFile{lgrind.dtx}
  [2002/01/28 v3.67 LGrind environment and supporting stuff]
%
%\NeedsTeXFormat{LaTeX2e}[1996/06/01]
%\ProvidesPackage{lgrind}
%  [2002/01/28 v3.67 LGrind environment and supporting stuff]
%<*driver>
\NeedsTeXFormat{LaTeX2e}[1996/06/01]
\documentclass{ltxdoc}
\CodelineIndex
\RecordChanges
\begin{document}
\DocInput{lgrind.dtx}
\end{document}
%
% \fi
%
% \newcommand{\LG}{\textsf{LGrind}}
% \newcommand{\NFSS}{\textsf{NFSS}}
% \frenchspacing
% 
% \GetFileInfo{lgrind.dtx}
% \title{The \LG{} package\thanks{This file
% has version number \fileversion, last
% revised \filedate.}}
% \author{Various Artists}
% \date{\filedate}
% \maketitle
% 
% \CheckSum{679}
% 
% \begin{abstract}
% The \LG{} package is a pretty printer for source
% code. It evolved from vgrind, supported \TeX{} (tgrind) and
% \LaTeX{} and now finally \LaTeXe, in particular \NFSS.
% \end{abstract}
% 
% \changes{v1.0}{1985/02/10}{Written}
% \changes{v2.0}{1991/09/06}{Upgrade to \LaTeX2.09}
% \changes{v3.0}{1995/09/24}{Upgrade to \LaTeXe}
% 
% \section{Introduction}
% \subsection{What is it?}
% The \LG{} package consists of three files:
% \begin{itemize}
% \item \texttt{lgrind} or \texttt{lgrind.exe} is the executable. It will
% convert an \LaTeX-File with embedded listings or a source code file
% into a lot of macro-calls.
% \item \texttt{lgrind.sty} provides the environments and macros to make
% the produced mess readable.
% \item \texttt{lgrindef} contains the information
% needed to tell keywords from comments, comments from strings \dots
% \end{itemize}
% 
% \subsection{Who is to blame?}
% \LG{} is not the work of a single one. The program is based on
% \textsf{vgrind} by Dave Presotto \& William Joy of UC Berkeley.
% 
% Van Jacobson wrote \textsf{tgrind} for \TeX. Jerry Leichter
% of Yale University modified it for \LaTeX. George V. Reilly of 
% Brown University changed the name to lgrind and added the
% program-text-within-comments and @-within-\LaTeX{} features,
% and finally
% Michael Piefel of the Humboldt-University Berlin converted it to
% work under \LaTeXe, i.\,e. with \NFSS, and improved the documentation.
%
% However, there have been many contributors who supported the development; in
% particular the range of supported languages is mainly due to them.
% Unfortunately I do not know all of them, but my thanks go to everybody.
% A special Thank You to
% Torsten Sch\"utze for his OS/2 support and many and various hints.
% 
% \section{\LG{} -- grind nice program listings}
% 
% \begin{tabbing}
% \texttt{lgrind} \= \texttt{[-s] [-e]

Bug#998220: pipewire: libspa-0.2-bluetooth not installed

2021-11-03 Thread Ralf Jung 

This however did not solve my problem, I will file another bug report for the
remaining part


I am also still struggling with getting BT working again; do you have a link to 
the other bug report?


Addendum: the missing bit in my case (besides installing libspa-0.2-bluetooth 
package and removing pulseaudio-module-bluetooth) was that I had to re-pair the 
device. Now it seems things are working again as before.


Kind regards,
Ralf

Bug#998220: pipewire: libspa-0.2-bluetooth not installed

2021-11-03 Thread Ralf Jung 



Hi all,


The first problem was that the headset disconnected immediately after
connecting. There was an associated error in journalctl :

src/service.c:btd_service_connect() a2dp-sink profile connect failed for  Protocol not available

Some search engine pointed to me that this may be associated with missing
libspa-0.2-bluetooth, so I installed it and this first error disappeared. So a
first suggestion would be to make sure that libspa-0.2-bluetooth is added as a
dependency to some of the pipewire set.


I am having the same problem. According to 
https://wiki.debian.org/BluetoothUser/a2dp, one also has to uninstall 
pulseaudio-module-bluetooth.


This is one of the rare cases where upgrading Debian just silently broke the 
system -- all bluetooth audio functionality just stopped working without 
warning. I hope something can be done to avoid this.


Amusingly, the description of the libspa package says " It is considered to be 
experimental, and is disabled by default (even if installed) to avoid conflicts 
with equivalent functionality in PulseAudio. " -- however, since upgrades now 
seem to automatically switch people over from PA to pipewire, does this still 
make sense? So far certainly one cannot speak of "equivalent functionality", 
since the bluetooth support in PA actually worked out of the box without any 
fiddling...



This however did not solve my problem, I will file another bug report for the
remaining part


I am also still struggling with getting BT working again; do you have a link to 
the other bug report?


Kind regards,
Ralf

Bug#994617: h5py: please be more forgiving about mismatching HDF5 versions

2021-11-03 Thread Drew Parsons 
Source: h5py
Followup-For: Bug #994617

Hi Mattia, historically hdf5 has not been entirely ABI-stable, see 
https://forum.hdfgroup.org/t/c-c-abi-stability-and-binary-compatibility-between-patch-versions/5312
https://forum.hdfgroup.org/t/another-abi-breakage/5503

The test was added in https://github.com/h5py/h5py/pull/867
Not entirely clear what the context of the test is (the upstream
issues references in the PR seem to discuss being unable to read the
libhdf5 version on Windows).

But the h5py test was added in 2017, while HDF5 was still discussion
ABI [in]stability in 2019. But 1.10.2 and 1.10.3 were released in
2018, after which HDF5 seems to be identifying ABI correctly.

They include binary compatibility reports in their Release Notes
e.g.
https://portal.hdfgroup.org/display/support/HDF5%201.10.8#compatibility1108

https://portal.hdfgroup.org/display/support/HDF5%201.10.3#compatibility
identifies an incompatibility between 1.10.2 and 1.10.3
HDF5 1.10.3 introduced ABI 103

But their binary incompatibilities seem to be correctly reflected in
ABI sonames.  The discussion in 2019 addressed 1.10.1 and 1.10.2. They
considered 1.10.2 the proper stable release (in 2018), and updated the ABI for
1.10.3 as needed (also in 2018).

python3-h5py-serial and python3-h5py-mpi declare their dependency on
the appropriate ABI-versioned libhdf5 so you're right, that should
capture compatibility satisfactorily.


So should be safe to relax the runtime version test.
I'll keep the spirit of it by reducing it to a minor version
comparison.

Drew

Bug#998426: man reports a "malformed .lf request"

2021-11-03 Thread Bjarni Ingi Gislason 
Package: man-db
Version: 2.9.4-2
Severity: normal

Dear Maintainer,

   * What led up to the situation?

man -l groff/contrib/gpinyin/gpinyin.1.man (or groff/build/contrib/...)

   * What was the outcome of this action?

/usr/bin/man: -:250: warning: malformed .lf request, ignoring

   * What outcome did you expect instead?

No warning 

###

  The line is:

.lf (\n[gpinyin*.c] + 25) \" XXX part 2: Restore input line counter.

  This is a valid line for troff.


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.9-2 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages man-db depends on:
ii  bsdextrautils  2.37.2-4
ii  bsdmainutils   12.1.7+nmu3
ii  debconf [debconf-2.0]  1.5.79
ii  dpkg   1.20.9
ii  groff-base 1.22.4-7
ii  libc6  2.32-4
ii  libgdbm6   1.22-1
ii  libpipeline1   1.5.3-1
ii  libseccomp22.5.2-2
ii  zlib1g 1:1.2.11.dfsg-2

man-db recommends no packages.

Versions of packages man-db suggests:
pn  apparmor   
ii  elinks [www-browser]   0.13.2-1+b2
ii  firefox-esr [www-browser]  78.14.0esr-1+b1
ii  groff  1.22.4-7
ii  less   551-2
ii  lynx [www-browser] 2.9.0dev.10-1
ii  w3m [www-browser]  0.5.3+git20210102-6

-- Configuration Files:
/etc/manpath.config changed [not included]

-- debconf information excluded

-- 
Bjarni I. Gislason

Bug#998425: firefox: window placement lost in the upgrade to 94.0-1

2021-11-03 Thread Vincent Lefevre 
Package: firefox
Version: 94.0-1
Severity: normal

The placement of all my Firefox windows has been lost in the upgrade
from 93.0-1+b1 to 94.0-1.

-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firefox depends on:
ii  debianutils  5.5-1
ii  fontconfig   2.13.1-4.2
ii  libatk1.0-0  2.36.0-2
ii  libc62.32-4
ii  libcairo-gobject21.16.0-5
ii  libcairo21.16.0-5
ii  libdbus-1-3  1.12.20-3
ii  libdbus-glib-1-2 0.112-2
ii  libevent-2.1-7   2.1.12-stable-1
ii  libffi8  3.4.2-3
ii  libfontconfig1   2.13.1-4.2
ii  libfreetype6 2.11.0+dfsg-1
ii  libgcc-s111.2.0-10
ii  libgdk-pixbuf-2.0-0  2.42.6+dfsg-2
ii  libglib2.0-0 2.70.0-3
ii  libgtk-3-0   3.24.30-3
ii  libnspr4 2:4.32-1
ii  libnss3  2:3.72-1
ii  libpango-1.0-0   1.48.10+ds1-1
ii  libstdc++6   11.2.0-10
ii  libvpx7  1.11.0-2
ii  libx11-6 2:1.7.2-2+b1
ii  libx11-xcb1  2:1.7.2-2+b1
ii  libxcb-shm0  1.14-3
ii  libxcb1  1.14-3
ii  libxcomposite1   1:0.4.5-1
ii  libxdamage1  1:1.1.5-2
ii  libxext6 2:1.3.4-1
ii  libxfixes3   1:5.0.3-2
ii  libxrandr2   2:1.5.2-1
ii  procps   2:3.3.17-5
ii  zlib1g   1:1.2.11.dfsg-2

Versions of packages firefox recommends:
ii  libavcodec57  7:3.4.3-1
ii  libavcodec58  7:4.4.1-1+b1

Versions of packages firefox suggests:
ii  fonts-lmodern  2.004.5-6.1
ii  fonts-stix [otf-stix]  1.1.1-4.1
ii  libcanberra0   0.30-8
ii  libgssapi-krb5-2   1.18.3-7
ii  pulseaudio 15.0+dfsg1-2

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#998423: samba: Shares with variable substitutions cause core dump upon connection from macOS Big Sur or newer

2021-11-03 Thread Andrew Bartlett 
It is important to note that in this case the fix has been applied and
backported, so a backport to the debian package would be appropriate
(eg upstream-first has been followed).

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett (he/him)   https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

Bug#998415: With a recent upload of rust-serde the autopkgtest of rust-debcargo,fails in testing when that autopkgtest is run with the binary packages,of rust-serde from unstable. It passes when run w

2021-11-03 Thread Peter Green 

Reassign 998415 rust-cargo
Close 998415 0.57.0-1
Thanks

I believe this issue is actually in the rust-cargo package*. Googling the line 
of code wit the
error lead me to https://github.com/rust-lang/cargo/issues/9124 which had a 
link to a commit
fixing the issue at 
https://github.com/rust-lang/cargo/commit/f097d02ea62111493b9f06d096a94dfddd020415

(rust-cargo, at least as-of the version in testing does not have a functioning 
autopkgtest,
so the issue does not show up there).

Ximin is working on updating rust-cargo/debcargo in unstable, but the work is 
currently
stalled on waiting for packages to pass NEW. github tells me that fix is 
included in the
version of rust-cargo currently waiting for it's build-dependencies to become 
satisfiable
in unstable.

I can prepare a TPU upload if you would like. Or we can just wait it out and 
see what
happens after the Packages pass new and Debcargo is updated.

* Not to be confused with the "cargo" package.

Bug#998424: cdebconf-text-udeb: Making steps interruptible

2021-11-03 Thread Samuel Thibault 
Package: cdebconf
Version: 0.192
Severity: normal
Tags: d-i a11y

-- Forwarded message --
Date: Tue, 2 Nov 2021 18:51:47
From: Linux for blind general discussion 
To: blinux-l...@redhat.com
Subject: Skipping disk erase on Debian text-based installation

Hi all,


I wonder if we can avoid disk erase process during debian text-based
installation?

This process can take hours and it can be skipped on GUI based installation.
Unfortunately it is not accessible :)

- End forwarded message -

Put another way, the text frontend does not seem to be providing a way
to interrupt steps (control-c doesn't work), we would need it at the
very least to be able to interrupt the crypt step.

Samuel

Bug#998412: battery-stats: does not find my power supply

2021-11-03 Thread Nicolas Schodet 
* Petter Reinholdtsen  [2021-11-03 23:10]:
> [Nicolas Schodet]
> > My system power supply is named AC0, but battery-stats-collector only
> > looks at AC, ACAD or ADP1.
> >
> > An easy fix would be to add AC0 to the list.
> Perhaps you can provide a patch?

Here it is.

It replace the add-xps13-adapter-support patch on salsa.

Also I noticed that there was an NMU, but the NMU is not on salsa and
the history diverged.

> What is the content of your /sys/class/power_supply/AC0/online?

Right now, it’s 0, power supply is not connected.

Nicolas.
From: Nicolas Schodet 
Date: Thu, 4 Nov 2021 00:16:06 +0100
Subject: Add support for more power supplies

Depending on the computer, a different power_supply name can be used.
Add support for more power supplies and use a loop to factorize code.
---
 src/battery-stats-collector | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/battery-stats-collector b/src/battery-stats-collector
index 8e3cff7..c5d054a 100755
--- a/src/battery-stats-collector
+++ b/src/battery-stats-collector
@@ -22,13 +22,14 @@ get_logline() {
 secstamp=$(date +%s)
 stamp=$(date +"%Y/%m/%d %H:%M:%S")
 
-if [ -f /sys/class/power_supply/AC/online ]; then
-aconline=$(cat /sys/class/power_supply/AC/online)
-elif [ -f /sys/class/power_supply/ACAD/online ]; then
-aconline=$(cat /sys/class/power_supply/ACAD/online)
-elif [ -f /sys/class/power_supply/ADP1/online ]; then
-aconline=$(cat /sys/class/power_supply/ADP1/online)
-else
+aconline=notfound
+for ac in AC AC0 ACAD ADP0 ADP1; do
+if [ -f /sys/class/power_supply/$ac/online ]; then
+aconline=$(cat /sys/class/power_supply/$ac/online)
+break
+fi
+done
+if [ notfound = "$aconline" ]; then
 echo "No power supply found"
 fi

Bug#998109: python3-numpy: numpy.typing is missing

2021-11-03 Thread Drew Parsons 

On 2021-11-02 17:40, Sandro Tosi wrote:


sorry but that's not how RC severity works, that's for policy
violations, which in this case there are none.

I understand you may want to see this fixed sooner rather than later,
so maybe you can submit an MR against the numpy salsa repo to fix
this? i'll then review, merge and upload as needed.



It's a trivial patch, isn't it?
Just add
  usr/lib/python3*/*-packages/numpy/typing/
to debian/python3-numpy.install.

No need for an MR, I can patch it directly if needed.

The bigger question here is why are the subdirs listed separately?
Is it in order to handle the dbg libraries (python3-numpy-dbg.install) ?
Since python3-dbg is now deprecated (Bug#994316), do we want to simplify 
the package by replacing all the subdirs in python3-numpy.install with 
just

  usr/lib/python3*/*-packages/numpy/

That would keep this bug from happening again with other new features in 
the future.



Drew

Bug#959765: Existing Packaging in Debian Science Team

2021-11-03 Thread Petter Reinholdtsen 
Hi,

Any news on getting Teensorflow through the NEW queue?

-- 
Happy hacking
Petter Reinholdtsen

Bug#986296: i7z generates two kernel messages per second while running

2021-11-03 Thread GSR 
Package: i7z
Version: 0.27.2+git2013.10.12-g5023138-7
Followup-For: Bug #986296

Hi:

The reports happen with CPUs older than haswell too. The issue seems
to be newer kernels checking what access the MSR registers. Previously
i7z worked without triggering the logging. Other software is also
being affected, for example
https://github.com/erpalma/throttled/issues/228

Cheers,
GSR

Bug#998419: kodi: CVE-2021-42917

2021-11-03 Thread Vasyl Gello 
Control: notfound -1 2:19.3+dfsg1-1
-- 
Vasyl Gello
==
Certified SolidWorks Expert

Mob.:+380 (98) 465 66 77

E-Mail: vasek.ge...@gmail.com

Skype: vasek.gello
==
호랑이는 죽어서 가죽을 남기고 사람은 죽어서 이름을 남긴다

Bug#998419: kodi: CVE-2021-42917

2021-11-03 Thread Vasyl Gello 
Control: found -1 2:17.1+dfsg1-3

Hi Salvatore,

And what should I do with stretch & buster? Patch is applicable to everything 
since 10.x: 
https://github.com/xbmc/xbmc/commit/45285e8a9300cd754a760560640b75b09f98035e
-- 
Vasyl Gello
==
Certified SolidWorks Expert

Mob.:+380 (98) 465 66 77

E-Mail: vasek.ge...@gmail.com

Skype: vasek.gello
==
호랑이는 죽어서 가죽을 남기고 사람은 죽어서 이름을 남긴다

Bug#998165: debian-policy: document and allow Description in the source paragraph

2021-11-03 Thread Bill Allombert 
On Sun, Oct 31, 2021 at 11:18:35AM +0100, Mattia Rizzolo wrote:
> Package: debian-policy
> Version 4.6.0.0
> 
> Hi!
> 
> dpkg 1.19.0 introduced, following the request in #555743, a bunch of new
> substvars.  Notably, it now handles ${source:Synopsis} and
> ${source:Extended-Description} that are described as follow:
> 
>source:Synopsis
>The source package synopsis, extracted from the source stanza
>Description field, if it exists
> 
>source:Extended-Description
>The source package extended description, extracted from the
>source stanza Description field, if it exists
> 
> 
> Currently Policy §5.2 lists the allowed known fields, and Description is
> accepted only in the "binary package paragraphs", not in the one for the
> source package.
> 
> 
> As documented in the bug report mentioned above, these are the main
> benefits of having a Description in the source paragraph:
>  * helps de-duplicate the description in the binary paragraphs (mostly
>relevant for libraries and other packages that build many binaries
>and share a common description).  Note that this would only
>de-duplicate d/control, the binary DEBIAN/control of each binary
>package would still keep the generated long description.
>  * ship a generic source-level descrption of the package, which just
>make sense if one thinks about it
>  * as a consequence of the above, a bunch of tools (DDPO, PTS, etc)
>would be able to drop the weird and unnatural logic that they use to
>pick a description for the source package
> The main "bad" consequence would be that Description would be exported
> in the .dsc and as such end up in the Sources index.  This is probably
> what we want anyway, but with all the people complaining about how big
> the index is getting it's something to consider.  However it's also true
> that realistically very few packages are going to make use of this
> facility in the near future so it shouldn't really matter IMHO.

Could you clarify what source packages that produce several binary
packages should do ? Maybe give an example ?

Cheers,
-- 
Bill. 

Imagine a large red swirl here.

Bug#994614: Fixed upstream

2021-11-03 Thread Tim Wiederhake 
The crash happens in librlottie, "lottiemodel.h", line 133, function
"LottieShapeData::lerp(LottieShapeData const&, LottieShapeData const&,
float, VPath&)".

When both "start" and "end" are empty, "size" evaluates to 0 and the
call to "result.moveTo(start.mPoints[0]..." crashes.

This is fixed upstream in
https://github.com/Samsung/rlottie/commit/1cb2021d6883ebe41c17e710fc90a225f038cb51

Bug#997128: ceres-solver: FTBFS: dh_auto_test: error: cd obj-x86_64-linux-gnu && make -j4 test ARGS\+=--verbose ARGS\+=-j4 returned exit code 2

2021-11-03 Thread Bastian Germann 

Control: reassign -1 libgoogle-glog-dev
Control: retitle -1 glog cmake files with static archive break ceres-solver 
build
Control: notforwarded -1

In your debian/rules file, installation of the static library build happens after installation of 
the shared library build. Therefore, the cmake files from the static library build end up 
overwriting the cmake files from the shared library build.


This makes ceres-solver build with libglog.a and breaks the build.

Please change the installation order.

Bug#996035: AttributeError: 'NoneType' object has no attribute 'section'

2021-11-03 Thread Michael Prokop 
* Matus UHLAR - fantomas [Sun Oct 10, 2021 at 07:34:44PM +0200]:

> kthresher does not remove old kernel, --dry-run fails with:
> 
> # kthresher --dry-run
> INFO: Attempting to read /etc/kthresher.conf.
> INFO: Options found: ['include'].
> INFO: Valid setting found "include"
> INFO:   include = /etc/kthresher.d/*.conf
> INFO: Options: {'dry_run': True, 'headers': False, 'keep': 1, 'purge': False, 
> 'verbose': False, 'include': '/etc/kthresher.d/*.conf'}
> INFO: - DRY RUN -
> INFO: Running kernel is linux-image-5.10.0-9-amd64 v[5.10.70-1]
> Traceback (most recent call last):
>  File "/usr/bin/kthresher", line 33, in 
>sys.exit(load_entry_point('kthresher==1.4.1', 'console_scripts', 
> 'kthresher')())
>  File "/usr/lib/python3/dist-packages/kthresher.py", line 481, in main
>kthreshing(purge=False, headers=options["headers"], keep=options["keep"])
>  File "/usr/lib/python3/dist-packages/kthresher.py", line 275, in kthreshing
>section = pkg.candidate.section or ''
> AttributeError: 'NoneType' object has no attribute 'section'
> 
> This is apparently caused by installed package (minecraft-launcher) that has
> no Section: defined.
> 
> While I agree that the package probably should have Section: header,
> I believe kthresher should not crash in such case.

I can confirm/verify this bug and can offer the maintainer of
kthresher a system to reproduce this behavior.

regards
-mika-


signature.asc
Description: PGP signature

Bug#998412: battery-stats: does not find my power supply

2021-11-03 Thread Petter Reinholdtsen 
[Nicolas Schodet]
> My system power supply is named AC0, but battery-stats-collector only
> looks at AC, ACAD or ADP1.
>
> An easy fix would be to add AC0 to the list.

Perhaps you can provide a patch?  What is the content of your 
/sys/class/power_supply/AC0/online?

-- 
Happy hacking
Petter Reinholdtsen

Bug#996117: Bug is actually in ruby-activesupport

2021-11-03 Thread Daniel Leidert 
clone 996117 -1
severity -1 serious
retitle -1 ArgumentError: wrong number of arguments (given 2, expected 3) 
caused by lib/active_support/cache.rb:330
block 996117 by -1
thanks

I had a look at the issue. It actually seems that ruby-activesupport, to which
the following files belong, is to blame and incompatible with Ruby 3:

> ArgumentError: wrong number of arguments (given 2, expected 3)
> 
> /usr/share/rubygems-integration/all/gems/activesupport-6.0.3.7/lib/active_support/cache.rb:710:in
>  `get_entry_value'
> 
> /usr/share/rubygems-integration/all/gems/activesupport-6.0.3.7/lib/active_support/cache.rb:330:in
>  `fetch'

The error is actually caused when the options argument to the get_entry_value()
function is empty ('{}'). This doesn't fail with Ruby 2.7, but it fails with
Ruby 3 (possibly due to the changes of handling keyword and positional
arguments). 

This seems to have been fixed in RC1 of version 6.1.0 and therefor in version
6.1.4 as well.

Regards, Daniel
-- 
Regards,
Daniel Leidert  | https://www.wgdd.de/
GPG-Key RSA4096 / BEED4DED5544A4C03E283DC74BCD0567C296D05D
GPG-Key ED25519 / BD3C132D8B3805D1808123AB7ACE00941E338C78

https://www.fiverr.com/dleidert
https://www.patreon.com/join/dleidert


signature.asc
Description: This is a digitally signed message part

Bug#998419: kodi: CVE-2021-42917

2021-11-03 Thread Vasyl Gello 
Control: fixed -1 2:19.3+dfsg1-1
Control: found -1 2:19.1+dfsg2-2~bpo10+1-1

Hi Salvatore!

This bug was fixed in 19.3 upstream, and the sid/bookworm version is not 
vulnerable.
I would like to upload 19.3 to stable-pu or stable-sec but the approval from 
SRM is pending for 19.2.

Is it possible to upload 2:19.3+dfsg1-1 to stable-sec as a whole package?
Or I have to apply the patch for 2:19.1+dfsg2-2 and upload -3?
-- 
Vasyl Gello
==
Certified SolidWorks Expert

Mob.:+380 (98) 465 66 77

E-Mail: vasek.ge...@gmail.com

Skype: vasek.gello
==
호랑이는 죽어서 가죽을 남기고 사람은 죽어서 이름을 남긴다

3 листопада 2021 р. 21:43:31 UTC, Salvatore Bonaccorso  
написав(-ла):
>Source: kodi
>Version: 2:19.3+dfsg1-1
>Severity: important
>Tags: security upstream
>Forwarded: https://github.com/xbmc/xbmc/issues/20305
>X-Debbugs-Cc: car...@debian.org, Debian Security Team 
>
>
>Hi,
>
>The following vulnerability was published for kodi.
>
>CVE-2021-42917[0]:
>| Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows
>| attackers to cause a denial of service due to improper length of
>| values passed to istream.
>
>
>If you fix the vulnerability please also make sure to include the
>CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
>For further information see:
>
>[0] https://security-tracker.debian.org/tracker/CVE-2021-42917
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42917
>[1] https://github.com/xbmc/xbmc/issues/20305
>[2] 
>https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
>
>Please adjust the affected versions in the BTS as needed.
>
>Regards,
>Salvatore
>

Bug#998420: minia: reproducible builds: Embeds kernel version

2021-11-03 Thread Vagrant Cascadian 
Source: minia
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: kernel
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The kernel version is embedded in /usr/bin/minia which cause
reproducibility issues.
  
  https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/minia.html

  Linux-5.14.0-0.bpo.2-amd64
vs.
  Linux-5.10.0-9-amd64

The attached patch fixes this by using CMAKE_SYSTEM_NAME instead of
CMAKE_SYSTEM in src/build_info.hpp.in.


With this patch applied, minia should become reproducible on
tests.reproducible-builds.org.


Thanks for maintaining minia!


live well,
  vagrant
From c0192d2eabddacfc3c728b930215094558799880 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Wed, 3 Nov 2021 21:11:32 +
Subject: [PATCH] build_info.hpp.in: Patch to use CMAKE_SYSTEM_NAME instead
 of CMAKE_SYSTEM.

CMAKE_SYSTEM captures the kernel version, which can reasonably vary
between builds. Use CMAKE_SYSTEM_NAME instead, which does not include
the version.

https://tests.reproducible-builds.org/debian/issues/unstable/captures_kernel_version_via_CMAKE_SYSTEM_issue.html
---
 src/build_info.hpp.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/build_info.hpp.in b/src/build_info.hpp.in
index d77e20c..f570b22 100644
--- a/src/build_info.hpp.in
+++ b/src/build_info.hpp.in
@@ -23,4 +23,4 @@
 #define STR_MINIA_VERSION "${gatb-tool-version}"
 #define STR_MINIA_COMPILATION_FLAGS   "${gatb-core-flags}"
 #define STR_MINIA_COMPILER"${CMAKE_C_COMPILER}  (${CMAKE_CXX_COMPILER_VERSION})"
-#define STR_MINIA_OPERATING_SYSTEM"${CMAKE_SYSTEM}"
+#define STR_MINIA_OPERATING_SYSTEM"${CMAKE_SYSTEM_NAME}"
-- 
2.33.1



signature.asc
Description: PGP signature

Bug#958083: bash: Can the compiled bash.preinst be removed now that the sh transition is complete?

2021-11-03 Thread Johannes Schauer Marin Rodrigues 
Hi,

On Sat, 18 Apr 2020 11:59:27 +0200 Niels Thykier  wrote:
> It seems that bash still has an "old" compiled preinst script.  Based on the
> source code, it seems to handle its half of the "dash-as-sh"-transition.
> Given that dash has now dropped its preinst, it stands to reason that we can
> remove bash's as well assuming it is only aimed at handling the /bin/sh
> transition.
> 
> We are interested in this to reduce the number of maintscripts in
> Debian in general as well as to enable progress on a proposal called
> [InstallBootstrap].

I'd like to propose the attached patch to fix this bug. Please consider
applying it to reduce the number of maintainer scripts in essential packages.

Thanks!

cheers, joschdiff -Nru bash-5.1/debian/bash.preinst.c bash-5.1/debian/bash.preinst.c
--- bash-5.1/debian/bash.preinst.c	2021-10-23 11:36:25.0 +0200
+++ bash-5.1/debian/bash.preinst.c	1970-01-01 01:00:00.0 +0100
@@ -1,46 +0,0 @@
-/*
- * This file is in the public domain.
- * You may freely use, modify, distribute, and relicense it.
- */
-
-#include "bash.preinst.h"
-#include 
-#include 
-
-static void backup(const char *file, const char *dest)
-{
-	const char * const cmd[] = {"cp", "-dp", file, dest, NULL};
-	if (exists(file))
-		run(cmd);
-}
-
-static void force_symlink(const char *target, const char *link,
-		const char *temp)
-{
-	/*
-	 * Forcibly create a symlink to "target" from "link".
-	 * This is performed in two stages with an
-	 * intermediate temporary file because symlink(2) cannot
-	 * atomically replace an existing file.
-	 */
-	if ((unlink(temp) && errno != ENOENT) ||
-	symlink(target, temp) ||
-	rename(temp, link))
-		die_errno("cannot create symlink %s -> %s", link, target);
-}
-
-int main(int argc, char *argv[])
-{
-	/* /bin/sh needs to point to a valid target. */
-
-	if (access("/bin/sh", X_OK)) {
-		backup("/bin/sh", "/bin/sh.distrib");
-		backup("/usr/share/man/man1/sh.1.gz",
-			"/usr/share/man/man1/sh.distrib.1.gz");
-
-		force_symlink("bash", "/bin/sh", "/bin/sh.temp");
-		force_symlink("bash.1.gz", "/usr/share/man/man1/sh.1.gz",
-			"/usr/share/man/man1/sh.1.gz.temp");
-	}
-	return 0;
-}
diff -Nru bash-5.1/debian/bash.preinst.h bash-5.1/debian/bash.preinst.h
--- bash-5.1/debian/bash.preinst.h	2021-10-23 11:36:25.0 +0200
+++ bash-5.1/debian/bash.preinst.h	1970-01-01 01:00:00.0 +0100
@@ -1,27 +0,0 @@
-#ifndef BASH_PREINST_H
-#define BASH_PREINST_H
-
-/*
- * This file is in the public domain.
- * You may freely use, modify, distribute, and relicense it.
- */
-
-#define _XOPEN_SOURCE 700
-#include 
-#include 
-#include 
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-# define __attribute__(x)
-#endif
-#define NORETURN __attribute__((__noreturn__))
-#define PRINTFLIKE __attribute__((format(printf, 1, 2)))
-
-extern NORETURN PRINTFLIKE void die_errno(const char *fmt, ...);
-extern NORETURN PRINTFLIKE void die(const char *fmt, ...);
-
-extern int exists(const char *path);
-
-extern void run(const char * const cmd[]);	/* spawn and wait */
-
-#endif
diff -Nru bash-5.1/debian/bash.preinst-lib.c bash-5.1/debian/bash.preinst-lib.c
--- bash-5.1/debian/bash.preinst-lib.c	2021-10-23 11:36:25.0 +0200
+++ bash-5.1/debian/bash.preinst-lib.c	1970-01-01 01:00:00.0 +0100
@@ -1,96 +0,0 @@
-/*
- * This file is in the public domain.
- * You may freely use, modify, distribute, and relicense it.
- */
-
-#include "bash.preinst.h"
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-extern char **environ;
-
-__attribute__((format(printf, 1, 0)))
-static void vreportf(const char *err, va_list params, int errnum)
-{
-	fprintf(stderr, "bash.preinst: ");
-	vfprintf(stderr, err, params);
-	if (errnum)
-		fprintf(stderr, ": %s", strerror(errnum));
-	fprintf(stderr, "\n");
-}
-
-__attribute__((format(printf, 1, 2)))
-NORETURN void die_errno(const char *fmt, ...)
-{
-	va_list params;
-	va_start(params, fmt);
-	vreportf(fmt, params, errno);
-	va_end(params);
-	exit(1);
-}
-
-__attribute__((format(printf, 1, 2)))
-NORETURN void die(const char *fmt, ...)
-{
-	va_list params;
-	va_start(params, fmt);
-	vreportf(fmt, params, 0);
-	va_end(params);
-	exit(1);
-}
-
-int exists(const char *file)
-{
-	struct stat sb;
-	if (!lstat(file, ))
-		return 1;
-	if (errno == ENOENT)
-		return 0;
-	die_errno("cannot get status of %s", file);
-}
-
-static void wait_or_die(pid_t child, const char *name)
-{
-	int status;
-	if (waitpid(child, , 0) != child)
-		die_errno("cannot wait for %s", name);
-	if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
-		return;
-
-	if (WIFEXITED(status))
-		die("%s exited with status %d", name, WEXITSTATUS(status));
-	if (WIFSIGNALED(status))
-		die("%s killed by signal %d", name, WTERMSIG(status));
-	if (WIFSTOPPED(status))
-		die("%s stopped by signal %d", name, WSTOPSIG(status));
-	die("waitpid is confused (status=%d)", status);
-}
-
-static pid_t spawn(const char * const cmd[], int

Bug#997016: RFS: swtpm/0.7.0-rc2-1 [ITA] -- Libtpms-based TPM emulator

2021-11-03 Thread Bastian Germann 

On Tue, 2 Nov 2021 15:45:41 +0900 Seunghun Han  wrote:

Hi Bastian,

On Tue, Nov 2, 2021 at 1:06 AM Bastian Germann  wrote:
> > Should I fix them by adding a new feature to detect the docker environment?
>
> That would be nice but is not necessary.

If so, I would like to leave it. If you don't mind, would you support
the swtpm package [1]? That's the version built from the debian/swtpm
repository.



Can you explain why it builds on amd64 when it is docker related?
The failing build is on i386 and also fails natively on my i386 machine.
It looks a bit like Y2K38 triggering...

I am also not sure if you are allowed to write in /tmp on package building. I 
will check that.

Bug#998419: kodi: CVE-2021-42917

2021-11-03 Thread Salvatore Bonaccorso 
Source: kodi
Version: 2:19.3+dfsg1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/xbmc/xbmc/issues/20305
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for kodi.

CVE-2021-42917[0]:
| Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows
| attackers to cause a denial of service due to improper length of
| values passed to istream.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-42917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42917
[1] https://github.com/xbmc/xbmc/issues/20305
[2] https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#998418: node-shell-quote: CVE-2021-42740

2021-11-03 Thread Salvatore Bonaccorso 
Source: node-shell-quote
Version: 1.7.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for node-shell-quote.

CVE-2021-42740[0]:
| The shell-quote package before 1.7.3 for Node.js allows command
| injection. An attacker can inject unescaped shell metacharacters
| through a regex designed to support Windows drive letters. If the
| output of this package is passed to a real shell as a quoted argument
| to a command with exec(), an attacker can inject arbitrary commands.
| This is because the Windows drive letter regex character class is
| {A-z] instead of the correct {A-Za-z]. Several shell metacharacters
| exist in the space between capital letter Z and lower case letter a,
| such as the backtick character.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-42740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42740
[1] 
https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe

Regards,
Salvatore

Bug#995573: Possible backport?

2021-11-03 Thread Etienne 

Hello,

is it maybe possible to backport xrdp and xorgxrdp from sid to bullseye 
/ bullseye-backport in order to make this bugfix available? The version 
of xrdp and xorgxrdp provided in Bullseye currently (xorgxrdp 1:0.2.12-1 
and xrdp 0.9.12-1.1) are not usable at all because of this bug.


I tried to install xrdp from sid inside bullseye, but it is failing due 
to some dependency issue:



"sudo apt install xrdp/unstable
...
...
The following packages will be REMOVED:
build-essential g++ g++-10 libc-bin libc-dev-bin libc6-dbg libc6-dev 
libstdc++-10-dev locales task-english zlib1g-dev

The following packages will be upgraded:
libc6 xrdp
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
libc-bin
2 upgraded, 0 newly installed, 11 to remove and 5 not upgraded."

Thanks a lot
Etienne

Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)

2021-11-03 Thread Drew Parsons 

On 2021-11-03 20:57, Sebastian Ramacher wrote:

Source: hypre
Severity: serious

...

The real blocker is hypre, specifically:

hypre (2.18.1-1) experimental; urgency=medium
 .
   * Team upload.
   * New upstream release.
   * Standards-Version: 4.4.1
   * Provide library binary package as libhypre without the soname
 version embedded in the package name. Enforce version dependency
 through strict shlibs dependency. This is to workaround lack of
 ABI backwards compatibility and keep minor version updates being
 delayed in the NEW queue. See README.Debian.


As a consequence, hypre breaks co-installability of all its reverse
dependencies, therefore breaking smooth updates of the packages 
involved

in the transition. And yes, in the end, deal.ii currently keeps the
whole stack from migrating as it renders deal.ii's binaries
uninstallable in testing.



The problem that hypre 2.18.1-1 (un-versioned libhypre) intended to 
solve is that hypre is ABI-ignorant 
(https://github.com/hypre-space/hypre/issues/56), so each point patch 
release would have to be a new binary package, and the upstream release 
rate is faster than the average NEW queue processing rate (the new 
package for the current transition would be libhypre2.22.1, and already 
libhypre2.23.0 is released upstream).


hypre has only 2 direct reverse dependencies, petsc and sundials, which 
we can keep up-to-date easily.  The current problem is that deal.ii 
depends on the old petsc3.14, so it can't be installed with the new 
petsc3.15. It wouldn't be a problem in practice, if deal.ii hadn't 
started FTBFS (Bug#996277) preventing it rebuilding against petsc 3.15.  
 We could say it was tactical error running the hypre and petsc ABI 
updates at the same time (I wasn't anticipating deal.ii Bug#996277)


If we revert back to version-named hypre library packages then the cost 
is that we won't be able to provide timely patch updates for hypre (each 
one will be a new library package needing to pass NEW, since hypre does 
not provide ABI compatibility).


The alternative for this transition is to remove deal.ii from testing, 
which is happening anyway due to Bug#996277


So the use of un-versioned libhypre was intended as a specific exception 
to Policy 8.1, for the purpose of facilitating faster hypre patch 
updates. The irregularity is due to a lack of ABI-awareness in hypre 
itself.


Is it best to revert back to strict Policy 8.1 compliance, which will 
slow down hypre patch release updates?


Drew

Bug#998417: redmine: CVE-2021-42326

2021-11-03 Thread Salvatore Bonaccorso 
Source: redmine
Version: 4.0.7-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for redmine.

CVE-2021-42326[0]:
| Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of
| users on activity views due to an insufficient access filter.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-42326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42326
[1] https://www.redmine.org/news/133
[2] https://www.redmine.org/projects/redmine/repository/revisions/21209

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#995981: rules-require-build-prerequisite gives bogus advice

2021-11-03 Thread Felix Lechner 
Hi,

On Wed, Nov 3, 2021 at 12:29 PM Graham Inggs  wrote:
>
> Only for the ones that will FTBFS.

I get it now. (I am a little slow sometimes.) You are using the old
bug report as a hint to maintainers so they can re-examine their
choices in view of the incorrect advice they may have been given.

Kind regards
Felix Lechner

Bug#998416: debdiff and test steps

2021-11-03 Thread Mauricio Oliveira 
Hey!

It'd be nice to have an option to use `ip[6]tables --noflush`
so that existing rules aren't flushed on start/load.

Debdiff attached. I'll try and submit a proper git-based merge
once account on Salsa is made available. For now, just keeping
the changes here too.

This also fixes a couple bugs in `plugins/25-ip6tables`.

Thanks!
Mauricio



Before:
---

Add transient rules for 1.1.1.1:

# iptables -A INPUT -p icmp -s 1.1.1.1 -j DROP
# ip6tables -A INPUT -p icmp -s 2606:4700:4700:: -j DROP

# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source   destination
DROP   icmp --  1.1.1.1  0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

# ip6tables -nL
Chain INPUT (policy ACCEPT)
target prot opt source   destination
DROP   icmp 2606:4700:4700::  ::/0

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination


Load configured rules for 1.0.0.1:

# grep -H ^ /etc/iptables/rules.v4 /etc/iptables/rules.v6
/etc/iptables/rules.v4:# Generated by iptables-save v1.8.7 on Wed Nov
3 20:43:56 2021
/etc/iptables/rules.v4:*filter
/etc/iptables/rules.v4::INPUT ACCEPT [0:0]
/etc/iptables/rules.v4::FORWARD ACCEPT [0:0]
/etc/iptables/rules.v4::OUTPUT ACCEPT [0:0]
/etc/iptables/rules.v4:-A INPUT -s 1.0.0.1/32 -p icmp -j DROP
/etc/iptables/rules.v4:COMMIT
/etc/iptables/rules.v4:# Completed on Wed Nov  3 20:43:56 2021
/etc/iptables/rules.v6:# Generated by ip6tables-save v1.8.7 on Wed Nov
 3 20:43:56 2021
/etc/iptables/rules.v6:*filter
/etc/iptables/rules.v6::INPUT ACCEPT [0:0]
/etc/iptables/rules.v6::FORWARD ACCEPT [0:0]
/etc/iptables/rules.v6::OUTPUT ACCEPT [0:0]
/etc/iptables/rules.v6:-A INPUT -s 2606:4700:4700::1001/128 -p icmp -j DROP
/etc/iptables/rules.v6:COMMIT
/etc/iptables/rules.v6:# Completed on Wed Nov  3 20:43:56 2021

# netfilter-persistent start
run-parts: executing
/usr/share/netfilter-persistent/plugins.d/15-ip4tables start
run-parts: executing
/usr/share/netfilter-persistent/plugins.d/25-ip6tables start

The existing rules for 1.1.1.1 have been flushed:

# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source   destination
DROP   icmp --  1.0.0.1  0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

# ip6tables -nL
Chain INPUT (policy ACCEPT)
target prot opt source   destination
DROP   icmp 2606:4700:4700::1001  ::/0

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination



After:
---

Start over, the same thing happens by default (i.e., no behavior changes.)

Then repeat with with these new config options enabled:

# tail -n4 /etc/default/netfilter-persistent
# Set to yes for not flushing existing ip[6]tables rules when
netfilter-persistent
# is called with the start parameter
IPTABLES_RESTORE_NOFLUSH=yes
IP6TABLES_RESTORE_NOFLUSH=yes

# netfilter-persistent start
run-parts: executing
/usr/share/netfilter-persistent/plugins.d/15-ip4tables start
run-parts: executing
/usr/share/netfilter-persistent/plugins.d/25-ip6tables start

The existing rules for 1.1.1.1 are still there:

# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source   destination
DROP   icmp --  1.1.1.1  0.0.0.0/0
DROP   icmp --  1.0.0.1  0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

# ip6tables -nL
Chain INPUT (policy ACCEPT)
target prot opt source   destination
DROP   icmp 2606:4700:4700::  ::/0
DROP   icmp 2606:4700:4700::1001  ::/0

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination


-- 
Mauricio Faria de Oliveira


bug998416.debdiff
Description: Binary data

Bug#998358: Subject: grepmail: autopkgtest doesn't do anything

2021-11-03 Thread Paul Gevers 
Hi Eriberto,

On Tue, 2 Nov 2021 19:57:37 -0300 Eriberto  wrote:
> Thanks a lot Paul.

Please be aware that in the BTS bug submitters normally don't get mails
to the bugs they submit (unless they are subscribed). It's coincidence
that I see your message.

> Really, in our machines the package is built and Makefile  exists.

On a clean checkout of the package, that can hardly be.

> I
> need to check some packages of mine. I think there are some tests
> around grepmail in upstream source.

Yes, plenty of tests. They are run during building.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#998416: iptables-persistent: option for not flushing existing rules when starting/loading

2021-11-03 Thread Mauricio Faria de Oliveira 
Package: src:iptables-persistent
Version: 1.0.15
Severity: wishlist
Tags: patch

-- 
Mauricio Faria de Oliveira

Bug#998414: mimeo: autopkgtest regression: test depends on postgresql-14-pgtap which doesn't exist (yet)

2021-11-03 Thread Paul Gevers 
Source: mimeo
Version: 1.5.1-11
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent upload of mimeo the autopkgtest of mimeo fails in testing
when that autopkgtest is run with the binary packages of mimeo from
unstable. It passes when run with only packages from testing. In tabular
form:

   passfail
mimeo  from testing1.5.1-11
all others from testingfrom testing

I copied some of the output at the bottom of this report. It seems you
need to fix bug #997762 (in pgtap) first.

Currently this regression is blocking the migration to testing [1]. Can
you please investigate the situation and fix it?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=mimeo

https://ci.debian.net/data/autopkgtest/testing/amd64/m/mimeo/16383770/log.gz

autopkgtest [22:48:37]:  apt-source mimeo
Get:1 http://deb.debian.org/debian unstable/main mimeo 1.5.1-11 (dsc)
[2,054 B]
Get:2 http://deb.debian.org/debian unstable/main mimeo 1.5.1-11 (tar)
[591 kB]
Get:3 http://deb.debian.org/debian unstable/main mimeo 1.5.1-11 (diff)
[3,400 B]
gpgv: unknown type of key resource 'trustedkeys.kbx'
gpgv: keyblock resource '/tmp/dpkg-verify-sig.2uqyXVyi/trustedkeys.kbx':
General error
gpgv: Signature made Thu 28 Oct 2021 08:44:44 AM UTC
gpgv:using RSA key 5C48FE6157F49179597087C64C5A6BAB12D2A7AE
gpgv: Can't check signature: No public key
dpkg-source: warning: failed to verify signature on ./mimeo_1.5.1-11.dsc
autopkgtest [22:48:38]: testing package mimeo version 1.5.1-11
autopkgtest [22:48:38]: build not needed
autopkgtest [22:48:38]: test prove: preparing testbed
Reading package lists...
Building dependency tree...
Reading state information...
Correcting dependencies...Starting pkgProblemResolver with broken count: 1
Starting 2 pkgProblemResolver with broken count: 1
Investigating (0) autopkgtest-satdep:amd64 < 0 @iU K Nb Ib >
Broken autopkgtest-satdep:amd64 Depends on postgresql-14-pgtap:amd64 <
none @un H >
  Removing autopkgtest-satdep:amd64 because I can't find
postgresql-14-pgtap:amd64
Done
 Done
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
The following packages will be REMOVED:
  autopkgtest-satdep
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
(Reading database ... (Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 13121 files and directories currently installed.)
Removing autopkgtest-satdep (0) ...
autopkgtest: WARNING: package postgresql-14-mimeo is not installed
though it should be
autopkgtest: WARNING: Test dependencies are unsatisfiable with using apt
pinning. Retrying with using all packages from unstable
Reading package lists...
Building dependency tree...
Reading state information...
Correcting dependencies...Starting pkgProblemResolver with broken count: 1
Starting 2 pkgProblemResolver with broken count: 1
Investigating (0) autopkgtest-satdep:amd64 < 0 @iU K Nb Ib >
Broken autopkgtest-satdep:amd64 Depends on postgresql-14-pgtap:amd64 <
none @un H >
  Removing autopkgtest-satdep:amd64 because I can't find
postgresql-14-pgtap:amd64
Done
 Done
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
The following packages will be REMOVED:
  autopkgtest-satdep
0 upgraded, 0 newly installed, 1 to remove and 29 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
(Reading database ... (Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 13121 files and directories currently installed.)
Removing autopkgtest-satdep (0) ...
autopkgtest: WARNING: package

Bug#998413: gap-float: autopkgtest regression: object must be an MPFR, not a integer

2021-11-03 Thread Paul Gevers 
Source: gap-float
Version: 0.9.9+ds-1
X-Debbugs-CC: debian...@lists.debian.org
Severity: serious
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

With a recent upload of gap-float the autopkgtest of gap-float fails in
testing when that autopkgtest is run with the binary packages of
gap-float from unstable. It passes when run with only packages from
testing. In tabular form:

   passfail
gap-float  from testing0.9.9+ds-1
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration to testing [1]. Can
you please investigate the situation and fix it?

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=gap-float

https://ci.debian.net/data/autopkgtest/testing/i386/g/gap-float/16389623/log.gz

Error, GET_MPFR: object must be an MPFR, not a integer
Error, was not in any namespace
Error, was not in any namespace
autopkgtest [01:09:07]: test command2




OpenPGP_signature
Description: OpenPGP digital signature

Bug#995475:

2021-11-03 Thread Mike Gerow 
And as expected the 5.1-3.1 NMU fixed this by triggering a rebuild.

Bug#998412: battery-stats: does not find my power supply

2021-11-03 Thread Nicolas Schodet 
Package: battery-stats
Version: 0.5.6-1.1
Severity: important

Hello,

My system power supply is named AC0, but battery-stats-collector only
looks at AC, ACAD or ADP1.

An easy fix would be to add AC0 to the list.

Nicolas.


-- System Information:
Debian Release: 11.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-9-amd64 (SMP w/16 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages battery-stats depends on:
ii  gzip   1.10-4
ii  logrotate  3.18.0-2

Versions of packages battery-stats recommends:
ii  gnuplot   5.4.1+dfsg1-1
ii  gnuplot-qt [gnuplot]  5.4.1+dfsg1-1
ii  libtext-csv-perl  2.00-1
ii  python3   3.9.2-3
ii  python3-matplotlib3.3.4-1

battery-stats suggests no packages.

-- no debconf information

Bug#993487: libguestfs-tools: virt-sparsify fails to pass necessary arguments to qemu-img

2021-11-03 Thread Aleksey I. Zavilohin 

Confirm this problem with qemu 6.1

https://wiki.qemu.org/ChangeLog/6.1

Section: Incompatible changes

When creating an image with a backing file, or changing the backing file 
of an existing image, qemu-img requires now that the backing file format 
is specified as well.


with qemu 6.0 works fine

--
Aleksey I. Zavilohin
+7-9028968180

Bug#998408: debian-installer: "good password" advise

2021-11-03 Thread Alejandro Colomar (man-pages) 

On 11/3/21 20:30, Alejandro Colomar wrote:

   So my advise would be instead:

   "A good password will not need rare characters, but rather be as long
   as possible.  Having a memorable random password can help it be
   longer, and therefore stronger."


Hmm, I'd reword this a bit, since that wording of mine makes it look 
like long memorable passwords are better than completely random ones, 
while they aren't.


"A good password will not need rare characters, but rather be as long
as possible.  If you can use a password manager, a completely random 
alphanumeric password is the best.  However, if you need to memorize it, 
it should be easy to memorize, relatively random, and very long."


Maybe too long of an advise; maybe it could be made shorter...



   Or something similar.

Sorry for the rant :-)

Thanks,



Regards,

Alex


--
Alejandro Colomar
Linux man-pages comaintainer; https://www.kernel.org/doc/man-pages/
http://www.alejandro-colomar.es/

Bug#996204: transition: numerical library stack

2021-11-03 Thread Sebastian Ramacher 
Control: clone -1 -2
Control: reassign -2 src:hypre 2.18.1-1
Control: tags -2 =
Control: severity -2 serious

Let's try that again …

On 2021-11-03 20:57:27 +0100, Sebastian Ramacher wrote:
> Source: hypre
> Version: 2.18.1-1
> Severity: serious
> Justification: Policy 8.1
> Control: retitle -1 hypre: shared libraries package must be renamed on SONAME 
> change (Policy 8.1)
> 
> On 2021-11-03 09:49:13 +0100, Drew Parsons wrote:
> > On 2021-10-31 20:57, Anton Gladky wrote:
> > > sundials_5.8.0 is in unstable already.
> > 
> > Thanks Anton.
> > 
> > Is deal.ii the core blocker at this point?  Looks like it has other issues,
> > Bug#996277, not related to the numerical library transition. It's scheduled
> > for removal next week.
> 
> The real blocker is hypre, specifically:
> 
> hypre (2.18.1-1) experimental; urgency=medium
>  .
>* Team upload.
>* New upstream release.
>* Standards-Version: 4.4.1
>* Provide library binary package as libhypre without the soname
>  version embedded in the package name. Enforce version dependency
>  through strict shlibs dependency. This is to workaround lack of
>  ABI backwards compatibility and keep minor version updates being
>  delayed in the NEW queue. See README.Debian.
> 
> 
> As a consequence, hypre breaks co-installability of all its reverse
> dependencies, therefore breaking smooth updates of the packages involved
> in the transition. And yes, in the end, deal.ii currently keeps the
> whole stack from migrating as it renders deal.ii's binaries
> uninstallable in testing. As britney would put it:
> 
>  -  finish: 
> [petsc4py,slepc4py,dolfin,mshr,slepc,petsc,hypre,sundials,getdp/amd64,getdp/arm64,getdp/armel,getdp/armhf,getdp/i386,getdp/mipsel,getdp/mips64el,getdp/ppc64el,getdp/s390x,-libmumps-5.3/i386,-libmumps-5.3/armel,-libmumps-5.3/armhf,-libmumps-5.3/mipsel,-libmumps-5.3/mips64el,-libmumps-64pord-5.3/i386,-libmumps-64pord-5.3/amd64,-libmumps-64pord-5.3/arm64,-libmumps-64pord-5.3/armel,-libmumps-64pord-5.3/armhf,-libmumps-64pord-5.3/s390x,-libmumps-64pord-5.3/mipsel,-libmumps-64pord-5.3/ppc64el,-libsuperlu-dist6/i386,-libmumps-64pord-5.3/mips64el,-libsuperlu-dist6/armel,-libsuperlu-dist6/armhf,-libsuperlu-dist6/mipsel,-libslepc-real3.14/amd64,-libslepc-real3.14/arm64,-libslepc-real3.14/s390x,-libsuperlu-dist6/mips64el,-libslepc-real3.14/ppc64el,-libpetsc-real3.14/amd64,-libpetsc-real3.14/arm64,-libpetsc-real3.14/s390x,-libpetsc-real3.14/ppc64el,-libmumps-5.3/amd64,-libsuperlu-dist6/amd64,-libmumps-5.3/arm64,-libsuperlu-dist6/arm64,-libmumps-5.3/s390x,-libsuperlu-dist6/s390x,-libmumps-5.3/ppc64el,-libsuperlu-dist6/ppc64el]
>  - endloop: 120+0: a-1:a-0:a-0:a-0:i-118:m-0:m-0:p-0:s-1
>  - now: 128+0: a-3:a-2:a-0:a-0:i-118:m-0:m-0:p-2:s-3
>  - * amd64: libdeal.ii-9.3.0, libdeal.ii-dev
>  - * arm64: libdeal.ii-9.3.0, libdeal.ii-dev
>  - * ppc64el: libdeal.ii-9.3.0, libdeal.ii-dev
>  - * s390x: libdeal.ii-9.3.0, libdeal.ii-dev
>  - 
>  - Removed 35 of 86 cruft item(s) after the changes
>  - easy: 128+0: a-3:a-2:a-0:a-0:i-118:m-0:m-0:p-2:s-3
>  - * amd64: libdeal.ii-9.3.0, libdeal.ii-dev
>  - * arm64: libdeal.ii-9.3.0, libdeal.ii-dev
>  - * ppc64el: libdeal.ii-9.3.0, libdeal.ii-dev
>  - * s390x: libdeal.ii-9.3.0, libdeal.ii-dev
>  - FAILED
> 
> Policy 8.1 says at the very beginning: "The run-time shared library must
> be placed in a package whose name changes whenever the SONAME of the
> shared library changes." Please fix libhypre and the other shared
> library packages built by hypre.
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#996204: transition: numerical library stack

2021-11-03 Thread Sebastian Ramacher 
Source: hypre
Version: 2.18.1-1
Severity: serious
Justification: Policy 8.1
Control: retitle -1 hypre: shared libraries package must be renamed on SONAME 
change (Policy 8.1)

On 2021-11-03 09:49:13 +0100, Drew Parsons wrote:
> On 2021-10-31 20:57, Anton Gladky wrote:
> > sundials_5.8.0 is in unstable already.
> 
> Thanks Anton.
> 
> Is deal.ii the core blocker at this point?  Looks like it has other issues,
> Bug#996277, not related to the numerical library transition. It's scheduled
> for removal next week.

The real blocker is hypre, specifically:

hypre (2.18.1-1) experimental; urgency=medium
 .
   * Team upload.
   * New upstream release.
   * Standards-Version: 4.4.1
   * Provide library binary package as libhypre without the soname
 version embedded in the package name. Enforce version dependency
 through strict shlibs dependency. This is to workaround lack of
 ABI backwards compatibility and keep minor version updates being
 delayed in the NEW queue. See README.Debian.


As a consequence, hypre breaks co-installability of all its reverse
dependencies, therefore breaking smooth updates of the packages involved
in the transition. And yes, in the end, deal.ii currently keeps the
whole stack from migrating as it renders deal.ii's binaries
uninstallable in testing. As britney would put it:

 -  finish: 
[petsc4py,slepc4py,dolfin,mshr,slepc,petsc,hypre,sundials,getdp/amd64,getdp/arm64,getdp/armel,getdp/armhf,getdp/i386,getdp/mipsel,getdp/mips64el,getdp/ppc64el,getdp/s390x,-libmumps-5.3/i386,-libmumps-5.3/armel,-libmumps-5.3/armhf,-libmumps-5.3/mipsel,-libmumps-5.3/mips64el,-libmumps-64pord-5.3/i386,-libmumps-64pord-5.3/amd64,-libmumps-64pord-5.3/arm64,-libmumps-64pord-5.3/armel,-libmumps-64pord-5.3/armhf,-libmumps-64pord-5.3/s390x,-libmumps-64pord-5.3/mipsel,-libmumps-64pord-5.3/ppc64el,-libsuperlu-dist6/i386,-libmumps-64pord-5.3/mips64el,-libsuperlu-dist6/armel,-libsuperlu-dist6/armhf,-libsuperlu-dist6/mipsel,-libslepc-real3.14/amd64,-libslepc-real3.14/arm64,-libslepc-real3.14/s390x,-libsuperlu-dist6/mips64el,-libslepc-real3.14/ppc64el,-libpetsc-real3.14/amd64,-libpetsc-real3.14/arm64,-libpetsc-real3.14/s390x,-libpetsc-real3.14/ppc64el,-libmumps-5.3/amd64,-libsuperlu-dist6/amd64,-libmumps-5.3/arm64,-libsuperlu-dist6/arm64,-libmumps-5.3/s390x,-libsuperlu-dist6/s390x,-libmumps-5.3/ppc64el,-libsuperlu-dist6/ppc64el]
 - endloop: 120+0: a-1:a-0:a-0:a-0:i-118:m-0:m-0:p-0:s-1
 - now: 128+0: a-3:a-2:a-0:a-0:i-118:m-0:m-0:p-2:s-3
 - * amd64: libdeal.ii-9.3.0, libdeal.ii-dev
 - * arm64: libdeal.ii-9.3.0, libdeal.ii-dev
 - * ppc64el: libdeal.ii-9.3.0, libdeal.ii-dev
 - * s390x: libdeal.ii-9.3.0, libdeal.ii-dev
 - 
 - Removed 35 of 86 cruft item(s) after the changes
 - easy: 128+0: a-3:a-2:a-0:a-0:i-118:m-0:m-0:p-2:s-3
 - * amd64: libdeal.ii-9.3.0, libdeal.ii-dev
 - * arm64: libdeal.ii-9.3.0, libdeal.ii-dev
 - * ppc64el: libdeal.ii-9.3.0, libdeal.ii-dev
 - * s390x: libdeal.ii-9.3.0, libdeal.ii-dev
 - FAILED

Policy 8.1 says at the very beginning: "The run-time shared library must
be placed in a package whose name changes whenever the SONAME of the
shared library changes." Please fix libhypre and the other shared
library packages built by hypre.

Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#995981: rules-require-build-prerequisite gives bogus advice

2021-11-03 Thread Felix Lechner 
Hi,

On Wed, Nov 3, 2021 at 12:29 PM Graham Inggs  wrote:
>
> By "that bug", do you mean #998396?

I suppose I meant "this" bug #995981.

> codesearch.debian.net reveals even more affected packages:

Some of them are probably due to erroneous advice from Lintian for a
short period in early October (and possibly late September) but some,
like colortest-python, are clearly unrelated.

Either way, isn't the issue fixed?

Kind regards
Felix Lechner

Bug#995021: osmnx: autopkgtest regression on armhf: iteration over a 0-d array

2021-11-03 Thread Paul Gevers 
Hi Jerome,

On 03-11-2021 19:11, Jerome BENOIT wrote:
> On Mon, 1 Nov 2021 20:49:58 +0100 Paul Gevers  wrote:
>> Is this run on all cores? Our armhf worker has 160 cores, so you may be
>> running into limits you didn't expect.
> 
> The upstream maintainer would like to know the number of cpus
> from a Python shell.
> 
 import multiprocessing as mp; print(mp.cpu_count());
> 
> Can you get this information ?
> In fact, I am curious to know it as well.

>>> import multiprocessing as mp; print(mp.cpu_count())
160

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#998410: cinnamon-screensaver: Media player controls and artwork missing from screensaver

2021-11-03 Thread Benjamin FRANCOIS 
Package: cinnamon-screensaver
Version: 5.0.6-2
Severity: normal

Dear Maintainer,

The current version of cinnamon-screensaver only displays time and the custom 
message, if set. It however does not display media player controls or media 
artwork.

It appears that the issue might come from this bug, resolved upstream:
https://github.com/linuxmint/cinnamon-screensaver/issues/389

Thank you for your help!

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cinnamon-screensaver depends on:
ii  cinnamon-desktop-data   5.0.0-2
ii  gir1.2-accountsservice-1.0  0.6.55-3
ii  gir1.2-cinnamondesktop-3.0  5.0.0-2
ii  gir1.2-gkbd-3.0 3.26.1-1+b1
ii  gir1.2-glib-2.0 1.70.0-2
ii  gir1.2-gtk-3.0  3.24.30-3
ii  gir1.2-xapp-1.0 2.2.3-2
ii  iso-flags-png-320x240   1.0.2-1.1
ii  libc6   2.32-4
ii  libcairo2   1.16.0-5
ii  libcscreensaver05.0.6-2
ii  libglib2.0-02.70.0-3
ii  libgtk-3-0  3.24.30-3
ii  libpango-1.0-0  1.48.10+ds1-1
ii  libx11-62:1.7.2-2+b1
ii  python3 3.9.7-1
ii  python3-gi  3.42.0-1+b1
ii  python3-gi-cairo3.42.0-1+b1
ii  python3-setproctitle1.2.2-2
ii  python3-xapp2.2.1-2
ii  python3-xlib0.29-1

Versions of packages cinnamon-screensaver recommends:
ii  libpam-gnome-keyring  40.0-3

cinnamon-screensaver suggests no packages.

-- no debconf information

Bug#998409: src:openstructure: fails to migrate to testing for too long: unbuildable on mips*el

2021-11-03 Thread Paul Gevers 
Source: openstructure
Version: 2.2.0-6
Severity: serious
Control: close -1 2.2.0-8
Tags: sid bookworm
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing
and unstable for more than 60 days as having a Release Critical bug in
testing [1]. Your package src:openstructure has been trying to migrate
for 61 days [2]. Hence, I am filing this bug. Your latest versions
Build-Depend on binaries that are not available on mips*el.

If a package is out of sync between unstable and testing for a longer
period, this usually means that bugs in the package in testing cannot be
fixed via unstable. Additionally, blocked packages can have impact on
other packages, which makes preparing for the release more difficult.
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that
hamper the migration of their package in a timely manner.

This bug will trigger auto-removal when appropriate. As with all new
bugs, there will be at least 30 days before the package is auto-removed.

I have immediately closed this bug with the version in unstable, so if
that version or a later version migrates, this bug will no longer affect
testing. I have also tagged this bug to only affect sid and bookworm, so
it doesn't affect (old-)stable.

If you believe your package is unable to migrate to testing due to
issues beyond your control, don't hesitate to contact the Release Team.

Paul

[1] https://lists.debian.org/debian-devel-announce/2020/02/msg5.html
[2] https://qa.debian.org/excuses.php?package=openstructure




OpenPGP_signature
Description: OpenPGP digital signature

Bug#998408: debian-installer: "good password" advise

2021-11-03 Thread Alejandro Colomar 
Source: debian-installer
Version: 20210731+deb11u1
Severity: normal
Tags: upstream
X-Debbugs-Cc: alx.manpa...@gmail.com

Dear Maintainer,

The Debian installer contains the following advise:

"A good password will contain a mixture of letters, numbers and punctuation
and should be changed at regular intervals."

I disagree with this statement, which has been passing around for decades
in many different environments, as a "universal truth" which only causes
headaches and ends up necessarily in .

The opposite is actually true:

- _Good_ passwords don't need to be changed that much.  When was the last
  time you changed your PGP key?  Probably never.

- Especially, if you use a different password for every different account,
  you don't need to change them at all, unless they have been stolen, or
  you suspect that might have happened.

- Adding punctuation to passwords only adds problems to yourself when you
  need to type it in a different keyboard, not to a computer that can
  brute force it.  To put some numbers:

  a) Different characters if you use only (uppercase and lowercase) letters
 and numbers:
   26 letters * 2 + 10 numbers = 62

  b) Now, assume you can use the symbols available in your keyboard.  My
 ANSI keyboard shows 32 different symbols other than the above.
   62 + 32 = 94

  Let's compare a 32-byte password using (b), to a 64-byte password
  using only (a):

62**64 = 5.16e+114 combinations

94**32 = 1.38e+63 combinations

You would only need 38 characters of an alphanumeric password
to have the same strength aprox (1.29e+68) than a braindamaged
symbol password of 32 characters.

  So, you're adding difficulty to typing your own password for no reason
  all when you could just add a few more bytes to your sane password.

  If you're using a password manager, it can surely remember 64 bytes of
  alphanumeric bytes.  I'm not sure if it will remember correctly some
  weird combination of characters.  So if youre using a password manager,
  the best advise would be to use $(makepasswd --chars 64) and forget it.

  I must confess I have passwords that would make xkcd guys laugh, and
  they are for the few sites that still have those weird requirements.
  And when I'm forced to update it, you can guess how I do it :)
  (I don't feel guilty; not my fault).

  And if you need a password that you should remember, like your BIOS
  password, or your login password, you can't use a password manager, so
  there's even more reason to use a memorable but long one, and forget
  about the symbols.  $(goxkcdpwgen) should work for you, and maybe you
  can use some options to it if you want a longer one.

  So my advise would be instead:

  "A good password will not need rare characters, but rather be as long
  as possible.  Having a memorable random password can help it be
  longer, and therefore stronger."

  Or something similar.

Sorry for the rant :-)

Thanks,

Alex


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-3-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#995981: rules-require-build-prerequisite gives bogus advice

2021-11-03 Thread Graham Inggs 
On Wed, 3 Nov 2021 at 19:06, Felix Lechner  wrote:
> > Control: affects -1 src:python-boto3
>
> Isn't that bug closed?

By "that bug", do you mean #998396?

codesearch.debian.net reveals even more affected packages:
https://codesearch.debian.net/search?q=path%3Adebian%2Fcontrol+python3%3Aany+%5C%7C=0

I do not intend to file bugs against them.  Only for the ones that will FTBFS.

Bug#998333: RFS: lebiniou/3.63.0-1 -- user-friendly, powerful music visualization / VJing tool

2021-11-03 Thread Olivier Girondel 

Hi Adam,

Is the script failing ? Exiting with non-0 status ?

Or is it just the diffs being displayed ?

We have a reproducibility issue involving some PRNGs but
have not found the reason yet.

Still, it's correctly encoding two videos, and even if there are diffs I 
think we can consider it shows it's functional.


Best regards,

--
Olivier

Bug#998333: RFS: lebiniou/3.63.0-1 -- user-friendly, powerful music visualization / VJing tool

2021-11-03 Thread Olivier Girondel 
Oh that's strange. In this case the test is successful (see video?.log 
hashes) but the .mp4 differ. So there's also a reproducibility issue 
with ffmpeg :/


I think I'll rewrite the test so that it compares the .ppm dumps of the 
images, and maybe drop encoding.


--
Olivier

Bug#998407: ITS: pystache

2021-11-03 Thread Bastian Germann 

Source: pystache
Version: 0.5.4-6

The pystache package is NMU-maintained. The last maintainer upload was 5 years 
ago.
This is an intent to salvage the package under the Python Team umbrella.

Bug#993009: RFP: cimfomfa -- tingea library for mcl

2021-11-03 Thread Joost van Baal-Ilić 
retitle 993009 ITP: cimfomfa -- tingea library for mcl and zoem
thanks


 * Package name: cimfomfa
   Upstream Author : Stijn van Dongen 
   URL : https://github.com/micans/cimfomfa
 * License : GPL-3+
   Programming Lang: C
   Description : C utility library libtingea for MCL and zoem

Long description:

cimfomfa is used by both MCL, a cluster algorithm for graphs, and zoem,
a macro/DSL language. It supplies abstractions for memory management, I/O,
associative arrays, strings, heaps, and a few other things.
The tingea library comes with some testing programs.

On Mon, Nov 01, 2021 at 08:01:16PM +0100, Joost van Baal-Ilić wrote:
> On Mon, Sep 06, 2021 at 02:05:33PM +0200, Joost van Baal-Ilić wrote:
> > On Thu, Aug 26, 2021 at 11:26:55AM +0200, Joost van Baal-Ilić wrote:
> > > Upstream published a git snapshot prerelease of cimfomfa, at
> > > http://micans.org/phloobaz/cimfomfa-21-101.tar.gz .  The upcoming mcl
> > > tarball will need cimfomfa to build, a git snapshot prerelease of
> > > upcoming mcl is available from
> > > http://micans.org/phloobaz/mcl-21-100.tar.gz .  (We ship the mcl
> > > package.)
> 
> BTW, the mcl code is maintained at public repository
> https://github.com/micans/mcl .

And btw, the zoem code is maintained at the not yet public repository
at https://github.com/micans/zoem/ .

> > > It would be cool if the Debian Med Packaging Team at
> > > https://salsa.debian.org/med-team could take up maintainership of this
> > > library.
> 
> 
> Or maybe zoem (debian-science), mcl (debian-med) and cimfomfa could all be
> maintained by https://salsa.debian.org/math-team .  Since these packages will
> now share dependencies, maybe that would work best.  Or would it be better to
> move zoem from debian-science to debian-med?  Andreas Tille, Shayan Doust: any
> opinions?

Bye,

Joost

Bug#997936: gedit FTBFS with meson 0.60.0: ERROR: Function does not take positional arguments.

2021-11-03 Thread Adrian Bunk 
Control: severity -1 important

On Wed, Oct 27, 2021 at 01:17:20PM +0100, Simon McVittie wrote:
> On Wed, 27 Oct 2021 at 14:47:06 +0300, Adrian Bunk wrote:
> > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/gedit.html
> > ../data/meson.build:6:0: ERROR: Function does not take positional arguments.
> 
> There are going to be a lot of FTBFSs like this, affecting most of GNOME.
> 
> If this is i18n.merge_file(), then Meson 0.60.1 is likely to make that
> into a deprecation warning instead of a fatal error:
> 
> 
> (We'll still need to fix these at some point, of course.)

Thanks for this information, I am lowering the severity of the bugs 
already filed.

> smcv

cu
Adrian

Bug#952396: Strange pydist warning about cysignals package not being found

2021-11-03 Thread Graham Inggs 
Hi Julien

> while building pplpy, I noticed the following warning:
>
> I: dh_python3 pydist:228: Cannot find package that provides cysignals.
> Please add package that provides it to Build-Depends or add "cysignals
> python3-cysignals" line to debian/py3dist-overrides or add proper
> dependency to Depends by hand and ignore this info.

Probably due to #998406.

Regards
Graham

Bug#998406: cysignals: b-d on python3-all-dev, but not built for all supported Python3 versions

2021-11-03 Thread Graham Inggs 
Source: cysignals
Version: 1.10.2+ds-7
Severity: important
Control: affects -1 src:fpylll src:pplpy
User: debian-pyt...@lists.debian.org
Usertags: python3.10 python3-all-dev

Hi Maintainer

This package build-depends on python3-all-dev, but does not build
extensions/libraries for all supported python3 versions.

We usually write:

Please either replace the b-d python3-all-dev with python3-dev,
or build for all supported Python3 versions.  With the former
solution yet get later exposure to a new python3 version, with
the latter solution you get early exposure.

In this case, however, not building for all supported Python3 versions
will cause fpylll and pplpy to FTBFS.

Regards
Graham

Bug#998405: python3-platformdirs: Fails to set a version in egg info - causes dependencies to fail to find the module

2021-11-03 Thread Neil Williams 
Package: python3-platformdirs
Version: 2.4.0-1
Severity: important

>From the Debian build log for platformdirs:
drwxr-xr-x root/root 0 2021-10-29 22:30 
./usr/lib/python3/dist-packages/platformdirs-0.0.0.egg-info/

In a package trying to use platformdirs, I've set:
Build-Depends:
 debhelper-compat (= 13),
 dh-python,
 python3-all:any,
 python3-setuptools,
 python3-platformdirs,

In a local build log using unstable (when preparing to run in-build tests):

Installed /<>/src
Processing dependencies for black==21.9b0
Searching for platformdirs>=2
Reading https://pypi.org/simple/platformdirs/
Downloading 
https://files.pythonhosted.org/packages/b1/78/dcfd84d3aabd46a9c77260fb47ea5d244806e4daef83aa6fe5d83adb182c/platformdirs-2.4.0-py3-none-any.whl#sha256=8868bbe3c3c80d42f20156f22e7131d2fb321f5bc86a2a345375c6481a67021d
Best match: platformdirs 2.4.0
Processing platformdirs-2.4.0-py3-none-any.whl
Installing platformdirs-2.4.0-py3-none-any.whl to 
/<>/testtmp/lib/python3.9/site-packages

Installed 
/<>/testtmp/lib/python3.9/site-packages/platformdirs-2.4.0-py3.9.egg
Searching for typing-extensions==3.10.0.2
Best match: typing-extensions 3.10.0.2

So instead of finding the python3-platformdirs which was already installed, 
setuptools downloaded
the wheel from pypi. (If that had not happened, the package would FTBFS because
of this bug.)

The PKG_INFO from the python3-platformdirs package is:
Metadata-Version: 2.1
Name: platformdirs
Version: 0.0.0
Summary: A small Python module for determining appropriate platform-specific 
dirs, e.g. a "user data dir".
Home-page: https://github.com/platformdirs/platformdirs

Bug#998108: Acknowledgement (firefox freezes shortly after start)

2021-11-03 Thread Jörg Frings-Fürst 
Hello,


the same here on both releases 93.0-1+b1 and 94.0-1.


CU
Jörg

-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:  https://jff.email/cgit/

Threema: SYR8SJXB
Wire: @joergfringsfuerst
Skype: joergpenguin
Ring: jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



signature.asc
Description: This is a digitally signed message part

Bug#998090: libvirt-daemon-system: Please defer starting libvirtd.socket until libvirtd.service dependencies can be met

2021-11-03 Thread Guido Günther 
Hi Ron,

Sorry for the broken boot. That's always annoying.

On Sat, Oct 30, 2021 at 05:39:45PM +1030, Ron wrote:
> Package: libvirt-daemon-system
> Version: 7.0.0-3
> Severity: important
> 
> Hi,
> 
> Systemd has a class of boot-time races which can result in deadlock,
> which I learned more than I ever wanted to know about when Buster to
> Bullseye upgrades started leaving me with machines that were off the
> network when they were rebooted ...  The reason for that is a bit of a
> tangle of otherwise unrelated packages, and there are many ways this
> *could* happen, but the root of it in my particular case was the libvirt
> package switching to use socket activation instead of letting the daemon
> create its own socket when it is ready to respond to requests on it.
> 
> The race occurs because the .socket unit creates the libvirt control
> socket very early in the boot, before even the network-pre target is
> reached, and so long before the libvirtd.service dependencies are
> satisfied and the daemon itself can be started to handle requests.
> 
> The deadlock in my case occurs when a udev rule for a device already
> attached at boot tries to assign that device to a VM.
> 
> Prior to Bullseye, what would occur is:
> 
>  The udev rule calls a small script on device hot/cold plug which
>  checks a config file, and if the device is allocated to a VM, then
>  calls virsh to attach it to that VM.

Is that a sync call to virsh from udev via RUN ? 

>  This 'immediately' either succeeds, fails because the desired VM
>  is not actually running (yet), or fails because libvirtd is not
>  running and virsh did not find its socket present.
> 
>  If either of the failure cases occur, the calling script fails
>  gracefully, and a QEMU hook will later handle attaching the device
>  if/when libvirtd and the desired VM is actually started.
> 
> But in Bullseye there's a three-way race, and if the zombie socket is
> created before the udev rule runs, then virsh connects to it, but hangs
> indefinitely waiting for libvirtd.service to be able to start and
> respond to the request.

So far sounds like expected behaviour for socket activation.

> The deadlock in this specific case then happens when ifupdown-pre (but
> it could be any of many other things) calls udevadm settle to give the
> initial network devices a chance to be fully set up and available before
> the networking.service brings them up.
> 
> Which in turn then hangs waiting for the (otherwise unrelated) udev rule
> above to complete, which won't happen until libvirtd is started, which
> won't happen until the udev rule returns (or udevadm settle times out)
> and network.target (among others) can be reached.
> 
> Everything stops for two minutes until the systemd "bug solver" of
> arbitrary timeouts starts killing things, and the machine finishes
> booting without any network devices.
> 
> 
> The latter can be avoided (in most cases at least) with a tweak to
> the networking.service dependencies (the bug I've reported here
> https://bugs.debian.org/998088 has more of the gory details of this
> problem from the perspective of ifupdown's entanglement in it).
> 
> But we can avoid this specific incarnation of it completely if the
> libvirtd.socket unit declared the same ordering dependencies as the
> libvirtd.service does, so that anything calling virsh, at any time,
> can reasonably expect an answer in finite time instead of blocking
> indefinitely to wait for a service (that systemd already knows
> does not even have the basic preconditions to make it eligible to
> start yet but ignores that to create the socket anyway).
> 
> Unless systemd gets smarter about this, there may always be a race
> with the possibility of circular deadlocks if creation of the
> socket and responding to requests for it are not atomic with the
> creation of the service using it - so it may actually be better to
> just go back to letting the daemon create and manage the socket
> itself (as its "activation" signal to users of that socket) - but
> we can at least narrow the window for losing it significantly if
> we defer creation of the socket until at least the point where
> systemd thinks it can attempt to start the daemon (though with
> no guarantee of success at that still ...)

it sounds like the problem comes about because:

- there's sync call for a (potentially) long runnig program invocation
  in a udev rule which udev recommends against in it's man page

  This can only be used for very short-running foreground tasks. Running an 
event process for a long period of time may block all further events for this 
or a dependent device.

  (virsh can take a long time even when libvirtd is up)

- ifupdown invokes udevadm settle which waits for the above and things
  go downhill.

I'm not into systemd's details of socket activation but from the above
I'm not yet convinced there's anything on the libvirt side to fix. The
best argument I would by is: worked before, don't regress on

Bug#995021: osmnx: autopkgtest regression on armhf: iteration over a 0-d array

2021-11-03 Thread Jerome BENOIT 

On Mon, 1 Nov 2021 20:49:58 +0100 Paul Gevers  wrote:
Hello Paul,



Is this run on all cores? Our armhf worker has 160 cores, so you may be
running into limits you didn't expect.


The upstream maintainer would like to know the number of cpus
from a Python shell.


import multiprocessing as mp; print(mp.cpu_count());


Can you get this information ?
In fact, I am curious to know it as well.

Cheers,
Jerome

--
Jerome BENOIT | calculus+at-rezozer^dot*net
https://qa.debian.org/developer.php?login=calcu...@rezozer.net
AE28 AE15 710D FF1D 87E5  A762 3F92 19A6 7F36 C68B



OpenPGP_signature
Description: OpenPGP digital signature

Bug#998404: pystache: New upstream

2021-11-03 Thread Bastian Germann 

Source: pystache
Control: tags -1 upstream
Control: forwarded -1 https://github.com/pypa/pypi-support/issues/1422
Severity: important

pystache is not maintained upstream. Please move it to the new upstream that is forming at 
https://github.com/PennyDreadfulMTG/pystache and will probably also override the PyPI version of 
pystache.

Bug#996998: libconfig-model-dpkg-perl: scan-copyrights fails for package rust-coreutils

2021-11-03 Thread Dominique Dumont 
On Wednesday, 3 November 2021 07:28:52 CET you wrote:
> I'm facing an issue where I'm unable to find a good and bad commit in
> one distribution.
> 
> *Bullseye:*
> Updated libconfig-model-dpkg-perl from 2.143 to 2.153 and the crash was
> still seen.
> *Bookworm:*
> Downgraded libconfig-model-dpkg-perl from 2.153 to 2.143 and it worked fine.
> 

The original error message is: "toml parse error at line 253: expected key-
value pair, table, or array of tables but got bool".

cme with dpkg uses Toml::Tiny.

The command "apt-cache policy libtoml-tiny-perl" shows that bullseye has 
version 0.11 and unstable has version 0.15.

Toml::Tiny change log shows that version 0.14 has a lot of bug fixes. 

I guess that the issue you've seen is fixed by Toml::Tiny 0.14

All the best

Bug#998108: Acknowledgement (firefox freezes shortly after start)

2021-11-03 Thread Jakob Haufe 
On Wed, 03 Nov 2021 18:44:12 +0100
Christoph Anton Mitterer  wrote:

> Oh and as a warning for everyone who wants to try out.
> 
> Stupid *zilla seems to no prevent downgrade of the profiles... so once
> upgraded you cannot downgrade without throwing away your old profile
> with all data in it. Wonderful...

I just deleted the LastVersion line from compatibility.ini in my
profile and had no problems so far. YMMV.

-- 
ceterum censeo microsoftem esse delendam.


pgp0zUBoMEBCG.pgp
Description: OpenPGP digital signature

Bug#998394: dgit push fails for native with .gitignore

2021-11-03 Thread Ian Jackson 
Osamu Aoki writes ("Bug#998394: dgit push fails for native with .gitignore"):
> RTFM ... I know ... excuse me.  This is not a bug.
> 
> I think best place is here in BTS as wontfix so no more people harassing you.

Haha.  OK :-).

Thanks,
Ian.

-- 
Ian JacksonThese opinions are my own.  

Pronouns: they/he.  If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

Bug#998108: Acknowledgement (firefox freezes shortly after start)

2021-11-03 Thread Christoph Anton Mitterer 
FF94 is still broken.

Bug#998403: debconf: "Use of uninitialized value ...." when used with debconf-apt-progress --config settings

2021-11-03 Thread Amy Fong 
Package: debconf
Version: 1.5.77
Severity: normal

Dear Maintainer,

Scenario (or steps to reproduce):
1. remove libreoffice-calc libreoffice-writer
2. eval `debconf-apt-progress --config  `
3.  debconf-apt-progress --logfile /tmp/apt-get.log -- apt-get -fumy install 
libreoffice libreoffice-calc 

Observed error: 
Unpacking libreoffice (1:7.0.4-4+deb11u1) ...
Setting up libreoffice-writer (1:7.0.4-4+deb11u1) ...
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 1.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 1.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 1.
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 2.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 2.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 2.
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 3.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 3.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 3.
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 4.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 4.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 4.
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 5.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 5.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 5.

Creating config file /etc/libreoffice/registry/writer.xcd with new version
Setting up libreoffice-calc (1:7.0.4-4+deb11u1) ...
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 1.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 1.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 1.
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 2.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 2.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 2.
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 3.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 3.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 3.
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 4.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 4.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 4.
Use of uninitialized value $template in exists at 
/usr/share/perl5/Debconf/Template.pm line 86,  chunk 5.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 5.
Use of uninitialized value $item in exists at 
/usr/share/perl5/Debconf/DbDriver/Cache.pm line 40,  chunk 5.

Observation: error observed in libreoffice packages utilizing ucf for 
maintaining configuration files.

-- System Information:
Debian Release: 11.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debconf depends on:
ii  perl-base  5.32.1-4

Versions of packages debconf recommends:
ii  apt-utils 2.2.4
ii  debconf-i18n  1.5.77

Versions of packages debconf suggests:
pn  debconf-doc
pn  debconf-kde-helper 
pn  debconf-utils  
ii  libgtk3-perl   0.038-1
pn  libnet-ldap-perl   
pn  libterm-readline-gnu-perl  
ii  perl   5.32.1-4
ii  whiptail   0.52.21-4+b3

-- debconf information:
  debconf-apt-progress/title:
  debconf-apt-progress/info:
  debconf/frontend: Dialog
  debconf-apt-progress/media-change:
  debconf/priority: high

Bug#998108: Acknowledgement (firefox freezes shortly after start)

2021-11-03 Thread Christoph Anton Mitterer 
Oh and as a warning for everyone who wants to try out.

Stupid *zilla seems to no prevent downgrade of the profiles... so once
upgraded you cannot downgrade without throwing away your old profile
with all data in it. Wonderful...

Bug#993443: RFS: rtimulib/7.2.1-6 [ITP] -- Versatile C++ and Python 9-dof, 10-dof and 11-dof IMU library (Python 3)

2021-11-03 Thread Bastian Germann 

Control: tags -1 moreinfo

Please fix the debian/copyright file. There are many files that have missing 
copyright info.
After you have handed in a new version untag moreinfo from this bug.

A quick grep lists:

Linux/RTIMULibDrive10/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
Linux/RTIMULibGL/QtGLLib/QtGLDiskComponent.h:Copyright (c) 2007-2009, Richard 
S. Wright Jr.
Linux/RTIMULibGL/QtGLLib/QtGLComponent.cpp:Copyright (c) 2007-2009, Richard S. 
Wright Jr.
Linux/RTIMULibGL/QtGLLib/QtGLCylinderComponent.h:Copyright (c) 2007-2009, 
Richard S. Wright Jr.
Linux/RTIMULibGL/QtGLLib/QtGLSphereComponent.h:Copyright (c) 2007-2009, Richard 
S. Wright Jr.
Linux/RTIMULibGL/QtGLLib/QtGLComponent.h:Copyright (c) 2007-2009, Richard S. 
Wright Jr.
Linux/RTIMULibGL/QtGLLib/QtGLSphereComponent.cpp:Copyright (c) 2007-2009, 
Richard S. Wright Jr.
Linux/RTIMULibGL/QtGLLib/QtGLDiskComponent.cpp:Copyright (c) 2007-2009, Richard 
S. Wright Jr.
Linux/RTIMULibGL/QtGLLib/QtGLCylinderComponent.cpp:Copyright (c) 2007-2009, 
Richard S. Wright Jr.
Linux/RTIMULibGL/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
Linux/RTIMULibDrive/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
Linux/RTIMULibCal/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
Linux/RTIMULibDemo/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
Linux/RTIMULibDrive11/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
Linux/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
Linux/RTIMULibDemoGL/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
Linux/python/PyRTIMU_RTHumidity.cpp://  Copyright (c) 2014, avishorp
Linux/python/PyRTIMU_RTPressure.cpp://  Copyright (c) 2014, avishorp
Linux/python/PyRTPressure.h://  Copyright (c) 2014, avishorp
Linux/python/PyRTIMU_RTIMU.cpp://  Copyright (c) 2014, avishorp
Linux/python/PyRTIMU.cpp://  Copyright (c) 2014, avishorp
Linux/python/setup.py:#//  Copyright (c) 2014, avishorp
Linux/python/PyRTHumidity.h://  Copyright (c) 2014, avishorp
Linux/python/PyRTIMU_Settings.cpp://  Copyright (c) 2014, avishorp
Linux/python/PyRTIMU.h://  Copyright (c) 2014, avishorp
RTEllipsoidFit/RTEllipsoidFit.m:% Copyright (C) 2013 Peter Bartz 
[http://ptrbrtz.net]
RTEllipsoidFit/RTEllipsoidFit.m:% Copyright (C) 2012 Quality & Usability Lab, Deutsche Telekom 
Laboratories, TU Berlin

RTEllipsoidFit/mag_cal.m:% Copyright (C) 2013 Peter Bartz [http://ptrbrtz.net]
RTEllipsoidFit/mag_cal.m:% Copyright (C) 2012 Quality & Usability Lab, Deutsche Telekom 
Laboratories, TU Berlin

RTIMULib/IMUDrivers/RTIMUBMX055.cpp:* Copyright (C) 2011 - 2014 Bosch Sensortec 
GmbH
RTIMULib/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
RTHost/RTHostIMU/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
RTHost/RTIMULibGL/QtGLLib/QtGLDiskComponent.h:Copyright (c) 2007-2009, Richard 
S. Wright Jr.
RTHost/RTIMULibGL/QtGLLib/QtGLComponent.cpp:Copyright (c) 2007-2009, Richard S. 
Wright Jr.
RTHost/RTIMULibGL/QtGLLib/QtGLCylinderComponent.h:Copyright (c) 2007-2009, 
Richard S. Wright Jr.
RTHost/RTIMULibGL/QtGLLib/QtGLSphereComponent.h:Copyright (c) 2007-2009, 
Richard S. Wright Jr.
RTHost/RTIMULibGL/QtGLLib/QtGLComponent.h:Copyright (c) 2007-2009, Richard S. 
Wright Jr.
RTHost/RTIMULibGL/QtGLLib/QtGLSphereComponent.cpp:Copyright (c) 2007-2009, 
Richard S. Wright Jr.
RTHost/RTIMULibGL/QtGLLib/QtGLDiskComponent.cpp:Copyright (c) 2007-2009, 
Richard S. Wright Jr.
RTHost/RTIMULibGL/QtGLLib/QtGLCylinderComponent.cpp:Copyright (c) 2007-2009, 
Richard S. Wright Jr.
RTHost/RTIMULibGL/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
RTHost/RTHostIMUGL/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
RTHost/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
RTHost/RTSerialPort/LICENSE:Copyright (c) 2000-2003 Wayne Roth
RTHost/RTSerialPort/LICENSE:Copyright (c) 2004-2007 Stefan Sander
RTHost/RTSerialPort/LICENSE:Copyright (c) 2007 Michal Policht
RTHost/RTSerialPort/LICENSE:Copyright (c) 2008 Brandon Fosdick
RTHost/RTSerialPort/LICENSE:Copyright (c) 2009-2010 Liam Staskawicz
RTHost/RTSerialPort/LICENSE:Copyright (c) 2011 Debao Zhang
RTHost/RTSerialPort/CMakeLists.txt:# Copyright 2014 Ettus Research LLC
RTHost/RTSerialPort/src/qextserialenumerator_unix.cpp:** Copyright (c) 
2000-2003 Wayne Roth
RTHost/RTSerialPort/src/qextserialenumerator_unix.cpp:** Copyright (c) 
2004-2007 Stefan Sander
RTHost/RTSerialPort/src/qextserialenumerator_unix.cpp:** Copyright (c) 2007 
Michal Policht
RTHost/RTSerialPort/src/qextserialenumerator_unix.cpp:** Copyright (c) 2008 
Brandon Fosdick
RTHost/RTSerialPort/src/qextserialenumerator_unix.cpp:** Copyright (c) 
2009-2010 Liam Staskawicz
RTHost/RTSerialPort/src/qextserialenumerator_unix.cpp:** Copyright (c) 2011 
Debao Zhang
RTHost/RTSerialPort/src/qextserialenumerator.h:** Copyright (c) 2000-2003 Wayne 
Roth
RTHost/RTSerialPort/src/qextserialenumerator.h:** Copyright (c) 2004-2007 
Stefan Sander
RTHost/RTSerialPort/src/qextserialenumerator.h:** Copyright (c) 2007 Michal 
Policht

Bug#998402: Error launching onionshare-gui

2021-11-03 Thread Angel Abad 
Package: onionshare
Version: 2.2-3
Severity: important
File: /usr/bin/onionshare-gui

Dear Maintainer,

When I try to launch onionshare it doesnt launch, so when we try to launch it
from bash console, I get this error, and the program fails:

$ onionshare-gui
OnionShare 2.2 | https://onionshare.org/
Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use
QT_QPA_PLATFORM=wayland to run on Wayland anyway.
QSocketNotifier: Can only be used with threads started with QThread
QObject::connect: No such signal
QPlatformNativeInterface::systemTrayWindowChanged(QScreen*)
Traceback (most recent call last):
  File "/usr/bin/onionshare-gui", line 22, in 
onionshare_gui.main()
  File "/usr/lib/python3/dist-packages/onionshare_gui/__init__.py", line 142,
in main
gui = OnionShareGui(common, onion, qtapp, app, filenames, config,
local_only)
  File "/usr/lib/python3/dist-packages/onionshare_gui/onionshare_gui.py", line
172, in __init__
self.share_mode.init()
  File "/usr/lib/python3/dist-
packages/onionshare_gui/mode/share_mode/__init__.py", line 48, in init
self.web = Web(self.common, True, "share")
  File "/usr/lib/python3/dist-packages/onionshare/web/web.py", line 77, in
__init__
self.generate_static_url_path()
  File "/usr/lib/python3/dist-packages/onionshare/web/web.py", line 166, in
generate_static_url_path
self.app.add_url_rule(
  File "/usr/lib/python3/dist-packages/flask/scaffold.py", line 56, in
wrapper_func
return f(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/flask/app.py", line 1092, in
add_url_rule
raise AssertionError(
AssertionError: View function mapping is overwriting an existing endpoint
function: static

Thanks in advance!


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.14.0-3-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages onionshare depends on:
ii  obfs4proxy  0.0.8-1+b6
ii  python3 3.9.7-1
ii  python3-flask   2.0.1-2
ii  python3-flask-httpauth  3.2.4-3.1
ii  python3-pycryptodome3.9.7+dfsg1-1+b2
ii  python3-pyqt5   5.15.6+dfsg-1
ii  python3-socks   1.7.1+dfsg-1
ii  python3-stem1.8.0-3
ii  tor 0.4.6.8-1

onionshare recommends no packages.

onionshare suggests no packages.

-- no debconf information

Bug#984209: libsynthesis: diff for NMU version 3.4.0.47.5+syncevolution-1.5.3-1.1

2021-11-03 Thread Jonas Smedegaard 
Control: tags 984209 + patch
Control: tags 984209 + pending

Dear maintainer,

I've released an NMU for libsynthesis (versioned as 
3.4.0.47.5+syncevolution-1.5.3-1.1)
fixing the release-cricical bug#984209.

Regards,

 - Jonas

diff -Nru libsynthesis-3.4.0.47.5+syncevolution-1.5.3/debian/changelog 
libsynthesis-3.4.0.47.5+syncevolution-1.5.3/debian/changelog
--- libsynthesis-3.4.0.47.5+syncevolution-1.5.3/debian/changelog
2018-01-27 22:27:13.0 +0100
+++ libsynthesis-3.4.0.47.5+syncevolution-1.5.3/debian/changelog
2021-11-03 18:31:38.0 +0100
@@ -1,3 +1,11 @@
+libsynthesis (3.4.0.47.5+syncevolution-1.5.3-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * work around FTPFS with g++ 11 by setting CXXFLAG -std=c++14;
+closes: bug#984209, thanks to Matthias Klose
+
+ -- Jonas Smedegaard   Wed, 03 Nov 2021 18:31:38 +0100
+
 libsynthesis (3.4.0.47.5+syncevolution-1.5.3-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru libsynthesis-3.4.0.47.5+syncevolution-1.5.3/debian/rules 
libsynthesis-3.4.0.47.5+syncevolution-1.5.3/debian/rules
--- libsynthesis-3.4.0.47.5+syncevolution-1.5.3/debian/rules2018-01-27 
22:27:13.0 +0100
+++ libsynthesis-3.4.0.47.5+syncevolution-1.5.3/debian/rules2021-11-03 
18:31:03.0 +0100
@@ -6,6 +6,9 @@
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
+# TODO: patch code to support C0017 (see bug#984209)
+export DEB_CXXFLAGS_MAINT_APPEND = -std=c++14
+
 %:
dh $@ --without autoreconf

Bug#984234: mediastreamer2: ftbfs with GCC-11

2021-11-03 Thread Bastian Germann 

I am uploading a NMU with the debdiff that is enclosed.diff -Nru mediastreamer2-4.4.21/debian/changelog 
mediastreamer2-4.4.21/debian/changelog
--- mediastreamer2-4.4.21/debian/changelog  2020-12-31 18:22:27.0 
+0100
+++ mediastreamer2-4.4.21/debian/changelog  2021-11-03 18:24:13.0 
+0100
@@ -1,3 +1,10 @@
+mediastreamer2 (1:4.4.21-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS by building without -Werror (Closes: #984234)
+
+ -- Bastian Germann   Wed, 03 Nov 2021 18:24:13 +0100
+
 mediastreamer2 (1:4.4.21-3) unstable; urgency=medium
 
   * Amend pkgconfig patch with patching the resulting .pc file.
diff -Nru mediastreamer2-4.4.21/debian/rules mediastreamer2-4.4.21/debian/rules
--- mediastreamer2-4.4.21/debian/rules  2020-12-31 18:22:27.0 +0100
+++ mediastreamer2-4.4.21/debian/rules  2021-11-03 18:24:04.0 +0100
@@ -13,7 +13,7 @@
 # Upstream unconditionally sets CMAKE_INSTALL_RPATH. Make it ineffective by
 # setting CMAKE_SKIP_RPATH
 override_dh_auto_configure:
-   dh_auto_configure -O--buildsystem=cmake -- -DCMAKE_SKIP_RPATH=ON 
-DENABLE_UNIT_TESTS=no -DENABLE_STATIC=NO
+   dh_auto_configure -O--buildsystem=cmake -- -DCMAKE_SKIP_RPATH=ON 
-DENABLE_UNIT_TESTS=no -DENABLE_STATIC=NO -DENABLE_STRICT=NO
 
 override_dh_auto_clean:
dh_auto_clean -O--buildsystem=cmake

Bug#998310: mpd: fails to start with "Assertion `sockets.empty()' failed."

2021-11-03 Thread Max Kellermann 
On 2021/11/03 18:00, Benjamin Francois  wrote:
> Confirmed, I commented out the pid_file line in /etc/mpd.conf and mpd now 
> starts properly. Thanks Sir!

Okay, this is now fixed upstream:

 
https://github.com/MusicPlayerDaemon/MPD/commit/14b3c0f0afe691739cdfc71d71adf740114d5a98

This problem affected only debug builds; this was a false-positive
assertion failure, and my fix just works around this by reordering the
destructor calls.

I was surprised to learn that all Debian packages appear to have
debugging enabled, which adds a lot of unnecessary overhead.

Bug#998333: RFS: lebiniou/3.63.0-1 -- user-friendly, powerful music visualization / VJing tool

2021-11-03 Thread Adam Borowski 
On Tue, Nov 02, 2021 at 04:43:00PM +0100, Olivier Girondel wrote:
>   * Package name: lebiniou
> Version : 3.63.0-1

> Changes since the last upload:
> 
>   * New upstream release 3.63.0.

Hi!
I'm afraid it fails the autopkgtest, with either testing or unstable -data:

[i] Encoding video #1... mp4.c:open_mp4 cmd= 'ffmpeg -y -loglevel quiet 
-bitexact -framerate 25 -vcodec ppm -f image2pipe -i pipe: -i 
"/usr/share/lebiniou/test/EP-Le_cri_des_anges-Intro_4-8bits.flac" -c:a 
libmp3lame -b:a 128k -vcodec libx264 -crf 23 -pix_fmt yuv420p 
"/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/video1.mp4"'
done.
[i] Encoding video #2... mp4.c:open_mp4 cmd= 'ffmpeg -y -loglevel quiet 
-bitexact -framerate 25 -vcodec ppm -f image2pipe -i pipe: -i 
"/usr/share/lebiniou/test/EP-Le_cri_des_anges-Intro_4-8bits.flac" -c:a 
libmp3lame -b:a 128k -vcodec libx264 -crf 23 -pix_fmt yuv420p 
"/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/video2.mp4"'
done.
[i] Generated videos and logs:
-rw-r--r-- 1 kilobyte kilobyte 22K Nov  3 13:35 
/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/video1.log
-rw-r--r-- 1 kilobyte kilobyte 27M Nov  3 13:35 
/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/video1.mp4
-rw-r--r-- 1 kilobyte kilobyte 22K Nov  3 13:35 
/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/video2.log
-rw-r--r-- 1 kilobyte kilobyte 27M Nov  3 13:35 
/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/video2.mp4
[i] Comparing logs:
* video1.log: 
fbe028a43f79165204887b356af6f260a12b46455bb24816acb1ddc07bcc5baf  
/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/video1.log
* video2.log: 
fbe028a43f79165204887b356af6f260a12b46455bb24816acb1ddc07bcc5baf  
/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/video2.log
[+] Success.
[i] Extracting per-packet SHA256 hashes:
* video1.mp4... done.
* video2.mp4... done.
[i] Generated hashes:
-rw-r--r-- 1 kilobyte kilobyte 380K Nov  3 13:35 
/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/out1.sha256
-rw-r--r-- 1 kilobyte kilobyte 380K Nov  3 13:35 
/tmp/autopkgtest.HygfJ0/autopkgtest_tmp/out2.sha256
[i] Comparing per-packet hashes:
3222,3304c3222,3304
< 0,   3211,   3211,1,   115200, 
9fc7a204d5386ee7f8a61faadd7b796365ab6562c49b4b88276d3356851a5050


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian is one big family.  Including that weird uncle
⢿⡄⠘⠷⠚⠋⠀ and ultra-religious in-laws.
⠈⠳⣄

Bug#996894: colordiff: Error messages interrupt output

2021-11-03 Thread Dave Ewart 
Just spotted this report, message was spam-trapped. Can you provide an
example where it fails in the manner you indicate?

I don’t understand how you’d get diff output if one of the arguments were
missing, say.

Dave

-- 
Dave Ewart, da...@sungate.co.uk

Bug#998400: debian-handbook: 4.2.9: password generator suggestion

2021-11-03 Thread Alejandro Colomar 
Package: debian-handbook
Version: 10.20200619
Severity: normal
Tags: upstream
X-Debbugs-Cc: alx.manpa...@gmail.com

Dear Maintainer,

In Chapter 4, Installation, page 60, there's a note suggesting the use
of password generators, and it suggests pwgen (as an example).

IMO, much better suggestions would be:

- makepasswd(1):
This one is much safer.  In fact there is a bug report where
pwgen(1) is suggested to be replaced by a wrapper script around
makepasswd(1).  It can also generate arbitrarily large passwords
very easily (I for example like 64-byte passwords, so I use
`makepasswd --chars 64`).  This one is great for passwords to be
stored in password managers.

- goxkcdpwgen(1):
This one is great for boot passwords (and also for the password of
the pasword manager itself), since you need to remember it.

Thanks,

Alex



-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-3-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

Bug#998394: dgit push fails for native with .gitignore

2021-11-03 Thread Osamu Aoki 
Control: tags -1 wontfix

On Wed, 2021-11-03 at 16:55 +, Ian Jackson wrote:
> Hi.
> 
> Osamu Aoki writes ("Bug#998394: dgit push fails for native with .gitignore"):
> > Package: dgit
> > Version: 9.14
> > Severity: normal
> > 
> > native source package drops .gitignore when making tar.
> > 
> > If I try to make "dgit push" on such package after building binary
> > packages with sbuild, dgit fails because tar is missing .gitignore .
> 
> I infer that you built the source package directly, without using dgit
> - ie, using raw sbuild without any options to control -i -I.  That the
> .gitignore is missing from the source package is a bug in dpkg-source,
> #908747.
> 
> The workaround is to use dgit to build your source package.  dgit
> knows what options to pass to dpkg-source to override the bad default.

Yes.

RTFM ... I know ... excuse me.  This is not a bug.

I think best place is here in BTS as wontfix so no more people harassing you.

Bug#977984: cron.d and cron.daily jobs may run in parallel and conflict

2021-11-03 Thread Bill Allombert 
On Wed, Dec 23, 2020 at 09:36:49PM +0100, Ben Hutchings wrote:
> Package: popularity-contest
> Version: 1.70
> Severity: important
> 
> From time to time I've been seeing cron failure mails relating to
> popularity-contest on my laptop.  I have seen this with both Vixie
> cron and systemd-cron.
> 
> Today I opened my laptop at around 17:53, and systemd-cron started
> running cron jobs that were scheduled to run during the time it was
> suspended.  That included both cron.d and cron.daily jobs for
> popularity-contest:
> 
> This seems to be likely to happen on any system that remains suspended
> across the times of both cron jobs.  Some kind of serialisation is
> required, so that only one job at a time will manipulate the log
> files.

Hello Ben, I am going to upload a new popcon version that should fix this bug.
If it does not, please reopen!

Cheers,
Bill.

Bug#908747: dpkg-source: Default -I and -i option should not exclude .ignore

2021-11-03 Thread Osamu Aoki 
I agree with Ian.

If package maintainer wants to have a few extra ignore rules locally, why not 
use 
> .git/info/exclude
file.

I think its high time to fix this.

Osamu

Bug#995981: rules-require-build-prerequisite gives bogus advice

2021-11-03 Thread Felix Lechner 
Hi Graham,

On Wed, Nov 3, 2021 at 9:48 AM Graham Inggs  wrote:
>
> Control: affects -1 src:python-boto3

Isn't that bug closed?

Kind regards
Felix Lechner

Bug#995392: ghostscript: ps2pdf trashes some characters

2021-11-03 Thread Jonas Smedegaard 
Quoting Vincent Lefevre (2021-11-03 14:29:26)
> This Debian bug actually covers several similar Ghostscript bugs.

Please track each bug separately.  Otherwise it is not possible to 
reliably track which bug affects which packaging releases.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#998399: cron: Use mktemp instead of tempfile

2021-11-03 Thread Ville Skyttä 
Package: cron
Version: 3.0pl1-136ubuntu1
Severity: minor

Dear Maintainer,

tempfile(1) has been removed from debianutils >= 5.0. The attached
patch changes to using the more portable mktemp(1) instead.
>From fbb78b2e96817efbb7201606ae475d1c1f4fd46f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ville=20Skytt=C3=A4?= 
Date: Wed, 3 Nov 2021 19:00:20 +0200
Subject: [PATCH] Use mktemp instead of tempfile

tempfile(1) has been removed from debianutils >= 5.0. Use the more
portable mktemp(1) instead.
---
 debian/examples/cron-tasks-review.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/examples/cron-tasks-review.sh 
b/debian/examples/cron-tasks-review.sh
index 5e8e112..f212b18 100644
--- a/debian/examples/cron-tasks-review.sh
+++ b/debian/examples/cron-tasks-review.sh
@@ -162,7 +162,7 @@ echo $EXTRA_OPTS | grep -q -- '-l' && use_lsb="yes"
 run_opts=""
 [ "$use_lsb" = "yes" ] &&  run_opts="--lsbsysinit"
 
-temp=`tempfile` || { echo "ERROR: Cannot create temporary file" >&2 ; exit 1; }
+temp=`mktemp` || { echo "ERROR: Cannot create temporary file" >&2 ; exit 1; }
 trap "rm -f $temp" 0 1 2 3 13 15
 
 # Now review the scripts, note that cron does not use run-parts to run these
-- 
2.25.1

Bug#998310: mpd: fails to start with "Assertion `sockets.empty()' failed."

2021-11-03 Thread Benjamin Francois 
Confirmed, I commented out the pid_file line in /etc/mpd.conf and mpd now 
starts properly. Thanks Sir!

On Nov 3 2021, at 9:42 am, Max Kellermann  wrote:
> On 2021/11/03 17:36, Max Kellermann  wrote:
> > You configured a pid_file which MPD was unable to write; maybe because
> > it failed file permissions, or maybe because the containing directory
> > does not exist.
>
> btw. if you use systemd, there's no point in configuring a pid_file.
> PID files are an obsolete concept which MPD supports only for legacy
> reasons.
>

Bug#995980: FTBFS: very wrong python dependency

2021-11-03 Thread Graham Inggs 
Control: severity -1 important
Control: tags -1 + ftbfs
Control: clone -1 -2
Control: retitle -2 FTBFS: very wrong python dependency
Control: tags -2 = ftbfs
Control: clone -2 -3 -4 -5
Control: reassign -2 src:google-auth-httplib2 0.1.0-1
Control: reassign -3 src:python-boto3 1.18.53+dfsg-1
Control: reassign -4 src:python-botocore 1.21.53+repack-1
Control: reassign -5 src:python-imgviz 1.4.0+ds-1

This causes affected packages to FTBFS once python3.10 is added as a
supported version.

Bug#908747: dpkg-source: Default -I and -i option should not exclude .ignore

2021-11-03 Thread Ian Jackson 
ping?

Once again I have a user who tripped over this bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998394

-- 
Ian JacksonThese opinions are my own.  

Pronouns: they/he.  If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

Bug#998394: dgit push fails for native with .gitignore

2021-11-03 Thread Ian Jackson 
Hi.

Osamu Aoki writes ("Bug#998394: dgit push fails for native with .gitignore"):
> Package: dgit
> Version: 9.14
> Severity: normal
> 
> native source package drops .gitignore when making tar.
> 
> If I try to make "dgit push" on such package after building binary
> packages with sbuild, dgit fails because tar is missing .gitignore .

I infer that you built the source package directly, without using dgit
- ie, using raw sbuild without any options to control -i -I.  That the
.gitignore is missing from the source package is a bug in dpkg-source,
#908747.

The workaround is to use dgit to build your source package.  dgit
knows what options to pass to dpkg-source to override the bad default.

When you use dgit push-source this is all done in one go, so you don't
notice that the source package is being built with those special
options.  When one builds binaries, one indeed normally uses something
like sbuild.  The solution in this case is to use "dgit sbuild" rather
than "sbuild".  dgit knows what options to pass to sbuild.  And you
can more or less use "dgit sbuild" like "sbuild".

I appreciate that this is suboptimal - yet another layer of build
wrapper, with extra complexity and confusion - but it is necessary
that the upload tarball is created *with* the .gitignore (so that the
dgit git branch and the uploaded .dsc are identical).  Until #908747
is fixed this is the only way to achieve it.

I think this is documented in the manuals where appropriate.  But
evidently you didn't see it.  So maybe we need to add a note
somewhere.  So can you tell me where in the documentation you looked ?

Thanks,
Ian.

Bug#995981: rules-require-build-prerequisite gives bogus advice

2021-11-03 Thread Graham Inggs 
Control: affects -1 src:google-auth-httplib2
Control: affects -1 src:python-boto3
Control: affects -1 src:python-botocore
Control: affects -1 src:python-imgviz

Bug#998310: mpd: fails to start with "Assertion `sockets.empty()' failed."

2021-11-03 Thread Max Kellermann 
On 2021/11/03 17:36, Max Kellermann  wrote:
> You configured a pid_file which MPD was unable to write; maybe because
> it failed file permissions, or maybe because the containing directory
> does not exist.

btw. if you use systemd, there's no point in configuring a pid_file.
PID files are an obsolete concept which MPD supports only for legacy
reasons.

Bug#998310: mpd: fails to start with "Assertion `sockets.empty()' failed."

2021-11-03 Thread Max Kellermann 
On 2021/11/03 17:23, Benjamin Francois  wrote:
> Catchpoint 1 (exception thrown), 0x736a5322 in __cxa_throw () from 
> /lib/x86_64-linux-gnu/libstdc++.so.6
> (gdb) bt
> #0 0x736a5322 in __cxa_throw () at 
> /lib/x86_64-linux-gnu/libstdc++.so.6
> #1 0x5558ba6e in PidFile::PidFile(AllocatedPath const&) 
> (path=, this=) at ../src/unix/PidFile.hxx:46
> #2 daemonize_commit() () at ../src/unix/Daemon.cxx:212

You configured a pid_file which MPD was unable to write; maybe because
it failed file permissions, or maybe because the containing directory
does not exist.

This is a configuration error which triggers the crash bug.  If this
crash bug wouldn't exist, MPD still wouldn't be able to start due to
that misconfiguration, but at least it would log a helpful error
message.

Bug#997089: libreoffice: FTBFS: segfault in '/<>/instdir/sdk/examples/java/Inspector'

2021-11-03 Thread Rene Engelhard 
severity 997089 minor

thanks


Am 03.11.21 um 17:27 schrieb Lucas Nussbaum:
> On 03/11/21 at 17:13 +0100, Rene Engelhard wrote:
>> Hi,
>>
>> Am 03.11.21 um 08:05 schrieb Lucas Nussbaum:
>>> If it's truly a random failure, it might be better to downgrade it but
>>> keep it open,
>> I don't really like this. I don't like open bugs which definitely will
>> never get attention.
>>>  so that another bug does not get opened in future
>>> rebuilds.
>> Sure? A minor bug will be looked at when looking at rebuilds? Important
>> and even normal is too much here even.
> At least by me, yes, since I look at bugs based on string matches in the
> bug titles (ftbfs, build, etc.)

Let's do that then.


Regards,


Rene

Bug#996726: libkdecorations2-5v5 freeze KDE on login, general protection fault

2021-11-03 Thread Patrick Franz 
Hi Remco,

there are easier ways to determine that. For example you can run:

apt install $( dpkg -l | grep 5.21.5 | awk '/^ii/ {print $2}' ) 

This command will try to update every installed package in version 
5.21.5 (not totally bulletproof I admit).
If a package cannot be updated, e.g. because no newer version is 
available, then this will be printed explicitly. So when you run this 
command and it says that certain packages are already in the newest 
version, then you know that the update is not complete. 
It can happen though that it finds a package that does not belong to 
Plasma, but this can be checked easily and happens only rarely.

Try to run the command with 5.23.0 and it should list a lot of packages 
that are already in its newest version.


-- 
Med vänliga hälsningar

Patrick Franz

Bug#997089: libreoffice: FTBFS: segfault in '/<>/instdir/sdk/examples/java/Inspector'

2021-11-03 Thread Lucas Nussbaum 
On 03/11/21 at 17:13 +0100, Rene Engelhard wrote:
> Hi,
> 
> Am 03.11.21 um 08:05 schrieb Lucas Nussbaum:
> > If it's truly a random failure, it might be better to downgrade it but
> > keep it open,
> I don't really like this. I don't like open bugs which definitely will
> never get attention.
> >  so that another bug does not get opened in future
> > rebuilds.
> 
> Sure? A minor bug will be looked at when looking at rebuilds? Important
> and even normal is too much here even.

At least by me, yes, since I look at bugs based on string matches in the
bug titles (ftbfs, build, etc.)

Lucas

Bug#998394: dgit push fails for native with .gitignore

2021-11-03 Thread Osamu Aoki 
Package: dgit
Version: 9.14
Severity: normal

native source package drops .gitignore when making tar.

If I try to make "dgit push" on such package after building binary
packages with sbuild, dgit fails because tar is missing .gitignore .

I needed to upload binary package since a new additional binary package
was introduced to debian-reference.  Then I realize this problem.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-2-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dgit depends on:
ii  apt2.3.11
ii  ca-certificates20210119
ii  coreutils  8.32-4+b1
ii  curl   7.74.0-1.3+b1
ii  devscripts 2.21.4
ii  dpkg-dev   1.20.9
ii  dput   1.1.0
ii  git [git-core] 1:2.33.0-1
ii  git-buildpackage   0.9.22
ii  libdpkg-perl   1.20.9
ii  libjson-perl   4.03000-1
ii  liblist-moreutils-perl 0.430-2
ii  liblocale-gettext-perl 1.07-4+b1
ii  libtext-csv-perl   2.01-1
ii  libtext-glob-perl  0.11-2
ii  libtext-iconv-perl 1.7-7+b1
ii  libwww-curl-perl   4.17-7+b1
ii  perl [libdigest-sha-perl]  5.32.1-6

Versions of packages dgit recommends:
ii  distro-info-data 0.52
ii  liburi-perl  5.10-1
ii  openssh-client [ssh-client]  1:8.4p1-6

Versions of packages dgit suggests:
ii  sbuild  0.81.2

-- no debconf information

Bug#998310: mpd: fails to start with "Assertion `sockets.empty()' failed."

2021-11-03 Thread Benjamin Francois 
On Wed%2C 3 Nov 2021 07%3A08%3A23 %2B0100 Max Kellermann wrote%3A
> Thanks%2C that was almost helpful - but you did not install mpd-dbgsym%2C

Whoops :'D let's try one more time then.
❯ sudo gdb --args mpd --stderr --no-daemon --verbose
GNU gdb (Debian 10.1-2) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from mpd...
Reading symbols from 
/usr/lib/debug/.build-id/26/be37e73d656eddadb9ab98d3becf1abd7d1696.debug...
(gdb) catch throw
Catchpoint 1 (throw)
(gdb) run
Starting program: /usr/bin/mpd --stderr --no-daemon --verbose
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
config_file: loading file /etc/mpd.conf
path: SetFSCharset: fs charset is
libsamplerate: libsamplerate converter 'Fastest Sinc Interpolator'
vorbis: Xiph.Org libVorbis 1.3.7
opus: libopus 1.3.1
sndfile: libsndfile-1.0.31
adplug: adplug 2.3.3
simple_db: reading DB

Catchpoint 1 (exception thrown), 0x736a5322 in __cxa_throw () from 
/lib/x86_64-linux-gnu/libstdc++.so.6
(gdb) bt
#0 0x736a5322 in __cxa_throw () at /lib/x86_64-linux-gnu/libstdc++.so.6
#1 0x5559e71f in db_load_internal(TextFile&, Directory&) 
(file=, music_root=) at 
../src/db/plugins/simple/DatabaseSave.cxx:112
#2 0x5565fa6c in SimpleDatabase::Load() (this=0x5578a040) at 
../src/db/plugins/simple/SimpleDatabasePlugin.cxx:158
#3 0x55660721 in SimpleDatabase::Open() (this=0x5578a040) at 
../src/db/plugins/simple/SimpleDatabasePlugin.cxx:178
#4 0x555a4aed in glue_db_init_and_load (config=..., instance=...) at 
../src/Main.cxx:221
#5 InitDatabaseAndStorage (config=..., instance=...) at ../src/Main.cxx:244
#6 MainConfigured(options const&, ConfigData const&) (options=, 
raw_config=...) at ../src/Main.cxx:444
#7 0x555a4d4d in MainOrThrow(int, char**) (argc=, 
argv=) at ../src/Main.cxx:650
#8 0x555a302a in mpd_main(int, char**) (argv=, 
argc=) at ../src/Main.cxx:656
#9 main(int, char**) (argc=, argv=) at 
../src/Main.cxx:668
(gdb) cont
Continuing.
exception: Tag list mismatch, discarding database file
curl: version 7.74.0
curl: with GnuTLS/3.7.2

Catchpoint 1 (exception thrown), 0x736a5322 in __cxa_throw () from 
/lib/x86_64-linux-gnu/libstdc++.so.6
(gdb) bt
#0 0x736a5322 in __cxa_throw () at /lib/x86_64-linux-gnu/libstdc++.so.6
#1 0x5558ba6e in PidFile::PidFile(AllocatedPath const&) 
(path=, this=) at ../src/unix/PidFile.hxx:46
#2 daemonize_commit() () at ../src/unix/Daemon.cxx:212
#3 0x555a44ed in MainConfigured(options const&, ConfigData const&) 
(options=, raw_config=...) at ../src/Main.cxx:468
#4 0x555a4d4d in MainOrThrow(int, char**) (argc=, 
argv=) at ../src/Main.cxx:650
#5 0x555a302a in mpd_main(int, char**) (argv=, 
argc=) at ../src/Main.cxx:656
#6 main(int, char**) (argc=, argv=) at 
../src/Main.cxx:668
(gdb) cont
Continuing.
mpd: ../src/event/Loop.cxx:60: EventLoop::~EventLoop(): Assertion 
`sockets.empty()' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
49 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1 0x732db536 in __GI_abort () at abort.c:79
#2 0x732db41f in __assert_fail_base
(fmt=0x734426b0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
assertion=0x5569afa2 "sockets.empty()", file=0x5569af5c 
"../src/event/Loop.cxx", line=60, function=) at assert.c:92
#3 0x732ea7f2 in __GI___assert_fail
(assertion=0x5569afa2 "sockets.empty()", file=0x5569af5c 
"../src/event/Loop.cxx", line=60, function=0x5569af44 
"EventLoop::~EventLoop()")
at assert.c:101
#4 0x555e5458 in EventLoop::~EventLoop() 
(this=this@entry=0x7fffcbc8, __in_chrg=) at 
../src/event/Loop.cxx:60
#5 0x555b7c56 in EventThread::~EventThread() (this=0x7fffcbc8, 
__in_chrg=) at ../src/event/Thread.hxx:43
#6 Instance::~Instance() (this=this@entry=0x7fffc310, __in_chrg=) at ../src/Instance.cxx:75
#7 0x555867a1 in MainConfigured(options const&, ConfigData const&) 
(options=, raw_config=) at ../src/Main.cxx:578
#8 0x555a4d4d in MainOrThrow(int, char**) (argc=, 
argv=) at ../src/Main.cxx:650
#9

Bug#997089: libreoffice: FTBFS: segfault in '/<>/instdir/sdk/examples/java/Inspector'

2021-11-03 Thread Rene Engelhard 
Hi,

Am 03.11.21 um 08:05 schrieb Lucas Nussbaum:
> If it's truly a random failure, it might be better to downgrade it but
> keep it open,
I don't really like this. I don't like open bugs which definitely will
never get attention.
>  so that another bug does not get opened in future
> rebuilds.

Sure? A minor bug will be looked at when looking at rebuilds? Important
and even normal is too much here even.


Regards,


Rene

  1   2   >