Bug#1012033: bullseye-pu: package gnutls28/3.7.1-5+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Dmitry Baryshkov , gnutl...@packages.debian.org Hello, as requested in #1011246 I would like fix miscalculation of SHA384 in the SSA accelarated implementation. It is a one-line change and was part of the 3.7.3 release. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' diff -Nru gnutls28-3.7.1/debian/changelog gnutls28-3.7.1/debian/changelog --- gnutls28-3.7.1/debian/changelog 2021-05-29 12:14:30.0 +0200 +++ gnutls28-3.7.1/debian/changelog 2022-05-22 13:04:01.0 +0200 @@ -1,3 +1,10 @@ +gnutls28 (3.7.1-5+deb11u1) bullseye; urgency=medium + + * 56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch: Backport SSSE3 SHA384 +miscalculation fix from 3.7.3. Closes: #1011246 + + -- Andreas Metzler Sun, 22 May 2022 13:04:01 +0200 + gnutls28 (3.7.1-5) unstable; urgency=medium * Another fix from 3.7.2: diff -Nru gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch --- gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch 1970-01-01 01:00:00.0 +0100 +++ gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch 2022-05-22 13:04:01.0 +0200 @@ -0,0 +1,34 @@ +From acdfeb4b3f0c64ad20f28513618e9903bfb81426 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Wed, 1 Sep 2021 15:48:27 +0200 +Subject: [PATCH] fix SSSE3 SHA384 to work more than once + +The output function called sha512_digest() instead of sha384_digest(), +which caused the hash context to be reinitialized for SHA512 instead of +SHA384 and all following digests using the hash handle were wrong. + +Signed-off-by: Miroslav Lichvar +--- + lib/accelerated/x86/sha-x86-ssse3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c +index 8ea4e54aee..1d442e97e7 100644 +--- a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c +@@ -258,11 +258,11 @@ static int _ctx_init(gnutls_digest_algorithm_t algo, + ctx->length = SHA256_DIGEST_SIZE; + break; + case GNUTLS_DIG_SHA384: + sha384_init(>ctx.sha384); + ctx->update = (update_func) x86_sha512_update; +- ctx->digest = (digest_func) sha512_digest; ++ ctx->digest = (digest_func) sha384_digest; + ctx->init = (init_func) sha384_init; + ctx->ctx_ptr = >ctx.sha384; + ctx->length = SHA384_DIGEST_SIZE; + break; + case GNUTLS_DIG_SHA512: +-- +2.35.1 + diff -Nru gnutls28-3.7.1/debian/patches/series gnutls28-3.7.1/debian/patches/series --- gnutls28-3.7.1/debian/patches/series 2021-05-29 11:37:38.0 +0200 +++ gnutls28-3.7.1/debian/patches/series 2022-05-22 13:04:01.0 +0200 @@ -18,3 +18,4 @@ 56_28-handshake-fix-timing-of-sending-early-data.patch 56_30-x509-verify-treat-SHA-1-signed-CA-in-the-trusted-set.patch 56_33-serv-stop-setting-AI_ADDRCONFIG-on-getaddrinfo.patch +56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch signature.asc Description: PGP signature
Bug#1012032: fontconfig: does not respect user configuration
Package: fontconfig
Version: 2.13.1-4.4
Severity: important
X-Debbugs-Cc: shbi...@gmail.com
fontconfig does not read user specific configuration files,
only ever `access(2)'es them (revealed by strace(1)) but
unlike system-wide configuration never `openat(2)'s them.
$ strace fc-match monospace 2>&1 | grep '\.fonts\.conf'
access("/home/sb/.fonts.conf.d", R_OK) = 0
access("/etc/fonts/~/.fonts.conf.d", R_OK) = -1 ENOENT (No such file or
directory)
access("/home/sb/.fonts.conf.d", R_OK) = 0
access("/etc/fonts/~/.fonts.conf.d", R_OK) = -1 ENOENT (No such file or
directory)
access("/home/sb/.fonts.conf", R_OK)= -1 ENOENT (No such file or
directory)
access("/etc/fonts/~/.fonts.conf", R_OK) = -1 ENOENT (No such file or
directory)
access("/home/sb/.fonts.conf", R_OK)= -1 ENOENT (No such file or
directory)
access("/etc/fonts/~/.fonts.conf", R_OK) = -1 ENOENT (No such file or
directory)
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.17.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_IN.utf8, LC_CTYPE=en_IN.utf8 (charmap=UTF-8), LANGUAGE=en_IN:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages fontconfig depends on:
ii fontconfig-config 2.13.1-4.4
ii libc6 2.33-7
ii libfontconfig1 2.13.1-4.4
ii libfreetype6 2.12.1+dfsg-2
fontconfig recommends no packages.
fontconfig suggests no packages.
-- no debconf information
Bug#1012031: suricata: ftbfs on riscv64 arch, but it is ok on unmatche board
Package: suricata Version: 1:6.0.5-2 Severity: minor Tags: ftbfs User: debian-ri...@lists.debian.org Usertags: riscv64 X-Debbugs-Cc: debian-ri...@lists.debian.org Justification: fails on some buildd machines (but built successfully on real riscv64 machine) Dear Maintainer, I am verfiy the suricata package is build ok on real riscv64 boards(Unmatched board): ``` ... Build Architecture: riscv64 Build Type: binary Build-Space: 1363208 Build-Time: 1266 Distribution: unstable Host Architecture: riscv64 Install-Time: 172 Job: /home/vimer/05/33_suricata/suricata_6.0.5-2.dsc Lintian: warn Machine Architecture: riscv64 Package: suricata Package-Time: 1567 Source-Version: 1:6.0.5-2 Space: 1363208 Status: successful Version: 1:6.0.5-2 Finished at 2022-05-29T03:45:05Z Build needed 00:26:07, 1363208k disk space ``` But it fails on rv-mullvad-03(Unleashed boards), the full buildd log is here: ``` In file included from suricata-plugin.h:21, from decode.h:31, from detect-engine-alert.h:28, from suricata-common.h:503, from alert-fastlog.c:27: autoconf.h:23:13: error: ‘undefined’ undeclared here (not in a function) ``` https://buildd.debian.org/status/fetch.php?pkg=suricata=riscv64=1%3A6.0.5-2=1651322558=0 So if we can try build it on some unmatched boards? Bo signature.asc Description: PGP signature
Bug#1010857: bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1
> > Fix CVE-2022-30333 and its corresponding RC bug. ... > Please go ahead. Thanks. I was uploaded unrar-nonfree/1:6.0.3-1+deb11u1 to bullseye. -- YOKOTA Hiroshi
Bug#1012030: podman: Fails to run any container
Package: podman Version: 3.0.1+dfsg1-3+deb11u1 Severity: important X-Debbugs-Cc: vincent.olivert.ri...@gmail.com Dear Maintainer, Podman has stopped working (atleast for me) without having modified anything from its configuration. I simply try to run 'bash' from a Debian container, and it crashes like this: $ podman run --rm -it debian bash Resolved "debian" as an alias (/etc/containers/registries.conf.d/shortnames.conf) Trying to pull docker.io/library/debian:latest... Getting image source signatures Copying blob e756f3fdd6a3 done Copying config 4eacea3037 done Writing manifest to image destination Storing signatures Error: container_linux.go:367: starting container process caused: error adding seccomp filter rule for syscall bdflush: permission denied: OCI permission denied $ -- System Information: Debian Release: 11.3 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-14-amd64 (SMP w/2 CPU threads) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages podman depends on: ii conmon 2.0.25+ds1-1.1 ii containernetworking-plugins 0.9.0-1+b6 ii golang-github-containers-common 0.33.4+ds1-1+deb11u1 ii init-system-helpers 1.60 ii iptables 1.8.7-1 ii libc62.31-13+deb11u3 ii libdevmapper1.02.1 2:1.02.175-2.1 ii libgpgme11 1.14.0-1+b2 ii libseccomp2 2.5.1-1+deb11u1 ii runc 1.0.0~rc93+ds1-5+b2 Versions of packages podman recommends: ii buildah 1.19.6+dfsg1-1+b6 ii fuse-overlayfs1.4.0-1 ii golang-github-containernetworking-plugin-dnsname 1.1.1+ds1-4+b7 ii slirp4netns 1.0.1-2 ii tini 0.19.0-1 ii uidmap1:4.8.1-1 Versions of packages podman suggests: pn containers-storage pn docker-compose
Bug#1012029: RFS: jimtcl/0.81+dfsg0-2 -- small-footprint implementation of Tcl - shared library
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "jimtcl": * Package name: jimtcl Version : 0.81+dfsg0-2 Upstream Author : [fill in name and email of upstream] * URL : http://jim.tcl.tk/ * License : BSD-2-clause, TCL * Vcs : https://salsa.debian.org/debian/jimtcl Section : devel The source builds the following binary packages: jimsh - small-footprint implementation of Tcl named Jim libjim-dev - small-footprint implementation of Tcl - development files libjim0.81 - small-footprint implementation of Tcl - shared library To access further information about this package, please visit the following URL: https://mentors.debian.net/package/jimtcl/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/j/jimtcl/jimtcl_0.81+dfsg0-2.dsc Changes since the last upload: jimtcl (0.81+dfsg0-2) unstable; urgency=medium . * fix vcs url. * upload to unstable Regards, -- Bo YU
Bug#1011913: haskell-swish: FTBFS: make: *** [/usr/share/cdbs/1/class/hlibrary.mk:153: build-ghc-stamp] Error 25
On Sat, 28 May 2022, Jonas Smedegaard wrote: Control: reassign -1 haskell-devscripts Control: retitle -1 haskell-devscripts: DEB_ENABLE_TESTS ignored Control: affects -1 haskell-swish Quoting Lucas Nussbaum (2022-05-26 21:04:50) During a rebuild of all packages in sid, [haskell-swish] failed to build on amd64. [...] Running debian/hlibrary.setup test --builddir=dist-ghc --show-details=direct Non-zero exit code 1. hlibrary.setup: No test suites enabled. Did you remember to configure with '--enable-tests'? haskell-swish built successfully when released in January, and contains this in debian/rules: DEB_ENABLE_TESTS = yes Perhaps this really is bug#1010179 and the "fix" only papered over the underlying problem: @Scott, did you test packages _enabling_ tests or only the default of having tests disabled? Hi Jonas, Actually, it looks like DEB_ENABLE_TESTS=yes had been broken in haskell-devscripts for quite some time (even before Felix's changes). If you look at the January build log for haskell-swish, the tests were not run at that time. In the case of haskell-swish, DEB_ENABLE_TESTS needs to be defined *before* including hlibrary.mk. After fixing that, it seems there are some missing test dependencies. Scott
Bug#1012028: RFS: dirdiff/2.1-9 [ITA] -- Display and merge changes between two directory trees
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "dirdiff": * Package name: dirdiff Version : 2.1-9 Upstream Author : [fill in name and email of upstream] * URL : https://samba.org/ftp/paulus/ * License : GPL-2+ * Vcs : https://salsa.debian.org/debian/dirdiff Section : utils The source builds the following binary packages: dirdiff - Display and merge changes between two directory trees To access further information about this package, please visit the following URL: https://mentors.debian.net/package/dirdiff/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/d/dirdiff/dirdiff_2.1-9.dsc git: https://salsa.debian.org/nilsonfsilva/dirdiff Changes since the last upload: dirdiff (2.1-9) unstable; urgency=medium . * New Maintainer. (Closes: #1008029) * d/control: - Updated Maintainer field with my name and email. * d/copyrigt: - Include name new maintainer. Regards, -- Josenilson Ferreira da SIlva
Bug#1012027: RFS: tcpslice/1.5-1 [RC] -- extract pieces of and/or glue together tcpdump files
Package: sponsorship-requests Severity: important X-Debbugs-Cc: bruno.naib...@gmail.com Dear mentors, I am looking for a sponsor for my package "tcpslice": * Package name: tcpslice Version : 1.5-1 Upstream Author : https://github.com/the-tcpdump-group/tcpslice/issues * URL : http://www.tcpdump.org * License : BSD-3-Clause, BSD-2-Clause, BSD-4-Clause * Vcs : https://salsa.debian.org/debian/tcpslice Section : net The source builds the following binary packages: tcpslice - extract pieces of and/or glue together tcpdump files To access further information about this package, please visit the following URL: https://mentors.debian.net/package/tcpslice/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/t/tcpslice/tcpslice_1.5-1.dsc Changes since the last upload: tcpslice (1.5-1) unstable; urgency=medium . * New upstream version 1.5. (includes a fix for CVE-2021-41043) (Closes: #1003190) * Enable GPG-checking of orig tarball. - debian/upstream/signing-key.asc: upstream public key. - debian/watch: ~ Add "pgpmode=auto" as an option. ~ Changed the URL. * debian/control: - Added libnids-dev and libosip2-dev to Build-Depends field. - Bumped Standards-Version to 4.6.0. * debian/copyright: - Added licensing for diag-control.h file. - Updated the packaging and upstream copyright years. * debian/docs: changed from README to README.md. * debian/patches: removed. The upstream fixed the source code. Thanks. * debian/upstream/metadata: fixed spelling error. Regards, -- Bruno Naibert de Campos
Bug#1011345: transition: rakudo
On Sat, 2022-05-28 at 12:16 +0200, Sebastian Ramacher wrote: > Control: tags -1 confirmed > > On 2022-05-20 10:36:34 -0400, M. Zhou wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > > > Dear release team, > > > > We have uploaded rakudo 2022.04 to experimental, and would like to > > start the transition and rebuild packages > > Please go ahead > Uploaded to unstable.
Bug#1012026: X segfaults in OsLookupColor+0x135 after upgrade to 2:21.1.3-2+b1
Package: xserver-xorg-core Version: 2:21.1.3-2+b1 Severity: important After upgrading to 2:21.1.3-2+b1, X consistently segfaults with the stacktrage in the attached log. Downgrading selected packages as follows: xserver-xorg-input-evdev=1:2.10.6-2 xserver-xorg-input-mouse=1:1.9.3-1 xserver-xorg-video-dummy=1:0.3.8-1+b1 xserver-xorg-video-radeon=1:19.1.0-2 xserver-xorg-core=2:1.20.14-1 fixes the problem, and this is how I've kept them pinned for a few months, hoping a new version comes along that solves this, but it hasn't happened, so filing this bug report. This is on a fully-updated sid machine, with custom built kernel (right now, 5.15.43). -- Package-specific info: X server symlink status: lrwxrwxrwx 1 root root 13 Sep 5 2015 /etc/X11/X -> /usr/bin/Xorg -rwxr-xr-x 1 root root 274 Feb 12 11:32 /usr/bin/Xorg VGA-compatible devices on PCI bus: -- 08:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Caicos [Radeon HD 6450/7450/8450 / R5 230 OEM] [1002:6779] /etc/X11/xorg.conf does not exist. Contents of /etc/X11/xorg.conf.d: - total 2 -rw-r--r-- 1 root root 302 Nov 14 2016 10-monitor.conf /etc/modprobe.d contains no KMS configuration files. Kernel version (/proc/version): --- Linux version 5.15.43-teal0 (iusty@teal) (gcc (Debian 11.3.0-3) 11.3.0, GNU ld (GNU Binutils for Debian) 2.38) #1 SMP Sun May 29 01:06:22 CEST 2022 Xorg X server log files on system: -- -rw-r--r-- 1 iusty iusty 12692 May 29 01:25 /home/iusty/.local/share/xorg/Xorg.0.log -rw-r--r-- 1 root root 33876 May 29 01:25 /var/log/Xorg.0.log Contents of most recent Xorg X server log file (/var/log/Xorg.0.log): - [ 616.975] X.Org X Server 1.21.1.3 X Protocol Version 11, Revision 0 [ 616.979] Current Operating System: Linux teal 5.15.43-teal0 #1 SMP Sun May 29 01:06:22 CEST 2022 x86_64 [ 616.979] Kernel command line: BOOT_IMAGE=/vmlinuz-5.15.43-teal0 root=/dev/mapper/vg845dc-root ro iommu=pt [ 616.981] xorg-server 2:21.1.3-2+b1 (https://www.debian.org/support) [ 616.982] Current version of pixman: 0.40.0 [ 616.984]Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. [ 616.984] Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. [ 616.989] (==) Log file: "/var/log/Xorg.0.log", Time: Sun May 29 01:25:42 2022 [ 616.990] (==) Using config directory: "/etc/X11/xorg.conf.d" [ 616.992] (==) Using system config directory "/usr/share/X11/xorg.conf.d" [ 616.992] (==) No Layout section. Using the first Screen section. [ 616.992] (==) No screen section available. Using defaults. [ 616.992] (**) |-->Screen "Default Screen Section" (0) [ 616.992] (**) | |-->Monitor "" [ 616.992] (==) No monitor specified for screen "Default Screen Section". Using a default monitor configuration. [ 616.992] (==) Automatically adding devices [ 616.992] (==) Automatically enabling devices [ 616.992] (==) Automatically adding GPU devices [ 616.992] (==) Automatically binding GPU devices [ 616.992] (==) Max clients allowed: 256, resource mask: 0x1f [ 616.992] (WW) The directory "/usr/share/fonts/X11/cyrillic" does not exist. [ 616.992]Entry deleted from font path. [ 616.992] (==) FontPath set to: /usr/share/fonts/X11/misc, /usr/share/fonts/X11/100dpi/:unscaled, /usr/share/fonts/X11/75dpi/:unscaled, /usr/share/fonts/X11/Type1, /usr/share/fonts/X11/100dpi, /usr/share/fonts/X11/75dpi, built-ins [ 616.992] (==) ModulePath set to "/usr/lib/xorg/modules" [ 616.992] (II) The server relies on udev to provide the list of input devices. If no devices become available, reconfigure udev or disable AutoAddDevices. [ 616.992] (II) Loader magic: 0x556719de3f20 [ 616.992] (II) Module ABI versions: [ 616.992]X.Org ANSI C Emulation: 0.4 [ 616.992]X.Org Video Driver: 25.2 [ 616.992]X.Org XInput driver : 24.4 [ 616.992]X.Org Server Extension : 10.0 [ 616.992] (--) using VT number 4 [ 616.992] (II) systemd-logind: logind integration requires -keeptty and -keeptty was not provided, disabling logind integration [ 616.992] (II) xfree86: Adding drm device (/dev/dri/card0) [ 616.992] (II) Platform probe for /sys/devices/pci:00/:00:03.1/:08:00.0/drm/card0 [ 616.994] (--) PCI:*(8@0:0:0) 1002:6779:1043:03da rev 0, Mem @ 0xe000/268435456, 0xfcf2/131072, I/O @ 0xd000/256, BIOS @ 0x/131072 [ 616.994] (II) LoadModule: "glx" [ 616.994] (II) Loading /usr/lib/xorg/modules/extensions/libglx.so [ 616.994] (II) Module glx: vendor="X.Org
Bug#993957: (no subject)
i think i know what rhat might be. i flat-out refuse to let a mission critical piece of software developed by pottering run on systems that i manage, particularly after seeing the persistent generation of CVEs on mitre.org, and also in interactions with him where he just does not listen. (translation: i was not running systemd. sysvinit is still a supported option in debian, apt-get install sysvinit, and it is available via a grub boot menu option) l. On May 28, 2022 4:42:41 PM GMT+01:00, Christoph Biedl wrote: >Control: tags 993957 moreinfo > >lkcl wrote... > >> schroot 1.6.10 (04 May 2014) fails with a continuous attempt to read >> a non-existent subdirectory, /run/systemd/userdb, when operating a >> type "directory" schroot. >> >> a type "plain" does not have this same issue. >> >> creating the missing subdirectory manually "allows" the schroot to >"proceed" >> without errors. > >As asked earlier, please provide more details about your setup, also >the >schroot.conf snippet. Since I couldn't reproduce your issue here, but >based on the few information avaiable I might have done things slightly >different. > >From reading the Ubuntu bug (also #763896) I assume this was fixed >upstream, we'll include that commit in the next uploads. > >Christoph
Bug#1012025: nftables.conf: trying to import nftables.conf and get unexpected meta or ip6 when trying to start
Package: nftables
Version: 1.0.2-1
Severity: important
File: nftables.conf
Tags: ipv6
X-Debbugs-Cc: tmcconnell...@gmail.com
Dear Maintainer,
What led up to the situation?
Trying to configure and enable nftables to stop ip6 neighbor discovery packets
from being rejected by VPN
What exactly did you do (or not do) that was effective (or
ineffective)? Attempted to use workstation.nft in examples folder and
looked for documentation on the web.I couldn't find anything newer than 2014
and asked on Debian Forums and Linuxquestions.org
What was the outcome of this action?
Attempt to run 'sudo systemctl start nftables.service' and receive this error:
Job for nftables.service failed because the control process exited with error
code.
See "systemctl status nftables.service" and "journalctl -xeu nftables.service"
for details.
tmick@DebianTim:~/recap$ sudo systemctl status nftables.service
× nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor
preset: enabled)
Active: failed (Result: exit-code) since Sat 2022-05-28 16:39:05 CDT; 7s
ago
Docs: man:nft(8)
http://wiki.nftables.org
Process: 1704177 ExecStart=/usr/sbin/nft -f /etc/nftables.conf
(code=exited, status=1/FAILURE)
Main PID: 1704177 (code=exited, status=1/FAILURE)
CPU: 24ms
May 28 16:39:05 DebianTim nft[1704177]:
^^
May 28 16:39:05 DebianTim nft[1704177]: /etc/nftables.conf:18:3-6: Error:
syntax error, unexpected meta
May 28 16:39:05 DebianTim nft[1704177]: meta nexthdr ipv6
icmpv6 type { destination-unreachable, packet-too>
May 28 16:39:05 DebianTim nft[1704177]:
May 28 16:39:05 DebianTim nft[1704177]: /etc/nftables.conf:19:8-12: Error:
syntax error, unexpected saddr, expecting string
May 28 16:39:05 DebianTim nft[1704177]: ipv6 saddr fe80::/10
icmpv6 type { 130, 131, 132, 134, 143, 151, 15>
May 28 16:39:05 DebianTim nft[1704177]: ^
May 28 16:39:05 DebianTim systemd[1]: nftables.service: Main process exited,
code=exited, status=1/FAILURE
May 28 16:39:05 DebianTim systemd[1]: nftables.service: Failed with result
'exit-code'.
May 28 16:39:05 DebianTim systemd[1]: Failed to start nftables.
I've tried other methods as inet etc and still get this type of error.
What outcome did you expect instead? For documentation to be clear enough for
this not to be a problem and the nftables to be able to add this filter.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.17.0-1-rt-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nftables depends on:
ii libc6 2.33-7
ii libedit2 3.1-20210910-1
ii libnftables1 1.0.2-1
Versions of packages nftables recommends:
ii netbase 6.3
Versions of packages nftables suggests:
pn firewalld
-- Configuration Files:
/etc/nftables.conf changed:
flush ruleset
table enp1s0 filter {
chain base_checks {
# Drop invalid connections and allow established/related connections
ct state invalid drop
ct state {established, related} accept
}
chain input {
type filter hook input priority 0; policy drop;
meta nexthdr ipv6 icmpv6 type { destination-unreachable,
packet-too-big, time-exceeded, parameter-problem, echo-reply, echo-request,
nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert,
148, 149 } accept
ipv6 saddr fe80::/10 icmpv6 type { 130, 131, 132, 134, 143,
151, 152, 153 } accept
jump base_checks
# Allow from loopback
iifname lo accept
iifname != lo ip daddr 127.0.0.0/32 drop
# New UDP traffic will jump to the UDP chain
ip protocol udp ct state new jump UDP
# New TCP traffic will jump to the TCP chain
tcp flags & (fin | syn | rst | ack) == syn ct state new jump TCP
# Everything else
ip protocol udp reject
ip protocol tcp reject with tcp reset
reject with icmpx type port-unreachable
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
# count and drop any other traffic
counter enp1s0{}
##CHAIN RULES
# TCP chain
set TCP_accepted {
type inet_service; flags interval;
elements = {1714-1764}
}
chain TCP {
tcp dport @TCP_accepted accept
}
# UDP chain
set UDP_accepted {
type inet_service; flags
Bug#1012020: trustedqsl: segfault when trying to renew station certificate
This is a bug introduced in TQSL 2.6.
Patch to correct this attached. This will go out as part of TQSL 2.6.4.
73,
-Rick
On Sat, May 28, 2022 at 4:09 PM tony mancill wrote:
> Package: trustedqsl
> Version: 2.6.2-1
> Severity: normal
>
> Hi, creating this for visibility. Since I'm experiencing the issue, I
> will try to resolve it. Also (not related to this bug), I have an
> update to upstream 2.6.3 ready to upload. I am planning to wait until the
> auto-openssl transition completes before uploading it.
>
> When starting tqsl, I am prompted to renew my station certificate. If I
> select "yes," the application encounters the following segmentation
> fault. I'm not sure if this is an upstream bug or due to our packaging.
> It appears that the code on apps/certtree.cpp line 215 fails to return a
> valid tQSL_Cert. (Perhaps only in some circumstances?)
>
>
> Thread 1 "tqsl" received signal SIGSEGV, Segmentation fault.
> 0x556d023d in CertTree::SelectCert (this=0x5682c7f0,
> cert=) at ./apps/certtree.cpp:217
> 217 ./apps/certtree.cpp: No such file or directory.
> (gdb) bt
> #0 0x556d023d in CertTree::SelectCert(void*)
> (this=0x5682c7f0, cert=) at ./apps/certtree.cpp:217
> #1 0x556641a5 in MyFrame::OnExpiredCertFound(wxCommandEvent&)
> (this=0x562bd8a0, event=) at ./apps/tqsl.cpp:3731
> #2 0x777ee15e in
> wxEvtHandler::ProcessEventIfMatchesId(wxEventTableEntryBase const&,
> wxEvtHandler*, wxEvent&) ()
> at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #3 0x777ee253 in wxEventHashTable::HandleEvent(wxEvent&,
> wxEvtHandler*) () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #4 0x777ee58c in wxEvtHandler::TryHereOnly(wxEvent&) () at
> /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #5 0x777ee61b in wxEvtHandler::ProcessEventLocally(wxEvent&) ()
> at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #6 0x777ee6f1 in wxEvtHandler::ProcessEvent(wxEvent&) () at
> /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #7 0x777ef1e5 in wxEvtHandler::ProcessPendingEvents() () at
> /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #8 0x77699f27 in wxAppConsoleBase::ProcessPendingEvents() () at
> /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #9 0x77b428da in wxGUIEventLoop::YieldFor(long) () at
> /lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0
> #10 0x7769a8ed in wxAppConsoleBase::Yield(bool) () at
> /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #11 0x5562a395 in MyFrame::DoUpdateCheck(bool, bool)
> (this=0x562bd8a0, silent=, noGUI=)
> at /usr/include/wx-3.0/wx/app.h:439
> #12 0x556616df in MyFrame::FirstTime() (this=0x562bd8a0) at
> ./apps/tqsl.cpp:6093
> #13 0x55671895 in QSLApp::GUIinit(bool, bool)
> (this=0x55804c20, checkUpdates=, quiet=)
> at ./apps/tqsl.cpp:5243
> #14 0x55672f9a in QSLApp::OnInit() (this=0x55804c20) at
> ./apps/tqsl.cpp:5460
> #15 0x77714a72 in wxEntry(int&, wchar_t**) () at
> /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0
> #16 0x5561cd1e in main(int, char**) (argc=,
> argv=) at ./apps/tqsl.cpp:234
>
>
> -- System Information:
> Debian Release: bookworm/sid
> APT prefers unstable
> APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.17.0-3-amd64 (SMP w/8 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_WARN
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE
> not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages trustedqsl depends on:
> ii libc6 2.33-7
> ii libcurl4 7.83.1-1+b1
> ii libexpat1 2.4.8-1
> ii libgcc-s1 12.1.0-2
> ii liblmdb0 0.9.24-1
> ii libssl3 3.0.3-5
> ii libstdc++612.1.0-2
> ii libwxbase3.0-0v5 3.0.5.1+dfsg-4
> ii libwxgtk3.0-gtk3-0v5 3.0.5.1+dfsg-4
> ii zlib1g1:1.2.11.dfsg-4
>
> trustedqsl recommends no packages.
>
> trustedqsl suggests no packages.
>
> -- no debconf information
>
>
--
Rick Murphy, D.Sc., CISSP-ISSAP, K1MU/4, Annandale VA USA
diff --git a/apps/ChangeLog.txt b/apps/ChangeLog.txt
index e43836f..45fd660 100644
--- a/apps/ChangeLog.txt
+++ b/apps/ChangeLog.txt
@@ -1,5 +1,11 @@
TQSL changes
+2.6.4
+--
+Correct a crash when TQSL detects a callsign certificate that's about to
+expire during startup and the user selects "Yes" to renew that callsign
+certificate.
+
2.6.3
--
Handle the case where there's both a valid and an invalid callsign certificate
diff --git a/apps/certtree.cpp b/apps/certtree.cpp
index 272e642..55f83f5 100644
--- a/apps/certtree.cpp
+++ b/apps/certtree.cpp
@@ -202,6 +202,7 @@ CertTree::SelectCert(tQSL_Cert cert) {
// Iterate the tree, looking for a matching certificate
wxTreeItemId root = GetRootItem();
wxTreeItemIdValue issCookie;
+
Bug#1005873: [git-buildpackage/master] pq: Check if repo is clean before importing patches
Paul Gevers writes ("Bug#1005873: [git-buildpackage/master] pq: Check if repo
is clean before importing patches"):
> Control: severity -1 serious
...
> Seems like the autopkgtest of dgit is now blocking progression of
> git-buildpackage related to this change.
Thanks for escalating this. I had dropped the ball. I have uploaed a
fixed version of dgit which I hope will sort this out.
Thanks,
Ian.
--
Ian JacksonThese opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
Bug#1012024: Please declare Breaks: dgit (<< 9.16~)
Package: git-buildpackage Version: 0.9.26 Severity: serious Hi. With recent gbp pq (as of 0.9.26), dgit needs to pass new options (well, actually, it does this via the config file so as to still work with older gbp). That's #1005873. dgit 9.16 which I have just uploaded does this (again, sorry for the delay). It passes my formal autopkgtest with my sid chroot so I expect it will be OK in ci.d.n. As I wrote in another mail, I would appreciate it if you would add to git-buildpackage: Breaks: dgit (<< 9.16~) This will arrange that users will necessarily install the updates in the correct order (and that partial updates will be correct). I am filing this bug as "serious" not because I think it is RC, but because if you agree with my suggestion, it would be good to prevent gbp 0.9.26 migrating to testing, since it is that version that presents the upgrade hazard, and instead migrate the updated version with the Breaks (presumably 0.9.27). That would avoid a window of opportunity for lossage. If you disagree with my choice of severity, do of course feel free to downgrade it. Regards, Ian. -- Ian JacksonThese opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter. -- Ian JacksonThese opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Bug#1011984: liblouis: CVE-2022-31783
Control: severity -1 normal Hello, Salvatore Bonaccorso, le sam. 28 mai 2022 12:56:30 +0200, a ecrit: > CVE-2022-31783[0]: > | Liblouis 3.21.0 has an out-of-bounds write in compileRule in > | compileTranslationTable.c, as demonstrated by lou_trace. lou_trace takes a braille table as input, which is not something people would inject from outer sources. So I'm lowering the severity of this bug, it'll get close when upstream integrates the fix. Samuel
Bug#1011168: linux-image-5.17.0-2-amd64: rebooting KVM guest crashes kernel
I found a matching issue on the Arch Linux forum: https://bbs.archlinux.org/viewtopic.php?id=276648 Which ultimately links to this discussion on one of the kernel mailing lists: https://lore.kernel.org/kvm/ynhalvjww6e94...@google.com/ https://lore.kernel.org/kvm/20220504001219.983513-1-sea...@google.com/ And this commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d187ba5312307d51818beafaad87d28a7d939adf I haven't tested a custom build with the patch applied but I can confirm that the server that I have crashing is an older box with an Intel Xeon E5645 CPU that lacks XSAVE. And now that bug 1010916 has an updated backtrace attached its clear that it is the same issue as this one. -- Jon Doge Wrangler X(7): A program for managing terminal windows. See also screen(1) and tmux(1).
Bug#1011666: groff 1.23.0 build dependencies will change
I need to amend my recommendations slightly. pkg-config _will_ need to remain in Build-Depends due to a very recent change in groff upstream. > 2022-05-26 G. Branden Robinson > > * bootstrap.conf: Add "pkg-config" to `buildreq`. Not having it > causes pretty horrible macro expansion problems and diagnostics > when 'autoreconf' is run; they're still pretty bad even if you > use `AC_REQUIRE` and `m4_pattern_forbid`. So just demand it. Regards, Branden signature.asc Description: PGP signature
Bug#1011331: bullseye-pu: package node-raw-body/2.4.1-2+deb11u1
Control: tags -1 + confirmed On Sat, 2022-05-28 at 22:36 +0200, Yadd wrote: > Control: tags -1 - moreinfo > > On 28/05/2022 20:53, Adam D. Barratt wrote: > > Control: tags -1 + moreinfo > > > > On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote: > > > node-raw-body embeds a patch that creates a Denial-of-Service > > > vulnerability into node-express. > > > [...] > > > Drop patch which replaced node-iconv-lite by node-iconv. > > > > > > > Why was that change made in the first place? The changelog entry > > from > > 2014 isn't particularly helpful. > > Hi Adam, > > node-iconv-lite entered in Debian only in 2016. That's why this > patch > existed. > Thanks for the explanation. Please go ahead. Regards, Adam
Bug#1011331: bullseye-pu: package node-raw-body/2.4.1-2+deb11u1
Control: tags -1 - moreinfo On 28/05/2022 20:53, Adam D. Barratt wrote: Control: tags -1 + moreinfo On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote: node-raw-body embeds a patch that creates a Denial-of-Service vulnerability into node-express. [ Impact ] Security issue, a simple request can crash any express application [ Tests ] I added a test that proves that bug is fixed: it fails with node-raw-body 2.4.1-2 and succeeds with 2.4.1-2+deb11u1 [ Risks ] No risk, Debian package is now exactly what upstream wrote. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Drop patch which replaced node-iconv-lite by node-iconv. Why was that change made in the first place? The changelog entry from 2014 isn't particularly helpful. Hi Adam, node-iconv-lite entered in Debian only in 2016. That's why this patch existed. Cheers, Yadd
Bug#1008045: bullseye-pu: package node-mermaid/8.7.0+ds+~cs27.17.17-3+deb11u1
Control: tags -1 + confirmed On Mon, 2022-03-21 at 14:09 +0100, Yadd wrote: > node-mermaid is vulnerable to XSS attack (CVE-2021-23648) > Please go ahead. Regards, Adam
Bug#1012022: fenics-basix: FTBFS during separate binary-indep build
Source: fenics-basix Version: 0.4.0-1exp1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) Hi, fenics-basix/experimental FTBFS while performing a separate binary-indep build as would be done by the buildds. You can do that manually with dpkg-builpackage -A. [...] debian/rules execute_before_dh_install-indep make[1]: Entering directory '/build/fenics-basix-0.4.0' py3versions: no X-Python3-Version in control file, using supported versions LD_LIBRARY_PATH=/build/fenics-basix-0.4.0/debian/tmp/usr/lib/x86_64-linux-gnu PYTHONPATH=/build/fenics-basix-0.4.0/debian/python3-basix/usr/lib/python3.10/dist-packages: /usr/bin/make -C doc/python html make[2]: Entering directory '/build/fenics-basix-0.4.0/doc/python' Running Sphinx v4.5.0 Configuration error: There is a programmable error in your configuration file: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/sphinx/config.py", line 332, in eval_config_file exec(code, namespace) File "/build/fenics-basix-0.4.0/doc/python/source/conf.py", line 10, in import basix ModuleNotFoundError: No module named 'basix' make[2]: *** [Makefile:20: html] Error 2 make[2]: Leaving directory '/build/fenics-basix-0.4.0/doc/python' make[1]: *** [debian/rules:71: execute_before_dh_install-indep] Error 2 make[1]: Leaving directory '/build/fenics-basix-0.4.0' make: *** [debian/rules:42: binary-indep] Error 2 Andreas fenics-basix_0.4.0-1exp1_indep.log.gz Description: application/gzip
Bug#1011343: WISHLIST: Offical ALL-IN-ONE images?
ools_2.4+dfsg-2_amd64.deb
Only in /groundtruth/firmware: firm-phoenix-ware_4.7.5+repack-1_all.deb
Only in /groundtruth/firmware:
firmware-microbit-micropython-dl_1.2.4+dfsg-8_all.deb
Only in /groundtruth/firmware:
firmware-microbit-micropython-doc_1.0.1-2_all.deb
Only in /groundtruth/firmware: firmware-microbit-micropython_1.0.1-2_all.deb
Only in /groundtruth/firmware: firmware-tomu_2.0~rc7-2_all.deb
Only in /groundtruth/firmware: gnome-firmware_3.36.0-1_amd64.deb
Files /mnt/isolinux/boot.cat and /groundtruth/isolinux/boot.cat differ
Files /mnt/isolinux/f1.txt and /groundtruth/isolinux/f1.txt differ
Files /mnt/isolinux/isolinux.bin and /groundtruth/isolinux/isolinux.bin
differ
Files /mnt/md5sum.txt and /groundtruth/md5sum.txt differ
Most differs come from READMEs, and dist/ directory. ( I haven't tried
advance features of merger script yet, I will try it later)
The further details is in the attached file. I will try to analysis it.
(For size reasons, lines with md5 in it is filtered out by "sed -i -E -e
'/[a-f0-9]{32,32}/d' diff.details.txt")
Best Regards,
Zhang Boyangdiff -r /mnt/.disk/cd_type /groundtruth/.disk/cd_type
1c1
< bluray
---
> full_cd
diff -r /mnt/.disk/info /groundtruth/.disk/info
1c1
< Debian GNU/Linux 11.0.0 "Bullseye" - Unofficial amd64 DLBD Binary-1
20220528-13:35
\ No newline at end of file
---
> Debian GNU/Linux 11.0.0 "Bullseye" - Unofficial amd64 CUSTOM Binary-1
> 20220528-14:56
\ No newline at end of file
diff -r /mnt/.disk/mkisofs /groundtruth/.disk/mkisofs
1c1
< xorriso -as mkisofs -r -checksum_algorithm_iso sha256,sha512 -V 'Debian
11.0.0 amd64 1' -o /srv/mirror/debian-cd-test/debian-11.0.0-amd64-DLBD-1.iso
-checksum-list /srv/mirror/tmp/bullseye/checksum-check
-jigdo-checksum-algorithm md5 -jigdo-force-checksum /pool/ -jigdo-min-file-size
1024 -jigdo-exclude 'README*' -jigdo-exclude /doc/ -jigdo-exclude /md5sum.txt
-jigdo-exclude /.disk/ -jigdo-exclude /pics/ -jigdo-exclude 'Release*'
-jigdo-exclude 'Packages*' -jigdo-exclude 'Sources*' -jigdo-force-md5 /pool/
-jigdo-jigdo /srv/mirror/debian-cd-test/debian-11.0.0-amd64-DLBD-1.jigdo
-jigdo-template /srv/mirror/debian-cd-test/debian-11.0.0-amd64-DLBD-1.template
-jigdo-map Debian=/home/zby/debian/ -jigdo-exclude boot1 -J -joliet-long
-cache-inodes -isohybrid-mbr syslinux/usr/lib/ISOLINUX/isohdpfx.bin -b
isolinux/isolinux.bin -c isolinux/boot.cat -boot-load-size 4 -boot-info-table
-no-emul-boot -eltorito-alt-boot -e boot/grub/efi.img -no-emul-boot
-isohybrid-gpt-basdat -isohybrid-apm-hfsplus boot1 CD1
---
> xorriso -as mkisofs -r -checksum_algorithm_iso sha256,sha512 -V 'Debian
> 11.0.0 amd64 1' -o
> /srv/mirror/debian-cd-test/debian-11.0.0-amd64-CUSTOM-1.iso -checksum-list
> /srv/mirror/tmp/bullseye/checksum-check -jigdo-checksum-algorithm md5
> -jigdo-force-checksum /pool/ -jigdo-min-file-size 1024 -jigdo-exclude
> 'README*' -jigdo-exclude /doc/ -jigdo-exclude /md5sum.txt -jigdo-exclude
> /.disk/ -jigdo-exclude /pics/ -jigdo-exclude 'Release*' -jigdo-exclude
> 'Packages*' -jigdo-exclude 'Sources*' -jigdo-force-md5 /pool/ -jigdo-jigdo
> /srv/mirror/debian-cd-test/debian-11.0.0-amd64-CUSTOM-1.jigdo -jigdo-template
> /srv/mirror/debian-cd-test/debian-11.0.0-amd64-CUSTOM-1.template -jigdo-map
> Debian=/home/zby/debian/ -jigdo-exclude boot1 -J -joliet-long -cache-inodes
> -isohybrid-mbr syslinux/usr/lib/ISOLINUX/isohdpfx.bin -b
> isolinux/isolinux.bin -c isolinux/boot.cat -boot-load-size 4 -boot-info-table
> -no-emul-boot -eltorito-alt-boot -e boot/grub/efi.img -no-emul-boot
> -isohybrid-gpt-basdat -isohybrid-apm-hfsplus boot1 CD1
diff -r /mnt/README.html /groundtruth/README.html
55c55
< Debian GNU/Linux 11.0.0 "Bullseye" - Unofficial amd64 DLBD Binary-1
20220528-13:35
---
> Debian GNU/Linux 11.0.0 "Bullseye" - Unofficial amd64 CUSTOM Binary-1
> 20220528-14:56
98,99c98,99
< Debian GNU/Linux 11.0.0 "Bullseye" - Unofficial amd64 DLBD
Binary-1 20220528-13:35
< which means that this disc is number 1 of a set of 2 discs
---
> Debian GNU/Linux 11.0.0 "Bullseye" - Unofficial amd64
> CUSTOM Binary-1 20220528-14:56
> which means that this disc is number 1 of a set of 1 discs
105c105
< discs, up to Binary-2, contain mostly special-interest programs.
---
> discs, up to Binary-1, contain mostly special-interest programs.
diff -r /mnt/README.txt /groundtruth/README.txt
1,16c1,2
< Result of a run of merge_2_debian_isos at 20220528-23:34
< Package pools and Packages lists were merged.
< The other files stem from the first input ISO.
<
< Input ISO: debian-11.0.0-amd64-DLBD-1.iso
< Debian GNU/Linux 11.0.0 "Bullseye" - Unofficial amd64 DLBD Binary-1
<20220528-13:35
<
< Input ISO: debian-11.0.0-amd64-DLBD-2.is
Bug#1011609: bogl-bterm: [PATCH] Several improvements
Hi,
Another small patch. :-)
Best Regards,
Zhang BoyangFrom ae763e89f00575e56a7242e27c9b0789c0de411e Mon Sep 17 00:00:00 2001
From: Zhang Boyang
Date: Sun, 29 May 2022 02:45:32 +0800
Subject: [PATCH] Don't call FBIOPAN_DISPLAY when using the vga16fb driver
When using vga16fb, there is no need to call FBIOPAN_DISPLAY, and it may
cause screen flicker on certain hardwares.
---
bogl.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/bogl.c b/bogl.c
index 9b628b1..5cbe96e 100644
--- a/bogl.c
+++ b/bogl.c
@@ -462,6 +462,15 @@ bogl_fb_set_palette (int c, int nc, const unsigned char palette[][3])
void
bogl_update (void)
{
+#if BOGL_VGA16_FB
+ if (type == FB_TYPE_VGA_PLANES)
+{
+ /* There is no need to call FBIOPAN_DISPLAY when using vga16fb driver.
+ What's worse, it may cause screen flicker on certain hardwares.
+ So make bogl_update() a no-op here. */
+ return;
+}
+#endif
ioctl (fb, FBIOPAN_DISPLAY, _var);
}
--
2.30.2
Bug#1010061: git-buildpackage: FTBFS on bookworm and sid: multiple issues
Guido Günther writes ("Re: Bug#1010061: git-buildpackage: FTBFS on bookworm and
sid: multiple issues"):
> Thanks. I did an upload a while back but now dgit's tests fail:
>
>https://tracker.debian.org/pkg/git-buildpackage
>https://ci.debian.net/data/autopkgtest/testing/amd64/d/dgit/22182444/log.gz
>
> Maybe you have an idea what has triggered this (not all of them look gbp
> related but looking at the tests many of them seem to pull in gbp):
Sorry about this. It's #1005873, which I had quite forgotten about.
Paul Gevers has reminded me (and raised that bug's severity,
appropriately). I have what I think is a fix and hope to upload very
soon.
Would you mind including a "Breaks:" in git-buildpackage for this ?
I think that ought to be
Breaks: dgit (<< 9.16~)
I think you can safely make that change immediately since I'm not
going to be releasing a 9.16 without fixing this issue.
I should really have fixed this some time ago and provided you with a
the version number to use, then. So, sorry for the inconvenience.
Regards,
Ian.
--
Ian JacksonThese opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
Bug#1009077: bullseye-pu: minidlna/1.3.0+dfsg-2+deb11u1
Control: tags -1 + confirmed On Wed, 2022-04-06 at 21:48 +, Thorsten Alteholz wrote: > The attached debdiff for minidlna fixes CVE-2022-26505 in Bullseye. > This > CVE has been marked as no-dsa by the security team. > Please go ahead, thanks. Regards, Adam
Bug#1008268: bullseye-pu: package tigervnc/1.11.0+dfsg-2
Control: tags -1 + confirmed On Fri, 2022-03-25 at 19:57 +0100, Joachim Falk wrote: > This proposed update fixes two regressions: > > (i) https://bugs.launchpad.net/ubuntu/+source/tigervnc/+bug/1929790 > > * TigerVNC 1.11.0 contains a (pixel order) regression that causes >vncviewer to display incorrect colors when vncviewer and X11 > server >use different endianness >(e.g. when using X11 forwarding via SSH between an amd64 desktop > and a Linux on s390x). > [...] > The > bug does affect the Gnome environment, so that a gnome-session is > not > started properly, when started through tigervncserver@.service. So > the > bug makes tigervnc-standalone-server unuseable, if a user does want > to > use a Gnome-Session inside TigerVNC. Please go ahead. Regards, Adam
Bug#1008577: bullseye-pu: golang-github-russellhaering-goxmldsig/1.1.0-1+deb11u1
Control: tags -1 + confirmed On Mon, 2022-03-28 at 21:51 +, Thorsten Alteholz wrote: > The attached debdiff for golang-github-russellhaering-goxmldsig fixes > CVE-2020-7711 in Bullseye. This CVE has been marked as no-dsa by the > security team. > Please go ahead. Regards, Adam
Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1
Control: tags -1 + confirmed On Mon, 2022-04-11 at 16:17 +0200, Yadd wrote: > On 24/03/2022 15:12, Moritz Mühlenhoff wrote: > > Am Wed, Mar 23, 2022 at 02:25:26PM +0100 schrieb Yadd: > > > Package: release.debian.org > > > Severity: normal > > > Tags: bullseye > > > User: release.debian@packages.debian.org > > > Usertags: pu > > > > > > [ Reason ] > > > node-url-parse is vulnerable to an authorization Bypass Through > > > User-Controlled (CVE-2022-0686). > > > > If we're doing an update, we could also include a fix for CVE-2022- > > 0691? > > > > Cheers, > > Moritz > > Hi, > > done, here is the new debdiff (including new test) > Please go ahead. Regards, Adam
Bug#1008162: bullseye-pu: package node-minimist/1.2.5+~cs5.3.1-2+deb11u1
Control: tags -1 + confirmed On Wed, 2022-03-23 at 12:36 +0100, Yadd wrote: > node-minimist is vulnerable to a prototype pollution not totally > fixed > by CVE-2020-7598 patch (pushed in 1.2.5-1 and 1.2.0-1+deb10u1) > Please go ahead. Regards, Adam
Bug#1008153: bullseye-pu: package node-node-forge/0.10.0~dfsg-3+deb11u1
Control: tags -1 + confirmed On Wed, 2022-03-23 at 11:14 +0100, Yadd wrote: > node-node-forge signature verification code is lenient in checking > the digest > algorithm structure. This can allow a crafted structure that steals > padding > bytes and uses unchecked portion of the PKCS#1 encoded message to > forge a > signature when a low public exponent is being used. The issue has > been > addressed in `node-forge` version 1.3.0. > Please go ahead. Regards, Adam
Bug#1008161: bullseye-pu: package geeqie/1.6-9+deb11u1
Control: tags -1 + confirmed On Wed, 2022-03-23 at 12:17 +0100, Andreas Rönnquist wrote: > I would like to fix a bug in geeqie in bullseye where selecting > several > items in a file-list and then trying to deselect one item using > Ctrl+click doesn't work as it should. > Please go ahead; sorry for the delay. Regards, Adam
Bug#1012021: yarnpkg: segfault while building greenbone-security-assistant on !amd64
Package: yarnpkg Version: 1.22.19+~cs24.27.18-1 Severity: serious Tags: ftbfs Control: affects -1 + src:greenbone-security-assistant Hi, greenbone-security-assistant fails to built on most (all?) architectures except amd64. There seems to be a segmentation fault during a yarnpkg call: debian/rules build dh build dh_update_autotools_config dh_autoreconf debian/rules override_dh_auto_build make[1]: Entering directory '/build/greenbone-security-assistant-21.4.4' dh_auto_build yarnpkg yarn install v1.22.19 [1/5] Validating package.json... [2/5] Resolving packages... [3/5] Fetching packages... make[1]: *** [debian/rules:13: override_dh_auto_build] Segmentation fault make[1]: Leaving directory '/build/greenbone-security-assistant-21.4.4' make: *** [debian/rules:9: build] Error 2 Andreas greenbone-security-assistant_21.4.4-1.log.gz Description: application/gzip
Bug#1004882: crystal: switch to llvm-toolchain-13
Control: severity -1 serious Hi, On Fri, 1 Apr 2022 19:32:34 +0200 Paul Gevers wrote: On Wed, 2 Feb 2022 22:42:10 +0100 Sebastian Ramacher wrote: > The current default version of llvm is llvm-toolchain-13. To reduce the > number of llvm versions, please consider switchting to llvm-toolchain-13 > (or the unversioned counterpart). Or if that really doesn't work at this moment, we prefer you to go back to llvm-toolchain-11. This package is the second from last package holding llvm-toolchain-12 in testing. We'll raise the severity of this bug soon. This package is now the last standing in the way of removing llvm-toolchain-12. Bumping severity. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1009659: bullseye-pu: package spyder/4.2.1+dfsg1-3
Control: tags -1 + confirmed On Wed, 2022-04-13 at 19:46 +0100, Julian Gilbey wrote: > The bug is reported in https://bugs.debian.org/989660 > I didn't spot it at the time because I'm only an uploader, not the > named maintainer, and had forgotten to check the BTS. Sorry about > that. The bug was present in version 4.2.1 of Spyder, but was fixed > by upstream in version 4.2.2. > The metadata for that bug indicates that it still affects the version of spyder present in unstable and testing. Given the above description, I'm assuming that this is simply an oversight in the metadata. Assuming that's correct, please feel free to go ahead with the upload, but please do add an appropriate fixed version to #989660 so that the BTS knows the correct state. FWIW, I think the patch actually ends up being relatively simple if one excludes the changes in indentation that result; a version with the equivalent of "diff -w" applied would potentially be helpful to confirm. Regards, Adam
Bug#1009363: bullseye-pu: package ruby-net-ssh/1:6.1.0-2+deb11u1
Control: tags -1 + confirmed On Tue, 2022-04-12 at 09:40 -0300, Antonio Terceiro wrote: > OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm, > and > that breaks clients that do not support stronger algorithms, which is > the case of the ruby-net-ssh version in bullseye. > > [ Impact ] > Users of vagrant and capistrano, for example, are not able to connect > to hosts running OpenSSH 8.8, which includes Debian bookworm but also > other distributions where OpenSSH 8.8. is already available. > [...] > The patches are backports of the relevant upstream patches. The first > adds support for client authentication with RSA + SHA-2. The second > adds > support for RSA+SHA-2 in host keys. > Please go ahead. Regards, Adam
Bug#1009250: bullseye-pu: fribidi/1.0.8-2+deb11u1
Control: tags -1 + confirmed d-i On Sat, 2022-04-09 at 23:04 +, Thorsten Alteholz wrote: > > The attached debdiff for fribidi fixes CVE-2022-25308, CVE-2022-25309 > and > CVE-2022-25310 in Bullseye. These CVEs have been marked as no-dsa by > the > security team. This looks OK to me, thanks, but will need a KiBi-ack as fribidi produces a udeb; CCing and tagging accordingly. Regards, Adam
Bug#1009345: bullseye-pu: package node-moment/2.29.1+ds-2+deb11u1
Control: tags -1 + confirmed On Tue, 2022-04-12 at 06:39 +0200, Yadd wrote: > node-moment is vulnerable to path traversal (#1009327, CVE-2022- > 24785) > Please go ahead. Regards, Adam
Bug#1011556: dh-octave: provide dh-sequence-octave virtual package, dh_auto_install to debian/tmp
Thanks for this bug report and for the patch, Nicolas.
I integrated your commits into the Git repository of the dh-package at
Salsa, on a side branch called bug-1011556 [1].
I had to make a series of adjustments to your code, in order to have it
working correctly, namely :
* buildsystem.pm: use Debian::Debhelper::Dh_Lib [2]
* buildsystem.pm: Avoid wildcards in doit calls [3]
* dh_octave_make.in: Use dh-sequence-octave in Build-Depends [4]
* buildsystem.pm: Check whether directories exist before acting on them [5]
Please, check whether this changes suit you.
I tested the resulting dh-octave, by building a couple of Octave-Forge
packages against it, after changing the Buidl-Depends from dh-octave to
dh-sequence-octave and removing "--with=octave" from debian/rules.
Everything seems to work. However, since the changes are quite
substantial in relation to the previously released version of dh-octave,
It would be great if other members of the DOG can revise them before
releasing a new version of the package.
Best,
Rafael
[1] https://salsa.debian.org/pkg-octave-team/dh-octave/-/tree/bug-1011556
[2] https://salsa.debian.org/pkg-octave-team/dh-octave/-/commit/a5957eb5
[3] https://salsa.debian.org/pkg-octave-team/dh-octave/-/commit/0b51e820
[4] https://salsa.debian.org/pkg-octave-team/dh-octave/-/commit/1c8bbf2c
[5] https://salsa.debian.org/pkg-octave-team/dh-octave/-/commit/d0ff2a4b
* Nicolas Boulenguez [2022-05-24 23:11]:
Package: dh-octave
Severity: wishlist
Tags: patch
Hello.
The attached suggestions may simplify the use of dh-octave, especially
for source packages building several binary packages.
From 8f56b92d51e122a8c50e12c0c14da0c37bba6acb Mon Sep 17 00:00:00 2001
From: Nicolas Boulenguez
Date: Tue, 24 May 2022 21:13:45 +0200
Subject: [PATCH 1/4] d/control: let dh-octave provide dh-sequence-octave
Debhelper recognizes this special formal packages in Build-Depends and
adds --with=octave to the dh parameters.
---
debian/control | 1 +
1 file changed, 1 insertion(+)
diff --git a/debian/control b/debian/control
index 8cc3d4a..280752f 100644
--- a/debian/control
+++ b/debian/control
@@ -16,6 +16,7 @@ Vcs-Git:
https://salsa.debian.org/pkg-octave-team/dh-octave.git
Rules-Requires-Root: no
Package: dh-octave
+Provides: dh-sequence-octave
Architecture: all
Depends: octave-dev,
debhelper-compat (= 13),
--
2.30.2
From e67ffe5ff0858c3722e8c100bd71b1ffed975b09 Mon Sep 17 00:00:00 2001
From: Nicolas Boulenguez
Date: Tue, 24 May 2022 22:13:54 +0200
Subject: [PATCH 2/4] =?UTF-8?q?install-pkg.m:=20implement=20non-octave=20p?=
=?UTF-8?q?arts=20with=20perl=E2=80=99s=20Dh=5FLib?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
buildsystem.pm | 22 +-
install-pkg.m | 23 +--
2 files changed, 22 insertions(+), 23 deletions(-)
diff --git a/buildsystem.pm b/buildsystem.pm
index 974b275..ffd3dab 100644
--- a/buildsystem.pm
+++ b/buildsystem.pm
@@ -10,13 +10,33 @@ sub DESCRIPTION {
sub install {
my $this = shift;
+my $destdir = "debian/" . sourcepackage();
+my $arch = dpkg_architecture_value("DEB_HOST_MULTIARCH");
+my $mpath = "$destdir/usr/share/octave/packages";
+my $bpath = "$destdir/usr/lib/$arch/octave/packages";
+
$this->doit_in_sourcedir ("octave",
"--no-gui",
"--no-history",
"--silent",
"--no-init-file",
"--no-window-system",
- "/usr/share/dh-octave/install-pkg.m")
+ "/usr/share/dh-octave/install-pkg.m",
+ $mpath, $bpath);
+
+doit ("rmdir", "--ignore-fail-on-non-empty", "-p", "$mpath", "$bpath");
+
+# Remove unnecessary documentation files
+doit ("rm", "-fr", "$mpath/*/doc");
+doit ("rm", "-f", "$mpath/*/packinfo/COPYING");
+
+# Fix permission of installed *.oct and *.mex files, as per FHS 3.0
+# sections 4.6 and 4.7 (see Bug#954149)
+doit ("chmod", "-x", "$bpath/*/*/*.oct");
+doit ("chmod", "-x", "$bpath/*/*/*.mex");
+
+# Remove left over files *-tst
+doit ("rm", "-f", "$bpath/*/*/*-tst");
}
sub clean {
diff --git a/install-pkg.m b/install-pkg.m
index 0a343ad..d586c13 100644
--- a/install-pkg.m
+++ b/install-pkg.m
@@ -24,12 +24,7 @@ if (exist ("./PKG_ADD") == 2)
movefile ("PKG_ADD", "PKG_ADD.bak");
endif
-package = sysout ("grep ^Source: debian/control | cut -f2 -d\\ ");
-debpkg = [pwd(), "/debian/", package];
-mpath = [debpkg, "/usr/share/octave/packages"];
-arch = sysout ("dpkg-architecture -qDEB_HOST_MULTIARCH");
-bpath = [debpkg, "/usr/lib/", arch, "/octave/packages"];
-pkg ("prefix", mpath, bpath);
+pkg ("prefix", argv(){1}, argv(){2});
pkg ("local_list", fullfile (pwd (), "local-list"));
pkg ("global_list", fullfile (pwd (), "global-list"));
@@ -41,19 +36,3 @@ if
Bug#1012020: trustedqsl: segfault when trying to renew station certificate
Package: trustedqsl Version: 2.6.2-1 Severity: normal Hi, creating this for visibility. Since I'm experiencing the issue, I will try to resolve it. Also (not related to this bug), I have an update to upstream 2.6.3 ready to upload. I am planning to wait until the auto-openssl transition completes before uploading it. When starting tqsl, I am prompted to renew my station certificate. If I select "yes," the application encounters the following segmentation fault. I'm not sure if this is an upstream bug or due to our packaging. It appears that the code on apps/certtree.cpp line 215 fails to return a valid tQSL_Cert. (Perhaps only in some circumstances?) Thread 1 "tqsl" received signal SIGSEGV, Segmentation fault. 0x556d023d in CertTree::SelectCert (this=0x5682c7f0, cert=) at ./apps/certtree.cpp:217 217 ./apps/certtree.cpp: No such file or directory. (gdb) bt #0 0x556d023d in CertTree::SelectCert(void*) (this=0x5682c7f0, cert=) at ./apps/certtree.cpp:217 #1 0x556641a5 in MyFrame::OnExpiredCertFound(wxCommandEvent&) (this=0x562bd8a0, event=) at ./apps/tqsl.cpp:3731 #2 0x777ee15e in wxEvtHandler::ProcessEventIfMatchesId(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #3 0x777ee253 in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #4 0x777ee58c in wxEvtHandler::TryHereOnly(wxEvent&) () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #5 0x777ee61b in wxEvtHandler::ProcessEventLocally(wxEvent&) () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #6 0x777ee6f1 in wxEvtHandler::ProcessEvent(wxEvent&) () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #7 0x777ef1e5 in wxEvtHandler::ProcessPendingEvents() () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #8 0x77699f27 in wxAppConsoleBase::ProcessPendingEvents() () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #9 0x77b428da in wxGUIEventLoop::YieldFor(long) () at /lib/x86_64-linux-gnu/libwx_gtk3u_core-3.0.so.0 #10 0x7769a8ed in wxAppConsoleBase::Yield(bool) () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #11 0x5562a395 in MyFrame::DoUpdateCheck(bool, bool) (this=0x562bd8a0, silent=, noGUI=) at /usr/include/wx-3.0/wx/app.h:439 #12 0x556616df in MyFrame::FirstTime() (this=0x562bd8a0) at ./apps/tqsl.cpp:6093 #13 0x55671895 in QSLApp::GUIinit(bool, bool) (this=0x55804c20, checkUpdates=, quiet=) at ./apps/tqsl.cpp:5243 #14 0x55672f9a in QSLApp::OnInit() (this=0x55804c20) at ./apps/tqsl.cpp:5460 #15 0x77714a72 in wxEntry(int&, wchar_t**) () at /lib/x86_64-linux-gnu/libwx_baseu-3.0.so.0 #16 0x5561cd1e in main(int, char**) (argc=, argv=) at ./apps/tqsl.cpp:234 -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.17.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages trustedqsl depends on: ii libc6 2.33-7 ii libcurl4 7.83.1-1+b1 ii libexpat1 2.4.8-1 ii libgcc-s1 12.1.0-2 ii liblmdb0 0.9.24-1 ii libssl3 3.0.3-5 ii libstdc++612.1.0-2 ii libwxbase3.0-0v5 3.0.5.1+dfsg-4 ii libwxgtk3.0-gtk3-0v5 3.0.5.1+dfsg-4 ii zlib1g1:1.2.11.dfsg-4 trustedqsl recommends no packages. trustedqsl suggests no packages. -- no debconf information
Bug#1011146: hipercontracer is marked for autoremoval from testing
Hi, I get the autoremoval notification (see below) for my HiPerConTracer package. HiPerConTracer clearly has no dependency on anything related to NVIDIA drivers. It is a set of simple shell tools. There is probably something wrong with the autoremoval script. Den 26.05.2022 07:02, skrev Debian testing autoremoval watch: hipercontracer 1.6.5-1 is marked for autoremoval from testing on 2022-06-30 It (build-)depends on packages with these RC bugs: 1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 https://bugs.debian.org/1011146 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl -- Best regards / Mit freundlichen Grüßen / Med vennlig hilsen === Thomas Dreibholz SimulaMet -- Simula Metropolitan Centre for Digital Engineering Centre for Resilient Networks and Applications Pilestredet 52 0167 Oslo, Norway --- E-Mail: dre...@simula.no Homepage: http://simula.no/people/dreibh === OpenPGP_signature Description: OpenPGP digital signature
Bug#1011146: bibtexconv is marked for autoremoval from testing
Hi, I get the autoremoval notification (see below) for my BibTeXConv package. BibTeXConv clearly has no dependency on anything related to NVIDIA drivers. It is a set of simple shell tools. There is probably something wrong with the autoremoval script Den 26.05.2022 06:40, skrev Debian testing autoremoval watch: bibtexconv 1.3.2-1 is marked for autoremoval from testing on 2022-06-30 It (build-)depends on packages with these RC bugs: 1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 https://bugs.debian.org/1011146 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl -- Best regards / Mit freundlichen Grüßen / Med vennlig hilsen === Thomas Dreibholz SimulaMet -- Simula Metropolitan Centre for Digital Engineering Centre for Resilient Networks and Applications Pilestredet 52 0167 Oslo, Norway --- E-Mail: dre...@simula.no Homepage: http://simula.no/people/dreibh === OpenPGP_signature Description: OpenPGP digital signature
Bug#1011146: netperfmeter is marked for autoremoval from testing
Hi, I get the autoremoval notification (see below) for my NetPerfMeter package. NetPerfMeter clearly has no dependency on anything related to NVIDIA drivers. It is a set of simple shell tools. There is probably something wrong with the autoremoval script. Den 26.05.2022 07:27, skrev Debian testing autoremoval watch: netperfmeter 1.9.2-1 is marked for autoremoval from testing on 2022-06-30 It (build-)depends on packages with these RC bugs: 1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 https://bugs.debian.org/1011146 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl -- Best regards / Mit freundlichen Grüßen / Med vennlig hilsen === Thomas Dreibholz SimulaMet -- Simula Metropolitan Centre for Digital Engineering Centre for Resilient Networks and Applications Pilestredet 52 0167 Oslo, Norway --- E-Mail: dre...@simula.no Homepage: http://simula.no/people/dreibh === OpenPGP_signature Description: OpenPGP digital signature
Bug#1011146: rsplib is marked for autoremoval from testing
Hi, I get the autoremoval notification (see below) for my RSPLIB package. RSPLIB clearly has no dependency on anything related to NVIDIA drivers. There is probably something wrong with the autoremoval script. Den 26.05.2022 07:48, skrev Debian testing autoremoval watch: rsplib 3.4.1-1 is marked for autoremoval from testing on 2022-06-30 It (build-)depends on packages with these RC bugs: 1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 https://bugs.debian.org/1011146 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl -- Best regards / Mit freundlichen Grüßen / Med vennlig hilsen === Thomas Dreibholz SimulaMet -- Simula Metropolitan Centre for Digital Engineering Centre for Resilient Networks and Applications Pilestredet 52 0167 Oslo, Norway --- E-Mail: dre...@simula.no Homepage: http://simula.no/people/dreibh === OpenPGP_signature Description: OpenPGP digital signature
Bug#1011146: subnetcalc is marked for autoremoval from testing
Hi, I get the autoremoval notification (see below) for my SubNetCalc package. SubNetCalc clearly has no dependency on anything related to NVIDIA drivers. It is a simple shell tool. There is probably something wrong with the autoremoval script. Den 26.05.2022 07:57, skrev Debian testing autoremoval watch: subnetcalc 2.4.19-1 is marked for autoremoval from testing on 2022-06-30 It (build-)depends on packages with these RC bugs: 1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 https://bugs.debian.org/1011146 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl -- Best regards / Mit freundlichen Grüßen / Med vennlig hilsen === Thomas Dreibholz SimulaMet -- Simula Metropolitan Centre for Digital Engineering Centre for Resilient Networks and Applications Pilestredet 52 0167 Oslo, Norway --- E-Mail: dre...@simula.no Homepage: http://simula.no/people/dreibh === OpenPGP_signature Description: OpenPGP digital signature
Bug#1010857: bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1
Control: tags -1 + confirmed On Thu, 2022-05-12 at 02:31 +0900, yokota wrote: > Fix CVE-2022-30333 and its corresponding RC bug. > > [ Impact ] > CVE-2022-30333 is directory traversal vulnerability. > It write to files during an extract operation on outside of > extraction > directory. > Please go ahead. Regards, Adam
Bug#1010924: bullseye-pu: package node-eventsource/1.0.7-1+deb11u1
Control: tags -1 + confirmed On Fri, 2022-05-13 at 11:30 +0200, Yadd wrote: > node-eventsource is vulnerable to sensible headers exposure > (CVE-2022-1650) > FWIW, you mean sensitive. :-) Please go ahead. Regards, Adam
Bug#1010531: bullseye-pu: package ldap-account-manager/7.4-1
Control: tags -1 + confirmed On Tue, 2022-05-03 at 20:18 +0200, Roland Gruber wrote: > Package: release.debian.org > Severity: important > p-u requests are always "normal" severity. (Fixed earlier.) [...] > Stored XSS and arbitrary image read vulnerability. > See > https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v > Please go ahead. Regards, Adam
Bug#1010439: bullseye-pu: package node-sqlite3/5.0.0+ds1-1+deb11u1
Control: tags -1 + confirmed On Sun, 2022-05-01 at 17:34 +0200, Yadd wrote: > node-sqlite3 is vulnerable to denian of service (CVE-2022-21227) > Please go ahead. Regards, Adam
Bug#1010383: bullseye-pu: package node-ejs/2.5.7-3+deb11u1
Control: tags -1 + confirmed On Sat, 2022-04-30 at 09:11 +0200, Yadd wrote: > node-ejs is vulnerable to server-side template injection > (CVE-2022-29078, #1010359) and probably to prototype pollution. > Please go ahead. Regards, Adam
Bug#1010304: bullseye-pu: package freetype/2.10.4+dfsg-1+deb11u1
Control: tags -1 + confirmed d-i On Thu, 2022-04-28 at 22:21 +1000, Hugh McMaster wrote: > This update fixes three security vulnerabilities in FreeType > 2.10.4+dfsg-1. > > - CVE-2022-27404: heap buffer overflow via invalid integer decrement > in > sfnt_init_face() and woff2_open_font(). > - CVE-2022-27405: segmentation violation via ft_open_face_internal() > when > attempting to read the value of FT_LONG face_index. > - CVE-2022-27406: segmentation violation via FT_Request_Size() when > attempting > to read the value of an unguarded face size handle. > > It would be ideal to get these fixes into Bullseye. This looks OK to me, but as freetype builds a udeb it will want a KiBi- ack; CCed and tagging accordingly. Regards, Adam
Bug#1010050: bullseye-pu: package clementine/1.4.0~rc1+git347-gfc4cb6fc7+dfsg-1+deb11u1
Control: tags -1 + confirmed On Sat, 2022-04-23 at 10:25 +0200, Florian Ernst wrote: > Clementine fails to start if the package libqt5sql5-sqlite is not > installed, i.e. clementine is missing a Depends. This was reported in > #1008312, an identical fix has already been uploaded to Unstable. > > [ Impact ] > Users need to realize that a Depends is missing that they need to > install manually. As it is, clementine might simply fail to start. > Clementine's error messages indicate that something is missing, but > finding the relevant missing package is hard for end users. > Please go ahead. Regards, Adam
Bug#1010211: bullseye-pu: package grunt/1.3.0-1+deb11u1
Control: tags -1 + confirmed On Tue, 2022-04-26 at 16:42 +0200, Yadd wrote: > grunt is vulnerable to path traversal > Please go ahead. Regards, Adam
Bug#1009726: bullseye-pu: package samba/2:4.13.13+dfsg-1+deb11u4
Control: tags -1 + confirmed On Fri, 2022-04-15 at 17:12 +0300, Michael Tokarev wrote: > Here's the proposed samba package update for bullseye. > I picked up a few patches which were missing when we > did security updates: we only picked up the security- > related patches from upstream but missed bugfixes. > Evem missed a known regression caused by two of the > security fixes in there (#999876, #1001053). > Please go ahead, with the changelog / version fixes noted in later messages. Regards, Adam
Bug#1012016: libapache-poi-java breaks octave-io autopkgtest: assert (size (d) == [1001, 2]) failed
Source: libapache-poi-java, octave-io Control: found -1 libapache-poi-java/4.0.1-4 Control: found -1 octave-io/2.6.4-1 Severity: serious Tags: sid bookworm User: debian...@lists.debian.org Usertags: breaks needs-update Dear maintainer(s), With a recent upload of libapache-poi-java the autopkgtest of octave-io fails in testing when that autopkgtest is run with the binary packages of libapache-poi-java from unstable. It passes when run with only packages from testing. In tabular form: passfail libapache-poi-java from testing4.0.1-4 octave-io from testing2.6.4-1 all others from testingfrom testing I copied some of the output at the bottom of this report. Currently this regression is blocking the migration of libapache-poi-java to testing [1]. Due to the nature of this issue, I filed this bug report against both packages. Can you please investigate the situation and reassign the bug to the right package? More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=libapache-poi-java https://ci.debian.net/data/autopkgtest/testing/amd64/o/octave-io/22169972/log.gz Testing default interface for XLSX... warning: xlsopen: no'.xlsx' spreadsheet I/O support with available interfaces. warning: xlsopen: no'.xlsx' spreadsheet I/O support with available interfaces. error: assert (size (d) == [1001, 2]) failed error: called from assert at line 107 column 11 testhelper at line 14 column 5 autopkgtest [15:22:44]: test xlsx-default OpenPGP_signature Description: OpenPGP digital signature
Bug#1012015: breezy: FTBFS: error: can't find Rust compiler
Source: breezy
Version: 3.3.0~bzr7571-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
breezy/experimental did FTBFS on all architectures:
https://buildd.debian.org/status/package.php?p=breezy=experimental
debian/rules clean
dh clean --with python3,sphinxdoc,bash_completion --buildsystem=pybuild
debian/rules override_dh_auto_clean
make[1]: Entering directory '/<>'
dh_auto_clean
I: pybuild base:239: python3.9 setup.py clean
/usr/lib/python3/dist-packages/setuptools/dist.py:493: UserWarning: Normalizing
'3.3.0.dev' to '3.3.0.dev0'
warnings.warn(tmpl.format(**locals()))
running clean
removing '/<>/.pybuild/cpython3_3.9_breezy/build' (and everything
under it)
'build/bdist.linux-x86_64' does not exist -- can't clean it
'build/scripts-3.9' does not exist -- can't clean it
running clean_rust
error: can't find Rust compiler
If you are using an outdated pip version, it is possible a prebuilt wheel is
available for this package but pip is not able to install from it. Installing
from the wheel would avoid the need for a Rust compiler.
To update pip, run:
pip install --upgrade pip
and then retry package installation.
If you did intend to build this package from source, try installing a Rust
compiler from your system package manager and ensure it is on the PATH during
installation. Alternatively, rustup (available at https://rustup.rs) is the
recommended way to download and update the Rust compiler toolchain.
E: pybuild pybuild:369: clean: plugin distutils failed with: exit code=1:
python3.9 setup.py clean
dh_auto_clean: error: pybuild --clean -i python{version} -p "3.9 3.10" returned
exit code 13
make[1]: *** [debian/rules:36: override_dh_auto_clean] Error 25
make[1]: Leaving directory '/<>'
make: *** [debian/rules:15: clean] Error 2
Andreas
Bug#1011957: aideinit fails in amanda-server processing
Hello Barry,
On Sat, May 28, 2022 at 11:34:44AM -0500, Barry Trent wrote:
> Yes! Removing all blank (and "#" comment) lines from disklist solved the
> problem on 3 different machines.
>
> So you've found the issue but, of course, blanks and comments are valid in
> the disklist and are even present in the disklist installed as a sample with
> amanda-server in DailySet1. I had to remove the DailySet1 which was still
> present on one machine to get aideinit to complete without the error.
Can you please apply the following patch and report back if it solves your
issue?
diff --git a/debian/aide.conf.d/31_aide_amanda-server
b/debian/aide.conf.d/31_aide_amanda-server
index 5750779..78424eb 100755
--- a/debian/aide.conf.d/31_aide_amanda-server
+++ b/debian/aide.conf.d/31_aide_amanda-server
@@ -66,7 +66,7 @@ for configfile in $(find /etc/amanda -name amanda.conf !
-path '/etc/amanda/temp
printf "@@define AMANDA_INDEXDIR %s\\n" "${AMANDA_INDEXDIR}"
if [ -f "disklist" ]; then
while read -r host dev rest; do
-if echo "${host}" | grep -q '^\\(#.*\\)\\?$'; then continue; fi
+if echo "${host}" | grep -q '^(#.*)?$'; then continue; fi
dev="$(echo "${dev}" | sed 's|[/:]|_|g;s|\\"||g')"
if ! skip_multiline_dle; then
printf
"!/@@{AMANDA_INDEXDIR}/%s/%s/@@{YEAR4D}[0-9]{4}_[0123]\\.gz$ f\\n" "${host}"
"${dev}"
Best regards
Hannes
Bug#1012014: r8125: fails to build module for Linux 5.17
Source: r8125 Version: 9.007.01-3 Severity: serious Tags: ftbfs Justification: fails to build from source Hi, since autopkg tests now actually attempt to build kernel modules, we quickly see that this does not work for Linux 5.17: https://ci.debian.net/data/autopkgtest/testing/amd64/r/r8125/22177051/log.gz == /var/lib/dkms/r8125/9.007.01/build/make.log == DKMS make.log for r8125-9.007.01 for kernel 5.17.0-1-amd64 (x86_64) Fri May 27 21:15:08 UTC 2022 make: Entering directory '/usr/src/linux-headers-5.17.0-1-amd64' warning: the compiler differs from the one used to build the kernel The kernel was built by: gcc-11 (Debian 11.2.0-20) 11.2.0 You are using: gcc-11 (Debian 11.3.0-3) 11.3.0 CC [M] /var/lib/dkms/r8125/9.007.01/build/r8125_n.o CC [M] /var/lib/dkms/r8125/9.007.01/build/rtl_eeprom.o CC [M] /var/lib/dkms/r8125/9.007.01/build/rtltool.o /var/lib/dkms/r8125/9.007.01/build/r8125_n.c: In function ‘rtl8125_proc_open’: /var/lib/dkms/r8125/9.007.01/build/r8125_n.c:1749:50: error: implicit declaration of function ‘PDE_DATA’; did you mean ‘NODE_DATA’? [-Werror=implicit-function-declaration] 1749 | int (*show)(struct seq_file *, void *) = PDE_DATA(inode); | ^~~~ | NODE_DATA /var/lib/dkms/r8125/9.007.01/build/r8125_n.c:1749:50: warning: initialization of ‘int (*)(struct seq_file *, void *)’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion] /var/lib/dkms/r8125/9.007.01/build/r8125_n.c: In function ‘rtl8125_get_mac_address’: /var/lib/dkms/r8125/9.007.01/build/r8125_n.c:10756:34: error: assignment of read-only location ‘*(dev->dev_addr + (sizetype)i)’ 10756 | dev->dev_addr[i] = RTL_R8(tp, MAC0 + i); | ^ ... Andreas PS: please also drop obsolete REMAKE_INITRD from debian/*.dkms
Bug#1011942: bullseye-pu: package php-guzzlehttp-psr7/1.7.0-1+deb11u1
Control: tags -1 + confirmed On Fri, 2022-05-27 at 14:19 +0200, David Prévot wrote: > The security team asked me to address #1008236 [CVE-2022-24775] via a > point release, so here I am. > Please go ahead. Regards, Adam
Bug#1011426: bullseye-pu: package tcpdump/4.99.0-2+deb11u1
Control: tags -1 + confirmed On Sun, 2022-05-22 at 16:51 +, Romain Francoise wrote: > I would like to update the AppArmor profile for tcpdump in bullseye > to > match the one in bookworm; the changes don't really qualify for a > stable > update per se, but they are trivial and would be important > quality-of-life improvements for users who are not knowledgeable > about > AppArmor and don't understand why they get -EPERM in some cases. > > The update would fix the following bugs (both "normal"): > * "AppArmor grants access to *.pcap but not *.cap" > https://bugs.debian.org/989433 > * "apparmor profile prevents -C -W" > https://bugs.debian.org/1010688 > Please go ahead, thanks. Regards, Adam
Bug#1011331: bullseye-pu: package node-raw-body/2.4.1-2+deb11u1
Control: tags -1 + moreinfo On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote: > node-raw-body embeds a patch that creates a Denial-of-Service > vulnerability into node-express. > > [ Impact ] > Security issue, a simple request can crash any express application > > [ Tests ] > I added a test that proves that bug is fixed: it fails with > node-raw-body 2.4.1-2 and succeeds with 2.4.1-2+deb11u1 > > [ Risks ] > No risk, Debian package is now exactly what upstream wrote. > > [ Checklist ] > [X] *all* changes are documented in the d/changelog > [X] I reviewed all changes and I approve them > [X] attach debdiff against the package in (old)stable > [X] the issue is verified as fixed in unstable > > [ Changes ] > Drop patch which replaced node-iconv-lite by node-iconv. > Why was that change made in the first place? The changelog entry from 2014 isn't particularly helpful. Regards, Adam
Bug#1011271: bullseye-pu: package nvidia-graphics-drivers-legacy-390xx/390.151-1~deb11u1
Control: tags -1 + confirmed On Thu, 2022-05-19 at 12:46 +0200, Andreas Beckmann wrote: > I'd like to update nvidia-graphics-drivers-legacy-390xx/non-free to a > new > upstream release fixing some CVEs. > > It comes with the same packaging fixes and improvements that already > reached stable in the > nvidia-graphics-drivers 470.103.01-3~deb11u2 > nvidia-graphics-drivers-tesla-450 450.172.01-2~deb11u1 > uploads. > Please go ahead. Regards, Adam
Bug#1012013: yaru-theme: Don't use Canonical Ltd. logo in application menu icon on non-Ubuntu distros
Package: src:yaru-theme Severity: important The Yaru theme comes with an application menu icon that uses the Ubuntu (3-dots-on-a-circle) logo. This is inappropriate for non-Ubuntu distributions and should be amended for yaru-theme in Debian. Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpNBU3TylQ_U.pgp Description: Digitale PGP-Signatur
Bug#1011022: bullseye-pu: package htmldoc/1.9.11-4+deb11u3
Control: tags -1 + confirmed On Sun, 2022-05-15 at 16:40 +0200, Håvard Flaget Aasen wrote: > Fixes three CVE's CVE-2022-24191, CVE-2022-27114 and CVE-2022-28085 > > [ Reason ] > One minor issue, two unimportant, still nice to have them all fixed > at > the same time. > > [ Impact ] > Images is now limited to 4GiB of memory usage (37837x37837 pixels). > Shouldn't really be any issue. > Please go ahead. Regards, Adam
Bug#1011198: bullseye-pu: package needrestart/3.5-4+deb11u2
Control: tags -1 + confirmed On Wed, 2022-05-18 at 08:47 +0200, Patrick Matthäi wrote: > we require a small update for stable of needrestart to fix #1005953 > This update already includes the security update from yesterday (3.5- > 4+deb11u1), > to be on the safe side I attached the full debdiff (with the approved > security update). > For reference, a diff against the security update would have been fine. > [ Reason ] > It is required, because the initial changes were introduced with a > systemd > update > > [ Impact ] > Detection of restarts does not work as excepted in every case > Please go ahead. Regards, Adam
Bug#1010963: bullseye-pu: package nginx/1.18.0-6.1
Control: tags -1 + confirmed On Sat, 2022-05-14 at 09:11 +0200, Jan Mojzis wrote: > fixes ALPACA attack CVE-2021-3618: > ALPACA is an application layer protocol content confusion attack, > exploiting TLS servers implementing different protocols but using > compatible certificates, such as multi-domain or wildcard > certificates. A MiTM attacker having access to victim's traffic at > the TCP/IP layer can redirect traffic from one subdomain to another, > resulting in a valid TLS session. This breaks the authentication of > TLS and cross-protocol attacks may be possible where the behavior of > one protocol service may compromise the other at the application > layer. > > [ Impact ] > > Similarly to smtpd_hard_error_limit in Postfix and > smtp_max_unknown_commands > in Exim, specifies the number of errors after which the connection is > closed. > Please go ahead. Regards, Adam
Bug#1011626: Nearly no icons since several releases
Control: close -1 On Sat, May 28, 2022 at 08:04:28PM +0100, Klaus Ethgen wrote: > Am Sa den 28. Mai 2022 um 19:20 schrieb Mattia Rizzolo: > > I wonder what happened that didn't update that file. > > Me too. As the last update was on 2022-05-01 which obviosly did not add > the svg format. I can only imagine some interrupted dpkg at some point in the past. Regardless, this has nothing to do with inkscape, at most with anything that registers with gdk. librsvg was last updated in January, anyway. > > Try reinstalling it: > > # apt install --reinstall librsvg2-common > > You should see a line such as: > > ... > > Processing triggers for libgdk-pixbuf-2.0-0:amd64 (2.42.8+dfsg-1) ... > > ... > > Yes, this worked as well as issuing > `/var/lib/dpkg/info/libgdk-pixbuf-2.0-0:amd64.postinst triggered > /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders` Good, I'll consider this problem solved then. Out of interest, did this take care of gimp too? -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#1012012: RFS: libcaca/0.99.beta19-3 [QA] -- text mode graphics utilities
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "libcaca": * Package name : libcaca Version : 0.99.beta19-3 Upstream Author : Sam Hocevar * URL : http://caca.zoy.org/wiki/libcaca * License : [fill in] * Vcs : https://salsa.debian.org/debian/libcaca Section : libs The source builds the following binary packages: libcaca-dev - development files for libcaca libcaca0 - colour ASCII art library caca-utils - text mode graphics utilities To access further information about this package, please visit the following URL: https://mentors.debian.net/package/libcaca/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/libc/libcaca/libcaca_0.99.beta19-3.dsc As wrote on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011570: I prepared this small QA upload with security fixes and few other small things, I don't have a big time so I would prefer another maintainer to adopt it, in the meantime if no one comes forward if I'll have enough time in the next weekends I'll do a bigger one with packaging improvements and with the new upstream version. The actual git in salsa (https://salsa.debian.org/debian/libcaca) is only an auto import not full, one small additional commit and without pristine-tar, I redid full import using pristine-tar: https://salsa.debian.org/fantu/libcaca I think is good replace it with the new one for a "better" starting repository. Changes since the last upload: libcaca (0.99.beta19-3) unstable; urgency=medium . * QA upload. * Change Vcs-* fields for git repo on salsa. * Add upstream metadata * Add debian/watch * Add debian/gbp.conf * Merge from ubuntu: - SECURITY UPDATE: Heap buffer overflow debian/patches/CVE-2021-30498-and-30499.patch: fix buffer overflows in TGA and troff exports in caca/codec/export.c. (Closes: #987278) CVE-2021-30498 CVE-2021-30499 Regards, -- Fabio Fantoni OpenPGP_signature Description: OpenPGP digital signature
Bug#1011626: Nearly no icons since several releases
Hi, Am Sa den 28. Mai 2022 um 19:20 schrieb Mattia Rizzolo: > > > If it is, then also check that > > > /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache contains > > > the same entry. > > > > Nope, that is NOT including a similar section. > > > > ~> grep -c svg /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache > > 0 > > Here is the problem. > I wonder what happened that didn't update that file. Me too. As the last update was on 2022-05-01 which obviosly did not add the svg format. > Try reinstalling it: > # apt install --reinstall librsvg2-common > You should see a line such as: > ... > Processing triggers for libgdk-pixbuf-2.0-0:amd64 (2.42.8+dfsg-1) ... > ... Yes, this worked as well as issuing `/var/lib/dpkg/info/libgdk-pixbuf-2.0-0:amd64.postinst triggered /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders` Regards Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature
Bug#1012011: recap: errors on Cron job
Package: recap Version: 2.1.0-1 Severity: normal X-Debbugs-Cc: tmcconnell...@gmail.com Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation?running cron job * What exactly did you do (or not do) that was effective (or ineffective)? install from apt-get * What was the outcome of this action? receive multiple notices about "df: /root/.cache/doc: Operation not permitted" from Cron Daemon * What outcome did you expect instead? none of these warnings *** End of the template - remove these template lines *** -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.17.0-1-rt-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages recap depends on: ii gawk 1:5.1.0-1 ii iotop 0.6-24-g733f3f8-1.1 ii iproute2 5.17.0-2 ii links 2.26-1 ii procps2:3.3.17-7+b1 ii sysstat 12.5.6-1 recap recommends no packages. recap suggests no packages. -- no debconf information
Bug#1010349: librecad: CVE-2021-21897 - heap-based buffer overflow loading a DXF file via embedded dxflib
Hello Neil, I'm triaging this vulnerability for Debian LTS / stretch. It appears librecad is not affected (all dists): - the package uses system dxflib, cf. debian/patches/debian_build.patch - while there appears to be similar vulnerable code in libraries/jwwlib/src/dl_jww-copy.cpp (grep for 'groupCode==42'), this particular file is not used in the build process AFAICT Can you confirm and update the security tracker accordingly? Cheers! Sylvain Beucler Debian LTS Team On Fri, 29 Apr 2022 11:09:43 +0100 Neil Williams wrote: Source: librecad Version: 2.1.3-3 Severity: important Tags: security X-Debbugs-Cc: codeh...@debian.org, Debian Security Team Hi, The following vulnerability was published for librecad. CVE-2021-21897[0]: | A code execution vulnerability exists in the | DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib | 3.17.0. A specially-crafted .dxf file can lead to a heap buffer | overflow. An attacker can provide a malicious file to trigger this | vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-21897 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21897 Please adjust the affected versions in the BTS as needed.
Bug#1012010: matrix-hydrogen: build-depends on no longer available node-commander (< 7)
Source: matrix-hydrogen Version: 0.1.30~dfsg-1 Severity: serious Tags: ftbfs Justification: fails to build from source Hi, matrix-hydrogen can no longer be built since one of its Build-Depends has moved on: The following packages have unmet dependencies: builddeps:matrix-hydrogen : Depends: node-commander (< 7) but 9.2.0-1 is to be installed Andreas
Bug#1011365: nvidia-cuda-toolkit 11.2.2-3+deb11u2 flagged for acceptance
package release.debian.org tags 1011365 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: nvidia-cuda-toolkit Version: 11.2.2-3+deb11u2 Explanation: use OpenJDK8 snapshots for amd64 and ppc64el; check usability of the java binary; nsight-compute: Move the 'sections' folder to a multiarch location
Bug#994622: network-manager 1.30.6-1+deb11u1 flagged for acceptance
package release.debian.org tags 994622 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: network-manager Version: 1.30.6-1+deb11u1 Explanation: new upstream stable release
Bug#1011939: hdmi2usb-mode-switch 0.0.1-2+deb11u1 flagged for acceptance
package release.debian.org tags 1011939 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: hdmi2usb-mode-switch Version: 0.0.1-2+deb11u1 Explanation: udev: Add a suffix to /dev/video device nodes to disambiguate them; move udev rules to priority 70, to come after 60-persistent-v4l.rules
Bug#1003713: libtgowt 0~git20210627.91d836d+dfsg-3~deb11u1 flagged for acceptance
package release.debian.org tags 1003713 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libtgowt Version: 0~git20210627.91d836d+dfsg-3~deb11u1 Explanation: new upstream stable release, to support newer telegram-desktop
Bug#1000355: nano 5.4-2+deb11u1 flagged for acceptance
package release.debian.org tags 1000355 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: nano Version: 5.4-2+deb11u1 Explanation: several bug fixes, including crashes
Bug#1011626: Nearly no icons since several releases
On Wed, May 25, 2022 at 04:09:51PM +0100, Klaus Ethgen wrote: > > Regardless, please try running: > > /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders > > and verify that you have a section such as this: > > It is included and looks like the section you posted. That's good. > > If it is, then also check that > > /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache contains > > the same entry. > > Nope, that is NOT including a similar section. > > ~> grep -c svg /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache > 0 Here is the problem. I wonder what happened that didn't update that file. Try reinstalling it: # apt install --reinstall librsvg2-common You should see a line such as: ... Processing triggers for libgdk-pixbuf-2.0-0:amd64 (2.42.8+dfsg-1) ... ... Which is exactly what is supposed to update loaders.cache. After that, please check whether that grep above returns something else (in my case, I get 6 matches!). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#1011359: python-scrapy 2.4.1-2+deb11u1 flagged for acceptance
package release.debian.org tags 1011359 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: python-scrapy Version: 2.4.1-2+deb11u1 Explanation: don't send authentication data with all requests [CVE-2021-41125]; don't expose cookies cross-domain when redirecting [CVE-2022-0577]
Bug#1011287: orca 3.38.2-2 flagged for acceptance
package release.debian.org tags 1011287 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: orca Version: 3.38.2-2 Explanation: fix usage with webkitgtk 2.36
Bug#1003261: postfix 3.5.13-0+deb11u1 flagged for acceptance
package release.debian.org tags 1003261 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: postfix Version: 3.5.13-0+deb11u1 Explanation: new upstream stable release; do not override user set default_transport in postinst; if-up.d: do not error out if postfix can't send mail yet
Bug#1003713: telegram-desktop 3.1.1+ds-1~deb11u2 flagged for acceptance
package release.debian.org tags 1003713 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: telegram-desktop Version: 3.1.1+ds-1~deb11u2 Explanation: new upstream stable release, restoring functionality
Bug#1012008: Updating the build-essential-mipsen Uploaders list
Source: build-essential-mipsen Version: 12.9 Severity: minor User: m...@qa.debian.org Usertags: mia-teammaint Scott James Remnant has retired, so can't work on the build-essential-mipsen package anymore (at least with this address). We are tracking their status in the MIA team and would like to ask you to remove them from the Uploaders list of the package so we can close that part of the file. (If the person is listed as Maintainer, what we are asking is to please step in as a new maintainer.) Thanks. signature.asc Description: PGP signature
Bug#1012007: Updating the build-essential Uploaders list
Source: build-essential Version: 12.9 Severity: minor User: m...@qa.debian.org Usertags: mia-teammaint Scott James Remnant has retired, so can't work on the build-essential package anymore (at least with this address). We are tracking their status in the MIA team and would like to ask you to remove them from the Uploaders list of the package so we can close that part of the file. (If the person is listed as Maintainer, what we are asking is to please step in as a new maintainer.) Thanks. signature.asc Description: PGP signature
Bug#1011962: librust-serde+derive-dev: Installation is broken
Package: librust-serde+derive-dev Version: 1.0.130-2 Followup-For: Bug #1011962 This bug exists in version 1.0.130-2 of librust-serde+derive-dev. Please close with the version that actually solves the reported issue. - Jonas
Bug#1002382: nbsphinx: FTBFS: AttributeError: module 'mistune' has no attribute 'BlockGrammar'
Control: reassign -1 src:nbconvert 6.1.0-1 Control: unarchive 1002372 Control: forcemerge 1002372 -1 Control: archive 1002372 On Wed, Dec 22, 2021 at 09:05:08AM +0100, Lucas Nussbaum wrote: > Source: nbsphinx > Version: 0.8.7+ds-1 > Severity: serious > Justification: FTBFS > Tags: bookworm sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20211220 ftbfs-bookworm > > Hi, > > During a rebuild of all packages in sid, your package failed to build > on amd64. > > Relevant part (hopefully): > > make[1]: Entering directory '/<>' > > PYTHONPATH=/<>/src python3 -m sphinx -b html doc > > /<>/debian/python-nbsphinx-doc/usr/share/doc/python-nbsphinx/html > > Running Sphinx v4.3.2 > > > > Exception occurred: > > File > > "/usr/lib/python3/dist-packages/nbconvert/filters/markdown_mistune.py", > > line 31, in > > class MathBlockGrammar(mistune.BlockGrammar): > > AttributeError: module 'mistune' has no attribute 'BlockGrammar' It is a bug in nbconvert, same as #1002372. And already fixed. -- Dmitry Shachnev signature.asc Description: PGP signature
Bug#1011510: dpkg-statoverride does *not* run chmod
Hi! On Tue, 2022-05-24 at 09:36:45 +0200, Harald Dunkel wrote: > Package: dpkg > Version: 1.20.9 > Severity: wishlist > To avoid confusion the man page to dpkg-statoverride should > mention explicitly that it does *not* run chmod or others to > actually change the access permissions to already installed > files, or to files that are not part of a Debian package, or > to files that are generated by a package maintainer script. It does not change the owner or permissions as long as --update is not used, otherwise it will change the attributes for any pathname in the filesystem regardless of it being (currently) known dpkg or not. If no --update is used, then if the pathname is "never" unpacked then it will never receive an override, yes. (I'm assuming the confusion is about the attribute change semantics and not whether it forks the chmod(1) and chown(1) tools though.) But I can see how this can be not entirely clear from the man page and I'll try to clarify. Thanks, Guillem
Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer
Paul, Thomas, thanks for digging up the old reject. Peter, I did some more digging and found one unresolved copyright issue from my previous comment as well as some fresh ones: * copyright holder Pascal Below for various scrobbler-related files is still missing * copyright holder Nick Lanham missing for savedgroupingmanager.cpp; note that copyright for both .cpp and .h is shared with Jonas Kvinge * missing entry for src/core/lazy.h * as the info for src/dbus/*.xml doesn't seem to exist anywhere in the sources, please add a comment field to that paragraph explaining what the entry is based on * the license paragraph for GPL-3 doesn't restrict the version to v3 only (other than the shortname suggesting so) and lacks a link to the full text of the license on debian systems I noticed you changed the build to qt6 and while that works fine, it does seem that at the moment qt5 is very much the standard qt release in the distribution. A quick comparison using `reverse-depends -b qt6-tools-dev` vs the same for qttools5-dev showed 6 packages build-depending on the former and around 300 on the latter. Is there any particular advantage to using qt6 for strawberry? Don't worry too much about the reprotest, sometimes these things throw a tantrum. pgpJnLp0Q7Zac.pgp Description: OpenPGP digital signature
Bug#987324: rust-hashbrown: missing ahash feature makes building hashlink crate impossible
Quoting Jonas Smedegaard (2022-05-28 16:18:26) > Quoting peter green (2022-05-28 14:49:00) > > > Package rust-ahash is now in Debian, which should help fix this bug. > > > > > > - Jonas > > > > > > I looked but the new packages don't seem to be installable. > > > > > 2 binary packages have unsatisfiable dependencies high > > > > > > The dependencies of librust-ahash+compile-time-rng-dev=0.7.6-3 cannot > > > be satisfied in unstable on amd64 because: unsatisfied dependency on > > > librust-const-random-0.1+default-dev (>= 0.1.12) | > > > librust-const-random-0.1+default-dev (>= 0.1.12) > > > The dependencies of librust-ahash-dev=0.7.6-3 cannot be satisfied in > > > unstable on amd64 because: unsatisfied dependency on > > > librust-atomic-polyfill-0.1+default-dev > > > > > Yeah - as you know (since you filed the bugreport), all packages > involving librust-once-cell-dev currently fails to build from source due > to bug#1011645 :-( > > I meant to say that the availability of the package is a step towards > this bugreport getting fixed - not that it was possible to fix right > now. Thanks for the quick fix of bug#1011645. I have now released rust-ahash with a fix for the first of the above bugs. I don't recognize librust-atomic-polyfill-0.1+default-dev being declared anywhere, however. Please double-check that you used a pristine Debian unstable system where you experience that error, and if it persists then please file a bugreport. Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#1011191: dpkg: let buildinfo record whether host architecture binaries can be executed when cross-compiling
Hi!
On Wed, 2022-05-18 at 07:26:02 +0200, Johannes Schauer Marin Rodrigues wrote:
> Package: dpkg
> Version: 1.21.7
> Severity: wishlist
> Tags: patch
> X-Debbugs-Cc: jo...@debian.org
> when cross compiling, one property of the build system that can
> influence the contents of the generate binary packages is whether or not
> the host architecture can be executed. While some platforms can natively
> execute others (like amd64 can execute i386), other combinations are
> more surprising. When installing the qemu-user-static package on a
> system with binfmt-support, then foreign architecture binaries for all
> architectures qemu supports will suddenly become executable. This is
> especially tricky because this will also transparently affect chroot
> builds with sbuild and neither schroot nor unshare isolation can prevent
> the emulation from happening. The only ways to stop automatic emulation
> are uninstalling qemu-user-static on the outside of the build chroot,
> writing 0 to /proc/sys/fs/binfmt_misc/qemu-$arch or running the build
> with QEMU_VERSION=1 (unreliable). Since transparent foreign architecture
> emulation is easily present on a developer's machine and thus
> influencing the build (even when done inside a chroot) it would be
> useful to record whether or not foreign architecture binaries can be
> executed in the buildinfo file.
Hmm right. To me it feels more like a taint flag though. The
compilation and execution of the host program feels a bit meh, but
there's certainly no other way to fetch that information otherwise.
> I attached a proof-of-concept patch that does exactly that. Since we
> cannot rely on arch-test being installed in the build environment, this
> approach cross compiles a small true.c executable for the host
> architecture. This should always work because gcc is build-essential.
> The binary outputs a small string instead of just relying on the exit
> code to guard against QEMU_VERSION=1 "disabling" of emulation. The field
> 'Can-Execute-Host-Architecture is only added when cross-compiling, i.e
> when host and build architectures mismatch.
I'm attaching the slightly revised version with few fixes/changes.
> >From 62179358b57d09fc8c6bb7a59deb128c67cbe522 Mon Sep 17 00:00:00 2001
> From: Johannes Schauer Marin Rodrigues
> Date: Wed, 18 May 2022 07:11:39 +0200
> Subject: [PATCH] dpkg-genbuildinfo: when cross-compiling add
> Can-Execute-Host-Architecture field
> +use File::Temp qw(tmpnam);
This function is marked as obsolete by POSIX, the File::Temp object
provides a nice interface that can be used instead, perhaps you used
it but were hit by ETXTBSY errors? (If so closing the descriptor fixes
the issue, which is what I've done now.) This also means we do not
need to cleanup the file as the object will do it on its destructor
when going out of scope.
> +spawn(exec => [ debarch_to_gnutriplet(get_host_arch()) . '-gcc', '-x',
> 'c', '-o', $tmpname, '-' ],
I added honoring the CC envvar, but can potentially result in building
for the build instead of host arch, as unfortunately we cannot rely on
an "external build driver" setting a coherent build environment. So
should probably go back to hardcoding it, but I'm thinking I should
move all gcc hardcoding into a new vendor-hook that gets the default
compiler name.
> +if ($? == 0 && $stdout eq "ok") {
> + $fields->{'Can-Execute-Host-Architecture'} = "true";
> +} else {
> + $fields->{'Can-Execute-Host-Architecture'} = "false";
I think a taint flag makes more sense. But it has the problem that
then you might need to check the dpkg version used to see whether
the check might have been performed, but I'm not sure whether that'd
be a concern at all? (If its own field would be strongly favored then
I think it should use the usual "yes"/"no" values used elsewhere.)
Thanks,
Guillem
From cd5f2c47f8aa60e19a7906d3e38b6e53b899a51d Mon Sep 17 00:00:00 2001
From: Johannes Schauer Marin Rodrigues
Date: Fri, 27 May 2022 01:33:19 +0200
Subject: [PATCH] dpkg-genbuildinfo: Add new can-execute-cross-built-programs
tainted flag
[guil...@debian.org:
- Use File::Temp instead of tmpnam() and push_exit_handler().
- Set a taint flag instead of a new field.
- Refactor into a function.
- Honor CC environment variable.
- Style fixes. ]
Closes: #1011191
---
scripts/dpkg-genbuildinfo.pl | 48 ++--
1 file changed, 46 insertions(+), 2 deletions(-)
diff --git a/scripts/dpkg-genbuildinfo.pl b/scripts/dpkg-genbuildinfo.pl
index e05fce048..81e4636e5 100755
--- a/scripts/dpkg-genbuildinfo.pl
+++ b/scripts/dpkg-genbuildinfo.pl
@@ -28,13 +28,15 @@ use warnings;
use List::Util qw(any);
use Cwd;
use File::Basename;
+use File::Temp;
use POSIX qw(:fcntl_h :locale_h strftime);
use Dpkg ();
use Dpkg::Gettext;
use Dpkg::Checksums;
use Dpkg::ErrorHandling;
-use Dpkg::Arch qw(get_build_arch get_host_arch debarch_eq);
+use Dpkg::IPC;
+use Dpkg::Arch qw(get_build_arch get_host_arch debarch_eq
Bug#1012006: Updating the genetic Uploaders list
Source: genetic Version: 0.1.1b+git20170527.98255cb-3 Severity: minor User: m...@qa.debian.org Usertags: mia-teammaint Angel Ramos has not been working on the genetic package for quite some time. We are tracking their status in the MIA team and would like to ask you to remove them from the Uploaders list of the package so we can close that part of the file. (If the person is listed as Maintainer, what we are asking is to please step in as a new maintainer.) Thanks. signature.asc Description: PGP signature
Bug#1011973: node-webpack-sources: autopkgtest failure TypeError: addMapping is not a function
with node-source-map 0.7 built from salsa master branch, there is only 1 failure. 26 tests were failing earlier with node-source-map 0.6. This is a red herring. The autopkgtest fails aren't related to node-source-map at all. Specifically, the tests don't fail in gbp buildpackage, but only in autopkgtest, that too only in one particular stage. That's because the __mocks__ that jest relies on are in the lib/helpers/ directory and that's not available somehow to the autopkgtest run. For example, if you do autopkgtest with --shell-fail and after it fails copy __mocks__ to /usr/share/nodejs/webpack-sources/lib/helpers and rerun the test with /usr/share/pkg-js-autopkgtest/runner it passes You can replicate it by downloading upstream code and removing `__mocks__` folder and running yarnpkg test https://wiki.debian.org/ContinuousIntegration/AutopkgtestBestPractices#Recommendations > Use upstream test-suite if they have as-installed test The jest tests are not as-installed
Bug#941825: syncthing: 2Gb index-v0.14.0.db
Control: tag -1 -moreinfo Hi Sergio, First, sorry it took me so long to follow up on this bug! [this reply has been sitting in my drafts folder for almost two years :/] With the info you've provided it looks like the issue has been resolved. Rebuilding the index was a good idea :-) That said, did the problem ever come back, or do you think it was fixed as early as Syncthing 1.1.4~ds1-5 ? If it came back, but then went away again, then maybe this bug can be closed as fixed with 1.12.1~ds1-4, or possibly as late as 1.18.6~ds1-1. If I remember correctly there was another round of database optimisations and fixes in between these two versions. Regards, Nicholas signature.asc Description: PGP signature
Bug#1009332: maxima-emacs: Imaxima fails to render latex
tags 1009332 +unreproducible thanks Greetings, and thanks for your report. Just tested in a fresh chroot, and all works fine once ghostscript is installed, which is a dependency issue that needs addressing. This would not account for your latex error. More log info please if this is still live. Take care, -- Camm Maguirec...@maguirefamily.org == "The earth is but one country, and mankind its citizens." -- Baha'u'llah
Bug#1004658: [Pkg-javascript-devel] Bug#1004658: Bug#1004658: Help to compile a wasm package
anywhere else). The job is done (see debian/rules), we just have to find the good dependencies and fix the build since built wasm isn't exactly what upstream embeds in node-source-map, maybe some unpublished work... I'm not exactly sure if the build is broken. The artifact generated by the rust code goes through multiple tools - rust-opt, rust-gc, etc... It is likely that one of these tools have changed how they work in the past 4 years. But the actual npm package and crate were all last released 4 years ago. In all, I feel like all that's happening is we are unable to build a byte to byte matching reproducible build. How exactly are we testing the output? For one the node-clean-css package seems to be doing some of its own wrapping on the originalPositionFor function and the error in clean-css tests could be because of an error in that.
Bug#939229: closed by Dmitry Smirnov (Bug#939229: fixed in golang-gogoprotobuf 1.3.0-1)
Control: affects -1 src:syncthing This bug has not affected syncthing since the following upload: syncthing (1.12.1~ds1-2) unstable; urgency=medium * golang-gogoprotobuf-dev -> golang-github-gogo-protobuf-dev. -- Alexandre Viau Thu, 04 Feb 2021 11:26:39 -0500 Cheers, Nicholas signature.asc Description: PGP signature
Bug#1012004: srpc: Unorthodox binary package content organization
Source: srpc Source-Version: 0.9.6-1 Severity: normal Hi! This package has a rather unorthodox package contents organization. There are two binary packages generated: a) libsrpc-dev: Contains the usual headers (but no .a archive nor .so symlink or linker script). b) libsrpc: Is an unversioned package (given that there's no actual shared library), that contains the .a, .so and versioned .so symlink, in addition to an IDL generator program. This is rather non-standard, and problematic for multi-arch, and is not future-proof, in case upstream starts providing/supporting a shared library. Ideally the .a archive and the .so linked script (which just redirects the linker to always use the .a archive, so there's no actual shared library), should be moved into the libsrpc-dev package as the usual convention. The versioned .so symlink (libsrpc.so.0.9.5) should be removed, as there should be no object dynamically linked against that (given that it points back to the .so linker script which does not resolve at run-time) to avoid confusion. Then the srpc_generator program would be moved into a new libsrcp-bin binary package to make this separation more clear. And the libsrpc binary package can then be dropped. (All with the required Replaces/Breaks relationships.) At that point the libsrpc-dev can be marked as Multi-Arch: same, and the libsrpc-bin (assuming the generated contents are arch-independent) can be marked Multi-Arch: foreign. If there's ever an actual shared library, then it would be packaged as say libsrpcN (with N being the SOVERSION), containing the .so.N.O shared library. Thanks, Guillem
Bug#1011957: aideinit fails in amanda-server processing
Yes! Removing all blank (and "#" comment) lines from disklist solved the problem on 3 different machines. So you've found the issue but, of course, blanks and comments are valid in the disklist and are even present in the disklist installed as a sample with amanda-server in DailySet1. I had to remove the DailySet1 which was still present on one machine to get aideinit to complete without the error. On 5/28/2022 9:46 AM, Hannes von Haugwitz wrote: Hi Barry, On Fri, May 27, 2022 at 04:29:54PM -0500, Barry Trent wrote: *** disklist zmoby.atcorp.com/ comp-root-tar symposium.atcorp.com/ comp-root-tar symposium.atcorp.com/bbbcomp-root-tar moby.atcorp.com / comp-root-tar coelacanth.atcorp.com / comp-root-tar sawfish.atcorp.com / comp-root-tar sawfish.atcorp.com /varcomp-root-tar Is there an empty line in the disklist file? If so, can you please remove this line and try again? Best regards Hannes -- Barry A. Trent 952-829-5864, x109 barry.tr...@atcorp.com smime.p7s Description: S/MIME Cryptographic Signature
Bug#857018: schroot: Setup script not running, --session-name not working
Control: tags 857018 moreinfo Mike Hommey wrote... > I installed a new machine some time ago, and setup schroot for the first > time on it... Hi, it's been a while, and I failed to reproduce your report. Can you please check whether the problems still exist on your side? Quite frankly, this feels like a broken installation (missing executable bits or some weird noexec mount) Regards, Christoph signature.asc Description: PGP signature
