Bug#1034745: ITP: node-shallow-equal -- Node.js light library to shallowly compare JavaScript objects
Package: wnpp Severity: wishlist Owner: Yadd X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: node-shallow-equal Version : 3.1.0 Upstream Contact: https://github.com/moroshko/shallow-equal/issues * URL : https://github.com/moroshko/shallow-equal * License : Expat Programming Lang: JavaScript Description : Node.js light library to shallowly compare JavaScript objects node-shallow-equal provides super light functions to deeply compare JavaScript Objects. It's a dependency of node-jss which is a dependency of Jupyterlab. It will be maintained under JS Team umbrella.
Bug#1034744: Please consider making emacs support optional
Package: dictionaries-common Version: 1.29.5 Severity: wishlist X-Debbugs-Cc: j...@joshtriplett.org As far as I can tell, the support provided by dictionaries-common makes emacs better if installed, but isn't needed if an emacs isn't installed. The maintainer scripts correctly check to see if the necessary binaries are installed before invoking them. Would it be possible to change the emacsen-common Depends to a Recommends? dictionaries-common is the only thing on my system pulling in the emacsen-common machinery, and dictionaries-common is in turn a dependency of required packages for various other programs. Thank you, Josh Triplett
Bug#1034743: ITP: node-theming -- CSS-in-JS theming solution for ReactJS
Package: wnpp Severity: wishlist Owner: Yadd X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: node-theming Version : 3.3.0 Upstream Contact: https://github.com/cssinjs/theming/issues * URL : https://github.com/cssinjs/theming * License : Expat Programming Lang: Javascript Description : CSS-in-JS theming solution for ReactJS node-theming is a CSS-in-JS theming solution for ReactJS. * ThemeProvider allows one to pass, update, merge and augment "theme" through context down react tree * withTheme allows one to receive theme and its updates in your components as a "theme" prop * createTheming allows one to integrate "theming" into its CSS-in-JS library with custom "channel" node-theming is a dependency of node-jss which is a dependency of JupyterLab. It will be maintained under JS Team umbrella.
Bug#1034737: yggdrasil: yggdrasilctl getSelf doesn't report version number
Control: tags -1 patch On Sat, Apr 22 2023 at 11:16:26 PM -04:00:00, Andres Salomon wrote: However, I can't for the life of me figure out how to tell dh-golang to actually pass that to the Go compiler. *shrug* Here we go. This patch allows both `yggdrasil --version` and `yggdrasilctl getself` to report the current version. --- a/debian/rules 2022-11-21 12:58:57.0 + +++ b/debian/rules 2023-04-23 04:25:49.437999309 + @@ -1,11 +1,18 @@ #!/usr/bin/make -f +include /usr/share/dpkg/pkg-info.mk + +LDFLAGS := -X github.com/yggdrasil-network/yggdrasil-go/src/version.buildName=yggdrasil -X github.com/yggdrasil-network/yggdrasil-go/src/version.buildVersion=$(DEB_VERSION_UPSTREAM) + DH_GOLANG_EXCLUDES:=ansible mobile export DH_GOLANG_EXCLUDES %: dh $@ --builddirectory=_build --buildsystem=golang --with=golang +override_dh_auto_build: + dh_auto_build -- -ldflags "$(LDFLAGS)" + override_dh_installsystemd: dh_installsystemd --no-enable --no-restart-on-upgrade --no-start
Bug#1034742: ITP: libcollision-2d-perl -- continuous 2d collision detection
Package: wnpp Owner: Mason James Severity: wishlist X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org * Package name: libcollision-2d-perl Version : 0.07 Upstream Author : Zach Morgan * URL : https://metacpan.org/release/Collision-2D * License : Artistic or GPL-1+ Programming Lang: Perl Description : continuous 2d collision detection Collision::2D contains sets of several geometrical classes to help you model dynamic (continuous) collisions in your programs. It is targeted for any game or other application that requires dynamic collision detection between moving circles, rectangles, and points. The package will be maintained under the umbrella of the Debian Perl Group. -- Generated with the help of dpt-gen-itp(1) from pkg-perl-tools.
Bug#1034611: Working patch found
Looks like this is the same bug as reported here: https://www.cygwin.com/bugzilla/show_bug.cgi?id=30240 And I tested the patch at this link and it worked. https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b3eff3e15576229af9bae026c5c23ee694b90389
Bug#1034741: ITP: libnet-pop3s-perl -- SSL/STARTTLS support for Net::POP3
Package: wnpp Owner: Mason James Severity: wishlist X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org * Package name: libnet-pop3s-perl Version : 0.12 Upstream Author : Tomo M. * URL : https://metacpan.org/release/Net-POP3S * License : Artistic or GPL-1+ Programming Lang: Perl Description : SSL/STARTTLS support for Net::POP3 Net::POP3S implements a wrapper for Net::POP3, enabling over-SSL/STARTTLS support. This module inherits all the methods from Net::POP3. You may use all the friendly options that came bundled with Net::POP3. You can control the SSL usage with the options of new() constructor method. 'doSSL' option is the switch, and, If you would like to control detailed SSL settings, you can set SSL_* options that are brought from IO::Socket::SSL. Please see the document of IO::Socket::SSL about these options detail. Just one method difference from the Net::POP3, you may select POP AUTH mechanism as the third option of auth() method. As of Version 3.10 of Net::POP3(libnet) includes SSL/STARTTLS capabilities, so this wrapper module's significance disappareing. The package will be maintained under the umbrella of the Debian Perl Group. -- Generated with the help of dpt-gen-itp(1) from pkg-perl-tools.
Bug#1034737: yggdrasil: yggdrasilctl getSelf doesn't report version number
So it looks like upstream's intent is to run the ./build script, which sets PKGSRC=github.com/yggdrasil-network/yggdrasil-go/src/version , runs contrib/semver/name.sh to set PKGNAME (which is just checking if on the master git branch or not; if master, print "yggdrasil"), and runs contrib/semver/version.sh --bare to set PKGVER. It then sets LDFLAGS to "-X $PKGSRC.buildName=$PKGNAME -X $PKGSRC.buildVersion=$PKGVER" So I'm guessing you can just add the following to LDFLAGS (or -ldflags): -X github.com/yggdrasil-network/yggdrasil-go/src/version.buildName=yggdrasil -X github.com/yggdrasil-network/yggdrasil-go/src/version.buildVersion=$(shell dpkg-parsechangelog -S Version) However, I can't for the life of me figure out how to tell dh-golang to actually pass that to the Go compiler. *shrug*
Bug#1034205: wayout: does not do anything
Hi Antoine! > I can't figure out how to use this program. > > The upstream README (which is actually not shipped with the Debian > package) has a few examples: > So, how does one use this? You can find a better example of wayout usage here: https://git.sr.ht/~mil/sxmo-utils/tree/f630b2bbdb712f0a3bb66778efcdf196d1d093e4/item/configs/default_hooks/sxmo_hook_desktop_widget.sh I always modify the above script because the script works out of the box on every device I've tried Sxmo on. I agree the wayout *man page* should include a better example of how to make wayout work. If you find the time, please do some trial and error and send us a patch with your improved wayout man page here: https://sxmo.org/contribute Alternatively, conky got wayland support recently and Sxmo 1.14.1 supports conky. I like wayout cause old habits die hard. Thank you for using wayout! Anjan -- w:] www.momi.ca pgp:] https://momi.ca/publickey.txt
Bug#1034740: boost1.74: reproducible builds: build date and time embedded in .html documentation
Source: boost1.74 Severity: normal Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org The build dates and timestamps are embedded in various .html documentation: https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/boost1.74.html /usr/share/doc/libboost1.74-doc/doc/html/accumulators.html Last·revised:·May·17,·2024·at·23:22:24·GMT vs. Last·revised:·April·15,·2023·at·19:43:52·GMT The attached patch fixes this by removing the date and timestamp lines from several files, and replacing documentations examples for the use of __TIME__ and __DATE__ with a fixed time and date. According to my local tests, with this patch applied, boost1.74 should build reproducibly on tests.reproducible-builds.org once it migrates to testing! There are some outstanding issues (e.g. build paths) that are only tested on unstable and experimental. Thanks for maintaining boost1.74! live well, vagrant From 7c9c189ea32470cd683939c11fabf78f0b2f3f17 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Sat, 22 Apr 2023 19:53:22 -0700 Subject: [PATCH] Remove timestamps and dates from documentation. https://reproducible-builds.org/docs/timestamps/ --- libs/circular_buffer/doc/circular_buffer.qbk | 2 -- libs/units/doc/units.qbk | 1 - tools/boostbook/xsl/html-base.xsl| 22 tools/quickbook/doc/block.qbk| 4 ++-- 4 files changed, 2 insertions(+), 27 deletions(-) diff --git a/libs/circular_buffer/doc/circular_buffer.qbk b/libs/circular_buffer/doc/circular_buffer.qbk index a7177e4c..217c42b6 100644 --- a/libs/circular_buffer/doc/circular_buffer.qbk +++ b/libs/circular_buffer/doc/circular_buffer.qbk @@ -596,8 +596,6 @@ Paul A. Bristow refactored the documentation in 2013 to use the full power of Qu [section:version_id Documentation Version Info] -Last edit to Quickbook file __FILENAME__ was at __TIME__ on __DATE__. - [tip This should appear on the pdf version (but may be redundant on a html version where the last edit date is on the first (home) page).] diff --git a/libs/units/doc/units.qbk b/libs/units/doc/units.qbk index 0c7345fc..b160ef21 100644 --- a/libs/units/doc/units.qbk +++ b/libs/units/doc/units.qbk @@ -1309,7 +1309,6 @@ the design and implementation of this library. __boostroot -Last edit to Quickbook file __FILENAME__ was at __TIME__ on __DATE__. [tip This should appear on the pdf version (but may be redundant on html).] [/ Useful on pdf version. See also Last revised timestamp on first page of html version.] diff --git a/tools/boostbook/xsl/html-base.xsl b/tools/boostbook/xsl/html-base.xsl index a1031710..cfba8727 100644 --- a/tools/boostbook/xsl/html-base.xsl +++ b/tools/boostbook/xsl/html-base.xsl @@ -234,28 +234,6 @@ set toc,title - - - - Last revised: - - - - - - - - - - - - - - - - - - diff --git a/tools/quickbook/doc/block.qbk b/tools/quickbook/doc/block.qbk index dbfdb8d2..bcf3f406 100644 --- a/tools/quickbook/doc/block.qbk +++ b/tools/quickbook/doc/block.qbk @@ -601,8 +601,8 @@ Quickbook has some predefined macros that you can already use. [table Predefined Macros [[Macro] [Meaning] [Example]] -[[[^\__DATE__]][Today's date] [__DATE__]] -[[[^\__TIME__]][The current time] [__TIME__]] +[[[^\__DATE__]][Today's date] [2022-04-20]] +[[[^\__TIME__]][The current time] [01:42:48 PM]] [[[^\__FILENAME__]][Quickbook source filename] [__FILENAME__]] ] -- 2.39.2 signature.asc Description: PGP signature
Bug#1034739: /usr/libexec/udisks2/udisksd: udisksd high CPU usage 20-25%
Package: udisks2 Version: 2.9.4-4 Severity: normal File: /usr/libexec/udisks2/udisksd X-Debbugs-Cc: witold.bary...@gmail.com Dear Maintainer, Nothing in log: root@debian:~# journalctl -u udisks2.service -f Apr 22 23:39:50 debian systemd[1]: Starting udisks2.service - Disk Manager... Apr 22 23:39:50 debian udisksd[2716]: udisks daemon version 2.9.4 starting Apr 22 23:39:50 debian udisksd[2716]: failed to load module mdraid: libbd_mdraid.so.2: cannot open shared object file: No such file or directory Apr 22 23:39:50 debian udisksd[2716]: Failed to load the 'mdraid' libblockdev plugin Apr 22 23:39:50 debian systemd[1]: Started udisks2.service - Disk Manager. Apr 22 23:39:50 debian udisksd[2716]: Acquired the name org.freedesktop.UDisks2 on the system message bus Apr 22 23:40:01 debian udisksd[2716]: Mounted /dev/sdb1 at /media/user/4EFB-0929 on behalf of uid 1000 Apr 23 02:52:18 debian udisksd[2716]: Cleaning up mount point /media/user/4EFB-0929 (device 8:17 is not mounted) Apr 23 02:52:18 debian udisksd[2716]: Unmounted /dev/sdb1 on behalf of uid 1000 CPU usage was high by udisksd before unmounting. Unmounting did not help. It is not using 100% of a core, but still 15-25% is super high CPU usage for a simple service. 0.1 second of strace snippet: root@debian:~# strace -f -p 2716 -ttt -TTT strace: Process 2716 attached with 5 threads [pid 2780] 1682218613.791992 restart_syscall(<... resuming interrupted read ...> [pid 2759] 1682218613.792072 futex(0x55e5b77a75c0, FUTEX_WAIT_PRIVATE, 7, NULL [pid 2750] 1682218613.792111 restart_syscall(<... resuming interrupted read ...> [pid 2746] 1682218613.792141 restart_syscall(<... resuming interrupted read ...> [pid 2716] 1682218613.792172 restart_syscall(<... resuming interrupted read ...> [pid 2750] 1682218613.837989 <... restart_syscall resumed>) = 1 <0.045842> [pid 2750] 1682218613.838065 write(7, "\1\0\0\0\0\0\0\0", 8) = 8 <0.22> [pid 2750] 1682218613.838188 recvmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\1\0\1\0\0\0\0\252h\4\0\247\0\0\0", iov_len=16}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 16 <0.22> [pid 2750] 1682218613.838339 poll([{fd=6, events=POLLIN}], 1, 0) = 1 ([{fd=6, revents=POLLIN}]) <0.23> [pid 2750] 1682218613.838469 recvmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\1\1o\0\30\0\0\0/org/freedesktop/UDisks2"..., iov_len=168}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 168 <0.18> [pid 2750] 1682218613.838596 write(7, "\1\0\0\0\0\0\0\0", 8) = 8 <0.14> [pid 2750] 1682218613.838668 write(7, "\1\0\0\0\0\0\0\0", 8) = 8 <0.16> [pid 2750] 1682218613.838745 poll([{fd=7, events=POLLIN}], 1, 0) = 1 ([{fd=7, revents=POLLIN}]) <0.14> [pid 2750] 1682218613.838821 read(7, "\3\0\0\0\0\0\0\0", 16) = 8 <0.14> [pid 2750] 1682218613.838935 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 <0.16> [pid 2716] 1682218613.839000 <... restart_syscall resumed>) = 1 <0.046807> [pid 2750] 1682218613.839033 poll([{fd=6, events=POLLIN}], 1, 0 [pid 2716] 1682218613.839077 read(4, [pid 2750] 1682218613.839106 <... poll resumed>) = 0 (Timeout) <0.43> [pid 2716] 1682218613.839138 <... read resumed>"\1\0\0\0\0\0\0\0", 16) = 8 <0.39> [pid 2750] 1682218613.839176 write(7, "\1\0\0\0\0\0\0\0", 8) = 8 <0.15> [pid 2750] 1682218613.839250 poll([{fd=6, events=POLLIN}, {fd=7, events=POLLIN}], 2, -1) = 1 ([{fd=7, revents=POLLIN}]) <0.16> [pid 2750] 1682218613.839339 read(7, "\1\0\0\0\0\0\0\0", 16) = 8 <0.14> [pid 2750] 1682218613.839407 poll([{fd=6, events=POLLIN}, {fd=7, events=POLLIN}], 2, -1 [pid 2716] 1682218613.840785 write(7, "\1\0\0\0\0\0\0\0", 8 [pid 2750] 1682218613.840843 <... poll resumed>) = 1 ([{fd=7, revents=POLLIN}]) <0.001401> [pid 2716] 1682218613.840876 <... write resumed>) = 8 <0.58> [pid 2750] 1682218613.840908 futex(0x7f2e2c00e6a0, FUTEX_WAIT_PRIVATE, 2, NULL [pid 2716] 1682218613.840950 futex(0x7f2e2c00e6a0, FUTEX_WAKE_PRIVATE, 1 [pid 2750] 1682218613.840981 <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) <0.43> [pid 2716] 1682218613.841114 <... futex resumed>) = 0 <0.000141> [pid 2750] 1682218613.841140 read(7, [pid 2716] 1682218613.841179 futex(0x7f2e2c00e6a0, FUTEX_WAIT_PRIVATE, 2, NULL [pid 2750] 1682218613.841210 <... read resumed>"\1\0\0\0\0\0\0\0", 16) = 8 <0.42> [pid 2750] 1682218613.841254 futex(0x7f2e2c00e6a0, FUTEX_WAKE_PRIVATE, 1) = 1 <0.17> [pid 2716] 1682218613.841317 <... futex resumed>) = 0 <0.000114> [pid 2750] 1682218613.841349 futex(0x7f2e2c00e430, FUTEX_WAIT_PRIVATE, 2, NULL [pid 2716] 1682218613.841387 futex(0x7f2e2c00e6a0, FUTEX_WAKE_PRIVATE, 1) = 0 <0.09> [pid 2716] 1682218613.841445 futex(0x7f2e2c00e430, FUTEX_WAKE_PRIVATE, 1 [pid 2750] 1682218613.841491 <... futex resumed>) = 0 <0.000113> [pid 2716] 1682218613.841518 <... futex resumed>) = 1 <0.49> [pid 2750]
Bug#1034738: ITP: libjenkins-api-perl -- wrapper around the Jenkins API
Package: wnpp Owner: Mason James Severity: wishlist X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org * Package name: libjenkins-api-perl Version : 0.18 Upstream Author : Colin Newell * URL : https://metacpan.org/release/Jenkins-API * License : Artistic or GPL-1+ Programming Lang: Perl Description : wrapper around the Jenkins API This package provides a Perl wrapper around the Jenkins API. More info for this Perl module at: https://metacpan.org/release/Jenkins-API More info for the Jenkins API at: https://jenkinsapi.readthedocs.io The package will be maintained under the umbrella of the Debian Perl Group. -- Generated with the help of dpt-gen-itp(1) from pkg-perl-tools.
Bug#969283: Not an ELinks issue
It seems they don't like Elinks's user agent. Changing it to Mozilla, access to cbc.ca worked. Clossing the issue. -- أحمد المحمودي (Ahmed El-Mahmoudy) Digital design engineer GPG KeyIDs: 4096R/A7EF5671 2048R/EDDDA1B7 GPG Fingerprints: 6E2E E4BB 72E2 F417 D066 6ABF 7B30 B496 A7EF 5761 8206 A196 2084 7E6D 0DF8 B176 BC19 6A94 EDDD A1B7 signature.asc Description: PGP signature
Bug#1034737: yggdrasil: yggdrasilctl getSelf doesn't report version number
Package: yggdrasil Version: 0.4.7-1+b5 Severity: normal I finally attempted to try out autoygg (https://github.com/MassMesh/autoygg), but autoygg-server-amd64 immediately died with: Error: Unable to parse yggdrasilctl version output, invalid version: unknown This is because it attempts to parse the "Build version" string of "yggdrasilctl getSelf", but on my system that looks like the following: Build name: unknown Build version: unknown IPv6 address: 203:5946:46a9:50a: ... IPv6 subnet:303:5946:46a9:50a::/64 Coordinates:[1 4 4] Public key: 1a6b9b956faf52609 ... Similarly, I noticed the following: dilinger@5410:~$ /usr/sbin/yggdrasil --version Build name: unknown Build version: unknown dilinger@5410:~$ It would be good to have the actual proper version in this output. -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing'), (100, 'bookworm-fasttrack') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-6-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages yggdrasil depends on: ii adduser 3.132 ii libc62.36-9 yggdrasil recommends no packages. yggdrasil suggests no packages. -- no debconf information
Bug#1034736: bullseye-pu: package pev/0.81-3+deb11u1
Package: release.debian.org Severity: important Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: david.polver...@gmail.com [ Reason ] A buffer overflow vulnerability exists in Pev 0.81 via the pe_exports function from exports.c. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution. [ Impact ] If the update isn't approved, users of pev in stable might have their systems compromised by opening a maliciously-crafted PE file. [ Tests ] None of the existing autopkgtests fail. [ Risks ] The fix is trivial and should not present any risks. Also, the fix was already applied upstream. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] The only change made to the package was the application of the existing upstream patch. [ Other info ] No other information. diff -Nru pev-0.81/debian/changelog pev-0.81/debian/changelog --- pev-0.81/debian/changelog 2021-05-05 12:09:18.0 + +++ pev-0.81/debian/changelog 2023-04-22 20:48:00.0 + @@ -1,3 +1,12 @@ +pev (0.81-3+deb11u1) bullseye; urgency=medium + + * debian/patches/0002-fix-bo-pe_exports.patch: created to fix a buffer +overflow vulnerability present on libpe's pe_exports function from exports.c +(CVE-2021-45423). Without this patch, a maliciously-crafted PE file opened +by pev utilities can trigger arbitrary code execution. (Closes: #1034725) + + -- David da Silva Polverari Sat, 22 Apr 2023 20:48:00 + + pev (0.81-3) unstable; urgency=medium * QA upload. diff -Nru pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch --- pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch1970-01-01 00:00:00.0 + +++ pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch2023-04-22 20:48:00.0 + @@ -0,0 +1,28 @@ +Description: fix a buffer overflow vulnerability (CVE-2021-45423) + A Buffer Overflow vulnerability exists in Pev 0.81 via the pe_exports function + from exports.c. The array offsets_to_Names is dynamically allocated on the + stack using exp->NumberOfFunctions as its size. However, the loop uses + exp->NumberOfNames to iterate over it and set its components value. Therefore, + the loop code assumes that exp->NumberOfFunctions is greater than ordinal at + each iteration. This can lead to arbitrary code execution. +Author: Saullo Carvalho Castelo Branco +Origin: upstream, https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32 +Bug: https://github.com/merces/libpe/issues/35 +Bug-Debian: https://bugs.debian.org/1034725 +Applied-Upstream: https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32 +Last-Update: 2023-04-22 + +--- a/lib/libpe/exports.c b/lib/libpe/exports.c +@@ -130,7 +130,10 @@ + + const uint32_t entry_name_rva = *entry_name_list; + const uint64_t entry_name_ofs = pe_rva2ofs(ctx, entry_name_rva); +- offsets_to_Names[ordinal] = entry_name_ofs; ++ ++if (ordinal < exp->NumberOfFunctions) { ++offsets_to_Names[ordinal] = entry_name_ofs; ++} + } + + // diff -Nru pev-0.81/debian/patches/series pev-0.81/debian/patches/series --- pev-0.81/debian/patches/series 2021-05-05 12:09:18.0 + +++ pev-0.81/debian/patches/series 2023-04-22 20:48:00.0 + @@ -1 +1,2 @@ 0001-widechar-off-by-one.patch +0002-fix-bo-pe_exports.patch
Bug#985150: systemd-udevd[…]: could not read from '/sys/module/acpi_cpufreq/initstate': No such device
Another user here with the same old bug on a different machine (stationary WS C422 PRO SE with Intel(R) Xeon(R) W-2235 CPU @ 3.80GHz). The journal log entries just before the offending one: Apr 23 00:34:25 AnonymousMachineName systemd-udevd[397]: Using default interface naming scheme 'v247'. Apr 23 00:34:25 AnonymousMachineName systemd-udevd[397]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable. Apr 23 00:34:25 AnonymousMachineName kernel: iwlwifi :b3:00.0 wlp179s0: renamed from wlan0 Apr 23 00:34:25 AnonymousMachineName systemd[1]: Condition check resulted in Dispatch Password Requests to Console Directory Watch being skipped. Apr 23 00:34:25 AnonymousMachineName systemd[1]: Condition check resulted in File System Check on Root Device being skipped. Apr 23 00:34:25 AnonymousMachineName systemd[1]: Condition check resulted in Rebuild Hardware Database being skipped. Apr 23 00:34:25 AnonymousMachineName systemd[1]: Condition check resulted in Platform Persistent Storage Archival being skipped. Apr 23 00:34:25 AnonymousMachineName kernel: EDAC MC0: Giving out device to module skx_edac controller Skylake Socket#0 IMC#0: DEV :64:0a.0 (INTERRUPT) Apr 23 00:34:25 AnonymousMachineName kernel: EDAC MC1: Giving out device to module skx_edac controller Skylake Socket#0 IMC#1: DEV :64:0c.0 (INTERRUPT) Apr 23 00:34:25 AnonymousMachineName systemd-udevd[406]: Using default interface naming scheme 'v247'. Apr 23 00:34:25 AnonymousMachineName systemd-udevd[406]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable. Apr 23 00:34:25 AnonymousMachineName systemd-udevd[410]: could not read from '/sys/module/acpi_cpufreq/initstate': No such device Indeed, the file and even the containing directory is absent: $ ls /sys/module/acpi_cpufreq ls: Zugriff auf '/sys/module/acpi_cpufreq' nicht möglich: Datei oder Verzeichnis nicht gefunden My nondefault lines in /etc/tlp.conf: $ egrep -v "(^$)|(^#)" /etc/tlp.conf CPU_SCALING_GOVERNOR_ON_AC=powersave CPU_SCALING_GOVERNOR_ON_BAT=powersave CPU_SCALING_MAX_FREQ_ON_AC=120 CPU_SCALING_MAX_FREQ_ON_BAT=120 DISK_SPINDOWN_TIMEOUT_ON_AC="0 241" DISK_SPINDOWN_TIMEOUT_ON_BAT="0 241" SATA_LINKPWR_ON_AC="med_power_with_dipm medium_power" SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power" Still, either tlp or sysfsutils do their frequency-setting job satisfactorily: $ cat /proc/cpuinfo | grep MHz cpu MHz : 1201.105 cpu MHz : 1200.942 cpu MHz : 1200.752 cpu MHz : 1200.079 cpu MHz : 1199.669 cpu MHz : 1199.822 cpu MHz : 1200.053 cpu MHz : 1200.007 cpu MHz : 1200.144 cpu MHz : 1200.040 cpu MHz : 1199.999 cpu MHz : 1200.186 I don't wish to uninstall tlp (my version: 1.4.0-1) because otherwise the machine might run too hot for its fully passive cooling. I have no idea whether the bug is tlp-related; please feel free to reassing or retag this report if necessary. The bug might be plymouth-related though, because the offending message disappeared when I updated a few packages to their versions from snapshots, among them plymouth from 0.9.5 to 0.9.5+git20211018-1.
Bug#1032887: unblock: llvm-toolchain-15/1:15.0.7-3
Hi Sylvestre, >> >> On 2023-03-13 14:27:52 +0100, Sylvestre Ledru wrote: [snip] >> The debdiff includes: >> The debdiff includes: >> >> llvm-toolchain-15-15.0.7/build/CMakeCache.txt >> | 3215 >> llvm-toolchain-15-15.0.7/build/CMakeDoxyfile.in >> | 289 >> llvm-toolchain-15-15.0.7/build/CMakeDoxygenDefaults.cmake >> | 695 [snip] >> >> and many more build artifacts. Could these be removed? > yeah, bizarre. I will do a repack Gentle ping on that repack :) -- Nicholas signature.asc Description: PGP signature
Bug#1034735: xdg-desktop-portal-wlr: Screen sharing is broken in Chrome and Chromium based browsers
Package: xdg-desktop-portal-wlr Version: 0.6.0-1 Severity: normal Tags: upstream Dear Maintainer, Screen sharing is completly broken on latest Chrome and Chromium based browsers. Upstream issue: https://github.com/emersion/xdg-desktop-portal-wlr/issues/266 It is addressed in 0.7.0 and I can confirm it fixed the issue as I've builded xdg-desktop-portal-wlr 0.7.0 from source and tested it on Brave. I hope we can include this release before Full Freeze, so screen sharing is not left broken on Sway and wlroots compositors for Debian 12 release. -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-7-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages xdg-desktop-portal-wlr depends on: ii libc6 2.36-9 ii libdrm2 2.4.114-1+b1 ii libgbm1 22.3.6-1+deb12u1 ii libinih155-1 ii libpipewire-0.3-0 0.3.65-3 ii libsystemd0 252.6-1 ii libwayland-client0 1.21.0-1 ii pipewire0.3.65-3 ii xdg-desktop-portal 1.16.0-2 xdg-desktop-portal-wlr recommends no packages. xdg-desktop-portal-wlr suggests no packages. -- no debconf information
Bug#1026060: mpv: dvb playback does not work anymore
Hi James, James Addison writes: > > Thanks, Nicholas! > You're welcome! Also, yes, your hypothesis about DVB support being lost when the Debian packages adapted to upstream's waf-to-meson change was correct. The way always screen for this type of thing is using the "elpa-git-timemachine" Emacs package. You checkout a repository, open debian/rules, "M-x git-timemachine", and then using the "p" key to step back through the history of the file, and then use "f" to step forward to flip back. There are other ways to achieve this results, of course. 'just saying, this was something you could have fixed, had you needed/wanted to ;) > Although I don't have a DVB device to test with locally, the fix makes sense > to me, and I'm glad to read from Alf's report that it is working. > If you have a moment, could you confirm that it didn't break smplayer for you? The release team will want confirmation on way or the other. Best, Nicholas signature.asc Description: PGP signature
Bug#1026060: Bug: #1026060 -- mpv: dvb playback does not work anymore
Dear Thomas and Alf, Thank you for confirming that this fix for DVB support works as it should. Thomas, if you have a few minutes of free time, would you please review the rest of this email, and consider verifying whether or not mpv_0.35.1-4 introduces a regression in smplayer? I hypothesise that mpv_0.35.1-3 works no better, but we need to be sure that mpv_0.35.1-4 doesn't cause any harm...if it does then smplayer will need a fix too (maybe just a rebuild). Alf writes: > (+) Video --vid=1 (h264 1280x720 50.000fps) Ok, h264. > (+) Audio --aid=1 (mp2 2ch 48000Hz) > File tags: > Title: arte HD(Unitymedia) > [ffmpeg/video] h264: co located POCs unavailable Here is a thread about what this message means: https://www.mail-archive.com/ffmpeg-devel@ffmpeg.org/msg80351.html > Using hardware decoding (vaapi). > AO: [pipewire] 48000Hz stereo 2ch s16p > VO: [gpu] 1280x720 vaapi[nv12] "nv12" is a colour space and pixel format thing. Yes, I had to look this up, because I've never seen "nv12" before. https://wiki.videolan.org/YUV > AV: 00:11:15 / 00:11:19 (99%) A-V: 0.000 Cache: 4.1s/5MB > > Hardware here is a quite old "Sundtek TV-Stick" from 2017 with their driver. > I am watching DVB-C television with it and the channels.conf is unchanged. > Thank you for noting the hardware you tested with, as well as the type of network that you're using to receive DVB. > THANKS for your fast response and the fix! > You're welcome :) > What now does not work: "smplayer". It only plays sound but no video. > SMplayer-Protocol continously spits huge amounts of these messagen: > [12:23:52:227] MPVProcess::parseLine: "[vo/vaapi] vaPutSurface() failed > (invalid parameter)" > When did this work previously? Is this a regression for non-DVB sources (like playing normal files)? "[vo/vaapi] vaPutSurface() failed (invalid parameter)" is a vaapi error emitted by mpv. I suspect that your smplayer config is different than your mpv config, and that the smplayer config is setting up vaapi acceleration and output in a wrong way. You can try running smplayer and mpv verbosely, and then comparing the output, as well as comparing their configuration. The output driver configuration should be found here: ~/.config/mpv/mpv.conf to ~/.config/smplayer2/smplayer2.ini If it's not a configuration issue, then maybe smplayer works fine with all yuv420p sources, and that it's only nv12 sources that pose a problem? It may also be that your your vaapi hardware can't handle nv12, and mpv (directly) can detect this and uses ffmpeg to convert the stream, whereas this autodetection doesn't work with smplayer+mpv. > But that's not an issue as long as "mpv" does the job. > Wonderful :) It's also important that the new mpv version doesn't cause a regression in smplayer, especially something like breaking playback of typical yuv420p files. The release team will want to know that we're not robbing Peter to pay Paul. Cheers, Nicholas signature.asc Description: PGP signature
Bug#1034550: r8168-dkms: Excessive network latency with PREEMPT_RT kernel without the R8168-dkms driver
Thanks. That is really a disappointing response because: 1. Hardware selected based on Debian 4.x kernels in Buster that operated safely was broken by the 5.10 and above kernels in Bullseye and Bookworm 2. You ask us to report a bug if the R8168-dkms package has to be used so we did, now no interest is shown in actioning the report 3. It does not address the excessive latency in the Debian RT kernel that is not present in the upstream version at kernel.org 4. It has taken a lot of work from a lot of Linuxcnc users to identify the issues before this report could be made. The official ISO release of Linuxcnc is still based on Buster so not many users ventured into the later kernels hence the delay in reporting. Linuxcnc is packaged in Bookworm so the issue will be more prevalent moving forward. I was told by a Debian developer involved in linuxcnc that if there were issues affecting us, they would be fixed. I hope something comes of this. Rod Webster VMN® www.vmn.com.au Ph: 1300 896 832 Mob: +61 435 765 611 On Sun, 23 Apr 2023 at 01:09, Ben Hutchings wrote: > On Tue, 18 Apr 2023 12:12:58 +1000 Rod Webster wrote: > [...] > > Linuxcnc uses a 1 ms realtime thread and we regularly see "Error > Finishing > > Read" reported. This error disables the connection becasue our 1 ms > thread has > > been overrun. This issue mainly affects Realtek NIC hardware and s of > real > > concern where the motion hardware could be commanding components weiging > > several thousand pounds. > [...] > > The real-time kernel packages are provided as a convenience for users > that have non-safety-critical real-time requirements, such as audio > production. > > For safety-critical applications, you must take responsibility (or find > a supplier who can) for selecting and validating software that meets > the real-time and other reliability requirements. > > As a reminder, "Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to > the extent permitted by applicable law." > > Ben. > > -- > Ben Hutchings > Theory and practice are closer in theory than in practice - John Levine >
Bug#1034734: deb-view.el: *Warnings* buffer big
X-Debbugs-Cc: Peter S. Galbraith Package: elpa-debian-el Version: 37.10 Severity: minor Warning (comp): deb-view.el:303:28: Warning: reference to free variable ‘dired-mode-map’, and: Use ‘with-current-buffer’ rather than save-excursion+set-buffer assignment to free variable ‘deb-view-find-minor-mode-map’ assignment to free variable ‘view-exit-action’ reference to free variable ‘compilation-minor-mode-map’ reference to free variable ‘deb-view-find-minor-mode-map’ reference to free variable ‘w3-current-last-buffer’ reference to free variable ‘w3-mode-map’ reference to free variable ‘w3-mutable-windows’ the function ‘Man-cleanup-manpage’ is not known to be defined. the function ‘compile-internal’ is not known to be defined. the function ‘dired-get-filename’ is not known to be defined. the function ‘print-help-return-message’ is not known to be defined. the function ‘tar-extract-other-window’ is not known to be defined. the function ‘tar-extract’ is not known to be defined. the function ‘tar-next-line’ is not known to be defined. the function ‘view-exit’ is not known to be defined. ‘beginning-of-buffer’ is for interactive use only; use ‘(goto-char (point-min))’ instead. ‘interactive-p’ is an obsolete function (as of 23.2); use ‘called-interactively-p’ instead. ‘make-variable-buffer-local’ not called at toplevel
Bug#1034289: inkscape: canvas stops updating completely when trying to edit a text box
Package: inkscape Version: 1.2.2-2+b1 Followup-For: Bug #1034289 After installing a fresh Debian bookworm system and installing the 'inkscape' package (version 1.2.2-2+b1), I can confirm that this issue is reproducible; it can be found by running: $ GTK_IM_MODULE=xim inkscape ... and from there, attempting to create or edit text objects (shortcut: 'T') within a document (for example, after creating a new blank SVG document). I'm planning to attempt a rebuild of GTK3 with the previously-attached patch[1] and then rebuilding src:inkscape against that to confirm whether the patch resolves the problem. [1] - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034289#15
Bug#1033535: installation-guide: Remove dmraid information
Control: tags -1 + pending Chris Hofstaedtler wrote (Mon, 27 Mar 2023 01:27:34 +0200): > Source: installation-guide > Version: dmraid support was removed > Severity: normal > Tags: patch > > Please remove information related to dmraid from the installation-guide. > Installer support for dmraid was removed in #864423. This has been merged into master with https://salsa.debian.org/installer-team/installation-guide/-/commit/5c2dc37f7f725b185883007cb30a052d91a1c37f Tagging this bug as pending -- Holger Wansing PGP-Fingerprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076
Bug#1034733: unblock: irony-mode/1.5.0-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Control: block -1 by 1032887 Control: affects -1 + src:irony-mode Please unblock package irony-mode [ Reason ] Users of Irony Mode expect as close to the latest LLVM for more accurate syntax checking. On Mon, 23 Jan 2023, after receiving confirmation that bookworm would have LLVM 15, I uploaded a build that uses LLVM 15, and have been waiting for it to migrate since then. [ Impact ] Without LLVM 15, and/or without irony-mode/1.5.0-5, users will to deinstall elpa-irony-mode and compile from upstream source. I believe that the popcon data indicates that this has begun to occur. [ Tests ] irony-mode/1.5.0-5 has good build-time tests as well as autopkg test, and has received three months of testing by users of sid. [ Risks ] None. Upstream is 100% LLVM 15 compatible. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock irony-mode/1.5.0-5 diff -Nru irony-mode-1.5.0/debian/changelog irony-mode-1.5.0/debian/changelog --- irony-mode-1.5.0/debian/changelog 2022-09-02 15:56:18.0 -0400 +++ irony-mode-1.5.0/debian/changelog 2023-01-23 16:04:06.0 -0500 @@ -1,3 +1,10 @@ +irony-mode (1.5.0-5) unstable; urgency=medium + + * Switch to llvm-toolchain-15, and build with libclang-15-dev, clang-15, +and llvm-15-dev. + + -- Nicholas D Steeves Mon, 23 Jan 2023 16:04:06 -0500 + irony-mode (1.5.0-4) unstable; urgency=medium * Tighten irony-server dependency to guard against the possibility of diff -Nru irony-mode-1.5.0/debian/control irony-mode-1.5.0/debian/control --- irony-mode-1.5.0/debian/control 2022-09-02 15:56:18.0 -0400 +++ irony-mode-1.5.0/debian/control 2023-01-23 16:04:06.0 -0500 @@ -6,9 +6,9 @@ Build-Depends: debhelper-compat (= 13), cmake, - libclang-14-dev, - clang-14, - llvm-14-dev, + libclang-15-dev, + clang-15, + llvm-15-dev, dh-elpa, python3-docutils Rules-Requires-Root: no
Bug#1032842: Your mail
On 22.04.23 00:01, Christoph Anton Mitterer wrote: Are all these strict dependencies, or also optionals? I haven't checked them individually, but it's pretty rare for a dependency to be optional. Maybe some of the tracing stuff might be non-essential, but I think the majority will be fundamentally required for core functionality. OpenPGP_signature Description: OpenPGP digital signature
Bug#1025446: php8.2: Please link against libatomic for "riscv64" arch
Hey Ondrej ! Could you tell us how to modify the gcc spec file to get that working ? I am trying to compile php8.2-8.2.4 on debian unstable on a starfive risc-v board. > Linux starfive 5.15.0-starfive #1 SMP Sun Mar 26 12:29:48 EDT 2023 > riscv64 GNU/Linux Manuels patch does not seem to work for me, i still get > lcrypt -lrt -lstdc++ -lrt -lm -lxml2 -lgssapi_krb5 -lkrb5 -lk5crypto > -lcom_err -lssl -lcrypto -lpcre2-8 -lz -lsodium -largon2 -lrt -ldl - > lcrypt > /usr/bin/ld: Zend/zend_execute_API.o: in function > `zend_check_arg_send_type': > ./ext-build/./Zend/zend_compile.h:1038: undefined reference to > `__atomic_exchange_1' > /usr/bin/ld: Zend/zend_atomic.o: in function > `zend_atomic_bool_exchange_ex': > ./ext-build/./Zend/zend_atomic.h:105: undefined reference to > `__atomic_exchange_1' > collect2: error: ld returned 1 exit status Thanks, KK On Sun, 15 Jan 2023 23:58:28 +0100 =?utf-8?Q?Ond=C5=99ej_Sur=C3=BD?= wrote: > This makes absolutely no sense. C11 does not specify that some random library is needed for a language feature.I would rather suggest to patch gcc to add--as-needed -latomic --no-as-neededby default, than bugging random programs using C11 (that’s 11 years ago) to link with -latomic, see:https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358;>https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358; dir="ltr" role="button" draggable="false" width="300">https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358; style="text- decoration: none" draggable="false">81358 – libatomic not automatically linked with C11 codehttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358; style="text- decoration: none" draggable="false">gcc.gnu.orghttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358; draggable="false"> That would help seamlessly bootstrap the platform right now.Ondrej-- Ondřej Surý ond...@sury.org (He/Him)On 15. 1. 2023, at 23:39, Manuel A. Fernandez Montecelo manuel.montez...@gmail.com wrote:Hi,On Sun, 4 Dec 2022 at 21:15, Manuel A. Fernandez Montecelom...@debian.org wrote:Source: php8.2Severity: wishlistTags: ftbfs patchUser: debian-ri...@lists.debian.orgUsertags: riscv64X-Debbugs-Cc: m...@debian.org, locutusofb...@debian.org, bba...@debian.orgHi,The package still in experimental builds with the changes attached, I built thepackage locally on this architecture, so please include it (or add an equivalentsolution) in the next uploads, at least before moving to unstable.Gentle ping?There are several packages (PHP modules or similar) waiting withDep-Wait on a newer version of php8.2, so it would be nice to havethis patch applied to have php8.2 building successfully and soavoiding these problems altogether.Cheers.< /span>-- Manuel A. Fernandez Montecelo manuel.montez...@gmail.com
Bug#1034732: Keep out of testing
Package: gpac Version: 2.0.0+dfsg1-2+b1 Severity: serious In some discussion between Reinhard, Sebastian and the Security team we've come to the conclusion that gpac isn't suitable to be included in a stable release. The massive influx of security issues makes that untenable (and there's no suitable LTS branch we could use, which e.g. makes ffmpeg manageable). Sebastian has already updated x264 to no longer depend on it, when x264 2:0.164.3095+gitbaee400-3 has reached testing, gpac can be dropped. The only other rdep in ccextractor, which is already out of testing due to a lack of support for ffmpeg 5. Cheers, Moritz
Bug#1034731: bullseye-pu: package pev/0.81-3
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: david.polver...@gmail.com [ Reason ] A Buffer Overflow vulnerability exists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution. [ Impact ] If the update isn't approved, users of pev in stable might have their systems compromised by opening a maliciously-crafted PE file. [ Tests ] (What automated or manual tests cover the affected code?) [ Risks ] The fix is trivial and should not present any risks. Also, the fix was already applied upstream. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] The only change made to the package was the application of the existing upstream patch. [ Other info ] No more info. diff -Nru pev-0.81/debian/changelog pev-0.81/debian/changelog --- pev-0.81/debian/changelog 2021-05-05 12:09:18.0 + +++ pev-0.81/debian/changelog 2023-04-22 20:48:00.0 + @@ -1,3 +1,11 @@ +pev (0.81-3+deb11u1) bullseye; urgency=medium + + * debian/patches/0002-fix-bo-pe_exports.patch: created to fix a buffer +overflow vulnerability present on libpe's pe_exports function +(CVE-2021-45423). (Closes: #1034725) + + -- David da Silva Polverari Sat, 22 Apr 2023 20:48:00 + + pev (0.81-3) unstable; urgency=medium * QA upload. diff -Nru pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch --- pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch1970-01-01 00:00:00.0 + +++ pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch2023-04-22 20:48:00.0 + @@ -0,0 +1,28 @@ +Description: fix a buffer overflow vulnerability (CVE-2021-45423) + A Buffer Overflow vulnerability exists in Pev 0.81 via the pe_exports function + from exports.c. The array offsets_to_Names is dynamically allocated on the + stack using exp->NumberOfFunctions as its size. However, the loop uses + exp->NumberOfNames to iterate over it and set its components value. Therefore, + the loop code assumes that exp->NumberOfFunctions is greater than ordinal at + each iteration. This can lead to arbitrary code execution. +Author: Saullo Carvalho Castelo Branco +Origin: upstream, https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32 +Bug: https://github.com/merces/libpe/issues/35 +Bug-Debian: https://bugs.debian.org/1034725 +Applied-Upstream: https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32 +Last-Update: 2023-04-22 + +--- a/lib/libpe/exports.c b/lib/libpe/exports.c +@@ -130,7 +130,10 @@ + + const uint32_t entry_name_rva = *entry_name_list; + const uint64_t entry_name_ofs = pe_rva2ofs(ctx, entry_name_rva); +- offsets_to_Names[ordinal] = entry_name_ofs; ++ ++if (ordinal < exp->NumberOfFunctions) { ++offsets_to_Names[ordinal] = entry_name_ofs; ++} + } + + // diff -Nru pev-0.81/debian/patches/series pev-0.81/debian/patches/series --- pev-0.81/debian/patches/series 2021-05-05 12:09:18.0 + +++ pev-0.81/debian/patches/series 2023-04-22 20:48:00.0 + @@ -1 +1,2 @@ 0001-widechar-off-by-one.patch +0002-fix-bo-pe_exports.patch
Bug#1034730: cryptsetup-initramfs doesn't include cryptsetup-token binaries and libraries
Package: cryptsetup-initramfs Version: 2:2.6.1-3~deb12u1 I have an encrypted root that I unlock with a fido usb key but when I power on my computer, instead of asking me to unlock with my key, it asks for a password because the initramfs doesn't include the cryptsetup token binaries. I wrote a initramfs hook to add the libcryptsetup-token-systemd-fido2 binary and the libfido2 library but it still asks for my password on boot requiring me to press enter to make the system to invoke cryptsetup and allowing me to unlock with my key. I suggest that the package is updated to automatically detect if a disk uses any tokens and to add the necessary binaries/libraries to the initramfs and to not ask for a password when a token is used. On my system, the cryptsetup token binaries are located at /usr/lib/x86_64-linux-gnu/cryptsetup. Here's the initramfs hook I wrote to somewhat fix the problem: ``` #!/bin/sh set -e PREREQ="" prereqs() { echo "${PREREQ}" } case "${1}" in prereqs) prereqs exit 0 ;; esac . /usr/share/initramfs-tools/hook-functions copy_exec /usr/lib/x86_64-linux-gnu/libfido2.so.1 copy_exec /usr/lib/x86_64-linux-gnu/cryptsetup/libcryptsetup-token-systemd-fido2.so ``` Thanks, August M.H. They / Them publickey - august.m.h@pm.me - 0x276B1AAA.asc Description: application/pgp-keys
Bug#1034729: terminator: Context Menu not showing in v2.1.3
Package: terminator Version: 2.1.3-1 Severity: important X-Debbugs-Cc: nore...@foo.com After upgrading from 2.1.2 to 2.1.3, Context menu does not show up by right-click. This bug was fixed by this PR (https://github.com/gnome-terminator/terminator/pull/725). But this package which is currently available in sid does not incorporate this fix. Context menu is arguably one of the most essential features of terminator. So I am eagerly waiting for the new release. Thanks in advance. -- System Information: Debian Release: 12.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-7-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages terminator depends on: ii gir1.2-glib-2.01.74.0-3 ii gir1.2-gtk-3.0 3.24.37-2 ii gir1.2-pango-1.0 1.50.12+ds-1 ii gir1.2-vte-2.910.70.3-1 ii gsettings-desktop-schemas 43.0-1 ii python33.11.2-1+b1 ii python3-cairo 1.20.1-5+b1 ii python3-configobj 5.0.8-1 ii python3-dbus 1.3.2-4+b1 ii python3-gi 3.42.2-3+b1 ii python3-gi-cairo 3.42.2-3+b1 ii python3-psutil 5.9.4-1+b1 Versions of packages terminator recommends: ii dbus-user-session [default-dbus-session-bus] 1.14.6-1 ii dbus-x11 [dbus-session-bus] 1.14.6-1 ii gir1.2-keybinder-3.0 0.3.2-1.1 ii gir1.2-notify-0.7 0.8.1-1 ii xdg-utils 1.1.3-4.1 terminator suggests no packages. -- no debconf information
Bug#1034691: nmu: why3_1.5.1-1+b1 frama-c_20220511-manganese-3-10
* Sebastian Ramacher [2023-04-22 16:06]: Both why3 and frama-c have been rebuilt after the last ocaml ABI change. From a quick between a build now and from the last why3, the following packages changed (that appear to be relevant): libcairo2-ocaml-dev (= [-0.6.2+dfsg-1+b1),-] {+0.6.4+dfsg-1),+} ocaml (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-base (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-compiler-libs (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-findlib (= [-1.9.3-1),-] {+1.9.6-1+b1),+} ocaml-interp (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-nox (= [-4.13.1-3),-] {+4.13.1-4), So either the change in ocaml caused the ABI to change and we probably need to rebuild the world of ocaml packages, or the ABI of why3 is influenced by libcairo2-ocaml-dev but is missing the proper dependencies. I can recreate the old ABI hash by downgrading the src:ocaml packages, i.e.: ocaml (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-base (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-compiler-libs (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-interp (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-nox (= [-4.13.1-3),-] {+4.13.1-4), I leave the decision what to do with it to you. Cheers Jochen signature.asc Description: PGP signature
Bug#1030630: mariadb: FTBFS on sparc64
Hi! After upload of MariaDB 1:10.11.2-3 the build has now different symptoms. Likewise to Bug#1029374 (ppc64) and Bug#1006529 (hppa) the errors about io_uring and somewhat random crashes are now gone. I do not know why. Comparison of latest build: https://buildd.debian.org/status/fetch.php?pkg=mariadb=sparc64=1%3A10.11.2-3=1682142981=0 sbuild (Debian sbuild) 0.85.2 (11 March 2023) on nvg5120.east.ru Kernel: Linux 6.1.0-6-sparc64-smp #1 SMP Debian 6.1.15-1 (2023-03-05) sparc64 (sparc64) Toolchain package versions: binutils_2.40-2 dpkg-dev_1.21.21 g++-12_12.2.0-12 gcc-12_12.2.0-12 libc6-dev_2.36-4 libstdc++-12-dev_12.2.0-12 libstdc++6_12.2.0-12 linux-libc-dev_6.1.20-2 vs previous build in March: https://buildd.debian.org/status/fetch.php?pkg=mariadb=sparc64=1%3A10.11.2-2=1679832953=0 sbuild (Debian sbuild) 0.85.2 (11 March 2023) on sompek.debian.net Kernel: Linux 6.1.0-7-sparc64-smp #1 SMP Debian 6.1.20-1 (2023-03-19) sparc64 (sparc64) Toolchain package versions: binutils_2.40-2 dpkg-dev_1.21.21 g++-12_12.2.0-12 gcc-12_12.2.0-12 libc6-dev_2.36-4 libstdc++-12-dev_12.2.0-12 libstdc++6_12.2.0-12 linux-libc-dev_6.1.20-1 In the latest build there are no crashes or timeouts. New/current failures are purely due to warnings from mariadb-upgrade, which will be investigated in another bug report.
Bug#1029374: mariadb: FTBFS on ppc64
For the record: After upload of MariaDB 1:10.11.2-3 the build passed and MTR completed with 1031 tests successfully. https://buildd.debian.org/status/fetch.php?pkg=mariadb=ppc64=1%3A10.11.2-3=1682058655=0 sbuild (Debian sbuild) 0.85.2 (11 March 2023) on blaauw Kernel: Linux 6.1.0-5-powerpc64 #1 SMP Debian 6.1.12-1 (2023-02-15) ppc64 (ppc64) Toolchain package versions: binutils_2.40-2 dpkg-dev_1.21.21 g++-12_12.2.0-14 gcc-12_12.2.0-14 libc6-dev_2.36-9 libstdc++-12-dev_12.2.0-14 libstdc++6_12.2.0-14 linux-libc-dev_6.1.20-2
Bug#1006529: mariadb: FTBFS on hppa
For the record: After upload of MariaDB 1:10.11.2-3 the build passed. MTR was skipped because of DEB_BUILD_OPTIONS: nocheck https://buildd.debian.org/status/fetch.php?pkg=mariadb=hppa=1%3A10.11.2-3=168210=0 sbuild (Debian sbuild) 0.85.2 (11 March 2023) on mx3210 Kernel: Linux 6.1.24+ #1 SMP Sat Apr 15 15:43:47 UTC 2023 hppa (parisc64) Toolchain package versions: binutils_2.40-2 dpkg-dev_1.21.21 g++-12_12.2.0-14 gcc-12_12.2.0-14 libc6-dev_2.36-9 libstdc++-12-dev_12.2.0-14 libstdc++6_12.2.0-14 linux-libc-dev_6.1.20-2
Bug#1030510: Info received (mariadb: FTBFS on s390x: timeout)
For the record: After upload of MariaDB 1:10.11.2-3 the MTR test suite failed to start (just timed out) after the build, potentially because the server binary was crashing/defect. On a third try it passed. 1: https://buildd.debian.org/status/fetch.php?pkg=mariadb=s390x=1%3A10.11.2-3=1682066999=0 E: Build killed with signal TERM after 150 minutes of inactivity 2: https://buildd.debian.org/status/fetch.php?pkg=mariadb=s390x=1%3A10.11.2-3=1682102108=0 E: Build killed with signal TERM after 150 minutes of inactivity 3: https://buildd.debian.org/status/fetch.php?pkg=mariadb=s390x=1%3A10.11.2-3=1682123620=0 Completed: All 1028 tests were successful. All builds had: sbuild (Debian sbuild) 0.81.2+deb11u1 (31 August 2022) on zani.debian.org Kernel: Linux 5.10.0-21-s390x #1 SMP Debian 5.10.162-1 (2023-01-21) s390x (s390x)
Bug#1034727: postfix-policyd-spf-python: Update logcheck regex
Package: postfix-policyd-spf-python Version: 3.0.4-1 Severity: important Tags: bookworm patch I updated one of my servers from bullseye to bookworm this weekend and discovered a couple of issues with the logcheck regex shipped with postfix-policyd-spf-python: * The "+" at the beginning of the line causes grep 3.8 to emit the message "grep: warning: + at start of expression" every time logcheck is invoked * logcheck in bookworm defaults to checking the systemd journal, which uses high-resolution timestamps; the current pattern will not match those * The format of the message to be ignored has changed sometime before bullseye, so the logcheck rule as-is isn't actually doing anything I have attached a patch to update the rule, and tested it with rsyslog output (from bullseye and bookworm), as well as journald output from bookworm, and it appears to work correctly. Please consider applying the patch and uploading a new version of postfix-policyd-spf- python so this fix can be included in the bookworm release. Thanks, Mathias diff --git a/debian/logcheck/postfix-policyd-spf-python b/debian/logcheck/postfix-policyd-spf-python index 7abdccf..07a87b1 100644 --- a/debian/logcheck/postfix-policyd-spf-python +++ b/debian/logcheck/postfix-policyd-spf-python @@ -1,2 +1 @@ -+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ policyd-spf\[[0-9]+\]: (Pass|Neutral|None|Softfail|Fail|Temperror|Permerror); identity=(helo|mailfrom); client-ip=[0-9a-f.:]+; helo=.*; envelope-from=.*; receiver= - +^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ policyd-spf\[[0-9]+\]:( :)? prepend Received-SPF: (Pass|Neutral|None|Softfail|Fail|Temperror|Permerror) \((helo|mailfrom)\) identity=(helo|mailfrom); client-ip=[0-9a-f.:]+; helo=.*; envelope-from=.*; receiver= signature.asc Description: This is a digitally signed message part
Bug#1034726: [INTL:es] Spanish translation of the debconf template
Package: tryton-server Severity: wishlist Tags: patch l10n Hello, You can find enclosed the Spanish translation template to be uploaded with the latest package build. Cheers, -- Camaleón# tryton-server po-debconf translation to Spanish. # Copyright (C) 2022 # This file is distributed under the same license as the tryton-server package. # Camaleón , 2022. # msgid "" msgstr "" "Project-Id-Version: tryton-server\n" "Report-Msgid-Bugs-To: tryton-ser...@packages.debian.org\n" "POT-Creation-Date: 2022-09-27 21:21+0200\n" "PO-Revision-Date: 2023-04-22 19:48+0200\n" "Last-Translator: Camaleón \n" "Language-Team: Debian Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Poedit 2.4.2\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: string #. Description #: ../tryton-server-postgresql.templates:1001 msgid "Initial admin password for Tryton:" msgstr "Contraseña inicial del administrador de Tryton:" #. Type: string #. Description #: ../tryton-server-postgresql.templates:1001 msgid "" "A superuser account named \"admin\" will be created for the Tryton database. " "Please specify the password that this account should require for the initial " "login." msgstr "" "Se creará una cuenta de súperusuario llamada «admin» para la base de datos " "de Tryton. Indique la contraseña que debe solicitar esta cuenta para el " "primer inicio de sesión." #. Type: string #. Description #: ../tryton-server-postgresql.templates:1001 msgid "" "If it is left empty a random password will be used. You can reset this " "password from the command line with" msgstr "" "Si la deja en blanco, se usará una contraseña aleatoria. Podrá restablecer " "esta contraseña desde la línea de órdenes con" #. Type: string #. Description #: ../tryton-server-postgresql.templates:1001 msgid "" "$ sudo -u tryton trytond-admin -c /etc/tryton/trytond.conf --password -d " "" msgstr "" "$ sudo -u tryton trytond-admin -c /etc/tryton/trytond.conf --password -d " "" #. Type: string #. Description #: ../tryton-server-postgresql.templates:1001 msgid "" "Note: The initialization of the database may take some time; please be " "patient." msgstr "" "Nota: La inicialización de la base de datos puede llevar algún tiempo, tenga " "paciencia." #. Type: string #. Description #: ../tryton-server-postgresql.templates:2001 msgid "Email address for the admin user:" msgstr "Dirección de correo electrónico del usuario administrador:" #. Type: string #. Description #: ../tryton-server-postgresql.templates:2001 msgid "" "Please specify a valid email address that should receive administrative " "messages from the Tryton server." msgstr "" "Indique la dirección de correo electrónico que recibirá los mensajes " "administrativos del servidor Tryton." #. Type: boolean #. Description #: ../tryton-server-uwsgi.templates:1001 msgid "Set up Tryton server workers?" msgstr "" "¿Desea configurar los servicios de trabajo (workers) del servidor Tryton?" #. Type: boolean #. Description #: ../tryton-server-uwsgi.templates:1001 msgid "" "Some Tryton server tasks can be performed asynchronously in the background " "by workers in a task queue." msgstr "" "Algunas tareas del servidor Tryton las pueden ejecutar servicios de trabajo " "en segundo plano de manera asíncrona en una cola de tareas." #. Type: boolean #. Description #: ../tryton-server-uwsgi.templates:1001 msgid "" "If enabled, the workers can automatically perform tasks such as the " "processing of sales, invoices, or purchases removing the need to execute " "particular workflow steps manually in the clients and wait for them to " "finish." msgstr "" "Si activa esta opción, los servicios de trabajo pueden ejecutar " "automáticamente las tareas como procesamiento de ventas, facturas o compras, " "evitando la necesidad de ejecutar manualmente determinados pasos del flujo " "de trabajo en los clientes y esperar a que finalicen." #. Type: boolean #. Description #: ../tryton-server-uwsgi.templates:2001 msgid "Set up a Tryton scheduler?" msgstr "¿Desea configurar un programador para el servidor Tryton?" #. Type: boolean #. Description #: ../tryton-server-uwsgi.templates:2001 msgid "" "Tryton server has its own internal \"cron\" scheduler which can run periodic " "database-maintenance tasks (configured using the Tryton clients). Please " "specify whether it should be enabled." msgstr "" "El servidor Tryton tiene su propio programador «cron» interno que puede " "ejecutar tareas periódicas de mantenimiento en la base de datos " "(configuradas utilizando los clientes Tryton). Indique si desea activar esta " "opción." #. Type: boolean #. Description #: ../tryton-server-uwsgi.templates:2001 msgid "Note: Only one cron server should be enabled per database." msgstr "" "Nota: Sólo puede activar un único servidor cron por cada base de datos." #. Type: string #. Description #: ../tryton-server-nginx.templates:1001 msgid "Domain for the Tryton
Bug#1034725: pev: CVE-2021-45423
Source: pev X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for pev. CVE-2021-45423[0]: | A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports | function from exports.c.. The array offsets_to_Names is dynamically | allocated on the stack using exp-NumberOfFunctions as its size. | However, the loop uses exp-NumberOfNames to iterate over it and | set its components value. Therefore, the loop code assumes that | exp-NumberOfFunctions is greater than ordinal at each iteration. | This can lead to arbitrary code execution. https://github.com/merces/libpe/issues/35 https://github.com/merces/libpe/commit/9b5fedc37ccbcd23695a0e97c0fe46c999e26100 https://github.com/merces/libpe/commit/8960f7d710c4d1a43badd2bbf273721248b864f8 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-45423 https://www.cve.org/CVERecord?id=CVE-2021-45423 Please adjust the affected versions in the BTS as needed.
Bug#1034724: libyang2: CVE-2023-26917
Source: libyang2 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libyang2. CVE-2023-26917[0]: | libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL | pointer dereference via the function lysp_stmt_validate_value at | lys_parse_mem.c. https://github.com/CESNET/libyang/issues/1987 https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-26917 https://www.cve.org/CVERecord?id=CVE-2023-26917 Please adjust the affected versions in the BTS as needed.
Bug#1034723: rust-hyper: CVE-2023-26964
Source: rust-hyper X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for rust-hyper. CVE-2023-26964[0]: | An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking | occurs when the H2 component processes HTTP2 RST_STREAM frames. As a | result, the memory and CPU usage are high which can lead to a Denial | of Service (DoS). https://github.com/hyperium/hyper/issues/2877 https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39 (v0.3.17) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-26964 https://www.cve.org/CVERecord?id=CVE-2023-26964 Please adjust the affected versions in the BTS as needed.
Bug#1034722: jpeg-xl: CVE-2023-0645
Source: jpeg-xl X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for jpeg-xl. CVE-2023-0645[0]: | An out of bounds read exists in libjxl. An attacker using a | specifically crafted file could cause an out of bounds read in the | exif handler. We recommend upgrading to version 0.8.1 or past commit h | ttps://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9 | e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commit | s/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/issues/2100 https://github.com/libjxl/libjxl/pull/2101 https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0645 https://www.cve.org/CVERecord?id=CVE-2023-0645 Please adjust the affected versions in the BTS as needed.
Bug#1034721: wireshark: CVE-2023-1992 CVE-2023-1993 CVE-2023-1994
Source: wireshark X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for wireshark. CVE-2023-1992[0]: | RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to | 3.6.12 allows denial of service via packet injection or crafted | capture file https://gitlab.com/wireshark/wireshark/-/issues/18852 https://www.wireshark.org/security/wnpa-sec-2023-09.html CVE-2023-1993[1]: | LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to | 3.6.12 allows denial of service via packet injection or crafted | capture file https://gitlab.com/wireshark/wireshark/-/issues/18900 https://www.wireshark.org/security/wnpa-sec-2023-10.html CVE-2023-1994[2]: | GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 | allows denial of service via packet injection or crafted capture file https://gitlab.com/wireshark/wireshark/-/issues/18947 https://www.wireshark.org/security/wnpa-sec-2023-11.html If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-1992 https://www.cve.org/CVERecord?id=CVE-2023-1992 [1] https://security-tracker.debian.org/tracker/CVE-2023-1993 https://www.cve.org/CVERecord?id=CVE-2023-1993 [2] https://security-tracker.debian.org/tracker/CVE-2023-1994 https://www.cve.org/CVERecord?id=CVE-2023-1994 Please adjust the affected versions in the BTS as needed.
Bug#1034720: openssl: CVE-2023-1255 CVE-2023-0466 CVE-2023-0465 CVE-2023-0464
Source: openssl X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for openssl. CVE-2023-1255[0]: | Issue summary: The AES-XTS cipher decryption implementation for 64 bit | ARM platform contains a bug that could cause it to read past the input | buffer, leading to a crash. Impact summary: Applications that use the | AES-XTS algorithm on the 64 bit ARM platform can crash in rare | circumstances. The AES-XTS algorithm is usually used for disk | encryption. The AES-XTS cipher decryption implementation for 64 bit | ARM platform will read past the end of the ciphertext buffer if the | ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 | bytes. If the memory after the ciphertext buffer is unmapped, this | will trigger a crash which results in a denial of service. If an | attacker can control the size and location of the ciphertext buffer | being decrypted by an application using AES-XTS on 64 bit ARM, the | application is affected. This is fairly unlikely making this issue a | Low severity one. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb https://www.openssl.org/news/secadv/20230420.txt CVE-2023-0466[1]: | The function X509_VERIFY_PARAM_add0_policy() is documented to | implicitly enable the certificate policy check when doing certificate | verification. However the implementation of the function does not | enable the check which allows certificates with invalid or incorrect | policies to pass the certificate verification. As suddenly enabling | the policy check could break existing deployments it was decided to | keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() | function. Instead the applications that require OpenSSL to perform | certificate policy check need to use X509_VERIFY_PARAM_set1_policies() | or explicitly enable the policy check by calling | X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag | argument. Certificate policy checks are disabled by default in OpenSSL | and are not commonly used by applications. https://www.openssl.org/news/secadv/20230328.txt https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0) CVE-2023-0465[2]: | Applications that use a non-default option when verifying certificates | may be vulnerable to an attack from a malicious CA to circumvent | certain checks. Invalid certificate policies in leaf certificates are | silently ignored by OpenSSL and other certificate policy checks are | skipped for that certificate. A malicious CA could use this to | deliberately assert invalid certificate policies in order to | circumvent policy checking on the certificate altogether. Policy | processing is disabled by default but can be enabled by passing the | `-policy' argument to the command line utilities or by calling the | `X509_VERIFY_PARAM_set1_policies()' function. https://www.openssl.org/news/secadv/20230328.txt https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0) CVE-2023-0464[3]: | A security vulnerability has been identified in all supported versions | of OpenSSL related to the verification of X.509 certificate chains | that include policy constraints. Attackers may be able to exploit this | vulnerability by creating a malicious certificate chain that triggers | exponential use of computational resources, leading to a denial-of- | service (DoS) attack on affected systems. Policy processing is | disabled by default but can be enabled by passing the `-policy' | argument to the command line utilities or by calling the | `X509_VERIFY_PARAM_set1_policies()' function. https://www.openssl.org/news/secadv/20230322.txt https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 (openssl-3.0) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-1255 https://www.cve.org/CVERecord?id=CVE-2023-1255 [1] https://security-tracker.debian.org/tracker/CVE-2023-0466 https://www.cve.org/CVERecord?id=CVE-2023-0466 [2] https://security-tracker.debian.org/tracker/CVE-2023-0465 https://www.cve.org/CVERecord?id=CVE-2023-0465 [3] https://security-tracker.debian.org/tracker/CVE-2023-0464 https://www.cve.org/CVERecord?id=CVE-2023-0464 Please adjust the affected versions in the BTS as needed.
Bug#1034719: mysql-8.0: CVE-2023-21982 CVE-2023-21980 CVE-2023-21977 CVE-2023-21976 CVE-2023-21972 CVE-2023-21966 CVE-2023-21962 CVE-2023-21955 CVE-2023-21953 CVE-2023-21947 CVE-2023-21946 CVE-2023-21
Source: mysql-8.0 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for mysql-8.0. CVE-2023-21982[0]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21980[1]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Client programs). Supported versions that are affected are 5.7.41 and | prior and 8.0.32 and prior. Difficult to exploit vulnerability allows | low privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks require human interaction | from a person other than the attacker. Successful attacks of this | vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base | Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). CVE-2023-21977[2]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21976[3]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21972[4]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: DML). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21966[5]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: JSON). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21962[6]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Components Services). Supported versions that are affected are | 8.0.32 and prior. Easily exploitable vulnerability allows high | privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score | 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21955[7]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Partition). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21953[8]: | Vulnerability in the MySQL Server product of Oracle MySQL (component:
Bug#1033502: also happens for ppa:user/repo links
user@debian:~$ apt-cache policy software-properties-common software-properties-common: Installed: 0.99.30-4 Candidate: 0.99.30-4 Version table: *** 0.99.30-4 500 500 http://deb.debian.org/debian bookworm/main amd64 Packages 100 /var/lib/dpkg/status user@debian:~$ sudo add-apt-repository ppa:nrbrtx/xorg-hotkeys Traceback (most recent call last): File "/usr/bin/add-apt-repository", line 362, in sys.exit(0 if addaptrepo.main() else 1) ^ File "/usr/bin/add-apt-repository", line 345, in main shortcut = handler(source, **shortcut_params) ^^ File "/usr/lib/python3/dist-packages/softwareproperties/shortcuts.py", line 40, in shortcut_handler return handler(shortcut, **kwargs) ^^^ File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 86, in __init__ if self.lpppa.publish_debug_symbols: ^^ File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 126, in lpppa self._lpppa = self.lpteam.getPPAByName(name=self.ppaname) ^^^ File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 113, in lpteam self._lpteam = self.lp.people(self.teamname) ^^ AttributeError: 'NoneType' object has no attribute 'people' user@debian:~$
Bug#1034718: linux-image-6.1.0-7-amd64: error during shutdown
Package: src:linux Version: 6.1.20-2 Severity: normal Dear Maintainer, each time I shutdown this system (a Debian 11 system with the bookworm kernel), the Linux kernel outputs the following error message. This error could have been unnoticed, but: - it triggers an alarm in the iDRAC controller - it is logged by systemd in /var/lib/systemd/pstore/ This error does not occur with Debian kernels from the 5.10 branch in bullseye. Linux writes that this is a "harware error", but I see the exact same error on 2 different physical servers. Therefore it is very unlikely that the hardware is deffective. <0>[ 115.232774] {1}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 5 <0>[ 115.232776] {1}[Hardware Error]: event severity: fatal <0>[ 115.232778] {1}[Hardware Error]: Error 0, type: fatal <0>[ 115.232779] {1}[Hardware Error]: section_type: PCIe error <0>[ 115.232780] {1}[Hardware Error]: port_type: 0, PCIe end point <0>[ 115.232781] {1}[Hardware Error]: version: 3.0 <0>[ 115.232782] {1}[Hardware Error]: command: 0x0002, status: 0x0010 <0>[ 115.232783] {1}[Hardware Error]: device_id: :01:00.1 <0>[ 115.232785] {1}[Hardware Error]: slot: 6 <0>[ 115.232785] {1}[Hardware Error]: secondary_bus: 0x00 <0>[ 115.232786] {1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x1563 <0>[ 115.232787] {1}[Hardware Error]: class_code: 02 <0>[ 115.232788] {1}[Hardware Error]: aer_uncor_status: 0x0010, aer_uncor_mask: 0x00018000 <0>[ 115.232789] {1}[Hardware Error]: aer_uncor_severity: 0x000ef010 <0>[ 115.232790] {1}[Hardware Error]: TLP Header: 4001 030f 90028090 <0>[ 115.232793] Kernel panic - not syncing: Fatal hardware error! <4>[ 115.232795] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-7-amd64 #1 Debian 6.1.20-2 <4>[ 115.232798] Hardware name: Dell Inc. PowerEdge R540/0PRWNC, BIOS 2.17.1 11/17/2022 <4>[ 115.232799] Call Trace: <4>[ 115.232801] <4>[ 115.232804] dump_stack_lvl+0x44/0x5c <4>[ 115.232812] panic+0x118/0x2ed <4>[ 115.232820] __ghes_panic.cold+0x21/0x21 <4>[ 115.232826] ghes_notify_nmi+0x1db/0x370 <4>[ 115.232832] nmi_handle+0x5a/0x120 <4>[ 115.232836] ? mwait_idle_with_hints.constprop.0+0x48/0x90 <4>[ 115.232841] default_do_nmi+0x69/0x170 <4>[ 115.232844] exc_nmi+0x13c/0x170 <4>[ 115.232847] end_repeat_nmi+0x16/0x67 <4>[ 115.232850] RIP: 0010:mwait_idle_with_hints.constprop.0+0x48/0x90 <4>[ 115.232853] Code: 48 89 d1 65 48 8b 04 25 c0 fb 01 00 0f 01 c8 48 8b 00 a8 08 75 14 66 90 0f 00 2d 2f 50 b1 00 b9 01 00 00 00 48 89 f8 0f 01 c9 <65> 48 8b 04 25 c0 fb 01 00 f0 80 60 02 df f0 83 44 24 fc 00 48 8b <4>[ 115.232855] RSP: 0018:ae803e18 EFLAGS: 0046 <4>[ 115.232857] RAX: 0020 RBX: bf363f234950 RCX: 0001 <4>[ 115.232859] RDX: RSI: ae99ea20 RDI: 0020 <4>[ 115.232860] RBP: 0003 R08: 0002 R09: 3a518aaa <4>[ 115.232862] R10: 0018 R11: 8bf6 R12: ae99ea20 <4>[ 115.232863] R13: ae99ea20 R14: 0003 R15: <4>[ 115.232867] ? mwait_idle_with_hints.constprop.0+0x48/0x90 <4>[ 115.232871] ? mwait_idle_with_hints.constprop.0+0x48/0x90 <4>[ 115.232873] <4>[ 115.232874] <4>[ 115.232875] intel_idle_ibrs+0x7e/0x90 <4>[ 115.232879] cpuidle_enter_state+0x89/0x420 <4>[ 115.232883] cpuidle_enter+0x29/0x40 <4>[ 115.232885] do_idle+0x20c/0x2b0 <4>[ 115.232890] cpu_startup_entry+0x19/0x20 <4>[ 115.232893] rest_init+0xcb/0xd0 <4>[ 115.232897] arch_call_rest_init+0xa/0x14 <4>[ 115.232902] start_kernel+0x6fe/0x727 <4>[ 115.232905] secondary_startup_64_no_verify+0xe5/0xeb <4>[ 115.232912] <0>[ 115.232970] Kernel Offset: 0x2bc0 from 0x8100 (relocation range: 0x8000-0xbfff) -- Package-specific info: ** Version: Linux version 6.1.0-7-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.20-2 (2023-04-08) ** Command line: BOOT_IMAGE=/boot/vmlinuz-6.1.0-7-amd64 root=UUID=d4026c7c-61cc-435f-81c5-76194e22454e ro quiet ** Not tainted ** Kernel log: Unable to read kernel log; any relevant messages should be attached ** Model information sys_vendor: Dell Inc. product_name: PowerEdge R540 product_version: chassis_vendor: Dell Inc. chassis_version: bios_vendor: Dell Inc. bios_version: 2.17.1 board_vendor: Dell Inc. board_name: 0PRWNC board_version: A07 ** Loaded modules: intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel nls_ascii nls_cp437 vfat fat kvm irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic aesni_intel ipmi_ssif mgag200 crypto_simd cryptd rapl intel_cstate mei_me sg drm_shmem_helper iTCO_wdt dell_smbios mei
Bug#1034698: mm3d: Installing mm3d package installs blender, too
Package: mm3d Version: 1.3.12-1+b1 Followup-For: Bug #1034698 X-Debbugs-Cc: nils+debian-p...@dieweltistgarnichtso.net Dear Maintainer, I am fully aware that mm3d “recommends” blender, but I do believe that this “recommendation” is in error. Granted, both are 3D model editors. However, I have not seen any evidence that installing blender could improve or enhance mm3d usage in any way … does it? The only thing I noticed is over 330 MB more data – for a package with “Installed-Size: 3.869 kB” it is a bit excessive to recommend an alternative program that is about 2 orders of magnitude larger on disk. In which version of the package is the “recommends” field fixed? I ask because status is set to “done”. -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.15.0-0.bpo.3-amd64 (SMP w/16 CPU threads) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mm3d depends on: ii libc6 2.31-13+deb11u5 ii libgcc-s1 [libgcc1] 10.2.1-6 ii libgl1 1.3.2-1 ii libglu1-mesa [libglu1] 9.0.1-1 ii libqt5core5a5.15.2+dfsg-9 ii libqt5gui5 5.15.2+dfsg-9 ii libqt5opengl5 5.15.2+dfsg-9 ii libqt5widgets5 5.15.2+dfsg-9 ii libstdc++6 10.2.1-6 Versions of packages mm3d recommends: pn blender ii wings3d 2.2.5-1 pn yafray mm3d suggests no packages. -- no debconf information
Bug#1034684: mariadb-server: superfluous warnings in preinst
On Fri, 2023-04-21 at 16:37 -0700, Otto Kekäläinen wrote: > Hi! > > Ok, I see, your analysis seems correct. Do you want to take a stab at > submitting a Merge Request to fix it? Merge request is up: https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/44 Mathias signature.asc Description: This is a digitally signed message part
Bug#1034621: [pre-approval] unblock: arno-iptables-firewall/2.1.1-8
Control: tags -1 - moreinfo On Sat, 2023-04-22 at 11:30 +0200, Sebastian Ramacher wrote: > If this is the only change, then please go ahead. Once uploaded to > unstable, please remove the moreinfo tag. arno-iptables-firewall/2.1.1-8 has been built and installed [1]. Cheers, Sven [1] https://buildd.debian.org/status/package.php?p=arno-iptables-firewall -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585 signature.asc Description: This is a digitally signed message part
Bug#1034394: unblock: zabbix/1:6.0.14+dfsg-1
Hi All, I raised the bug report[1] that was fixed by upgrading Zabbix to 6.0.14. Currently, performing a fresh install of Debian Bookworm and then installing Zabbix will result in a non-working Zabbix (as Zabbix 6.0.13 does not work with PHP 8.2). That is not a good user experience. Therefore, it would be great if this version could be included in the release in order that anyone wanting to install Zabbix get something that works. Thanks for your consideration. Regards, Leigh. -- [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033241
Bug#1034550: r8168-dkms: Excessive network latency with PREEMPT_RT kernel without the R8168-dkms driver
On Tue, 18 Apr 2023 12:12:58 +1000 Rod Webster wrote: [...] > Linuxcnc uses a 1 ms realtime thread and we regularly see "Error Finishing > Read" reported. This error disables the connection becasue our 1 ms thread > has > been overrun. This issue mainly affects Realtek NIC hardware and s of real > concern where the motion hardware could be commanding components weiging > several thousand pounds. [...] The real-time kernel packages are provided as a convenience for users that have non-safety-critical real-time requirements, such as audio production. For safety-critical applications, you must take responsibility (or find a supplier who can) for selecting and validating software that meets the real-time and other reliability requirements. As a reminder, "Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law." Ben. -- Ben Hutchings Theory and practice are closer in theory than in practice - John Levine signature.asc Description: This is a digitally signed message part
Bug#1034648: postinst runs linux-update-symlinks before initrd exists
Control: tag -1 moreinfo On Thu, 2023-04-20 at 16:09 -0400, Joey Hess wrote: > Source: linux > Version: 6.1.20-2 > Severity: normal > > I was upgrading a slow arm board and noticed this: > > Setting up linux-image-6.1.0-7-armmp-lpae (6.1.20-2) ... > I: /vmlinuz.old is now a symlink to boot/vmlinuz-5.18.0-4-armmp-lpae > I: /initrd.img.old is now a symlink to boot/initrd.img-5.18.0-4-armmp-lpae > I: /vmlinuz is now a symlink to boot/vmlinuz-6.1.0-7-armmp-lpae > I: /initrd.img is now a symlink to boot/initrd.img-6.1.0-7-armmp-lpae > /etc/kernel/postinst.d/initramfs-tools: > update-initramfs: Generating /boot/initrd.img-6.1.0-7-armmp-lpae > > It probably took 5 minutes to generate the initrd, and until then > /initrd.img was a dangling symlink. A power failure in this wide window would > not be fun. This behaviour is intentional. The expectation is that these symlinks are used by programs that update the boot loader configuration later on, and those will be run only after the initramfs has been generated. What do you think will go wrong here? Ben. -- Ben Hutchings Theory and practice are closer in theory than in practice - John Levine signature.asc Description: This is a digitally signed message part
Bug#1034709: f3d: F3D default configuration files are not installed
Hi François, Since you rightly point that this will only be fixed with the new upstream version, I will only give information about F3D 2.0.0 Configuration files are installed as an optional cmake component with the following command: cmake --install . --component configuration By default, they will be installed into CMAKE_FULL_SYSCONFIG_DIR which should be /etc/f3d in your case. (They can also be installed in ${install_prefix}}/share/f3d/ by positioning the dedicated CMake variable: F3D_LINUX_INSTALL_DEFAULT_CONFIGURATION_FILE_IN_PREFIX but it should not be needed for you) Read more about configuration files and their locations in: https://f3d.app/doc/user/CONFIGURATION_FILE.html By the way, there are two other optional components, sdk and mimetypes. If i'm not mistaken, you should also install the mimetypes components for thumbnails to work correctly. More info here: https://f3d.app/doc/dev/BUILD.html Please add testing for configuration files (by just checking that opening any file shows the grid and axis for example) in the next version to make sure this is not broken in the future. Best, On Sat, 22 Apr 2023 at 15:25, François Mazen wrote: > Hi Mathieu, > > thanks for this bug report. > > Could you please list the configuration files that you are referring, > and where they should be installed? or just point to documentation if > applicable. > > Please note that Debian is currently in hard freeze phase, so this bug > will likely be fixed with the update of the new upstream version (f3d > 2.x) for next Debian major release (13). > > Best, > > François > >
Bug#1022061: at Salsa
Hi, > Where is develop happening? } Where is development happening? Seems to be at "salsa". stappers@juli:~/src $ debcheckout debian-kernel-handbook declared git repository at https://salsa.debian.org/kernel-team/kernel-handbook.git git clone https://salsa.debian.org/kernel-team/kernel-handbook.git debian-kernel-handbook ... Cloning into 'debian-kernel-handbook'... remote: Enumerating objects: 1283, done. remote: Counting objects: 100% (228/228), done. remote: Compressing objects: 100% (88/88), done. remote: Total 1283 (delta 169), reused 181 (delta 134), pack-reused 1055 Receiving objects: 100% (1283/1283), 412.97 KiB | 1.10 MiB/s, done. Resolving deltas: 100% (836/836), done. stappers@juli:~/src $ cd debian-kernel-handbook/ stappers@juli:~/src/debian-kernel-handbook $ ls chapter-bugs.dbk chapter-scope.dbk kernel-handbook.dbk chapter-common-tasks.dbk chapter-source.dbkMakefile chapter-initramfs.dbk chapter-update-hooks.dbk po4a chapter-modules.dbk chapter-versions.dbk stylesheet.xsl chapter-packaging.dbk debian stappers@juli:~/src/debian-kernel-handbook $ The silence in this bug report might be transmitting Yes, your contribution is welcome. Regards Geert Stappers -- What is the last time you did something for the first time?
Bug#1034717: systemd-run --machine unpriv-user@ results in access denied errors reported in journal
Package: systemd Version: 252.6-1 Severity: minor X-Debbugs-Cc: in.cognit...@arcor.de Dear Maintainer, this happens on an up-to-date Debian testing system. * What led up to the situation? Executing command: sudo systemd-run --quiet --user --machine jschmidt@ --wait --pipe --collect id * What was the outcome of this action? Results in the expected output: uid=1000(farblos) gid=1000(farblos) groups=... But errors are logged in the journal: Apr 22 15:39:06 frblpc1 sudo[13035]: farblos : TTY=pts/0 ; PWD=/home/farblos ; USER=root ; COMMAND=/usr/bin/systemd-run --quiet --user --machine farblos@ --wait --pipe --collect id Apr 22 15:39:06 frblpc1 sudo[13035]: pam_unix(sudo:session): session opened for user root(uid=0) by farblos(uid=1000) Apr 22 15:39:06 frblpc1 systemd[1]: Started run-u224.service - systemd-stdio-bridge -punix:path=${XDG_RUNTIME_DIR}/bus. Apr 22 15:39:06 frblpc1 (o-bridge)[13039]: pam_unix(login:session): session opened for user farblos(uid=1000) by (uid=0) Apr 22 15:39:06 frblpc1 systemd[1]: Started session-22.scope - Session 22 of User farblos. Apr 22 15:39:06 frblpc1 systemd[1298]: Started run-u14.service - id. Apr 22 15:39:06 frblpc1 systemd[1]: run-u224.service: Deactivated successfully. Apr 22 15:39:06 frblpc1 sudo[13035]: pam_unix(sudo:session): session closed for user root Apr 22 15:39:06 frblpc1 (sd-pam)[13040]: pam_unix(login:session): session closed for user farblos Apr 22 15:39:06 frblpc1 dbus-daemon[943]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.226" (uid=1000 pid=13040 comm="(sd-pam)") interface="org.freedesktop.login1.Manager" member="ReleaseSession" error name="(unset)" requested_reply="0" destination="org.freedesktop.login1" (uid=0 pid=957 comm="/lib/systemd/systemd-logind") Apr 22 15:39:06 frblpc1 (sd-pam)[13040]: pam_systemd(login:session): Failed to release session: Access denied Apr 22 15:39:06 frblpc1 systemd[1]: session-22.scope: Deactivated successfully. * What outcome did you expect instead? No frightening errors in the journal, in particular since they suggest incomplete session cleanup. -- Package-specific info: -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_USER Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages systemd depends on: ii libacl12.3.1-3 ii libaudit1 1:3.0.9-1 ii libblkid1 2.38.1-5+b1 ii libc6 2.36-9 ii libcap21:2.66-3 ii libcryptsetup122:2.6.1-3~deb12u1 ii libfdisk1 2.38.1-5+b1 ii libgcrypt201.10.1-3 ii libkmod2 30+20221128-1 ii liblz4-1 1.9.4-1 ii liblzma5 5.4.1-0.2 ii libmount1 2.38.1-5+b1 ii libp11-kit00.24.1-2 ii libseccomp22.5.4-1+b3 ii libselinux13.4-1+b5 ii libssl33.0.8-1 ii libsystemd-shared 252.6-1 ii libsystemd0252.6-1 ii libzstd1 1.5.4+dfsg2-5 ii mount 2.38.1-5+b1 Versions of packages systemd recommends: ii chrony [time-daemon]4.3-2 ii dbus [default-dbus-system-bus] 1.14.6-1 Versions of packages systemd suggests: ii libfido2-11.12.0-2+b1 pn libqrencode4 ii libtss2-esys-3.0.2-0 3.2.1-3 ii libtss2-mu0 3.2.1-3 pn libtss2-rc0 ii policykit-1 122-3 ii polkitd 122-3 pn systemd-boot ii systemd-container 252.6-1 pn systemd-homed pn systemd-resolved pn systemd-userdbd Versions of packages systemd is related to: ii dbus-user-session 1.14.6-1 pn dracut ii initramfs-tools0.142 pn libnss-systemd ii libpam-systemd 252.6-1 ii udev 252.6-1 -- Configuration Files: /etc/systemd/logind.conf changed: [Login] HandleLidSwitch=ignore HandleLidSwitchDocked=ignore HandleLidSwitchExternalPower=ignore HandlePowerKey=suspend IdleAction=suspend IdleActionSec=15min -- no debconf information
Bug#1034691: nmu: why3_1.5.1-1+b1 frama-c_20220511-manganese-3-10
On 2023-04-22 11:30:48 +0200, Jochen Sprickerhof wrote: > Control: tag -1 - moreinfo > > Hi Sebastian, > > * Sebastian Ramacher [2023-04-22 11:10]: > > On 2023-04-21 21:35:21 +0200, Jochen Sprickerhof wrote: > > > Package: release.debian.org > > > Severity: normal > > > User: release.debian@packages.debian.org > > > Usertags: binnmu > > > X-Debbugs-Cc: w...@packages.debian.org > > > Control: affects -1 + src:why3 src:frama-c > > > > > > Hi release team, > > > > > > can you please binNMU why3 to pick up the new ABI: > > > > > > nmu why3_1.5.1-1+b1 . ANY . unstable . -m "Rebuild with new OCaml ABI" > > > > > > And afterwards frama-c needs a rebuild against the new why3: > > > > > > nmu frama-c_20220511-manganese-3-10 . ANY . unstable . -m "Rebuild with > > > new OCaml ABI (Closes: #1033701)" > > > > why3 installs perfectly fine in both bookworm and unstable. Why is this > > needed? We are past the point of doing transitions (especially > > uncoordinated ones). > > I don't know enough OCaml but rebuilding why3 and frama-c on top fixes > frama-c and thus #1033701 for me. > > My understanding is that dh-ocaml uses some hash to track the ABI of a > library and encodes into a virtual package: > > $ apt-cache show libwhy3-ocaml-dev | grep Provides > Provides: libwhy3-ocaml-dev-mzlf3 > > And frama-c-base depends exactly on that: > > apt-cache show frama-c-base | grep -o "libwhy3-ocaml-dev[^,]*" > libwhy3-ocaml-dev-mzlf3 > > But rebuilding the package in testing generates a different hash: > > $ sbuild -d testing why3 | grep Provides > Provides: libwhy3-ocaml-dev-2bt20 Both why3 and frama-c have been rebuilt after the last ocaml ABI change. >From a quick between a build now and from the last why3, the following packages changed (that appear to be relevant): libcairo2-ocaml-dev (= [-0.6.2+dfsg-1+b1),-] {+0.6.4+dfsg-1),+} ocaml (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-base (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-compiler-libs (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-findlib (= [-1.9.3-1),-] {+1.9.6-1+b1),+} ocaml-interp (= [-4.13.1-3),-] {+4.13.1-4),+} ocaml-nox (= [-4.13.1-3),-] {+4.13.1-4), So either the change in ocaml caused the ABI to change and we probably need to rebuild the world of ocaml packages, or the ABI of why3 is influenced by libcairo2-ocaml-dev but is missing the proper dependencies. Adding the OCaml maintainers to the loop to check the situation. But overall this sounds liek a bug that we want to have fixed properly and not paper over with a couple of rebuilds. Cheers -- Sebastian Ramacher
Bug#1034683: r-base: new upstream release unintentionally uploaded to unstable
Hi Simon, Thanks for the long and thoughtful and detailed reply. Just 'sitting back' will do just fine then. R releases annually in April, the 4.2.* series was just fine. We had an usual event in that R Core upstream asked (a first in ~25 years) to patch 4.2.2, hence the somewhat unusual version name 4.2.2.20220 in bookworm, it otherwise is just 4.2.2. The delta to the final release in there series, 4.2.3, is small and either is fine but we can live very well with the version that got to bookworm 'naturally'. 4.3.0 is a new one, as annual releases go the delta is also pretty small. But it can and will just wait in unstable til its time is up post bookwork release. The CRAN repo upstream is very very good about ensuring consistency 'at @HEAD' so package are generally in good shape (especially if they are kept current). I expect no surprises here. Cheers, Dirk -- dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
Bug#1034709: f3d: F3D default configuration files are not installed
Hi Mathieu, thanks for this bug report. Could you please list the configuration files that you are referring, and where they should be installed? or just point to documentation if applicable. Please note that Debian is currently in hard freeze phase, so this bug will likely be fixed with the update of the new upstream version (f3d 2.x) for next Debian major release (13). Best, François signature.asc Description: This is a digitally signed message part
Bug#1034629: pdf-presenter-console: pdfpc terminates with symbol lookup error
Dear Jochen, Am 22.04.23 um 14:12 schrieb Jochen Sprickerhof: I don't have this in my ldd output and I don't find the file in Debian. Can you try moving it away and see if it helps? Thank you, that helped! Some packages from deb-multimedia.org were lurking around and they caused the trouble. After removing them I can use pdfpc again. Best regards, Robert OpenPGP_signature Description: OpenPGP digital signature
Bug#1034716: the count of processes on hold for an AM is not decreased when a process on hold is closed
Package: nm.debian.org Severity: normal Hello, When an application manager puts an application on hold, the number of processes on hold on https://nm.debian.org/public/managers/ increases by one unit for this AM, fine. Now, if this process is closed, I trust the "on hold" counter for the AM should decrease by one unit, which is not the case. As of today, for instance, AM pgt appears as having 1 process on hold on https://nm.debian.org/public/managers/ although this is not the case, he was an AM for a process on hold that got closed afterwards. Thanks, -- Pierre
Bug#1034629: pdf-presenter-console: pdfpc terminates with symbol lookup error
* Robert Jäschke [2023-04-22 13:56]: libvmaf.so.1 => /lib/x86_64-linux-gnu/libvmaf.so.1 (0x7fa6dc39a000) I don't have this in my ldd output and I don't find the file in Debian. Can you try moving it away and see if it helps? Cheers Jochen signature.asc Description: PGP signature
Bug#1034629: pdf-presenter-console: pdfpc terminates with symbol lookup error
Dear Jochen, Thank you for your swift response. Am 22.04.23 um 09:42 schrieb Jochen Sprickerhof: Can you check that your system is fine by running: $ sudo dpkg --verify Here it is: ??5?? c /etc/cups/cups-browsed.conf ??5?? c /etc/speech-dispatcher/speechd.conf ??5?? c /etc/bluetooth/main.conf ??5?? c /etc/sudoers ??5?? c /etc/chromium/native-messaging-hosts/org.gnome.chrome_gnome_shell.json ??5?? c /etc/openrefine/refine.ini Also send the output of $ ldd /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37 Here it is: linux-vdso.so.1 (0x7ffc91b7e000) libwpe-1.0.so.1 => /lib/x86_64-linux-gnu/libwpe-1.0.so.1 (0x7fa6e8dfc000) libWPEBackend-fdo-1.0.so.1 => /lib/x86_64-linux-gnu/libWPEBackend-fdo-1.0.so.1 (0x7fa6e49e8000) libepoxy.so.0 => /lib/x86_64-linux-gnu/libepoxy.so.0 (0x7fa6e48b9000) libjavascriptcoregtk-4.0.so.18 => /lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18 (0x7fa6e2e0) libicui18n.so.72 => /lib/x86_64-linux-gnu/libicui18n.so.72 (0x7fa6e2a0) libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x7fa6e47ea000) libicuuc.so.72 => /lib/x86_64-linux-gnu/libicuuc.so.72 (0x7fa6e2802000) libgtk-3.so.0 => /lib/x86_64-linux-gnu/libgtk-3.so.0 (0x7fa6e1e0) libgdk-3.so.0 => /lib/x86_64-linux-gnu/libgdk-3.so.0 (0x7fa6e26f8000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7fa6e47cb000) libpango-1.0.so.0 => /lib/x86_64-linux-gnu/libpango-1.0.so.0 (0x7fa6e4762000) libharfbuzz.so.0 => /lib/x86_64-linux-gnu/libharfbuzz.so.0 (0x7fa6e1cfc000) libatk-1.0.so.0 => /lib/x86_64-linux-gnu/libatk-1.0.so.0 (0x7fa6e2dd7000) libcairo.so.2 => /lib/x86_64-linux-gnu/libcairo.so.2 (0x7fa6e1bd8000) libgdk_pixbuf-2.0.so.0 => /lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0 (0x7fa6e2da9000) libxml2.so.2 => /lib/x86_64-linux-gnu/libxml2.so.2 (0x7fa6e1a2c000) libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 (0x7fa6e18cd000) libxslt.so.1 => /lib/x86_64-linux-gnu/libxslt.so.1 (0x7fa6e2d66000) liblcms2.so.2 => /lib/x86_64-linux-gnu/liblcms2.so.2 (0x7fa6e2695000) libwoff2dec.so.1.0.2 => /lib/x86_64-linux-gnu/libwoff2dec.so.1.0.2 (0x7fa6e4754000) libfontconfig.so.1 => /lib/x86_64-linux-gnu/libfontconfig.so.1 (0x7fa6e264a000) libfreetype.so.6 => /lib/x86_64-linux-gnu/libfreetype.so.6 (0x7fa6e1802000) libharfbuzz-icu.so.0 => /lib/x86_64-linux-gnu/libharfbuzz-icu.so.0 (0x7fa6e8df1000) libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x7fa6e16bb000) libgstallocators-1.0.so.0 => /lib/x86_64-linux-gnu/libgstallocators-1.0.so.0 (0x7fa6e474d000) libgstapp-1.0.so.0 => /lib/x86_64-linux-gnu/libgstapp-1.0.so.0 (0x7fa6e2d51000) libgstbase-1.0.so.0 => /lib/x86_64-linux-gnu/libgstbase-1.0.so.0 (0x7fa6e1636000) libgstreamer-1.0.so.0 => /lib/x86_64-linux-gnu/libgstreamer-1.0.so.0 (0x7fa6e14e6000) libgstpbutils-1.0.so.0 => /lib/x86_64-linux-gnu/libgstpbutils-1.0.so.0 (0x7fa6e14a4000) libgstaudio-1.0.so.0 => /lib/x86_64-linux-gnu/libgstaudio-1.0.so.0 (0x7fa6e1422000) libgsttranscoder-1.0.so.0 => /lib/x86_64-linux-gnu/libgsttranscoder-1.0.so.0 (0x7fa6e2d46000) libgsttag-1.0.so.0 => /lib/x86_64-linux-gnu/libgsttag-1.0.so.0 (0x7fa6e13e2000) libgstvideo-1.0.so.0 => /lib/x86_64-linux-gnu/libgstvideo-1.0.so.0 (0x7fa6e1314000) libgstgl-1.0.so.0 => /lib/x86_64-linux-gnu/libgstgl-1.0.so.0 (0x7fa6e128e000) libgstfft-1.0.so.0 => /lib/x86_64-linux-gnu/libgstfft-1.0.so.0 (0x7fa6e2d39000) libjpeg.so.62 => /lib/x86_64-linux-gnu/libjpeg.so.62 (0x7fa6e11fb000) libpng16.so.16 => /lib/x86_64-linux-gnu/libpng16.so.16 (0x7fa6e11c5000) libopenjp2.so.7 => /lib/x86_64-linux-gnu/libopenjp2.so.7 (0x7fa6e1161000) libwebpdemux.so.2 => /lib/x86_64-linux-gnu/libwebpdemux.so.2 (0x7fa6e4747000) libwebp.so.7 => /lib/x86_64-linux-gnu/libwebp.so.7 (0x7fa6e10ef000) libavif.so.15 => /lib/x86_64-linux-gnu/libavif.so.15 (0x7fa6e2622000) libsoup-2.4.so.1 => /lib/x86_64-linux-gnu/libsoup-2.4.so.1 (0x7fa6e1051000) libenchant-2.so.2 => /lib/x86_64-linux-gnu/libenchant-2.so.2 (0x7fa6e2d2d000) libgio-2.0.so.0 => /lib/x86_64-linux-gnu/libgio-2.0.so.0 (0x7fa6e0e73000) libgmodule-2.0.so.0 => /lib/x86_64-linux-gnu/libgmodule-2.0.so.0 (0x7fa6e0e6d000) libgobject-2.0.so.0 => /lib/x86_64-linux-gnu/libgobject-2.0.so.0 (0x7fa6e0e0e000) libglib-2.0.so.0 => /lib/x86_64-linux-gnu/libglib-2.0.so.0 (0x7fa6e0cd6000) libsecret-1.so.0 => /lib/x86_64-linux-gnu/libsecret-1.so.0 (0x7fa6e0c74000) libtasn1.so.6 =>
Bug#1034715: unblock: python-xmlschema/1.10.0
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: python-xmlsch...@packages.debian.org Control: affects -1 + src:python-xmlschema Please unblock package python-xmlschema This package had a RC bug, due to changes in the dependency python3-elementpath I uploaded an new release, 1.10.0-4, which a small patch which fixes bug #1027439, so the 72 failed tests are now succeeding. [ Impact ] other packages which depend directly on python3-xmlschema are - python3-xarray-sentinel - python3-pysaml2 - libervia-backend [ Tests ] dh_auto_test runs 1207 tests successfully, 11 tests are skipped. [ Risks ] python3-xmlschema is rather complex, but the changes made to the test suite provided by upstream developers in version 1.10.0 are trivial. the popcon score of python-xmlschema is approximately 60; it is not a leaf package. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing Best regards, Georges. unblock python-xmlschema/1.10.0 diff -Nru python-xmlschema-1.10.0/debian/changelog python-xmlschema-1.10.0/debian/changelog --- python-xmlschema-1.10.0/debian/changelog2022-12-18 20:47:28.0 +0100 +++ python-xmlschema-1.10.0/debian/changelog2023-04-22 10:58:29.0 +0200 @@ -1,3 +1,12 @@ +python-xmlschema (1.10.0-4) unstable; urgency=medium + + * created the debian patch d/Fix-tests.patch, which modifies two tests: +xmlschema/testing/_builders.py with a true fix, and +tests/test_typing.py which is just disabled (not a true fix). +Closes: #1027439 + + -- Georges Khaznadar Sat, 22 Apr 2023 10:58:29 +0200 + python-xmlschema (1.10.0-3) unstable; urgency=medium * Fix patch description diff -Nru python-xmlschema-1.10.0/debian/patches/Fix-tests.patch python-xmlschema-1.10.0/debian/patches/Fix-tests.patch --- python-xmlschema-1.10.0/debian/patches/Fix-tests.patch 1970-01-01 01:00:00.0 +0100 +++ python-xmlschema-1.10.0/debian/patches/Fix-tests.patch 2023-04-22 10:58:29.0 +0200 @@ -0,0 +1,26 @@ +Index: python-xmlschema/xmlschema/testing/_builders.py +=== +--- python-xmlschema.orig/xmlschema/testing/_builders.py python-xmlschema/xmlschema/testing/_builders.py +@@ -125,7 +125,7 @@ def make_schema_test_class(test_file, te + if not inspect and not self.errors: + context = XMLSchemaContext(schema) + elements = [x for x in schema.iter()] # Contains schema elements only +-xpath_context_elements = [x for x in context.iter() if isinstance(x, XsdValidator)] ++xpath_context_elements = [x for x in context.root.iter() if isinstance(x, XsdValidator)] + descendants = [x for x in context.iter_descendants('descendant-or-self')] + self.assertTrue(x in descendants for x in xpath_context_elements) + for e in elements: +Index: python-xmlschema/tests/test_typing.py +=== +--- python-xmlschema.orig/tests/test_typing.py python-xmlschema/tests/test_typing.py +@@ -20,6 +20,8 @@ try: + except ImportError: + mypy = None + ++# this test is disabled in Debian ++mypy = None + + @unittest.skipIf(mypy is None, "mypy is not installed") + class TestTyping(unittest.TestCase): diff -Nru python-xmlschema-1.10.0/debian/patches/series python-xmlschema-1.10.0/debian/patches/series --- python-xmlschema-1.10.0/debian/patches/series 2022-12-18 20:47:28.0 +0100 +++ python-xmlschema-1.10.0/debian/patches/series 2023-04-22 10:58:29.0 +0200 @@ -1 +1,2 @@ Skip-failing-packaging-test.patch +Fix-tests.patch
Bug#1034352: golang-github-azure-go-autorest: autopkgtest regression on arm64: request header doesn't match
Control: severity -1 normal Hi, On 21-04-2023 21:17, Paul Gevers wrote: I have now made all our hosts run on UTC with *both* /etc/timezone and /etc/localtime fixed [1]. I hope that tomorrow will see this resolved from the infrastructure side of things too. The tests now pass. I still appreciate it if you future upload also fixes this on the package side as discussed earlier, as it's not only Debian's infrastructure that's affected. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1034714: [pkg-php-pear] Bug#1034714: bullseye-pu: package php-nyholm-psr7/1.3.2-2+deb11u1
Hi, Le 22/04/2023 à 12:59, David Prévot a écrit : […] [x] attach debdiff against the package in stable For real now.diff --git a/debian/changelog b/debian/changelog index bd0b1d7..a0c6ab8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +php-nyholm-psr7 (1.3.2-2+deb11u1) bullseye; urgency=medium + + * Fix improper input validation [CVE-2023-29197] (Closes: #1034597) + * Use debian/bullseye branch + + -- David Prévot Sat, 22 Apr 2023 12:22:36 +0200 + php-nyholm-psr7 (1.3.2-2) unstable; urgency=medium * Fix d/clean diff --git a/debian/control b/debian/control index 263202a..79c9ad0 100644 --- a/debian/control +++ b/debian/control @@ -13,7 +13,7 @@ Build-Depends: debhelper-compat (= 13), pkg-php-tools Standards-Version: 4.5.1 Homepage: https://github.com/Nyholm/psr7 -Vcs-Git: https://salsa.debian.org/php-team/pear/php-nyholm-psr7.git -b debian/latest +Vcs-Git: https://salsa.debian.org/php-team/pear/php-nyholm-psr7.git -b debian/bullseye Vcs-Browser: https://salsa.debian.org/php-team/pear/php-nyholm-psr7 Rules-Requires-Root: no diff --git a/debian/gbp.conf b/debian/gbp.conf index eb7a2c8..bd2dada 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,5 +1,5 @@ [DEFAULT] -debian-branch = debian/latest +debian-branch = debian/bullseye pristine-tar = True pristine-tar-commit = True diff --git a/debian/patches/0001-Merge-pull-request-from-GHSA-wjfc-pgfp-pv9c.patch b/debian/patches/0001-Merge-pull-request-from-GHSA-wjfc-pgfp-pv9c.patch new file mode 100644 index 000..85e246f --- /dev/null +++ b/debian/patches/0001-Merge-pull-request-from-GHSA-wjfc-pgfp-pv9c.patch @@ -0,0 +1,131 @@ +From: Tobias Nyholm +Date: Mon, 17 Apr 2023 18:00:04 +0200 +Subject: Merge pull request from GHSA-wjfc-pgfp-pv9c + +Improper Input Validation in headers + +Origin: backport, https://github.com/Nyholm/psr7/commit/1029a2671cbdd3e075a21952082c2be7c8018426 +Bug-Debian: https://bugs.debian.org/1034597 https://security-tracker.debian.org/tracker/CVE-2023-29197 +--- + src/MessageTrait.php | 4 ++-- + tests/RequestTest.php | 46 ++ + tests/ResponseTest.php | 31 +++ + 3 files changed, 79 insertions(+), 2 deletions(-) + +diff --git a/src/MessageTrait.php b/src/MessageTrait.php +index 2da949d..4977583 100644 +--- a/src/MessageTrait.php b/src/MessageTrait.php +@@ -177,7 +177,7 @@ trait MessageTrait + */ + private function validateAndTrimHeader($header, $values): array + { +-if (!\is_string($header) || 1 !== \preg_match("@^[!#$%&'*+.^_`|~0-9A-Za-z-]+$@", $header)) { ++if (!\is_string($header) || 1 !== \preg_match("@^[!#$%&'*+.^_`|~0-9A-Za-z-]+$@D", $header)) { + throw new \InvalidArgumentException('Header name must be an RFC 7230 compatible string.'); + } + +@@ -197,7 +197,7 @@ trait MessageTrait + // Assert Non empty array + $returnValues = []; + foreach ($values as $v) { +-if ((!\is_numeric($v) && !\is_string($v)) || 1 !== \preg_match("@^[ \t\x21-\x7E\x80-\xFF]*$@", (string) $v)) { ++if ((!\is_numeric($v) && !\is_string($v)) || 1 !== \preg_match("@^[ \t\x21-\x7E\x80-\xFF]*$@D", (string) $v)) { + throw new \InvalidArgumentException('Header values must be RFC 7230 compatible strings.'); + } + +diff --git a/tests/RequestTest.php b/tests/RequestTest.php +index ddac6d2..8d5d53e 100644 +--- a/tests/RequestTest.php b/tests/RequestTest.php +@@ -294,4 +294,50 @@ class RequestTest extends TestCase + $request = $request->withUri(new Uri('https://nyholm.tech:443')); + $this->assertEquals('nyholm.tech', $request->getHeaderLine('Host')); + } ++ ++/** ++ * @dataProvider provideHeaderValuesContainingNotAllowedChars ++ */ ++public function testCannotHaveHeaderWithInvalidValue(string $name) ++{ ++$this->expectException(\InvalidArgumentException::class); ++$this->expectExceptionMessage('Header name must be an RFC 7230 compatible string'); ++$r = new Request('GET', 'https://example.com/'); ++$r->withHeader($name, 'Bar'); ++} ++ ++public static function provideHeaderValuesContainingNotAllowedChars(): array ++{ ++// Explicit tests for newlines as the most common exploit vector. ++$tests = [ ++["new\nline"], ++["new\r\nline"], ++["new\rline"], ++["new\r\n line"], ++["newline\n"], ++["\nnewline"], ++["newline\r\n"], ++["\n\rnewline"], ++]; ++ ++for ($i = 0; $i <= 0xFF; ++$i) { ++if ("\t" == \chr($i)) { ++continue; ++} ++if (' ' == \chr($i)) { ++continue; ++} ++if ($i >= 0x21 && $i <= 0x7E) { ++continue; ++} ++if ($i >= 0x80) { ++continue;
Bug#1032899: unblock: rocm-hipamd/5.2.3-6
Control: tags -1 moreinfo Hi, On 21-04-2023 23:43, Christian Kastner wrote: In the event that llvm-toolchain-15 will not be allowed to migrate: I would be surprised if llvm-toolchain-15 gets updated in bookworm. there are some fixes in the current version of rocm-hipamd that really should get into bookworm, most notably the missing libamd-comgr-dev dependency, and the added patches. The only way to do that with llvm-toolchain-15 from testing is by changing the dependency libclang-rt-15-dev back to libclang-common-15-dev (the pre-split version). Hmm, so this complicates things. Can you do this change in unstable, or would it be broken in unstable? If that is an option, I could prepare an upload, and also reduce out whatever other changes you don't feel comfortable with in the larger diff. That would be good. Can you also share the minimal delta with the current version in unstable? I'll check if that's acceptable. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1034714: bullseye-pu: package php-nyholm-psr7/1.3.2-2+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: php-nyholm-p...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:php-nyholm-psr7 Hi, Please note that this request is very similar to #1034713 for php-guzzlehttp-psr7/1.7.0-1+deb11u2 (even the CVE ID is the same). [ Reason ] I’d like to fix an improper input validation [CVE-2023-29197] filed as #1034597. The security team reviewed this bug filed with a non-RC severity, so I assume they don’t expect to release a DSA for it (as for the other php-guzzlehttp-psr7 issue), anyway the team is X-D-Cc. [ Impact ] It’a security flaw. [ Tests ] The (extended for this fix) upstream testsuite is run at build time and debci. [ Risks ] The code change is fairly trivial, and was adapted from upstream (I used the exact same patch as the one targetted for Bookworm). [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] It’s just a stricter validation regex. [ Other info ] Thanks a lot for your work! Cheers taffit signature.asc Description: PGP signature
Bug#1034553: [Pkg-gtkpod-devel] Bug#1034553: libplist FTCBFS for arm32: wrong python library directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, 2023-04-18 at 07:58 +0200, Helmut Grohne wrote: > libplist fails to cross build from source for arm32, because it gets the > python library directory wrong and uses the build architecture one. It > extracts it from sysconfigdata, so we need to export > _PYTHON_SYSCONFIGDATA_NAME to fix that. I'm attaching a patch for your > convenience. Hi Helmut, thanks for the patch. I'll try to import when possible, but meanwhile feel free to go ahead with the NMU if you want. Regards, - -- Yves-Alexis -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmRDu/8ACgkQ3rYcyPpX RFsn0gf/UdJj1Iye8uas1PfM73arkO4XrPCwM2fhQIUSaEnTwVvxuysNN3dQMtIz 3ohUpsO+U1ncFRt6YoRZHXwTdw7tmTZYSkDdJwSnGbOYHhRraDgvoxRoBu9OC1xO gYJXCAYHJxB2a+cx6EcRbcpdofpXcBnN+GaZe32Ba5lW79deKp5Otf8Ha8k/BZCV WeOANpgpy4295JUOZFYjXpgEXN/OtkodVhvV4jxAd6+78X0gzSlKqeVjzSxYFHT0 qkbWn3blrZ027FTZ0iClCFAf+aWDirnThVrUOltRONGptk6sfq3CjmWc9zMMNRcw Y7GQ8fdtpTavkIxWsk+p0iVu7id9+Q== =cKgO -END PGP SIGNATURE-
Bug#1034704: xtables-addons-dkms fails to build
Control: severity -1 wishlist Control: tags -1 + wontfix - ftbfs On 2023-04-22, at 04:08:29 +, Bruce Mitchell wrote: > root@sondetracker:/etc/init.d# apt-get install xtables-addons-dkms > Reading package lists... Done > Building dependency tree... Done > Reading state information... Done > Recommended packages: > linux-headers > The following NEW packages will be installed: > xtables-addons-dkms > 0 upgraded, 1 newly installed, 0 to remove and 66 not upgraded. > Need to get 66.4 kB of archives. > After this operation, 316 kB of additional disk space will be used. > Get:1 http://deb.debian.org/debian bullseye/main armel xtables-addons-dkms > all 3.13-1+deb11u1 [66.4 kB] > Fetched 66.4 kB in 0s (212 kB/s) > Selecting previously unselected package xtables-addons-dkms. > (Reading database ... 41444 files and directories currently installed.) > Preparing to unpack .../xtables-addons-dkms_3.13-1+deb11u1_all.deb ... > Unpacking xtables-addons-dkms (3.13-1+deb11u1) ... > Setting up xtables-addons-dkms (3.13-1+deb11u1) ... > Loading new xtables-addons-3.13 DKMS files... > Building for 6.2.7-kirkwood-tld-1 > Building initial module for 6.2.7-kirkwood-tld-1 > Error! Build of xt_ACCOUNT.ko failed for: 6.2.7-kirkwood-tld-1 (armv5tel) > Make sure the name of the generated module is correct and at the root of the > build directory, or consult make.log in the build directory > /var/lib/dkms/xtables-addons/3.13/build/ for more information. > dpkg: error processing package xtables-addons-dkms (--configure): > installed xtables-addons-dkms package post-installation script subprocess > returned error exit status 7 > Errors were encountered while processing: > xtables-addons-dkms > E: Sub-process /usr/bin/dpkg returned an error code (1) The version of xtables-addons in Bullseye (3.13-1+deb11u1) is not compatible with linux 6.2, so DKMS fails when it tries to compile the kernel modules for your kernel version (6.2.7-kirkwood-tld-1). Since that is not an official Debian Bullseye kernel package, I'm going to tag the bug-report "wontfix" and close it. Support for 6.2 was added to xtables-addons in a later version and will be available in the next Debian release, Bookworm. J. signature.asc Description: PGP signature
Bug#1034713: bullseye-pu: package php-guzzlehttp-psr7/1.7.0-1+deb11u2
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: php-guzzlehttp-p...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:php-guzzlehttp-psr7 Hi, [ Reason ] I’d like to fix an improper input validation [CVE-2023-29197] filed as #1034581. This is a follow up from [CVE-2022-24775] filed as #1008236 that was fixed via a previous point release. The security team filed those bugs with a non-RC severity, so I assume they don’t expect to release a DSA for it (as for the previous main issue), anyway the team is X-D-Cc. [ Impact ] It’a security flaw. [ Tests ] The (extended for this fix) upstream testsuite is run at build time and debci. [ Risks ] The code change is fairly trivial, and was cherry-picked from upstream (their fix for the 1.9 branch). [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] It’s just a stricter validation regex. [ Other info ] Thanks a lot for your work! Cheers taffit diff --git a/debian/changelog b/debian/changelog index 8635876..0093037 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +php-guzzlehttp-psr7 (1.7.0-1+deb11u2) bullseye; urgency=medium + + * Fix improper input validation [CVE-2023-29197] (Closes: #1034581) + + -- David Prévot Sat, 22 Apr 2023 11:41:36 +0200 + php-guzzlehttp-psr7 (1.7.0-1+deb11u1) bullseye; urgency=medium * Track Bullseye diff --git a/debian/patches/0004-Patch-header-validation-issue.patch b/debian/patches/0004-Patch-header-validation-issue.patch new file mode 100644 index 000..84b4ad9 --- /dev/null +++ b/debian/patches/0004-Patch-header-validation-issue.patch @@ -0,0 +1,87 @@ +From: Graham Campbell +Date: Mon, 17 Apr 2023 16:33:27 +0100 +Subject: Patch header validation issue + +Origin: upstream, https://github.com/guzzle/psr7/commit/18fd8915823bd9ca4156e84849e18970057dc7e4 +Bug-Debian: https://bugs.debian.org/1034581 https://security-tracker.debian.org/tracker/CVE-2023-29197 +--- + src/MessageTrait.php | 13 ++--- + tests/RequestTest.php | 5 + + tests/ResponseTest.php | 9 + + 3 files changed, 20 insertions(+), 7 deletions(-) + +diff --git a/src/MessageTrait.php b/src/MessageTrait.php +index 0ac8663..0bbd63e 100644 +--- a/src/MessageTrait.php b/src/MessageTrait.php +@@ -226,12 +226,9 @@ trait MessageTrait + throw new \InvalidArgumentException('Header name can not be empty.'); + } + +-if (! preg_match('/^[a-zA-Z0-9\'`#$%&*+.^_|~!-]+$/', $header)) { ++if (! preg_match('/^[a-zA-Z0-9\'`#$%&*+.^_|~!-]+$/D', $header)) { + throw new \InvalidArgumentException( +-sprintf( +-'"%s" is not valid header name', +-$header +-) ++sprintf('"%s" is not valid header name.', $header) + ); + } + } +@@ -263,8 +260,10 @@ trait MessageTrait + // Clients must not send a request with line folding and a server sending folded headers is + // likely very rare. Line folding is a fairly obscure feature of HTTP/1.1 and thus not accepting + // folding is not likely to break any legitimate use case. +-if (! preg_match('/^[\x20\x09\x21-\x7E\x80-\xFF]*$/', $value)) { +-throw new \InvalidArgumentException(sprintf('"%s" is not valid header value', $value)); ++if (! preg_match('/^[\x20\x09\x21-\x7E\x80-\xFF]*$/D', $value)) { ++throw new \InvalidArgumentException( ++sprintf('"%s" is not valid header value.', $value) ++); + } + } + } +diff --git a/tests/RequestTest.php b/tests/RequestTest.php +index 10ac92a..7dca806 100644 +--- a/tests/RequestTest.php b/tests/RequestTest.php +@@ -269,6 +269,10 @@ class RequestTest extends BaseTest + // Line folding is technically allowed, but deprecated. + // We don't support it. + ["new\r\n line"], ++["newline\n"], ++["\nnewline"], ++["newline\r\n"], ++["\r\nnewline"], + ]; + + for ($i = 0; $i <= 0xff; $i++) { +@@ -286,6 +290,7 @@ class RequestTest extends BaseTest + } + + $tests[] = ["foo" . \chr($i) . "bar"]; ++$tests[] = ["foo" . \chr($i)]; + } + + return $tests; +diff --git a/tests/ResponseTest.php b/tests/ResponseTest.php +index 0b6be02..30e106b 100644 +--- a/tests/ResponseTest.php b/tests/ResponseTest.php +@@ -284,6 +284,15 @@ class ResponseTest extends BaseTest + [[], 'foo', 'Header name must be a string but array provided.'], + [false, 'foo', 'Header name must be a string but boolean provided.'], + [new \stdClass(), 'foo', 'Header name must be a
Bug#1006202:
I second this. Intel Gen 2 (Extreme Graphics) for example are now without hardware OpenGL. Also see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034571 -- The Gallium implementation for Intel (Crocus) does not have the same stability as the old i915 driver yet, in my opinion.
Bug#1034712: ITP: livi -- Minimalistic video player targeting mobile devices
Package: wnpp Severity: wishlist Owner: Guido Günther X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: livi Version : 0.0.3 Upstream Contact: Guido Günther * URL : https://gitlab.gnome.org/guidog/livi * License : GPL Programming Lang: C Description : Minimalistic video player targeting mobile devices A minimalistic GTK4 and gstreamer based video player for mobile phones like the Librem 5 aiming for minimal battery usage. It supports: - Inhibiting suspend/idle when playing video - li>Stopping video playback on (i.e. power button toggled) blank - Registering as default video player in GNOME control center - An indicator whether hardware accleration is in usex
Bug#1034711: gpsd: ubxtool relies on python-gps which is missing
Package: gpsd Version: 3.22-4 Severity: normal Dear Maintainer, ubxtool relies on the subdir gps in the folder where ubxtool is located, with the following files __init__.py.in client.py fake.py misc.py ubx.py aiogps.py clienthelpers.pygps.py.in packet.py.inwatch_options.py which are in the original soure gpsd_3.22.orig.tar.xz but not in gpsd_3.22-4.debian.tar.xz and not in gpsd_3.22-4_amd64.deb or gpsd_3.22-4.1+b1_amd64.deb they use to be in the python-gps package but I can not install that because apt keep complaining it Package python-gps is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source However the following packages replace it: gpsd-tools gpsd-clients This means ubxtool is broken as part of the gpsd package. Anyway, CM -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gpsd depends on: ii adduser3.118 ii libbluetooth3 5.55-3.1 ii libc6 2.31-13+deb11u5 ii libdbus-1-31.12.24-0+deb11u1 ii libgps28 3.22-4 ii libusb-1.0-0 2:1.0.24-3 ii lsb-base 11.1.0 ii netbase6.3 ii python33.9.2-3 ii systemd-sysv 247.3-7+deb11u1 Versions of packages gpsd recommends: ii gpsd-tools 3.22-4 ii udev247.3-7+deb11u1 Versions of packages gpsd suggests: ii apparmor 2.13.6-10 ii dbus 1.12.24-0+deb11u1 pn gpsd-clients -- Configuration Files: /etc/default/gpsd changed [not included] -- no debconf information -- debsums errors found: debsums: changed file /lib/systemd/system/gpsd.socket (from gpsd package)
Bug#1034710: dpkg-gensymbols: Add higher check level for unnecessary entries in symbols file
Package: dpkg-dev Version: 1.21.21 Severity: wishlist When building libvirt, dpkg-gensymbols currently produces the following output: dpkg-gensymbols: warning: debian/libvirt0/DEBIAN/symbols doesn't match completely debian/libvirt0.symbols --- debian/libvirt0.symbols (libvirt0_9.2.0-2_amd64) +++ dpkg-gensymbolsFLVUCu 2023-04-22 11:43:15.646242440 +0200 @@ -1,5 +1,5 @@ libvirt-admin.so.0 libvirt0 #MINVER# - (symver|optional)LIBVIRT_ADMIN_1.3.0 1.2.18 +#MISSING: 9.2.0-2# (symver|optional)LIBVIRT_ADMIN_1.3.0 1.2.18 (symver|optional)LIBVIRT_ADMIN_2.0.0 2.0.0~rc1 (symver|optional)LIBVIRT_ADMIN_3.0.0 3.0.0 (symver|optional)LIBVIRT_ADMIN_8.6.0 8.9.0 This is because debian/libvirt0.symbols contains libvirt-admin.so.0 libvirt0 #MINVER# *@LIBVIRT_ADMIN_1.3.0 1.2.18 even though no LIBVIRT_ADMIN_1.3.0 symbol was ever added to the library. It would be nice if such a mistake on the maintainer's part could be reported in a way that can't be easily missed or ignored, i.e. a build failure. After the maintainer has explicitly opted into this behavior by setting DPKG_GENSYMBOLS_CHECK_LEVEL, of course :) -- Andrea Bolognani Resistance is futile, you will be garbage collected. signature.asc Description: PGP signature
Bug#1034683: r-base: new upstream release unintentionally uploaded to unstable
On Fri, 21 Apr 2023 at 10:51:16 -0500, Dirk Eddelbuettel wrote: > Here I just emacs shortcut'ed to 'unstable' whereas as all others I managed > to put in 'experimental'. That included a 4.3.0rc upload a few days ago. Yeah, it's unfortunately quite an easy mistake to make. In packages that have a long-term unsuitable-for-unstable branch, I sometimes resort to putting code in debian/rules to make it intentionally FTBFS if targeting unstable (for example see libsdl3). If you happen to be doing your uploads using dgit, getting into the habit of explicitly specifying the suite you want to upload to can be helpful. For example: dgit push-source -C ../build-area/foo_1.2.3-3_source.changes experimental > | Hopefully we're close enough to the release that no further uploads of > | r-base for bookworm will be necessary. > > Yes. Please advise. What is best practices now? Upload -2 to experimental? > Or not? What action would 'close' this bug? (Disclaimer: I am not a release team member; if they ask you to revert, please pay attention to them and not me.) If you're happy with 4.2.2.20221110-2 for bookworm, and there is nothing else in the R ecosystem that needs to migrate, and there is nothing fundamentally wrong with the new version for unstable users and the buildds (just mis-timed), then you *probably* don't need to do anything special; you can leave it as-is, and close this bug when you are ready for 4.3.x to migrate (presumably after bookworm releases and trixie development opens). There are a few situations where you *would* need to revert: * if 4.3.0 is broken in some way that makes it bad for unstable users; * or if there is a bad bug in r-base/bookworm that needs fixing before the bookworm release; * or if there is a bad bug in another package (presumably in the R ecosystem) that needs fixing in bookworm, but building a version of that package suitable for bookworm would FTBFS or pick up a versioned r-base (>= 4.3) dependency if built against the new r-base; * or if the release team or other maintainers report that the new r-base is causing trouble for the release/migration process I don't really know how R works and whether it would normally generate versioned dependencies, so I don't know how much of this is applicable. I happened to have r-base installed and saw this change go past in apt-listchanges, but I don't use it myself, and I only have it installed because it's a build-dep for Lintian. If you need (or want) to revert, the way to achieve that would be to re-upload a package branched from 4.2.2.20221110-2, containing the 4.2.2.20221110 source code with the upstream part of its version number changed to 4.3.0+really4.2.2.20221110. For example look at the recent history of ccache, mtools or quilt. And then when the dust has settled, you would upload 4.3.1 if it's available by then, or otherwise a re-upload of 4.3.0 versioned as 4.3.0+really4.3.0; either to unstable after the bookworm release, or to experimental (extra-carefully!) sooner than that. > Also, do I need to contact the release managers to ask for a freeze on this > misfiled upload? No, there are several reasons why it won't migrate: * I opened this RC bug; * we're in hard freeze and r-base is a key package, so it won't migrate without a specific unblock; * the new version makes the autopkgtests of a bunch of other R packages regress and any one of those would be enough to prevent migration. smcv
Bug#1033632: [External] Debian Bug #1033632 - SourceForge RSS feed rate limit
On Thu, Apr 20, 2023 at 12:15:56AM +, Paul Wise wrote: > There are some improvements that we could make to QA services: > > * pass on HTTP error codes from services fakeupstream.cgi accesses > * switch fakeupstream.cgi SourceForge support to using the RSS feed > * switch fakeupstream.cgi/sf.php User-Agents to legitimate ones * add caching to fakeupstream.cgi > > If anyone would like to work on these, please submit a merge requests. > If no-one does these fixes, then I may get to them eventually. > > > > A different pattern from that address does hit RSS feeds and has no > > > user agent. > > That is likely to be the regular SourceForge redirector. That could be a candidate for integration into fakeupstream.cgi. > > -- > bye, > pabs > > https://wiki.debian.org/PaulWise
Bug#1034709: f3d: F3D default configuration files are not installed
Package: f3d Version: 1.3.1+dfsg-5 Severity: normal X-Debbugs-Cc: mathieu.westp...@gmail.com Dear Maintainer, F3D usually ships with default configuration files that impacts greatly how it looks and shows files with specific behavior based on the format of the file. These configuration files are completely missing from the f3d package you are distributing, making the F3D experience incomplete. Steps to reproduce: - run `f3d` - axis is not visible, filename hint is not visible Best, F3D maintainer, mwestphal -- System Information: Debian Release: bookworm/sid APT prefers lunar-updates APT policy: (500, 'lunar-updates'), (500, 'lunar') Architecture: amd64 (x86_64) Kernel: Linux 6.2.0-20-generic (SMP w/1 CPU thread; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages f3d depends on: ii libassimp5 5.2.5~ds0-1build1 ii libc62.37-0ubuntu2 ii libgcc-s113-20230320-1ubuntu1 ii libgl1 1.6.0-1 ii libglew2.2 2.2.0-4 ii libocct-data-exchange-7.67.6.3+dfsg1-5 ii libocct-foundation-7.6 7.6.3+dfsg1-5 ii libocct-modeling-algorithms-7.6 7.6.3+dfsg1-5 ii libocct-modeling-data-7.67.6.3+dfsg1-5 ii libocct-ocaf-7.6 7.6.3+dfsg1-5 ii libstdc++6 13-20230320-1ubuntu1 ii libvtk9.19.1.0+really9.1.0+dfsg2-5 f3d recommends no packages. f3d suggests no packages. -- no debconf information
Bug#1034621: [pre-approval] unblock: arno-iptables-firewall/2.1.1-8
Control: tags -1 confirmed moreinfo On 2023-04-19 23:06:50 +0200, Sven Geuer wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: arno-iptables-firew...@packages.debian.org > Control: affects -1 + src:arno-iptables-firewall > > Please unblock package arno-iptables-firewall > > It moves the systemd service file back to /lib/systemd to fix #1034213. If this is the only change, then please go ahead. Once uploaded to unstable, please remove the moreinfo tag. Cheers > > [ Reason ] > Fix service activation by debhelper. > > [ Impact ] > No impact observed so far, but there might exist cases where the service does > not get started, the creator of bug #1034213 claims. > > [ Tests ] > autopkgtest ran successful locally for the upcoming version and in Ubuntu for > the current version [1]. ci.d.n and salsa.d.o cannot run the tests as both do > not support the isolation-machine restriction. > > [ Risks ] > Low, leaf package. Change only applies to the pathname of the service file. > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] changes are visible from salsa.d.o [2] > > [ Other info ] > [1] https://autopkgtest.ubuntu.com/packages/arno-iptables-firewall/lunar/amd64 > [2] https://salsa.debian.org/pkg-security-team/arno-iptables- > firewall/-/commit/b64ca3208881095b88f61729f4f2dbea4d2621bf > > unblock arno-iptables-firewall/2.1.1-8 > -- Sebastian Ramacher
Bug#1034691: nmu: why3_1.5.1-1+b1 frama-c_20220511-manganese-3-10
Control: tag -1 - moreinfo Hi Sebastian, * Sebastian Ramacher [2023-04-22 11:10]: On 2023-04-21 21:35:21 +0200, Jochen Sprickerhof wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu X-Debbugs-Cc: w...@packages.debian.org Control: affects -1 + src:why3 src:frama-c Hi release team, can you please binNMU why3 to pick up the new ABI: nmu why3_1.5.1-1+b1 . ANY . unstable . -m "Rebuild with new OCaml ABI" And afterwards frama-c needs a rebuild against the new why3: nmu frama-c_20220511-manganese-3-10 . ANY . unstable . -m "Rebuild with new OCaml ABI (Closes: #1033701)" why3 installs perfectly fine in both bookworm and unstable. Why is this needed? We are past the point of doing transitions (especially uncoordinated ones). I don't know enough OCaml but rebuilding why3 and frama-c on top fixes frama-c and thus #1033701 for me. My understanding is that dh-ocaml uses some hash to track the ABI of a library and encodes into a virtual package: $ apt-cache show libwhy3-ocaml-dev | grep Provides Provides: libwhy3-ocaml-dev-mzlf3 And frama-c-base depends exactly on that: apt-cache show frama-c-base | grep -o "libwhy3-ocaml-dev[^,]*" libwhy3-ocaml-dev-mzlf3 But rebuilding the package in testing generates a different hash: $ sbuild -d testing why3 | grep Provides Provides: libwhy3-ocaml-dev-2bt20 So I assume this is not a new transition but a missing rebuild for an old transition. Cheers Jochen signature.asc Description: PGP signature
Bug#1034708: lintian: false positive "build-depends-on-versioned-berkeley-db Build-Depends:libdb5.3-sql-dev"
Package: lintian Version: 2.116.3 Severity: normal I get the warning "build-depends-on-versioned-berkeley-db Build-Depends:libdb5.3-sql-dev" My package used to depend on libdb-sql-dev, but this package doesn't exist anymore in bookworm, so I think I have to depend on libdb5.3-sql-dev now, don't I? -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-21-amd64 (SMP w/24 CPU threads) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages lintian depends on: ii binutils2.40-2 ii bzip2 1.0.8-5+b1 ii diffstat1.65-1 ii dpkg1.21.21 ii dpkg-dev1.21.21 ii file1:5.44-3 ii gettext 0.21-12 ii gpg 2.2.40-1.1 ii intltool-debian 0.35.0+20060710.6 ii iso-codes 4.13.0-1 ii libapt-pkg-perl 0.1.40+b2 ii libarchive-zip-perl 1.68-1 ii libberkeleydb-perl 0.64-2+b1 ii libcapture-tiny-perl0.48-2 ii libclass-xsaccessor-perl1.19-4+b1 ii libclone-perl 0.46-1 ii libconfig-tiny-perl 2.28-2 ii libconst-fast-perl 0.014-2 ii libcpanel-json-xs-perl 4.35-1 ii libdata-dpath-perl 0.58-2 ii libdata-validate-domain-perl0.10-1.1 ii libdata-validate-uri-perl 0.07-2 ii libdevel-size-perl 0.83-2+b1 pn libdigest-sha-perl ii libdpkg-perl1.21.21 ii libemail-address-xs-perl1.05-1+b1 ii libfile-basedir-perl0.09-2 ii libfile-find-rule-perl 0.34-3 ii libfont-ttf-perl1.06-2 ii libhtml-html5-entities-perl 0.004-3 ii libhtml-tokeparser-simple-perl 3.16-4 ii libio-interactive-perl 1.023-2 ii libipc-run3-perl0.048-3 ii libjson-maybexs-perl1.004004-1 ii liblist-compare-perl0.55-2 ii liblist-someutils-perl 0.59-1 ii liblist-utilsby-perl0.12-2 ii libmldbm-perl 2.05-4 ii libmoo-perl 2.005005-1 ii libmoox-aliases-perl0.001006-2 ii libnamespace-clean-perl 0.27-2 ii libpath-tiny-perl 0.144-1 ii libperlio-gzip-perl 0.20-1+b1 ii libperlio-utf8-strict-perl 0.010-1 ii libproc-processtable-perl 0.634-1+b2 ii libregexp-wildcards-perl1.05-3 ii libsereal-decoder-perl 5.003+ds-1 ii libsereal-encoder-perl 5.003+ds-1 ii libsort-versions-perl 1.62-3 ii libsyntax-keyword-try-perl 0.28-1 ii libterm-readkey-perl2.38-2+b1 ii libtext-levenshteinxs-perl 0.03-5+b1 ii libtext-markdown-discount-perl 0.16-1 ii libtext-xslate-perl 3.5.9-1+b2 ii libtime-duration-perl 1.21-2 ii libtime-moment-perl 0.44-2+b1 ii libtimedate-perl2.3300-2 ii libunicode-utf8-perl0.62-2 ii liburi-perl 5.17-1 ii libwww-mechanize-perl 2.16-1 ii libwww-perl 6.68-1 ii libxml-libxml-perl 2.0207+dfsg+really+2.0134-1+b1 ii libyaml-libyaml-perl0.86+ds-1 ii lzop1.04-2 ii man-db 2.11.2-2 ii patchutils 0.4.2-1 ii perl [libencode-perl] 5.36.0-7 ii plzip [lzip-decompressor] 1.10-5 ii t1utils 1.41-4 ii unzip 6.0-28 ii xz-utils5.4.1-0.2 lintian recommends no packages. Versions of packages lintian suggests: pn binutils-multiarch pn libtext-template-perl -- no debconf information
Bug#1034664: unblock: node-xml2js/0.4.23+~cs15.4.0+dfsg-5
Control: tags -1 moreinfo On 2023-04-21 11:16:32 +0400, Yadd wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: node-xml...@packages.debian.org > Control: affects -1 + src:node-xml2js > > Please unblock package node-xml2js This upload is causing autopkgtest regressions: node-xml2js (0.4.23+~cs15.4.0+dfsg-4 to 0.4.23+~cs15.4.0+dfsg-5) Maintainer: Debian Javascript Maintainers Migration status for node-xml2js (0.4.23+~cs15.4.0+dfsg-4 to 0.4.23+~cs15.4.0+dfsg-5): BLOCKED: Rejected/violates migration policy/introduces a regression Issues preventing migration: ∙ ∙ autopkgtest for node-node-rest-client/3.1.1-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armel: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), s390x: Regression ♻ (reference ♻) ∙ ∙ autopkgtest for node-xml2js/0.4.23+~cs15.4.0+dfsg-5: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, s390x: Pass ∙ ∙ blocked by freeze: is a key package (Follow the freeze policy when applying for an unblock) ∙ ∙ Too young, only 1 of 20 days old Additional info: ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/n/node-xml2js.html Please let us know once htey have been fixed. Cheers > > [ Reason ] > node-xml2js version 0.4.23 allows an external attacker to edit or add new > properties to an object (#1034148, CVE-2023-0842) > > [ Impact ] > Medium security issue > > [ Tests ] > Test updates, passed > > [ Risks ] > Low risk, patch is trivial and tested > > [ Checklist ] > [X] all changes are documented in the d/changelog > [X] I reviewed all changes and I approve them > [X] attach debdiff against the package in testing > > Cheers, > Yadd > > unblock node-xml2js/0.4.23+~cs15.4.0+dfsg-5 > diff --git a/debian/changelog b/debian/changelog > index 98492d7..9d9dac7 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,12 @@ > +node-xml2js (0.4.23+~cs15.4.0+dfsg-5) unstable; urgency=medium > + > + * Team upload > + * Update standards version to 4.6.2, no changes needed. > + * Update nodejs dependency to nodejs:any > + * Add patch to prevent prototype pollution (Closes: #1034148, > CVE-2023-0842) > + > + -- Yadd Fri, 21 Apr 2023 11:11:13 +0400 > + > node-xml2js (0.4.23+~cs15.4.0+dfsg-4) unstable; urgency=medium > >* Team upload > diff --git a/debian/control b/debian/control > index dc4d6d0..406a88d 100644 > --- a/debian/control > +++ b/debian/control > @@ -10,7 +10,7 @@ Build-Depends: > , node-sax > , dh-sequence-nodejs > , node-diff > -Standards-Version: 4.6.1 > +Standards-Version: 4.6.2 > Vcs-Browser: https://salsa.debian.org/js-team/node-xml2js > Vcs-Git: https://salsa.debian.org/js-team/node-xml2js.git > Homepage: https://github.com/Leonidas-from-XIV/node-xml2js > @@ -21,8 +21,8 @@ Architecture: all > Depends: > ${misc:Depends} > , node-sax > - , nodejs > , node-diff > + , nodejs:any > Provides: ${nodejs:Provides} > Description: simple XML to JavaScript object converter - Node.js module > xml2js parses XML using node-sax and converts it to a plain JavaScript > diff --git a/debian/patches/CVE-2023-0842.patch > b/debian/patches/CVE-2023-0842.patch > new file mode 100644 > index 000..3d80ed9 > --- /dev/null > +++ b/debian/patches/CVE-2023-0842.patch > @@ -0,0 +1,103 @@ > +Description: use Object.create(null) to create all parsed objects > + (prevent prototype replacement) > +Author: James Crosby > +Origin: upstream, commit:581b19a6 > +Bug: https://github.com/advisories/GHSA-776f-qx25-q3cc > +Bug-Debian: https://bugs.debian.org/1034148 > +Forwarded: not-needed > +Applied-Upstream: 0.5.0, commit:581b19a6 > +Reviewed-By: Yadd > +Last-Update: 2023-04-21 > + > +--- a/src/parser.coffee > b/src/parser.coffee > +@@ -103,12 +103,12 @@ > + charkey = @options.charkey > + > + @saxParser.onopentag = (node) => > +- obj = {} > ++ obj = Object.create(null) > + obj[charkey] = "" > + unless @options.ignoreAttrs > + for own key of node.attributes > + if attrkey not of obj and not @options.mergeAttrs > +-obj[attrkey] = {} > ++obj[attrkey] = Object.create(null) > + newValue = if @options.attrValueProcessors then > processItem(@options.attrValueProcessors, node.attributes[key], key) else > node.attributes[key] > + processedKey = if @options.attrNameProcessors then > processItem(@options.attrNameProcessors, key) else key > + if @options.mergeAttrs > +@@ -161,7 +161,7 @@ > + # put children into property and unfold chars if necessary > + if @options.explicitChildren and not @options.mergeAttrs and typeof > obj is 'object' > + if not @options.preserveChildrenOrder > +- node = {} > ++ node
Bug#1034691: nmu: why3_1.5.1-1+b1 frama-c_20220511-manganese-3-10
Control: tags -1 moreinfo Hi Jochen On 2023-04-21 21:35:21 +0200, Jochen Sprickerhof wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: binnmu > X-Debbugs-Cc: w...@packages.debian.org > Control: affects -1 + src:why3 src:frama-c > > Hi release team, > > can you please binNMU why3 to pick up the new ABI: > > nmu why3_1.5.1-1+b1 . ANY . unstable . -m "Rebuild with new OCaml ABI" > > And afterwards frama-c needs a rebuild against the new why3: > > nmu frama-c_20220511-manganese-3-10 . ANY . unstable . -m "Rebuild with new > OCaml ABI (Closes: #1033701)" why3 installs perfectly fine in both bookworm and unstable. Why is this needed? We are past the point of doing transitions (especially uncoordinated ones). Cheers -- Sebastian Ramacher
Bug#1034707: unblock: qbittorrent/4.5.2-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: qbittorr...@packages.debian.org Control: affects -1 + src:qbittorrent Please unblock package qbittorrent-nox Move service file from /usr/lib/systemd/system to /lib/systemd/system Closes: #1034217 and #1034678 nug introduced in -2 [ Reason ] (From the bug report) Service file in /usr/lib/systemd/system may not start. [ Impact ] Service might not be enabled at boot and/or started as expected. [ Tests ] Manual tests. No issue. [ Risks ] Nothing. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] No. , | diff -Nru qbittorrent-4.5.2/debian/changelog qbittorrent-4.5.2/debian/changelog | --- qbittorrent-4.5.2/debian/changelog2023-02-28 08:17:38.0 +0100 | +++ qbittorrent-4.5.2/debian/changelog2023-04-21 23:56:17.0 +0200 | @@ -1,3 +1,16 @@ | +qbittorrent (4.5.2-3) unstable; urgency=medium | + | + * Really install service file in /lib/systemd/system (Closes: #1034678) | + | + -- Christian Marillat Fri, 21 Apr 2023 23:56:17 +0200 | + | +qbittorrent (4.5.2-2) unstable; urgency=medium | + | + * Move systemd file to /lib/systemd/system (was /usr/lib/systemd/system) | +(Closes: #1034217) | + | + -- Christian Marillat Fri, 21 Apr 2023 08:29:03 +0200 | + | qbittorrent (4.5.2-1) unstable; urgency=medium | |* New upstream release. | diff -Nru qbittorrent-4.5.2/debian/rules qbittorrent-4.5.2/debian/rules | --- qbittorrent-4.5.2/debian/rules2022-08-23 17:48:59.0 +0200 | +++ qbittorrent-4.5.2/debian/rules2023-04-21 23:52:48.0 +0200 | @@ -27,6 +27,11 @@ | dh_auto_install --builddirectory build-gui --destdir debian/qbittorrent \ | -- INSTALL_ROOT=$(CURDIR)/debian/qbittorrent | | +execute_after_dh_auto_install: | + dh_installdirs -pqbittorrent-nox lib/systemd/system | + mv debian/qbittorrent-nox/usr/lib/systemd/system debian/qbittorrent-nox/lib/systemd/ | + rm -rf debian/qbittorrent-nox/usr/lib | + | override_dh_installsystemduser: | dh_installsystemduser -pqbittorrent-nox --no-enable ` unblock qbittorrent/4.5.2-3
Bug#1034706: [INTL:es] Spanish translation of the debconf template
Package: debian-edu-router Severity: wishlist Tags: patch l10n Hello, You can find enclosed the Spanish translation template to be uploaded with the latest package build. Cheers, -- Camaleón# debian-edu-router po-debconf translation to Spanish # Copyright (C) 2023 debian-edu-router # This file is distributed under the same license as the debian-edu-router package. # Camaleón , 2023. # msgid "" msgstr "" "Project-Id-Version: debian-edu-router\n" "Report-Msgid-Bugs-To: debian-edu-rou...@packages.debian.org\n" "POT-Creation-Date: 2023-02-17 17:38+0100\n" "PO-Revision-Date: 2023-04-22 10:36+0200\n" "Last-Translator: Camaleón \n" "Language-Team: Debian Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Poedit 2.4.2\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: boolean #. Description #. Type: boolean #. Description #: ../debian-edu-router-config.templates:2001 #: ../debian-edu-router-config.templates:3001 msgid "Do you want to skip Debian Edu Router networking configuration?" msgstr "¿Desea omitir la configuración de red de Debian Edu Router?" #. Type: boolean #. Description #: ../debian-edu-router-config.templates:2001 msgid "" "ERROR: Not enough usable network interfaces available for setting up the " "router!" msgstr "" "ERROR: No hay suficientes interfaces de red disponibles que se puedan " "utilizar para configurar el enrutador." #. Type: boolean #. Description #: ../debian-edu-router-config.templates:3001 msgid "" "ERROR: Not enough unconfigured network interfaces available for setting up " "the router!" msgstr "" "ERROR: No hay suficientes interfaces de red sin configurar que se encuentren " "disponibles para configurar el enrutador." #. Type: boolean #. Description #: ../debian-edu-router-config.templates:3001 msgid "" "The following interfaces were found already configured in files not managed " "by Debian Edu Router:" msgstr "" "Se han encontrado las siguientes interfaces de red ya configuradas en " "archivos no gestionados por Debian Edu Router:" #. Type: boolean #. Description #: ../debian-edu-router-config.templates:3001 msgid "${non_d_e_r_ifaces}" msgstr "${non_d_e_r_ifaces}" #. Type: boolean #. Description #: ../debian-edu-router-config.templates:3001 msgid "Please consider unconfiguring these interfaces and re-try again." msgstr "Considere desconfigurar estas interfaces de red y vuelva a intentarlo." #. Type: error #. Description #: ../debian-edu-router-config.templates:4001 msgid "Please plug a cable into the 'Uplink' interface." msgstr "Conecte un cable en la interfaz de enlace ascendente («uplink»)." #. Type: error #. Description #: ../debian-edu-router-config.templates:4001 msgid "" "NOTE: For the requested step-by-step setup, please start with all network " "cables disconnected except for the external 'Uplink' interface." msgstr "" "NOTA: Para proceder con la configuración paso a paso, inicie con todos los " "cables de red desconectados excepto el de la interfaz externa de enlace " "ascendente («uplink»)." #. Type: error #. Description #: ../debian-edu-router-config.templates:4001 msgid "" "You have ${num_tries} try left to unplug all network cables (except " "'Uplink') until the step-by-step setup will be aborted." msgstr "" "Dispone de ${num_tries} intentos más para desconectar todos los cables de " "red (excepto el de la interfaz de enlace ascendente) antes de que se aborte " "la configuración paso a paso." #. Type: error #. Description #: ../debian-edu-router-config.templates:5001 msgid "Network cables still plugged in or no 'Uplink' interface" msgstr "" "Todavía hay cables de red conectados o la interfaz de enlace ascendente " "(«uplink») no está disponible." #. Type: error #. Description #: ../debian-edu-router-config.templates:5001 msgid "" "ERROR: The networking cables were not unplugged and/or an 'Uplink' interface " "could not be determined. Please try again." msgstr "" "ERROR: No se han desconectado los cables de red y/o no se ha podido " "determinar la interfaz de enlace ascendente («uplink»). Vuelva a intentarlo." #. Type: select #. Choices #: ../debian-edu-router-config.templates:6001 msgid "Yes" msgstr "Sí" #. Type: select #. Choices #: ../debian-edu-router-config.templates:6001 msgid "Abort" msgstr "Abortar" #. Type: select #. Description #: ../debian-edu-router-config.templates:6002 msgid "Do you want to enable IP packet forwarding?" msgstr "¿Desea activar el reenvío de paquetes IP?" #. Type: select #. Description #: ../debian-edu-router-config.templates:6002 msgid "" "The routing part of 'Debian Edu Router' requires IP packets to be forwarded " "back and forth between network interfaces by the kernel. This is mandatory " "and without it the router simply won't work. If you select 'Abort' this " "package will be left unconfigured. To undo its half-installed state, remove/" "purge it again." msgstr "" "La configuración del enrutado de «Debian Edu
Bug#1034705: RFP: newsboat -- text mode rss feed reader with podcast support
Package: newsboat Severity: wishlist Will the maintainer(s) kindly provide a newer version of this package for Debian Sid? Checking upstream, I can see that the latest stable build is 2.30.1 (released on December 30, 2022), whereas the Debian Sid version is 2.21 (released on September 20, 2020). I think it's time this package got updated. Thank you. Upstream: https://github.com/newsboat/newsboat
Bug#1029976: bullseye-pu: libzen/0.4.38-1+deb11u1
On 19.04.23 19:00, Adam D. Barratt wrote: This got missed for a while due to the typoed suite tag (since fixed). Oh, thanks for still finding it. I totally forgot this ... Please go ahead. ... and uploaded. Thorsten
Bug#1026265: profile-sync-daemon: Please package new upstream release (6.48+)
On Fri, 31 Mar 2023 20:48:24 -0300 ng wrote: Is this package orphaned? Now it is. You may QA upload a new version after the bookworm release.
Bug#1034629: pdf-presenter-console: pdfpc terminates with symbol lookup error
Hi Robert, I was not able to reproduce this in an up to date testing VM. Steps I tried: $ debvm-create --size=10G -r testing -- --include=task-gnome-desktop --aptopt='Apt::Install-Recommends "true"' --include=linux-image-amd64 --hook-dir=/usr/share/mmdebstrap/hooks/useradd $ debvm-run -g -- -m 4G in the running VM: $ sudo apt install pdf-presenter-console $ wget https://www.debian.org/doc/manuals/packaging-tutorial/packaging-tutorial $ pdfpc packaging-tutorial Can you check that your system is fine by running: $ sudo dpkg --verify Also send the output of $ ldd /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37 In case there is an old library somewhere in the path. Cheers Jochen * Robert Jäschke [2023-04-20 09:57]: Package: pdf-presenter-console Version: 4.6.0-1 Severity: grave Justification: renders package unusable X-Debbugs-Cc: jaesc...@l3s.de Dear Maintainer, When starting pdfpc it immediately dies with the following error message: pdfpc slides.pdf pdfpc: symbol lookup error: /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37: undefined symbol: gst_transcoder_get_sync_signal_adapter -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (500, 'testing'), (50, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-7-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pdf-presenter-console depends on: ii libc6 2.36-9 ii libcairo2 1.16.0-7 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libgee-0.8-20.20.6-1 ii libglib2.0-02.74.6-2 ii libgstreamer-plugins-base1.0-0 1.22.0-3 ii libgstreamer1.0-0 1.22.0-2 ii libgtk-3-0 3.24.37-2 ii libjson-glib-1.0-0 1.6.6-1 ii libmarkdown22.2.7-2 ii libpango-1.0-0 1.50.12+ds-1 ii libpangocairo-1.0-0 1.50.12+ds-1 ii libpoppler-glib822.12.0-2+b1 ii libqrencode44.1.1-1 ii libsoup2.4-12.74.3-1 ii libwebkit2gtk-4.0-372.40.0-3 ii libx11-62:1.8.4-2 Versions of packages pdf-presenter-console recommends: ii gstreamer1.0-gtk3 1.22.0-5 pdf-presenter-console suggests no packages. -- no debconf information signature.asc Description: PGP signature
Bug#1032366: bts --smtp-host=reportbug.d.o fails with "certificate verify failed"
On Sun, 5 Mar 2023 09:01:22 +0100 Gioele Barabucci wrote: bts is currently unable to file bug reports via reportbug.debian.org: $ bts --smtp-host=reportbug.debian.org retitle 1234 "foobar" bts: failed to open SMTP connection to reportbug.debian.org (SSL connect attempt failed error:0A86:SSL routines::certificate verify failed) A workaround suggested by Unit193 on #debian-devel is reverting https://github.com/noxxi/p5-io-socket-ssl/commit/c0a063b70f0a#diff-d1cdb9f512f51b16007345ca2037a640735689038dd631b9c79cd8d953334309 i.e. removing the branch } elsif ( ! $vcn_scheme && $host =~m{^[\d.]+$|:} ) { # don't try to verify IP by default return $ok; from IO/Socket/SSL.pm -- Gioele Barabucci