Bug#927950: ITA mini-httpd

[Alexandru Mihail]

retitle 927950 ITA: mini-httpd -- Small HTTP server

Hi, I would like to adopt the mini-httpd deb project.

If at all of interest, I am already a member of the DebianWiki team:
https://wiki.debian.org/AlexandruMihail

Regards,

Alexandru

Bug#1036523: should not enable non-free-firmware on virtualized systems

[Cyril Brulebois]

Control: retitle -1 should not install CPU microcode on virtualized systems

Cyril Brulebois  (2023-05-22):
> For the record: non-free-firmware can be enabled because (1) the kernel logs
> firmware requests, (2) available hardware matches modalias information, (3)
> CPU matches one with microcode.
> 
> (1) and (2) definitely make sense in a virtualized system as well: you can
> have whatever passthrough configuration to access hardware from the host,
> e.g. some USB Wi-Fi adapter (that's how I've tested many changes before
> switching to baremetal for final tests).
> 
> I'm willing to consider tweaking (3), making it conditional.

Also updating title to match what this bug report is really about.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036523: should not enable non-free-firmware on virtualized systems

[Cyril Brulebois]

Cyril Brulebois  (2023-05-22):
> I'm willing to consider tweaking (3), making it conditional.

[…]

> Since it's filed at severity normal I think I'll stick to my initial
> assessment which was: adjust hw-detect during the Trixie release cycle,
> and consider cherry-picks for Bookworm, once we get a better picture.

Given the first follow-up to #1036589, I'm even more convinced trying to
rush something for 12.0 would be a bad idea.

Having an extra component enabled and an extra package installed in some
environments doesn't really justify trying to get an immediate fix,
which could jeopardize all other installation scenarios.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036589: hw-detect: Investigate expanding virtualization detection

[Cyril Brulebois]

Cyril Brulebois  (2023-05-23):
> This means a few additions compared to our detect_virt_dmi_entry()
> function. That being said, we're talking about a finish-install script,
> which tries to run systemd-detect-virt inside target, which is part of
> systemd. So in the general case, we shouldn't have to rely on our
> fallback…

Except I lost track of the reason why I was looking at this in the first
place: #1036523.

CPU microcode support is implemented via two steps:
 - detect whether installing is needed based on CPU information, queue
   installation and enable non-free-firmware accordingly (so that it
   can be picked up via apt-setup, so that we can install the queued
   package and its dependencies — see iucode stuff, we aren't talking
   about self-contained firmware packages here);
 - install the package via finish-install.

The finish-install script knows about virtualization so could skip the
queued installation, but in case there were no other reasons to enable
non-free-firmware, we would have still have that component active…

If we were to move virtualization code to some “shell library” that
could be used from both call sites, the former would be less likely (but
I didn't check at the moment) to have the relevant systemd bits in place
so the fallback mapping might be important.

Also, the current implementation mounts and unmounts some filesystems,
so this could have some side effects if we were to use that in the first
call site as well.

All of this reinforces my initial assessment: it seems safest to
investigate this once the trixie release cycle opens, then consider
backports via a point release if relevant.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036098: autopkgtests fail when testbed has running dns server

[Shengjing Zhu]

On Sun, May 21, 2023 at 1:20 AM Martin-Éric Racine
 wrote:
>
> On Mon, May 15, 2023 at 4:25 PM Shengjing Zhu  wrote:
> >
> > On Mon, May 15, 2023 at 8:55 PM Martin-Éric Racine
> >  wrote:
> > > However, doing this one week away from Debian's final freeze is the
> > > entirely wrong approach. This should have been done at least 2 months
> > > ago, before the soft freeze started.
> >
> > I'm aware of the timeline. Thus I filed with normal severity that
> > doesn't need to be fixed for Bookworm. And important for issue
> > relevant for Bookworm.
> > Debian doesn't run these autopkgtest at all, since the debci infra
> > doesn't support isolation-machine.
>
> I merged your change to the dnsmasq configuration. For some reason, it
> makes 'piuparts' fail in the Salsa pipeline.

The pipeline failure is not related. It's because apt no longer
depends adduser. I know it's been discussed elsewhere, but I can't
remember (maybe on IRC). Somebody is working on it, I think the plan
is to mark adduser essential.
You could just re-trigger the pipeline for your old commit to confirm.

-- 
Shengjing Zhu

Bug#1036589: hw-detect: Investigate expanding virtualization detection

[Cyril Brulebois]

Package: hw-detect

The hw-detect.finish-install.d/08hw-detect script was inspired by
systemd's detect_vm function, and that part was last touched in 2019.

There were many changes in systemd, and it might make sense to catch up.
Its dmi_vendor_table looks like this currently:

{ "KVM",  VIRTUALIZATION_KVM   }, 
{ "OpenStack",VIRTUALIZATION_KVM   }, /* Detect OpenStack 
instance as KVM in non x86 architecture */
{ "KubeVirt", VIRTUALIZATION_KVM   }, /* Detect KubeVirt 
instance as KVM in non x86 architecture */
{ "Amazon EC2",   VIRTUALIZATION_AMAZON},
{ "QEMU", VIRTUALIZATION_QEMU  }, 
{ "VMware",   VIRTUALIZATION_VMWARE}, /* 
https://kb.vmware.com/s/article/1009458 */
{ "VMW",  VIRTUALIZATION_VMWARE},
{ "innotek GmbH", VIRTUALIZATION_ORACLE},
{ "VirtualBox",   VIRTUALIZATION_ORACLE},
{ "Xen",  VIRTUALIZATION_XEN   },
{ "Bochs",VIRTUALIZATION_BOCHS },
{ "Parallels",VIRTUALIZATION_PARALLELS }, /* 
https://wiki.freebsd.org/bhyve */
{ "BHYVE",VIRTUALIZATION_BHYVE },
{ "Hyper-V",  VIRTUALIZATION_MICROSOFT },
{ "Apple Virtualization", VIRTUALIZATION_APPLE },

This means a few additions compared to our detect_virt_dmi_entry()
function. That being said, we're talking about a finish-install script,
which tries to run systemd-detect-virt inside target, which is part of
systemd. So in the general case, we shouldn't have to rely on our
fallback…

Filing at normal severity accordingly.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant

Bug#1035710: unblock: doc-debian/11.3

[Joost van Baal-Ilić]

On Sat, May 20, 2023 at 04:21:47PM +0200, Sebastian Ramacher wrote:
 
> On 2023-05-14 06:47:18 +0200, Joost van Baal-Ilić wrote:
> > reopen 1035710
> > retitle 1035710 unblock: doc-debian/11.3
> > thanks
> > 
> > Please unblock package doc-debian
> > 
> > [ Reason ]
> > The doc-debian package claims to ship the Constitution for the Debian 
> > Project,
> > the Debian Social Contract and other Debian documents.  The versions of 
> > those
> > documents are obsolete [obsolete], which makes the package as now in testing
> > very buggy.

> > 
> > unblock doc-debian/11.3
> 
> Please go ahead with the upload to unstable. Remove the moreinfo tag
> once the package is available.

Thank you.  Unfortunately I don't think I'll make it before the deadline / in
the next couple of hours, real life currently doesn't allow me that.

If anybody else has time to take a shot at it: here's the current issue's: I
made a mistake in the upload to experimental: it says 'experimental' in the top
of debian/changelog; should probably be 'unstable'.  And the last commit on
salsa is misguided.

If nobody steps up I can probably prepare an upload for the first bookworm
point release.

Bye,

Joost

-- 
irc: joostvb @ OFTC / libera.chat / ...

Bug#1036446: Please enable udhcpc6

[Luna Jernberg]

You can unsubscribe from this list on this website:
https://lists.debian.org/debian-bugs-dist/

On Mon, May 22, 2023 at 8:09 PM Keith Proctor  wrote:
>
> How do I get off this list?
>
> Regards,
> Keith
>
> On May 20, 2023, at 7:11 PM, Ben Hutchings  wrote:
>
> Package: udhcpc
> Version: 1:1.35.0-4+b2
> Severity: wishlist
> Tags: ipv6
>
> Busybox has a DHCPv6 client (udhcpc6) but this is not included
> in the Debian packages.
>
> Please enable CONFIG_UDHCPC6 and the dependent features.
>
> Ben.
>
> -- System Information:
> Debian Release: 12.0
>  APT prefers unstable-debug
>  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
> 'stable-security'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 
> 'stable'), (500, 'oldstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 6.1.0-7-amd64 (SMP w/12 CPU threads; PREEMPT)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not 
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages busybox depends on:
> ii  libc6  2.36-8
>
> busybox recommends no packages.
>
> busybox suggests no packages.
>
> -- debconf-show failed
>
>

Bug#1036573: grass-core: broken symlink: /usr/share/man/man1/x-grass.1.gz -> grass.1.gz

[Sebastiaan Couwenberg]

Control: tags -1 pending

On 5/23/23 01:13, Andreas Beckmann wrote:

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

0m55.9s ERROR: FAIL: Broken symlinks:
   /usr/share/man/man1/x-grass.1.gz -> grass.1.gz (grass-core)


The manpages seem to have moved to grass-doc, so the symlink should
follow. Also the target does no longer exist, but has likely been
renamed to grass.1grass.gz, so the symlink should probably follow.


Thanks for reporting this issue, it is fixed in git by symlinking to 
grass.1grass.gz.


Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#1036588: RFS: jnr-ffi/2.2.13-1 [Team] -- ava library for loading native libraries without writing JNI code

[sun min]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "jnr-ffi":

* Package name : jnr-ffi
   Version  : 2.2.13-1
   Upstream contact : [fill in name and email of upstream]
* URL  : https://github.com/jnr/jnr-ffi
* License  : Apache-2.0, Apache-2.0 or LGPL-3+
* Vcs  : https://salsa.debian.org/java-team/jnr-ffi
   Section  : java

The source builds the following binary packages:

  libjnr-ffi-java - Java library for loading native libraries without writing 
JNI code
  libjnr-ffi-java-doc - Documentation for libjnr-ffi-java

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/jnr-ffi/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/j/jnr-ffi/jnr-ffi_2.2.13-1.dsc

Changes since the last upload:

jnr-ffi (2.2.13-1) experimental; urgency=medium
.
   * Team upload.
   * New upstream release.
   * Upgrade Standards-Version to 4.6.2.

Regards,
--
  sun min


Best wishes,
--
sun min

Bug#1034041: Should firmware-amd-graphics be automatically installed?

[Cyril Brulebois]

Ferenc Wágner  (2023-05-22):
> Cyril Brulebois  writes:
> > Which installer did you use?
> 
> Its lsb-release says:
> 
> DISTRIB_ID=Debian
> DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
> DISTRIB_RELEASE="12 (bookworm) - installer build 20230401"
> X_INSTALLATION_MEDIUM=netboot
> 
> so it must have been bookworm RC 1.  The date was 22nd of April.  I
> started the kernel+initrd.gz from GRUB.

In other words you were also using netboot.

https://wiki.debian.org/DebianInstaller/NetbootFirmware should have
details about how to deal with firmware when netbooting. It's been there
since ~ forever, and has been updated for Bookworm.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036565: debian-installer-12-netboot-amd64: Installers needed b43 ucode16_mimo.fw, had to eth0 net install + manual firmware-b43-installer, MacBookPro5,5

[Cyril Brulebois]

Hi,

Fan Naibed  (2023-05-22):
> Package: debian-installer-12-netboot-amd64

> Tried to install with live installer on USB stick, plain installer on USB
> stick, then net installer on USB stick

None of those are relatd to debian-installer-12-netboot-amd64, which
ships files to boot the installer via PXE.

> Installers popped up error - wanted subject firmware to continue;
> putting downloaded (standard) firmware on a second USB stick also
> failed. Finally connected to ethernet over cable and installed with
> net installer on USB stick.
> 
> Needed firmware included with installers so install using WiFi would
> just work.

How would this work? firmware-b43-installer is just a downloader, so for
it to do anything, you need to have a working connection in the first
place. It's basically an empty shell, with its postinst doing the
downloading.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036587: samba: named crashes on DLZ zone update

[Steven Monai]

Package: samba
Version: 2:4.17.8+dfsg-1
Severity: important
X-Debbugs-Cc: stevem...@gmail.com

Dear Maintainer,

Using samba 4.17.8 with bind_dlz DNS backend. A new DC is joined to an 
existing domain with a single 4.17.8 DC.


When samba_dnsupdate runs on the newly joined DC, it causes the local 
named to abort with an assertion failure when adding the necessary DNS RRs.


This issue is potentially show-stopping for new Bookworm DCs, as it 
prevents the necessary DNS RRs (NS and SRV records) from being created.


There is a patch upstream for this issue, for both 4.18.latest and 
4.17.latest (see: https://bugzilla.samba.org/show_bug.cgi?id=14030 ).


Upstream says the patch is vetted (see: 
https://lists.samba.org/archive/samba/2023-May/245231.html ).


I hope this fix can make it into Bookworm!

Thanks for your time.

Cheers,
-S.M.
--


-- Package-specific info:
* /etc/samba/smb.conf present, but not attached
* /var/lib/samba/dhcp.conf not present

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages samba depends on:
ii  init-system-helpers  1.65.2
ii  libbsd0  0.11.7-2
ii  libc62.36-9
ii  libcups2 2.4.2-3
ii  libgnutls30  3.7.9-2
ii  libldap-2.5-02.5.13+dfsg-5
ii  libldb2  2:2.6.2+samba4.17.8+dfsg-1
ii  libpam-modules   1.5.2-6
ii  libpam-runtime   1.5.2-6
ii  libpopt0 1.19+dfsg-1
ii  libtalloc2   2.4.0-f2
ii  libtasn1-6   4.19.0-2
ii  libtdb1  1.4.8-2
ii  libtevent0   0.14.1-1
ii  passwd   1:4.13+dfsg1-1+b1
ii  procps   2:4.0.2-3
ii  python3  3.11.2-1+b1
ii  python3-dnspython2.3.0-1
ii  python3-samba2:4.17.8+dfsg-1
ii  samba-common 2:4.17.8+dfsg-1
ii  samba-common-bin 2:4.17.8+dfsg-1
ii  samba-libs   2:4.17.8+dfsg-1
ii  tdb-tools1.4.8-2

Versions of packages samba recommends:
ii  attr1:2.5.1-4
ii  logrotate   3.21.0-1
ii  python3-markdown3.4.1-2
ii  samba-ad-provision  2:4.17.8+dfsg-1
ii  samba-dsdb-modules  2:4.17.8+dfsg-1
ii  samba-vfs-modules   2:4.17.8+dfsg-1

Versions of packages samba suggests:
ii  bind9 1:9.18.12-1
ii  bind9-utils [bind9utils]  1:9.18.12-1
ii  chrony4.3-2+deb12u1
pn  ctdb  
ii  ldb-tools 2:2.6.2+samba4.17.8+dfsg-1
pn  ufw   
ii  winbind   2:4.17.8+dfsg-1

-- no debconf information

Bug#1035949: mariadb: upgrade issue: mariadb-server-10.5 fails to stop after all other -10.5 packages were removed

[Otto Kekäläinen]

I am experimenting the suggestion in
https://salsa.debian.org/otto/mariadb-server/-/commits/bugfix/1035949-upgrade-removes-client

Bug#1035986: Built without GLESv2 support causing errors on machines only supporting GLES

[Lisandro Damián Nicanor Pérez Meyer]

Hi Erik!

On Fri, 12 May 2023 at 05:51, Erik Inkinen  wrote:
>
> Package: qt6-base
> Severity: normal
>
> Qt5 packages had separate GLES versions packaged in Debian, but on Qt6
> the rendering backend was revamped by Qt so that the same binaries can
> support desktop GL and GLES.
>
> For some reason, the current Debian packaging does not include libGLES
> development headers in Build-Depends. When configuring the build, Qt
> will not be able to enable GLESv2 support. These packages then cannot be
> used to render anything on devices that do not support desktop GL, but
> have GLES support.
>
> I have confirmed that building with GLES packages indeed fixes the errors.

This is an interesting bug, thanks! Sadly it is too late in the
release process to tackle it, but I'll fix it after bookworm's release
and hopefully do a stable update.

Bug#1036586: pipewire-pulse: Music garbled, faint, and generally unusable when switching from pulseaudio to pipewire-pulse

[Nathanael Nerode]

Package: pipewire-pulse
Severity: important
X-Debbugs-Cc: ncn_flos...@fastmail.fm

Dear Maintainer,

   * What led up to the situation?
Switching from pulseaudio daemon to pipewire-pulse
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Switching from pulseaudio daemon to pipewire-pulse
   * What was the outcome of this action?
Music, using Audacious or anything else, breaks.  It's garbled and faint.  
Doesn't matter whether I use the "pulseaudio"
backend in audacious (now feeding through pipewire) or the direct "Pipewire" 
backend.
   * What outcome did you expect instead?
Music keeps sounding normal

Music sounds fine if I uninstall pipewire-pulse and reinstall pulseaudio. 
(Which I did before filing this bug.)

This is pretty weird.  It renders pipewire unusable for me.  I've never had a 
previous sound system change break
catastrophically like this, so it seems like there's some really serious 
problem in pipewire.


-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-security'), (500, 'unstable')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pipewire-pulse depends on:
ii  init-system-helpers  1.65.2
pn  pipewire 

Versions of packages pipewire-pulse recommends:
pn  wireplumber | pipewire-media-session-pulseaudio  

Versions of packages pipewire-pulse suggests:
pn  libspa-0.2-bluetooth  
ii  pulseaudio-utils  16.1+dfsg1-2+b1

Bug#1034457: libqt5quick5: Qt segfault on amd64

[Lisandro Damian Nicanor Perez Meyer]

tag 1034457 unreproducible moreinfo
thanks

Hi!

On sábado, 15 de abril de 2023 18:51:18 -03 Julian Groß wrote:
> Package: libqt5quick5
> Version: 5.15.8+dfsg-3
> Severity: normal
> 
> Dear Maintainer,
> 
> we ran into what appears to be a segmentation fault in Qt.
> One of the last places it runs into is QQuickOpenGLShaderEffectCommon which
> is why I am reporting it towards this package.

Well, when you have a crash you are supposed to file a bug against the 
application that triggers the segfault. If this is the case, then please close 
this bug (or just reply asking us to do it) and then file a new bug to the 
application itself, so all the relevant metadata is there.

If the application that triggers the bug is not in Debian then you must add a 
complete small example code to trigger the bug.

Thanks, Lisandro.

signature.asc
Description: This is a digitally signed message part.

Bug#1036585: pdffonts: does not recognise fonts as subset

[Thorsten Glaser]

Package: poppler-utils
Version: 20.09.0-3.1+deb11u1
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
Control: found -1 22.12.0-2+b1

The attached PDF contains subset fonts not recognised as subset:

$ pdffonts x.pdf
name type  encoding emb sub 
uni object ID
 -  --- --- 
--- -
Gentium  CID TrueType  Identity-H   yes no  
yes  7  0
Gentium-Italic   CID TrueType  Identity-H   yes no  
yes  8  0
MScore   CID TrueType  Identity-H   yes no  
yes  9  0
FreeSerifCID TrueType  Identity-H   yes no  
yes 10  0
FreeSerifBoldCID TrueType  Identity-H   yes no  
yes 11  0
Inconsolatazi4varl_qu-RegularCID TrueType  Identity-H   yes no  
yes 12  0
NotoSansSymbols-Regular  CID TrueType  Identity-H   yes no  
yes 13  0

(same output for stable and unstable)

Qt5, which generated this PDF, has subset them, but in a devious way:
the top-level fonts are type0 collections, and their descendant fonts
only are subset.

ps2pdf fixes this up, of course, its output then is properly recognised
as subset, but not the original Qt5 output


-- System Information:
Debian Release: 11.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-23-amd64 (SMP w/2 CPU threads)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages poppler-utils depends on:
ii  libc6  2.31-13+deb11u6
ii  libcairo2  1.16.0-5
ii  libfreetype6   2.10.4+dfsg-1+deb11u1
ii  liblcms2-2 2.12~rc1-2
ii  libpoppler102  20.09.0-3.1+deb11u1
ii  libstdc++6 10.2.1-6

poppler-utils recommends no packages.

poppler-utils suggests no packages.

-- no debconf information


x.pdf
Description: Adobe PDF document

Bug#1036584: libopenjpip-viewer: broken symlink: /usr/bin/opj_jpip_viewer -> ../share/opj_jpip_viewer/opj_jpip_viewer.jar

[Andreas Beckmann]

Package: libopenjpip-viewer
Version: 2.5.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

0m17.6s ERROR: WARN: Broken symlinks:
  /usr/bin/opj_jpip_viewer -> ../share/opj_jpip_viewer/opj_jpip_viewer.jar 
(libopenjpip-viewer)


The targeted .jar file seems to be no longer shipped by any package in
sid.


cheers,

Andreas

Bug#1036583: lutris: Lutris 0.5.12 incompatible with VKD3D 2.9

[Dan Dennison]

Package: lutris
Version: 0.5.12-1
Severity: normal
X-Debbugs-Cc: d...@thedennisons.org

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation? Debian Lutris incompatible with VKD3D 2.9
   * What exactly did you do (or not do) that was effective (or
 ineffective)? Rolling WoW back to VKD3D 2.8 enables DXR once again
   * What was the outcome of this action? Works around the problem
   * What outcome did you expect instead? VKD3D 2.9 would just work with Lutris

Upgrading this package to 0.5.13 should resolve the incompatibility with VKD3D
2.9


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lutris depends on:
ii  cabextract1.9-3
ii  curl  7.88.1-10
ii  fluid-soundfont-gs3.1-5.3
ii  gir1.2-gtk-3.03.24.37-2
ii  gir1.2-webkit2-4.12.40.1-1
ii  mesa-utils8.5.0-1
ii  p7zip 16.02+dfsg-8
ii  psmisc23.6-1
ii  python3   3.11.2-1+b1
ii  python3-dbus  1.3.2-4+b1
ii  python3-distro1.8.0-1
ii  python3-gi3.42.2-3+b1
ii  python3-lxml  4.9.2-1+b1
ii  python3-magic 2:0.4.26-3
ii  python3-pil   9.4.0-1.1+b1
ii  python3-requests  2.28.1+dfsg-1
ii  python3-setproctitle  1.3.1-1+b2
ii  python3-yaml  6.0-3+b2
ii  unzip 6.0-28
ii  x11-xserver-utils 7.7+9+b1

Versions of packages lutris recommends:
ii  gvfs-backends1.50.3-1
pn  libwine-development  
ii  python3-evdev1.6.1+dfsg-1+b2
ii  winetricks   20230212-2

Versions of packages lutris suggests:
pn  gamemode   
pn  gamescope  

-- no debconf information

Bug#1036582: node-shelljs: broken symlink: /usr/bin/shjs -> ../lib/nodejs/shelljs/bin/shjs

[Andreas Beckmann]

Package: node-shelljs
Version: 0.8.5+~cs0.8.10-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

0m22.0s ERROR: WARN: Broken symlinks:
  /usr/bin/shjs -> ../lib/nodejs/shelljs/bin/shjs (node-shelljs)

The target seems to reside in /usr/share/nodejs instead of
/usr/lib/nodejs.


cheers,

Andreas

Bug#1036581: occt-draw: broken symlink: /usr/bin/occt-draw -> occt-draw-7.5

[Andreas Beckmann]

Package: occt-draw
Version: 7.6.3+dfsg1-6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

0m27.2s ERROR: WARN: Broken symlinks:
  /usr/bin/occt-draw -> occt-draw-7.5 (occt-draw)

Looks like a hardcoded obsolete version in the target.


cheers,

Andreas

Bug#1036147: iptables-persistent: ship drop-ins in /lib/ and use aliases instead of alternatives

[Luca Boccassi]

On Tue, 23 May 2023 at 01:28, Luca Boccassi  wrote:
>
> On Tue, 23 May 2023 at 01:25, gustavo panizzo  wrote:
> >
> > On Tue, May 23, 2023 at 12:44:22AM +0100, Luca Boccassi wrote:
> > >On Tue, 23 May 2023 at 00:41, gustavo panizzo  wrote:
> > >>
> > >>
> > >>
> > >> > Sure, no problem - but I don't see any changes in Salsa though?
> > >> >
> > >> > https://salsa.debian.org/debian/iptables-persistent/activity
> > >> >
> > >> > Kind regards,
> > >> > Luca Boccassi
> > >>
> > >> just pushed
> > >
> > >Was adding the Pre-Depends in the Source stanza intentional?
> > >
> > >dpkg-source: warning: unknown information field 'Pre-Depends' in input
> > >data in general section of control info file
> > >
> > >https://salsa.debian.org/debian/iptables-persistent/-/commit/06509faf5e0629a07ba4f1462683d5d4bfe6234f
> >
> >
> > yes, it was required to use maintscript files
> >
> > https://man.cx/dpkg-maintscript-helper#heading8
>
> Right but it would need to go in a package stanza, it doesn't have any
> effect in the source stanza, and it raises a build-time warning as
> shown above.
> Also that version is extremely old, older than oldoldoldstable, so it
> is no longer necessary to list it, it can be taken for granted.
>
> I'll drop it before uploading, and you can then fix the branch on
> Salsa to remove it and force push it?

Done that just now, thanks.

Kind regards,
Luca Boccassi

Bug#1036445: elinks: doesn't recognize recommended XHTML 1.0/1.1 MIME type on files

[أحمد المحمودي]

tag 1036445 -patch
severity 1036445 important
quit

According to DDs on #debian-mentors:

2023-05-22 02:05:31 pabsAnAnt: definitely not grave, important at the 
highest

-- 
‎أحمد المحمودي (Ahmed El-Mahmoudy)
 Digital design engineer
GPG KeyIDs: 4096R/A7EF5671 2048R/EDDDA1B7
GPG Fingerprints:
 6E2E E4BB 72E2 F417 D066  6ABF 7B30 B496 A7EF 5761
 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: PGP signature

Bug#1036580: llvm-defaults: plese add some Breaks for smoother upgrades from bullseye

[Andreas Beckmann]

Source: llvm-defaults
Version: 0.55.6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

while analyzing piuparts bullseye->bookworm upgrade logs I found several
of your packages not being upgraded but held at the bullseye version.
This is usually caused by apt having a hard time removing an obsolete
package in order to install its (differently named) successor, if there
is only a transitive conflict between them.
These upgrade paths can be improved by adding some Breaks to higher
scoring packages.

Please consider applying the attached patch.


cheers,

Andreas
>From b0a2806356898c00f6987e3f2439cc85653ab1cf Mon Sep 17 00:00:00 2001
From: Andreas Beckmann 
Date: Mon, 15 May 2023 18:22:46 +0200
Subject: [PATCH] add Breaks against not co-installable packages for smoother
 upgrades from bullseye

---
 debian/changelog | 7 +++
 debian/control   | 8 +++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index ac0c76b..9812d22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+llvm-defaults (0.55.7) UNRELEASED; urgency=medium
+
+  * Add Breaks against not co-installable packages for smoother upgrades from
+bullseye.  (Closes: #)
+
+ -- Andreas Beckmann   Mon, 15 May 2023 17:18:27 +0200
+
 llvm-defaults (0.55.6) unstable; urgency=medium
 
   * Add s390x in the lld supported archs
diff --git a/debian/control b/debian/control
index 051a071..44e1959 100644
--- a/debian/control
+++ b/debian/control
@@ -254,6 +254,7 @@ Architecture: any
 Section: libdevel
 Depends: ${shlibs:Depends}, ${misc:Depends},
  liblldb-${pv:llvm}-dev ${reqv:llvm}
+Breaks: lldb-11, python3-lldb-11
 Multi-Arch: same
 Description: Next generation, high-performance debugger, header files
  LLDB is a next generation, high-performance debugger. It is built as a set of
@@ -266,6 +267,7 @@ Package: lldb
 Architecture: any
 Depends: lldb-${pv:llvm} ${reqv:llvm}, ${misc:Depends}
 Pre-Depends: ${misc:Pre-Depends}
+Breaks: lldb-11, python3-lldb-11
 Multi-Arch: same
 Description: Next generation, high-performance debugger
  LLDB is a next generation, high-performance debugger. It is built as a set of
@@ -308,7 +310,7 @@ Section: python
 Architecture: any
 Depends: python3-lldb-${pv:llvm} ${reqv:llvm}, ${misc:Depends}
 Replaces: python-lldb (<< 0.49~exp2)
-Breaks: python-lldb (<< 0.49~exp2)
+Breaks: python-lldb (<< 0.49~exp2), python3-lldb-11
 Description: Next generation, high-performance debugger, python lib
  LLDB is a next generation, high-performance debugger. It is built as a set of
  reusable components which highly leverage existing libraries in the larger 
LLVM
@@ -348,6 +350,7 @@ Architecture: any
 Multi-Arch: same
 Pre-Depends: ${misc:Pre-Depends}
 Depends: libc++1-${pv:llvm} ${reqv:llvm}, ${shlibs:Depends}, ${misc:Depends}
+Breaks: libc++1-11, libc++abi1-11
 Description: LLVM C++ Standard library
  libc++ is another implementation of the C++ standard library.
  .
@@ -368,6 +371,7 @@ Section: libdevel
 Architecture: any
 Multi-Arch: same
 Depends: libc++-${pv:llvm}-dev ${reqv:llvm}, ${misc:Depends}
+Breaks: libc++1-11, libc++abi1-11
 Description: LLVM C++ Standard library (development files)
  libc++ is another implementation of the C++ standard library
  .
@@ -390,6 +394,7 @@ Architecture: any
 Multi-Arch: same
 Pre-Depends: ${misc:Pre-Depends}
 Depends: libc++abi1-${pv:llvm} ${reqv:llvm}, ${shlibs:Depends}, ${misc:Depends}
+Breaks: libc++abi1-11
 Description: LLVM low level support for a standard C++ library
  libc++abi is another implementation of low level support for a standard C++
  library.
@@ -407,6 +412,7 @@ Section: libdevel
 Architecture: any
 Multi-Arch: same
 Depends: libc++abi-${pv:llvm}-dev ${reqv:llvm}, ${misc:Depends}
+Breaks: libc++abi1-11
 Description: LLVM low level support for a standard C++ library (development 
files)
  libc++abi is another implementation of low level support for a standard C++
  library.
-- 
2.20.1

Bug#1036461: Please update to at least v7.0.1

[Nicholas D Steeves]

Roman Lebedev  writes:

> Package: easyeffects
> Version: 7.0.0-1
> Severity: normal
>
> Dear maintainer, out of all the improvements in newer versions, there is one
> change that brings high UX improvements for doing live audio post-processing:
> "exposing support for the "the Min and Max sidechain modes"
> https://github.com/wwmm/easyeffects/commit/3cf99f74747b5a318e6818423b89f867ceaac988
> https://github.com/wwmm/easyeffects/issues/2042
> which adds UI for lsp-plugin's 
> https://github.com/sadko4u/lsp-plugins/issues/274
> which was implemented in lsp-plugins v1.2.4 (and debian has v1.2.5)
>
> It would be really great to update!
>

Easyeffects v7.0.1 is v7.0.0 plus 339 commits, and it looks like these
are mostly translation-related, plus a mix of feature, refactoring, and
bug fix commits.  The translations and bug fixes are ok, but at this
stage of the upcoming bookworm (Debian 12) release, v7.0.1 cannot be
imported in its entirety:
https://release.debian.org/testing/freeze_policy.html

It was arguably too late at the beginning of the soft freeze
(2023-02-12).  That said, "Only small, targeted fixes" is up to
maintainer discretion, so it may have been possible before 2023-03-12.
Now that we're in the "hard freeze", and because easyeffects doesn't
have autpkgtests, someone on the Release Team would need to unblock an
upload of v7.0.1; The Release Team is almost certainly not going to sign
off on such a large delta, so the best case scenario appears to be to
request a bookworm-backport of easyeffects after the bookworm release.
That will become possible about a week after this bug is closed (were I
to guess, probably July or August).

Boyuan Yang: Would you please acknowledge if this package belongs to the
Multimedia Team?  It's still in Debian/collab-maint namespace, and if
it's team-maintained then it should be moved here:

  https://salsa.debian.org/multimedia-team

Thanks,
Nicholas


signature.asc
Description: PGP signature

Bug#166028: NZX Activation Instructions

[noreply]

Thank you for registering with NZX and creating your NZX account.

Before you can login, please activate your account. Activating your account 
confirms your email address and lets you set your own password.

Please use the following link to begin the activation process:

https://auth.nzx.com/activations/e6c0b00f6c0811e573f8c9911067e5a77d0c68ba

---

This is an automated email, please do not reply directly to this. We can be 
contacted from the Contact Us section on our website.

Bug#1036147: iptables-persistent: ship drop-ins in /lib/ and use aliases instead of alternatives

[Luca Boccassi]

On Tue, 23 May 2023 at 01:25, gustavo panizzo  wrote:
>
> On Tue, May 23, 2023 at 12:44:22AM +0100, Luca Boccassi wrote:
> >On Tue, 23 May 2023 at 00:41, gustavo panizzo  wrote:
> >>
> >>
> >>
> >> > Sure, no problem - but I don't see any changes in Salsa though?
> >> >
> >> > https://salsa.debian.org/debian/iptables-persistent/activity
> >> >
> >> > Kind regards,
> >> > Luca Boccassi
> >>
> >> just pushed
> >
> >Was adding the Pre-Depends in the Source stanza intentional?
> >
> >dpkg-source: warning: unknown information field 'Pre-Depends' in input
> >data in general section of control info file
> >
> >https://salsa.debian.org/debian/iptables-persistent/-/commit/06509faf5e0629a07ba4f1462683d5d4bfe6234f
>
>
> yes, it was required to use maintscript files
>
> https://man.cx/dpkg-maintscript-helper#heading8

Right but it would need to go in a package stanza, it doesn't have any
effect in the source stanza, and it raises a build-time warning as
shown above.
Also that version is extremely old, older than oldoldoldstable, so it
is no longer necessary to list it, it can be taken for granted.

I'll drop it before uploading, and you can then fix the branch on
Salsa to remove it and force push it?

Kind regards,
Luca Boccassi

Bug#1036147: iptables-persistent: ship drop-ins in /lib/ and use aliases instead of alternatives

[gustavo panizzo]

On Tue, May 23, 2023 at 12:44:22AM +0100, Luca Boccassi wrote:

On Tue, 23 May 2023 at 00:41, gustavo panizzo  wrote:




> Sure, no problem - but I don't see any changes in Salsa though?
>
> https://salsa.debian.org/debian/iptables-persistent/activity
>
> Kind regards,
> Luca Boccassi

just pushed


Was adding the Pre-Depends in the Source stanza intentional?

dpkg-source: warning: unknown information field 'Pre-Depends' in input
data in general section of control info file

https://salsa.debian.org/debian/iptables-persistent/-/commit/06509faf5e0629a07ba4f1462683d5d4bfe6234f



yes, it was required to use maintscript files

https://man.cx/dpkg-maintscript-helper#heading8


--
IRC: gfa
GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5
OLD GPG: 0x44BB1BA79F6C6333

Bug#1036568: Additional Observation

[Alex Meyer]

If, in /lib/systemd/system-shutdown there were just one file with the following 
contents:

#!/bin/sh
# We need to ensure all md arrays with external metadata
# (e.g. IMSM, DDF) are clean before completing the shutdown.
/sbin/mdadm --wait-clean --scan

# If this is a shutdown due to low battery, turn off the UPS
/sbin/upsmon -K >/dev/null 2>&1 && /sbin/upsdrvctl shutdown

Then the race condition would be gone.  There would be no parallelism to worry 
about.

But, this mostly flies in the face of the modern approach of per-package 
drop-in files, and may require package installers to do file editing.  Not a 
happy prospect.  Uncharacteristically, systemd doesn't provide any other means 
of managing dependencies or order for scripts in this directory.

To me, a far more elegant solution would be for systemd-shutdown to provide the 
needed determinism, by running scripts serially.  The drop-in files could then 
be:

50-mdadm.shutdown
99-nutshutdown

Bug#1036579: node-is-docker: broken symlink: /usr/bin/is-docker -> ../lib/nodejs/is-docker/cli.js

[Andreas Beckmann]

Package: node-is-docker
Version: 3.0.0-4
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

0m15.6s ERROR: FAIL: Broken symlinks:
  /usr/bin/is-docker -> ../lib/nodejs/is-docker/cli.js (node-is-docker)

The target should probably be /usr/share/nodejs/is-docker/cli.js
   ^

cheers,

Andreas

Bug#1036578: python3-yade: does not ship a python module

[Andreas Beckmann]

Package: python3-yade
Version: 2023.02a-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

2m20.2s ERROR: FAIL: Broken symlinks:
  /usr/lib/python3/dist-packages/yade -> ../../x86_64-linux-gnu/yade/py/yade 
(python3-yade)


That broken link is the only thing shipped by the package (besides
mandatory files in /usr/share/doc/$PACKAGE).


cheers,

Andreas

Bug#1036577: liblld-dev: broken symlink: /usr/include/lld -> ../lib/llvm-14/include/lldb

[Andreas Beckmann]

Package: liblld-dev
Version: 1:14.0-55.6
Severity: normal
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

0m18.5s ERROR: FAIL: Broken symlinks:
  /usr/include/lld -> ../lib/llvm-14/include/lldb (liblld-dev:amd64)

Looks like an extra trailing 'b' in the target.


cheers,

Andreas

Bug#1036147: iptables-persistent: ship drop-ins in /lib/ and use aliases instead of alternatives

[Luca Boccassi]

On Tue, 23 May 2023 at 00:41, gustavo panizzo  wrote:
>
>
>
> > Sure, no problem - but I don't see any changes in Salsa though?
> >
> > https://salsa.debian.org/debian/iptables-persistent/activity
> >
> > Kind regards,
> > Luca Boccassi
>
> just pushed

Was adding the Pre-Depends in the Source stanza intentional?

dpkg-source: warning: unknown information field 'Pre-Depends' in input
data in general section of control info file

https://salsa.debian.org/debian/iptables-persistent/-/commit/06509faf5e0629a07ba4f1462683d5d4bfe6234f

Bug#1036576: libscotch{,par}metis-dev: broken symlinks: /usr/lib//*metis-*/lib*metis.* -> ../scotch-*/lib*metis.*

[Andreas Beckmann]

Package: libscotchmetis-dev,libscotchparmetis-dev
Version: 7.0.3-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
broken symlinks:

0m34.0s ERROR: FAIL: Broken symlinks:
  /usr/lib/x86_64-linux-gnu/metis-int32/libmetis.a -> 
../scotch-int32/libscotchmetis.a (libscotchmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/metis-int32/libmetis.so -> 
../scotch-int32/libscotchmetis.so (libscotchmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/metis-int64/libmetis.a -> 
../scotch-int64/libscotchmetis.a (libscotchmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/metis-int64/libmetis.so -> 
../scotch-int64/libscotchmetis.so (libscotchmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/metis-long/libmetis.a -> 
../scotch-long/libscotchmetis.a (libscotchmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/metis-long/libmetis.so -> 
../scotch-long/libscotchmetis.so (libscotchmetis-dev:amd64)

0m33.4s ERROR: FAIL: Broken symlinks:
  /usr/lib/x86_64-linux-gnu/parmetis-int32/libparmetis.a -> 
../scotch-int32/libptscotchparmetis.a (libscotchparmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/parmetis-int32/libparmetis.so -> 
../scotch-int32/libptscotchparmetis.so (libscotchparmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/parmetis-int64/libparmetis.a -> 
../scotch-int64/libptscotchparmetis.a (libscotchparmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/parmetis-int64/libparmetis.so -> 
../scotch-int64/libptscotchparmetis.so (libscotchparmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/parmetis-long/libparmetis.a -> 
../scotch-long/libptscotchparmetis.a (libscotchparmetis-dev:amd64)
  /usr/lib/x86_64-linux-gnu/parmetis-long/libparmetis.so -> 
../scotch-long/libptscotchparmetis.so (libscotchparmetis-dev:amd64)

libscotch-dev/libptscotch-dev no longer ship static libraries (*.a)
and instead of libscotchmetis.so there are now libscotchmetisv[35].so
and instead of libptscotchparmetis.so there is now
libptscotchparmetisv3.so.


cheers,

Andreas

Bug#1036147: iptables-persistent: ship drop-ins in /lib/ and use aliases instead of alternatives

[gustavo panizzo]

> Sure, no problem - but I don't see any changes in Salsa though?
>
> https://salsa.debian.org/debian/iptables-persistent/activity
>
> Kind regards,
> Luca Boccassi

just pushed

Bug#1036147: iptables-persistent: ship drop-ins in /lib/ and use aliases instead of alternatives

[Luca Boccassi]

On Tue, 23 May 2023 at 00:26, gustavo panizzo  wrote:
>
> hi
>
>
> On Mon, May 22, 2023, at 10:32 PM, Luca Boccassi wrote:
> > On Tue, 16 May 2023 22:12:48 +0200 "gustavo panizzo" 
> > wrote:
> >> Hello
> >>
> >> On Tue, May 16, 2023, at 2:56 AM, Luca Boccassi wrote:
> >> > Source: iptables-persistent
> >> > Version: 1.0.19
> >> > Severity: important
> >> > Tags: patch
> >> >
> >>
> >>
> >> > Please consider merging and uploading this, as I would like to have
> >> > this fixed for Bookworm. I can take care of the necessary paperwork
> >> > with the release team to request an unblock, to save you time.
> > Thank
> >> > you!
> >> >
> >>
> >> I plan to work on this during this week, thanks for the patch
> >
> > Release team approved this, would you like me to NMU or will you have
> > time to take care of it? Full freeze is just a couple days away.
> >
>
> I've uploaded the package earlier today but dak rejected it because it does 
> not recognize my key (I've changed the expiration date a few days ago and 
> those changes usually take a month to propagate in Debian's infra)
>
> could you please NMU? before doing so please pull from the debian branch in 
> salsa since I made another change on top of your MR to make the package 
> piuparts clean

Sure, no problem - but I don't see any changes in Salsa though?

https://salsa.debian.org/debian/iptables-persistent/activity

Kind regards,
Luca Boccassi

Bug#1036575: groonga-bin: missing Depends: libjs-jquery-flot, libjs-jquery-ui

[Andreas Beckmann]

Package: groonga-bin
Version: 13.0.0+dfsg-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
broken symlinks:

0m16.6s ERROR: FAIL: Broken symlinks:
  /usr/share/groonga/html/admin/assets/images -> 
../../../../javascript/jquery-ui/themes/base/images (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery-ui.js -> 
../../../../javascript/jquery-ui/jquery-ui.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery-ui.min.css -> 
../../../../javascript/jquery-ui/themes/base/jquery-ui.min.css (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.axislabels.js -> 
../../../../javascript/jquery-flot/jquery.flot.axislabels.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.browser.js -> 
../../../../javascript/jquery-flot/jquery.flot.browser.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.composeImages.js -> 
../../../../javascript/jquery-flot/jquery.flot.composeImages.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.drawSeries.js -> 
../../../../javascript/jquery-flot/jquery.flot.drawSeries.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.errorbars.js -> 
../../../../javascript/jquery-flot/jquery.flot.errorbars.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.fillbetween.js -> 
../../../../javascript/jquery-flot/jquery.flot.fillbetween.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.flatdata.js -> 
../../../../javascript/jquery-flot/jquery.flot.flatdata.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.hover.js -> 
../../../../javascript/jquery-flot/jquery.flot.hover.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.js -> 
../../../../javascript/jquery-flot/jquery.flot.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.legend.js -> 
../../../../javascript/jquery-flot/jquery.flot.legend.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.logaxis.js -> 
../../../../javascript/jquery-flot/jquery.flot.logaxis.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.navigate.js -> 
../../../../javascript/jquery-flot/jquery.flot.navigate.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.saturated.js -> 
../../../../javascript/jquery-flot/jquery.flot.saturated.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.selection.js -> 
../../../../javascript/jquery-flot/jquery.flot.selection.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.stack.js -> 
../../../../javascript/jquery-flot/jquery.flot.stack.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.symbol.js -> 
../../../../javascript/jquery-flot/jquery.flot.symbol.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.time.js -> 
../../../../javascript/jquery-flot/jquery.flot.time.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.touch.js -> 
../../../../javascript/jquery-flot/jquery.flot.touch.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.touchNavigate.js -> 
../../../../javascript/jquery-flot/jquery.flot.touchNavigate.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.flot.uiConstants.js -> 
../../../../javascript/jquery-flot/jquery.flot.uiConstants.js (groonga-bin)
  /usr/share/groonga/html/admin/assets/jquery.js -> 
../../../../javascript/jquery/jquery.js (groonga-bin)

This looks to me like some part of the code (not
documentation) is missing.


cheers,

Andreas

Bug#932957: Please migrate Release Notes to reStructuredText

[James Addison]

Followup-For: Bug #932957
X-Debbugs-Cc: hwans...@mailbox.org

On Mon, 22 May 2023 23:40:46 +0100, James wrote:
> On Sun, 21 May 2023 10:16:36 +0200, Holger wrote:
> > There is also a problem using entities (or now called substitutions) in 
> > quoted lines like
>
> > deb https://deb.debian.org/debian RELEASENAME main contrib
>
> Ok, yep - I understand the problem there now, and have experimented with it a
> bit locally.  Roughly speaking: substitutions aren't possible within literal
> quote blocks (there is a '::' a couple of lines before the mentioned line, and
> adding the pipe '|' symbols around the substitution label doesn't make a
> difference within literal blocks)

It looks like the fix for that is to convert those literal ('::') blocks into
parsed-literal[1] ('.. parsed-literal::') blocks.

[1] - 
https://docutils.sourceforge.io/docs/ref/rst/directives.html#parsed-literal

Bug#1036147: iptables-persistent: ship drop-ins in /lib/ and use aliases instead of alternatives

[gustavo panizzo]

hi


On Mon, May 22, 2023, at 10:32 PM, Luca Boccassi wrote:
> On Tue, 16 May 2023 22:12:48 +0200 "gustavo panizzo" 
> wrote:
>> Hello
>> 
>> On Tue, May 16, 2023, at 2:56 AM, Luca Boccassi wrote:
>> > Source: iptables-persistent
>> > Version: 1.0.19
>> > Severity: important
>> > Tags: patch
>> >
>> 
>> 
>> > Please consider merging and uploading this, as I would like to have
>> > this fixed for Bookworm. I can take care of the necessary paperwork
>> > with the release team to request an unblock, to save you time.
> Thank
>> > you!
>> >
>> 
>> I plan to work on this during this week, thanks for the patch 
>
> Release team approved this, would you like me to NMU or will you have
> time to take care of it? Full freeze is just a couple days away.
>

I've uploaded the package earlier today but dak rejected it because it does not 
recognize my key (I've changed the expiration date a few days ago and those 
changes usually take a month to propagate in Debian's infra)

could you please NMU? before doing so please pull from the debian branch in 
salsa since I made another change on top of your MR to make the package 
piuparts clean

thanks
> -- 
> Kind regards,
> Luca Boccassi
>
> Attachments:
> * signature.asc

Bug#1036574: Unable to change submitter to addresses with non-7 bit characters

[Don Armstrong]

Package: debbugs
Severity: normal
Version: 2.6.0


On Sat, 20 May 2023, José Luis González wrote:
> I'm trying to change the email address of my old reports to my current
> one but control is rejecting. It incorrectly claims my address is not
> valid.
> 
> I suspect the problem is there's now an issue with ! either when the
> From is not just an address but in the form Name , or Name has
> non-ascii characters. This used to be perfectly fine.

Yeah, the issue is a bug in debbugs; we don't encode the e-mail address
before we check for its validity.

not Mail::RFC822::Address::valid($param{submitter}) should read
not Mail::RFC822::Address::valid(encode_rfc1522($param{submitter}))

Thanks for the report.

-- 
Don Armstrong  https://www.donarmstrong.com

If I had a letter, sealed it in a locked vault and hid the vault
somewhere in New York. Then told you to read the letter, thats not
security, thats obscurity. If I made a letter, sealed it in a vault,
gave you the blueprints of the vault, the combinations of 1000 other
vaults, access to the best lock smiths in the world, then told you to
read the letter, and you still can't, thats security.
 -- Bruce Schneier

Bug#1036573: grass-core: broken symlink: /usr/share/man/man1/x-grass.1.gz -> grass.1.gz

[Andreas Beckmann]

Package: grass-core
Version: 8.2.1-1
Severity: normal
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink:

0m55.9s ERROR: FAIL: Broken symlinks:
  /usr/share/man/man1/x-grass.1.gz -> grass.1.gz (grass-core)


The manpages seem to have moved to grass-doc, so the symlink should
follow. Also the target does no longer exist, but has likely been
renamed to grass.1grass.gz, so the symlink should probably follow.


cheers,

Andreas

Bug#1036228: compiz-mate: having visual glitch on MATE panel and windows

[Samuel Thibault]

Control: tags -1 + upstream

Hello,

Norbert, le mer. 17 mai 2023 20:50:07 +0300, a ecrit:
> I see many visual issues on MATE Panel and with other windows. Small fragments
> of rainbow appears for a part of second, then goes visually normal. Window 
> move
> is visually painful.
> 
> I'm using AMD GPU if this matters

It very probably does matter.

For getting it fixed, it would very probably be better to report it and
discuss about it with upstream:
https://gitlab.com/compiz/compiz-core

Samuel

Bug#932957: Please migrate Release Notes to reStructuredText

[James Addison]

Followup-For: Bug #932957
X-Debbugs-Cc: hwans...@mailbox.org

On Sun, 21 May 2023 10:16:36 +0200, Holger wrote:
> There is also a problem using entities (or now called substitutions) in 
> quoted lines like

>   deb https://deb.debian.org/debian RELEASENAME main contrib

Ok, yep - I understand the problem there now, and have experimented with it a
bit locally.  Roughly speaking: substitutions aren't possible within literal
quote blocks (there is a '::' a couple of lines before the mentioned line, and
adding the pipe '|' symbols around the substitution label doesn't make a
difference within literal blocks)

Not sure what to suggest yet as an alternative, though...

Bug#1035949: mariadb: upgrade issue: mariadb-server-10.5 fails to stop after all other -10.5 packages were removed

[Andreas Beckmann]

On 18/05/2023 05.17, Otto Kekäläinen wrote:

I am not sure what to debug next.


You could try to reintroduce mariadb-client-10.5 as a transitional 
package depending on mariadb-client (>= 1:10.11) (and make existing 
Conflicts/Breaks/Replaces against mariadb-client-10.5 versioned as (<< 
1:10.11))


Andreas

Bug#1036572: vcmi: reproducible-builds: build path triggers buildid differences

[Vagrant Cascadian]

Source: vcmi
Version: 1.1.0+dfsg-1
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Differences in the build path result in a different embedded rpath,
which results in a different buildid...

The attached patch fixes this by passing
-DCMAKE_BUILD_RPATH_USE_ORIGIN=ON to dh_auto_configure, which uses
relative paths for the embedded rpath.

According to my local tests, with this patch applied (and timestamp path
just submitted), vcmi should build reproducibly! (The salsa reprotest
job has both time and build_path variations disabled, apparently)

Thanks for maintaining vcmi!

live well,
  vagrant
From 5a4e77f25bde94ee6e30e743ffaf844a6759aa16 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 8 May 2023 16:50:44 -0700
Subject: [PATCH 2/2] debian/rules: Pass -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON via
 dh_auto_configure.

This avoids embedding the full path in RPATH, which triggers BuildId
differences.

https://tests.reproducible-builds.org/debian/issues/unstable/cmake_rpath_contains_build_path_issue.html
---
 debian/rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/rules b/debian/rules
index 2e502ae..c62df87 100755
--- a/debian/rules
+++ b/debian/rules
@@ -31,6 +31,7 @@ override_dh_auto_configure:
 	dh_auto_configure -- \
 		-DCMAKE_INSTALL_RPATH_USE_LINK_PATH=ON \
 		-DCMAKE_INSTALL_RPATH=/usr/lib/$(DEB_HOST_MULTIARCH)/vcmi \
+		-DCMAKE_BUILD_RPATH_USE_ORIGIN=ON \
 		-DBIN_DIR=games \
 		-DFORCE_BUNDLED_FL=OFF \
 		-DENABLE_GITVERSION=OFF \
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1036571: vcmi: reproducible-builds: build timestamps in binaries

[Vagrant Cascadian]

Source: vcmi
Version: 1.1.0+dfsg-1
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build year is embedded inside various binaries as a copyright
declaration. This not only makes the package unreproducible, it is
inaccurate, as the build process does not generate any copyrightable
content.

The attached patch fixes this from by replacing the year with "present".

According to my local tests, with this patch applied (and build paths
held constant), vcmi should build reproducibly! (The salsa reprotest job
has both time and build_path variations disabled, apparently)

Thanks for maintaining vcmi!

live well,
  vagrant
From 88deb6fa589aeafc374ac1f9bb7875e5cc7b0548 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 8 May 2023 14:07:29 -0700
Subject: [PATCH 1/2] Replace build year with "present" in copyright
 declarations.

Embedding the build year breaks reproducible builds and the
auto-generated copyright years are inaccurate, as it is the year the
package was built, not when the copyrightable content was created.

https://reproducible-builds.org/docs/timestamps/
---
 client/CMT.cpp | 2 +-
 server/CVCMIServer.cpp | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/CMT.cpp b/client/CMT.cpp
index 25c5c8f..9002b1b 100644
--- a/client/CMT.cpp
+++ b/client/CMT.cpp
@@ -141,7 +141,7 @@ static void prog_help(const po::options_description )
 {
 	auto time = std::time(0);
 	printf("%s - A Heroes of Might and Magic 3 clone\n", GameConstants::VCMI_VERSION.c_str());
-	printf("Copyright (C) 2007-%d VCMI dev team - see AUTHORS file\n", std::localtime()->tm_year + 1900);
+	printf("Copyright (C) 2007-present VCMI dev team - see AUTHORS file\n");
 	printf("This is free software; see the source for copying conditions. There is NO\n");
 	printf("warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n");
 	printf("\n");
diff --git a/server/CVCMIServer.cpp b/server/CVCMIServer.cpp
index 63bd636..98b6b37 100644
--- a/server/CVCMIServer.cpp
+++ b/server/CVCMIServer.cpp
@@ -1025,7 +1025,7 @@ static void handleCommandOptions(int argc, char * argv[], boost::program_options
 	{
 		auto time = std::time(0);
 		printf("%s - A Heroes of Might and Magic 3 clone\n", GameConstants::VCMI_VERSION.c_str());
-		printf("Copyright (C) 2007-%d VCMI dev team - see AUTHORS file\n", std::localtime()->tm_year + 1900);
+		printf("Copyright (C) 2007-present VCMI dev team - see AUTHORS file\n");
 		printf("This is free software; see the source for copying conditions. There is NO\n");
 		printf("warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n");
 		printf("\n");
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#994120: dpkg: please provide multiarch tuple to maintainer scripts

[Guillem Jover]

Hi!

On Sun, 2021-09-12 at 10:27:15 +0100, Simon McVittie wrote:
> Package: dpkg
> Version: 1.20.9
> Severity: wishlist

> Packages that have a plugin architecture, like glib2.0 and gdk-pixbuf,
> often want to know the multiarch tuple in their maintainer scripts so
> that they can enumerate plugins in a multiarch-qualified directory or
> run multiarch-qualified helper programs.
> 
> At the moment, dpkg provides DPKG_MAINTSCRIPT_PACKAGE and
> DPKG_MAINTSCRIPT_ARCH in maintainer scripts' enviroment, but packages
> that need to know the multiarch tuple have to generate their maintainer
> scripts from a template: for example, glib2.0 and gdk-pixbuf have a
> .postinst.in template containing #MULTIARCH#, which gets substituted by
> the package build.
> 
> It would be simpler for packages in this situation if dpkg provided
> something like DPKG_MAINTSCRIPT_MULTIARCH in the environment.

Sorry, didn't mention anything at the time because Niels reply seemed
like a better answer to this problem, that was already supported.

In any case, while this might be nice to have, it requires pretty much
reimplementing parts of dpkg-architecture in C to be usable from
libdpkg or dpkg itself, because we'd need to map the .deb arch into
the multiarch triplet, which we should not be hardcoding internally.

This has crossed my mind doing, and I think I started work in that
direction, but it has also not seemed a very urgent thing to do TBH.

Thanks,
Guillem

Bug#1013132: Hello

[chief]

Have been trying to reach you

Bug#1034041: Should firmware-amd-graphics be automatically installed?

[Keith Proctor]

I must have sent 1/2 a dozen requests to unscript to this email address.

debian-boot-requ...@lists.debian.org 


This address was in the email headers.

Why am I not being removed?

> On May 22, 2023, at 12:57 PM, Ferenc Wágner  wrote:
> 
> Cyril Brulebois mailto:k...@debian.org>> writes:
> 
>> Ferenc Wágner mailto:wf...@niif.hu>> (2023-05-22):
>> 
>>> I had a similar experience with a desktop system containing a Radeon
>>> RX470 graphics card.  The text-based installation went all right and
>>> then even the Gnome desktop opened after reboot, but it ran in a
>>> low-resolution mode until I manually installed firmware-amd-graphics
>>> (the non-free-firmware archive component was already enabled).
>>> 
>>> Is this the intended behaviour?
>> 
>> Which installer did you use?
> 
> Its lsb-release says:
> 
> DISTRIB_ID=Debian
> DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
> DISTRIB_RELEASE="12 (bookworm) - installer build 20230401"
> X_INSTALLATION_MEDIUM=netboot
> 
> so it must have been bookworm RC 1.  The date was 22nd of April.  I
> started the kernel+initrd.gz from GRUB.
> -- 
> Feri.

Bug#1036568: Clarification

[Alex Meyer]

It may not have been clear from my initial report, but nut is doing 
precisely the correct thing at exactly the right time by shutting down 
the power after the system is quiet and remaining mounts are read-only. 
Keep in mind that it's only doing this during the process of orderly 
shutdown due to power failure.  Otherwise, /sbin/upsmon -K will return 
an error.


It may be possible to relocate the mdadm logic.  I don't know, but I'm 
pretty sure this is not a nut bug.

Bug#1036569: openvswitch-common: leaves alternatives after purge: /usr/sbin/ovs-vswitchd -> /etc/alternatives/ovs-vswitchd

[Andreas Beckmann]

Package: openvswitch-common
Version: 3.1.0-2
Severity: important
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package left unowned files on
the system after purge, which is a violation of policy 6.8:

https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#details-of-removal-and-or-configuration-purging

The leftover files are actually alternatives that were installed by the
package but have not been properly removed.

While there is ongoing discussion how to remove alternatives correctly
(see https://bugs.debian.org/71621 for details) the following strategy
should work for regular cases:
* 'postinst configure' always installs the alternative
* 'prerm remove' removes the alternative
* 'postrm remove' and 'postrm disappear' remove the alternative
In all other cases a maintainer script is invoked (e.g. upgrade,
deconfigure) the alternatives are not modified to preserve user
configuration.
Removing the alternative in 'prerm remove' avoids having a dangling link
once the actual file gets removed, but 'prerm remove' is not called in
all cases (e.g. unpacked but not configured packages or disappearing
packages) so the postrm must remove the alternative again
(update-alternatives gracefully handles removal of non-existing
alternatives).

Note that the arguments for adding and removing alternatives differ, for
removal it's 'update-alternatives --remove  '.

Filing this as important as having a piuparts clean archive is a release
goal since lenny.

>From the attached log (scroll to the bottom...):

1m7.2s INFO: Warning: Package purging left files on system:
  /etc/alternatives/libofproto.so -> 
/usr/lib/openvswitch-common/libofproto-2.15.so.0.0.0not owned
  /etc/alternatives/libopenvswitch.so -> 
/usr/lib/openvswitch-common/libopenvswitch-2.15.so.0.0.0not owned
  /etc/alternatives/ovs-vswitchd -> /usr/lib/openvswitch-common/ovs-vswitchd
 not owned
  /usr/sbin/ovs-vswitchd -> /etc/alternatives/ovs-vswitchd   not owned

This looks like some obsolete alternatives not getting removed during
upgrades from bullseye to bookworm.


cheers,

Andreas


openvswitch-common_3.1.0-2.log.gz
Description: application/gzip

Bug#1036147: iptables-persistent: ship drop-ins in /lib/ and use aliases instead of alternatives

[Luca Boccassi]

On Tue, 16 May 2023 22:12:48 +0200 "gustavo panizzo" 
wrote:
> Hello
> 
> On Tue, May 16, 2023, at 2:56 AM, Luca Boccassi wrote:
> > Source: iptables-persistent
> > Version: 1.0.19
> > Severity: important
> > Tags: patch
> >
> 
> 
> > Please consider merging and uploading this, as I would like to have
> > this fixed for Bookworm. I can take care of the necessary paperwork
> > with the release team to request an unblock, to save you time.
Thank
> > you!
> >
> 
> I plan to work on this during this week, thanks for the patch 

Release team approved this, would you like me to NMU or will you have
time to take care of it? Full freeze is just a couple days away.

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1036523: should not enable non-free-firmware on virtualized systems

[Marco d'Itri]

On May 22, Cyril Brulebois  wrote:

> For the record: non-free-firmware can be enabled because (1) the kernel logs
> firmware requests, (2) available hardware matches modalias information, (3)
> CPU matches one with microcode.
> 
> (1) and (2) definitely make sense in a virtualized system as well: you can
> have whatever passthrough configuration to access hardware from the host,
> e.g. some USB Wi-Fi adapter (that's how I've tested many changes before
> switching to baremetal for final tests).
Fair enough: if somebody is exposing the hardware devices to the guest 
OS then they can surely deal with the consequences.

> > microcode packages should not be installed on virtualized systems because
> > guests never have the privileges required to update the CPU microcode.
> > Otherwise guests could influence the whole system and possibly undermine 
> > its security.
> Is that true for absolutely all virtualization systems detected by the file
> linked to above? Your latest message on IRC suggests we might have to pick
> and choose?
Did it? I am not aware of any scenario in which it would make sense for 
an hypervisor to allow guests to change the CPU microcode.

I am not familiar with HyperV, but from what I remember from the my Xen 
times the dom0 is for most practical purposes the host, not a guest, so 
I am not sure that it is useful al all to report it do d-i as 
a virtualized environment.

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Bug#1018206: luatex loses or changes text when discretionaries with priorities are used

[Preuße]

On 22.05.2023 21:48, Peter Mueller wrote:

Hi,

I've just tested on my system, and the bug is still present in the 
Debian package with luatex 1.15.0 and indeed fixed in TeXLive 2023 
upstream with luatex 1.17.0.


I assume the issue not severe enough to prepare a fix for bookworm. Fix 
will be in trixie. We are about 14 days before release.


H.
--
--
sigfault



OpenPGP_0x0C871C4C653C1F59.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1019236: Why does mere inclusion of pstricks change A4 to letter?

[Preuße]

On 06.09.2022 03:47, Peter Mueller wrote:

Hi,


Simply using a drawing package and not specifying anything about the
 paper (such as the class options a4paper or letterpaper) should not
 incur a deviation from the system-default paper format.


Can you confirm that the package in unstable still has the issue?

H.
--
sigfault



OpenPGP_0x0C871C4C653C1F59.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1031816: Bug#1034824: tomcat9 should not be released with Bookworm

[Adrian Bunk]

On Tue, May 16, 2023 at 05:28:11PM +0300, Timo Aaltonen wrote:
> Timo Aaltonen kirjoitti 16.5.2023 klo 10.12:
> > Markus Koschany kirjoitti 13.5.2023 klo 23.38:
> > > Hi Salvatore,
> > > 
> > > adding Timo Aaltonen, maintainer of dogtag-pki and tomcatjss, to CC
> > > 
> > > Am Samstag, dem 13.05.2023 um 20:50 +0200 schrieb Salvatore Bonaccorso:
> > > > Hi Markus,
> > > > 
> > > > On Sat, May 13, 2023 at 06:27:49PM +0200, Markus Koschany wrote:
> > > > > I have just pushed the necessary changes to our Git repository.
> > > > > 
> > > > > https://salsa.debian.org/java-team/tomcat9/-/commit/adbd0b0711de66b67278b10e258c47c805e9b993
> > > > 
> > > > Do we need to have done more here? When Paul asked on #debian-release
> > > > I noted that pki-server depends on tomcat9-user, so reducing
> > > > libtomcat9-java only would now cause a broken dpeends for pki-server:
> > > > 
> > > > $ dak rm --suite=bookworm -n -R -b tomcat9-user
> > > > Will remove the following packages from bookworm:
> > > > 
> > > > tomcat9-user |   9.0.70-1 | all
> > > 
> > > We could simply replace tomcat9-user with tomcat10-user because it
> > > only ships a
> > > script to create a standalone tomcat instance. We have to do
> > > s/tomcat9/tomcat10/ in some debian service files as well.
> > > 
> > > The question is: If we ship libtomcat9-java in Bookworm and change the
> > > dependency from tomcat9-user to tomcat10-user, will a web
> > > application like
> > > dogtag-pki, which is designed for Tomcat 9, continue to work with
> > > Tomcat 10? I
> > > don't know yet and maybe Timo can chime in here.
> > 
> > I don't know, dogtag uses the skel files from tomcat9-user, but I diffed
> > them between tomcat9 and 10 and couldn't see why it would regress.
> 
> Had a closer look at dogtag, and it's launching the tomcat instance from
> CATALINA_HOME, so it's a one-way ticket to migrate an installed instance to
> use tomcat10 in the configuration, so I don't think moving to tomcat10-user
> would fly..

Does that mean the two bugs (in tomcat9 and tomcatjss) should be tagged 
"trixie sid" to no longer affect and bookworm will ship with two versions
of tomcat, or what else is now supposed to happen?

cu
Adrian

Bug#1033432: pyramid-jinja2: diff for NMU version 2.7+dfsg-1.3

[Adrian Bunk]

Dear maintainer,

I've prepared an NMU for pyramid-jinja2 (versioned as 2.7+dfsg-1.3) and 
uploaded it to DELAYED/1. Please feel free to tell me if I should cancel it.

cu
Adrian
diff -Nru pyramid-jinja2-2.7+dfsg/debian/changelog pyramid-jinja2-2.7+dfsg/debian/changelog
--- pyramid-jinja2-2.7+dfsg/debian/changelog	2021-02-06 10:10:55.0 +0200
+++ pyramid-jinja2-2.7+dfsg/debian/changelog	2023-05-22 22:50:17.0 +0300
@@ -1,3 +1,10 @@
+pyramid-jinja2 (2.7+dfsg-1.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add upstream fix for latest jinja2. (Closes: #1033432)
+
+ -- Adrian Bunk   Mon, 22 May 2023 22:50:17 +0300
+
 pyramid-jinja2 (2.7+dfsg-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru pyramid-jinja2-2.7+dfsg/debian/patches/0001-jinja2.contextfilter-has-been-renamed-to-pass_contex.patch pyramid-jinja2-2.7+dfsg/debian/patches/0001-jinja2.contextfilter-has-been-renamed-to-pass_contex.patch
--- pyramid-jinja2-2.7+dfsg/debian/patches/0001-jinja2.contextfilter-has-been-renamed-to-pass_contex.patch	1970-01-01 02:00:00.0 +0200
+++ pyramid-jinja2-2.7+dfsg/debian/patches/0001-jinja2.contextfilter-has-been-renamed-to-pass_contex.patch	2023-05-22 22:49:41.0 +0300
@@ -0,0 +1,88 @@
+From 8093938422ac0f8af6fc8fe028f9613e2e41117c Mon Sep 17 00:00:00 2001
+From: Olivier Le Moign 
+Date: Wed, 12 May 2021 15:23:20 +0200
+Subject: jinja2.contextfilter has been renamed to pass_context
+
+---
+ pyramid_jinja2/filters.py | 16 
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/pyramid_jinja2/filters.py b/pyramid_jinja2/filters.py
+index ebae93d..69dbbf1 100644
+--- a/pyramid_jinja2/filters.py
 b/pyramid_jinja2/filters.py
+@@ -1,7 +1,7 @@
+ from pyramid.url import resource_url, route_url, static_url
+ from pyramid.url import route_path, static_path
+ from pyramid.threadlocal import get_current_request
+-from jinja2 import contextfilter
++from jinja2 import pass_context
+ 
+ 
+ __all__ = [
+@@ -14,7 +14,7 @@ __all__ = [
+ ]
+ 
+ 
+-@contextfilter
++@pass_context
+ def resource_url_filter(ctx, model, *elements, **kw):
+ """A filter from ``model`` to a string representing the absolute URL.
+ This filter calls :py:func:`pyramid.url.resource_url`.
+@@ -36,7 +36,7 @@ def resource_url_filter(ctx, model, *elements, **kw):
+ return resource_url(model, request, *elements, **kw)
+ 
+ 
+-@contextfilter
++@pass_context
+ def model_url_filter(ctx, model, *elements, **kw):
+ """A filter from ``model`` to a string representing the absolute URL.
+ This filter calls :py:func:`pyramid.url.resource_url`.
+@@ -51,7 +51,7 @@ def model_url_filter(ctx, model, *elements, **kw):
+ return resource_url(model, request, *elements, **kw)
+ 
+ 
+-@contextfilter
++@pass_context
+ def model_path_filter(ctx, model, *elements, **kw):
+ """A filter from ``model`` to a string representing the relative URL.
+ This filter calls :py:meth:`pyramid.request.Request.resource_path`.
+@@ -60,7 +60,7 @@ def model_path_filter(ctx, model, *elements, **kw):
+ return request.resource_path(model, *elements, **kw)
+ 
+ 
+-@contextfilter
++@pass_context
+ def route_url_filter(ctx, route_name, *elements, **kw):
+ """A filter from ``route_name`` to a string representing the absolute URL.
+ This filter calls :py:func:`pyramid.url.route_url`.
+@@ -76,7 +76,7 @@ def route_url_filter(ctx, route_name, *elements, **kw):
+ return route_url(route_name, request, *elements, **kw)
+ 
+ 
+-@contextfilter
++@pass_context
+ def route_path_filter(ctx, route_name, *elements, **kw):
+ """A filter from ``route_name`` to a string representing the relative URL.
+ This filter calls :py:func:`pyramid.url.route_path`.
+@@ -85,7 +85,7 @@ def route_path_filter(ctx, route_name, *elements, **kw):
+ return route_path(route_name, request, *elements, **kw)
+ 
+ 
+-@contextfilter
++@pass_context
+ def static_url_filter(ctx, path, **kw):
+ """A filter from ``path`` to a string representing the absolute URL.
+ This filter calls :py:func:`pyramid.url.static_url`.
+@@ -99,7 +99,7 @@ def static_url_filter(ctx, path, **kw):
+ return static_url(path, request, **kw)
+ 
+ 
+-@contextfilter
++@pass_context
+ def static_path_filter(ctx, path, **kw):
+ """A filter from ``path`` to a string representing the relative URL.
+ This filter calls :py:func:`pyramid.url.static_path`.
+-- 
+2.30.2
+
diff -Nru pyramid-jinja2-2.7+dfsg/debian/patches/series pyramid-jinja2-2.7+dfsg/debian/patches/series
--- pyramid-jinja2-2.7+dfsg/debian/patches/series	1970-01-01 02:00:00.0 +0200
+++ pyramid-jinja2-2.7+dfsg/debian/patches/series	2023-05-22 22:50:10.0 +0300
@@ -0,0 +1 @@
+0001-jinja2.contextfilter-has-been-renamed-to-pass_contex.patch

Bug#1036568: Design Defect in systemd-poweroff.service (Race Condition)

[Luca Boccassi]

Control: retitle -1 conflict between mdadm.shutdown and nutshutdown
Control: reassign -1 nut-server 2.8.0-7

On Mon, 22 May 2023 12:24:15 -0700 Alex Meyer 
wrote:
> Package: systemd
> Version: 247.3-7+deb11u2
> 
> I'm running Debian bullseye with systemd.  I also have installed
mdadm 
> and nut-server.
> 
> Looking in /lib/systemd/system-shutdown, I see two drop-in files with
> contents as follows:
> 
> mdadm.shutdown:
> 
> #!/bin/sh
> # We need to ensure all md arrays with external metadata
> # (e.g. IMSM, DDF) are clean before completing the shutdown.
> /sbin/mdadm --wait-clean --scan
> 
> nutshutdown:
> 
> #!/bin/sh
> /sbin/upsmon -K >/dev/null 2>&1 && /sbin/upsdrvctl shutdown
> 
> The man page for systemd-poweroff.service explains that:
> 
> All executables in this directory are executed in parallel
> 
> This is the problem.
> 
> mdadm.shutdown is trying to delay the shutdown action until data 
> integrity can be guaranteed (for arrays with external metadata). 
> Meanwhile, nutshutdown will immediately turn off the power.  These
are 
> obviously incompatible.
> 
> If execution were changed from parallel to sequential with a 
> deterministic ordering, this race condition could be avoided.
> 
> There may also be other ways to address the problem, such as
relocating 
> the mdadm stuff to some other spot in the systemd world.  This is 
> speculation on my part, as I'm no expert on systemd.
> 
> I should note that I do not personally have any md arrays with
external 
> metadata.  I do, however, have a UPS powering my Debian box and I can
> verify that orderly shutdown causes it to de-energize immediately at 
> this point.  I think it's self-evident that waiting for anything is 
> doomed to fail when run in parallel with powering off the host.
> 
> So, to be clear, this is a design defect I noticed, not a problem I'm
> experiencing.  Still, it looks like a doozy, and I feel compelled to 
> report it.
> 
> I see this as a structural problem.  It's clearly documented as the 
> intended behavior.  It doesn't depend on specific contents of my
mdadm 
> or nut configuration files, nor on my specific kernel.  Nevertheless:

This is nothing to do with src:systemd, both of these are shipped by
the respective packages, if they do not interact well then they need to
be fixed there.

Reassigning to nutserver as cutting power during shutdown seems the
slightly worst of the two, but will let the two maintainers figure out
if that's the right destination.

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1034041: Should firmware-amd-graphics be automatically installed?

[Ferenc Wágner]

Cyril Brulebois  writes:

> Ferenc Wágner  (2023-05-22):
>
>> I had a similar experience with a desktop system containing a Radeon
>> RX470 graphics card.  The text-based installation went all right and
>> then even the Gnome desktop opened after reboot, but it ran in a
>> low-resolution mode until I manually installed firmware-amd-graphics
>> (the non-free-firmware archive component was already enabled).
>> 
>> Is this the intended behaviour?
>
> Which installer did you use?

Its lsb-release says:

DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="12 (bookworm) - installer build 20230401"
X_INSTALLATION_MEDIUM=netboot

so it must have been bookworm RC 1.  The date was 22nd of April.  I
started the kernel+initrd.gz from GRUB.
-- 
Feri.

Bug#1018206: luatex loses or changes text when discretionaries with priorities are used

[Peter Mueller]

found 1018206 texlive-binaries/2022.20220321.62855-1
thanks
I've just tested on my system, and the bug is still present in the Debian 
package with luatex 1.15.0 and indeed fixed in TeXLive 2023 upstream with 
luatex 1.17.0.

Bug#1036568: Design Defect in systemd-poweroff.service (Race Condition)

[Alex Meyer]

Package: systemd
Version: 247.3-7+deb11u2

I'm running Debian bullseye with systemd.  I also have installed mdadm 
and nut-server.


Looking in /lib/systemd/system-shutdown, I see two drop-in files with 
contents as follows:


mdadm.shutdown:

#!/bin/sh
# We need to ensure all md arrays with external metadata
# (e.g. IMSM, DDF) are clean before completing the shutdown.
/sbin/mdadm --wait-clean --scan

nutshutdown:

#!/bin/sh
/sbin/upsmon -K >/dev/null 2>&1 && /sbin/upsdrvctl shutdown

The man page for systemd-poweroff.service explains that:

All executables in this directory are executed in parallel

This is the problem.

mdadm.shutdown is trying to delay the shutdown action until data 
integrity can be guaranteed (for arrays with external metadata). 
Meanwhile, nutshutdown will immediately turn off the power.  These are 
obviously incompatible.


If execution were changed from parallel to sequential with a 
deterministic ordering, this race condition could be avoided.


There may also be other ways to address the problem, such as relocating 
the mdadm stuff to some other spot in the systemd world.  This is 
speculation on my part, as I'm no expert on systemd.


I should note that I do not personally have any md arrays with external 
metadata.  I do, however, have a UPS powering my Debian box and I can 
verify that orderly shutdown causes it to de-energize immediately at 
this point.  I think it's self-evident that waiting for anything is 
doomed to fail when run in parallel with powering off the host.


So, to be clear, this is a design defect I noticed, not a problem I'm 
experiencing.  Still, it looks like a doozy, and I feel compelled to 
report it.


I see this as a structural problem.  It's clearly documented as the 
intended behavior.  It doesn't depend on specific contents of my mdadm 
or nut configuration files, nor on my specific kernel.  Nevertheless:


# cat /etc/debian_version
11.7
# uname -a
Linux vault 5.10.178-alex #8 SMP Fri May 19 15:44:12 PDT 2023 x86_64 
GNU/Linux

Bug#1034399: python3-pyocd: not compatible with Python version in Debian

[Adrian Bunk]

On Fri, Apr 14, 2023 at 01:13:52PM +0200, Adrian Friedli wrote:
>...
> While this specific error should be easy to fix (Callable needs to be
> imported from collections.abc instead of collections), I wonder if it
> makes sense to release Debian 12 with such an old version of pyOCD.

It would not be just one package, there is a build dependency chain
  firmware-microbit-micropython -> yotta -> valinor -> pyocd

> Regards,
> Adi

cu
Adrian

Bug#1036567: ITP: raspirus -- A resource-friendly MD5-signatures-based virusscanner with cross-platform support, user-friendly GUI and CLI options

[Benjamin Demetz]

Package: wnpp
Severity: wishlist
Owner: Benjamin Demetz 
X-Debbugs-Cc: debian-de...@lists.debian.org, raspirus@gmail.com

* Package name: raspirus
  Version : 0.1.8
  Upstream Author : Benjamin Demetz 
* URL : https://github.com/Raspirus/Raspirus
* License : GPLv3
  Programming Lang: Rust, JavaScript
  Description : A resource-friendly MD5-signatures-based virusscanner with 
cross-platform support, user-friendly GUI and CLI options

Raspirus has mainly been created to scan folders or removable storage units 
like the USB thumb drive.
The idea behind the app is to have it installed on a Raspberry Pi with a 
touchscreen, where users connect their
storage units with unknown or unsafe contents and the app then quickly scans it 
and gives a feedback.

The app has been designed with a web-frontend using the Next.js framework and 
the JavaScript language. The frontend
then comunicates with the backend written in Rust using a Rust framework called 
Tauri. This framework provides an API-like
communication. This helps separate the frontend from the backend, while also 
ensuring that the app can be compiled to a
standalone software.

I personally use this program to scan USB thumb drives in a setup like I 
described above, but with it's cross-platform
nature, it can also be installed on your desktop and used to scan local folders 
or files. The app also comes with a CLI-only option,
a Makefile and Docker support.
A similar program to Raspirus could be ClamAV. The reason why I couldn't use it 
on my Raspberry Pi 3 is because it requires
too much RAM to function properly. ClamAV requires a couple GB of RAM, while 
Raspirus can work with as low as 100MB.

This is my first time submitting to the Debian packaging system. I hope I can 
get some valuable feedback on how to improve
further, maybe a sponsor could help me. I am currently the only maintainer of 
the project, and I think it's fine for now
as the project is not that big. In the future I hope I can have some more 
contributors to help me out with new issues and
possible bug reports.

Bug#1032852: Error message clue:

[Charles Curley]

On Wed, 29 Mar 2023 08:41:43 +0200 Pascal Hambourg
 wrote:
> Hello,
> 

> 
> Already fixed in hw-detect 1.155:
> * Fix files removal for non-accepted firmware packages (See:
> #1032377).
> 
> 

I can confirm that, when running with no preseed, I now see the license
agreement and can accept it. My preseed file has the following:


# 
https://preseed.debian.net/debian-preseed/bookworm/amd64-non-free-firmware-full.txt
d-i firmware-ipw2x00/license/accepted boolean true

so I would not expect to see the license agreement. If I read the
syslog correctly, the preseeded license agreement accepted was handled
correctly:

May 22 18:16:52 debconf: --> SET firmware-ipw2x00/license/accepted true
May 22 18:16:52 debconf: <-- 10 firmware-ipw2x00/license/accepted doesn't exist
May 22 18:16:52 debconf: --> REGISTER debian-installer/dummy 
firmware-ipw2x00/license/accepted
May 22 18:16:52 debconf: <-- 0
May 22 18:16:52 debconf: --> SET firmware-ipw2x00/license/accepted true
May 22 18:16:52 debconf: <-- 0 value set
May 22 18:16:52 debconf: --> SUBST firmware-ipw2x00/license/accepted ID 
firmware-ipw2x00/license/accepted
May 22 18:16:52 debconf: Adding [ID] -> [firmware-ipw2x00/license/accepted]
May 22 18:16:52 debconf: <-- 0
May 22 18:16:52 debconf: --> FSET firmware-ipw2x00/license/accepted seen true


I did three installations at least as far as the WiFi business and have
the logs from them should anyone wish to see them.

Alas, there are other problems, but this seems to be fixed.

Thank you.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Bug#1036566: missing LTO plugin

[Sébastien Villemot]

Package: gcc-13
Version: 13.1.0-3
Severity: normal

Dear Maintainer,

When installing the gcc dependency package version 4:13.1.0-1 from
experimental, /usr/lib/bfd-plugins/liblto_plugin.so becomes a dangling symlink.

It looks like /usr/lib/gcc/${DEB_HOST_MULTIARCH}/13/liblto_plugin.so is missing
in gcc-13.

Best wishes,

--
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  https://sebastien.villemot.name
⠈⠳⣄  https://www.debian.org

Bug#995986: simple-cdd: Firmware not being included in installer image

[R.Penney]

I can confirm that this issue still seems to affect simple-cdd 0.6.9 on 
bookworm as of mid-May 2023 (including debian-cd version 3.2.1).


I too have tried 'export FORCE_FIRMWARE=1' together with 'export 
NONFREE_COMPONENTS="non-free non-free-firmware"', 
'mirror_components="main non-free non-free-firmware"' and various 
combinations thereof within my profile.default, all without success.


It would be great to see a working example of how to get firmware 
packages managed by simple-cdd. Thanks.

Bug#1036565: debian-installer-12-netboot-amd64: Installers needed b43 ucode16_mimo.fw, had to eth0 net install + manual firmware-b43-installer, MacBookPro5,5

[Fan Naibed]

Package: debian-installer-12-netboot-amd64
Severity: normal
Tags: d-i
X-Debbugs-Cc: oregano+deb...@disroot.org

Dear Maintainer,

   * What led up to the situation?

Tried to install with live installer on USB stick, plain installer on USB
stick, then net installer on USB stick

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Installers popped up error - wanted subject firmware to continue; putting
downloaded (standard) firmware on a second USB stick also failed. Finally
connected to ethernet over cable and installed with net installer on USB stick.

Then installed firmware-b43-installer manually.

   * What was the outcome of this action?

Successful install eventually. :)

   * What outcome did you expect instead?

Needed firmware included with installers so install using WiFi would just work.



-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

debian-installer-12-netboot-amd64 depends on no packages.

debian-installer-12-netboot-amd64 recommends no packages.

Versions of packages debian-installer-12-netboot-amd64 suggests:
pn  tftpd-hpa  

Bug#1036559: (no subject)

[Hans-Christoph Steiner]

control: found 1036559 3.4.0~a1-6

Bug#1036446: Please enable udhcpc6

[Keith Proctor]

How do I get off this list?

Regards,
Keith

> On May 20, 2023, at 7:11 PM, Ben Hutchings  wrote:
> 
> Package: udhcpc
> Version: 1:1.35.0-4+b2
> Severity: wishlist
> Tags: ipv6
> 
> Busybox has a DHCPv6 client (udhcpc6) but this is not included
> in the Debian packages.
> 
> Please enable CONFIG_UDHCPC6 and the dependent features.
> 
> Ben.
> 
> -- System Information:
> Debian Release: 12.0
>  APT prefers unstable-debug
>  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
> 'stable-security'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 
> 'stable'), (500, 'oldstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 6.1.0-7-amd64 (SMP w/12 CPU threads; PREEMPT)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not 
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages busybox depends on:
> ii  libc6  2.36-8
> 
> busybox recommends no packages.
> 
> busybox suggests no packages.
> 
> -- debconf-show failed

Bug#1036445: elinks: doesn't recognize recommended XHTML 1.0/1.1 MIME type on files

[Andrey Rakhmatullin]

Control: tags -1 - patch

On Sun, May 21, 2023 at 03:09:48AM +0200, José Luis González wrote:
> The solution depends on whether the problem is just a file handling
> issue or general, but it's trivial in both cases:
> 
> - If it's a file handling issue (it works on HTTP) it's just a matter of
>   finding out why only text/html is accepted in the case of files. I'm
>   sure it is straightforward, and can volunteer for a patch in this
>   case.
> 
> - If it's general all necessary is accepting both types and assuming
>   they are valid HTML. Parts of XHTML 2 might not display correctly yet,
>   but this has ever happened with all newer versions of HTML on legacy
>   browsers, and is not a problem until it gets supported. I have no
>   doubt XHTML 1 is fully supported, though, and has ever been, except
>   for this MIME type issue.
This is clearly neither a patch nor a "some other easy procedure for
fixing the bug".

Bug#1036562: unblock: qtbase-opensource-src/5.15.8+dfsg-10

[Dmitry Shachnev]

On Mon, May 22, 2023 at 01:58:03PM -0300, Lisandro Damián Nicanor Pérez Meyer 
wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: qtbase-opensource-...@packages.debian.org, mity...@debian.org, 
> lisan...@debian.org
> Control: affects -1 + src:qtbase-opensource-src
> 
> Please unblock package qtbase-opensource-src
> 
> [ Reason ]
> 
> This upload:
> - Fixes CVE-2023-32762 and CVE-2023-32763. One prevents a crash with SVG
>   (not related to the one in qtsvg-opensource-src) and the other one
>   related to a security heade parsing in the network module.
> - Adds a Break/Replaces in order to allow proper handling of systems
>   that still had libqtcore4 around (#1035790).
> - Backports a patch in order to solve an issue with KWin:
>   - https://bugreports.qt.io/browse/QTBUG-98048
>   - https://lists.debian.org/debian-kde/2022/11/msg00019.html

Actually, the fix for #1035790 has already migrated to testing.
So just the first and third points are remaining.

--
Dmitry Shachnev


signature.asc
Description: PGP signature

Bug#1036564: unblock: qt6-base/6.4.2+dfsg-9

[Lisandro Damián Nicanor Pérez Meyer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qt6-b...@packages.debian.org, delta...@debian.org, 
lisan...@debian.org
Control: affects -1 + src:qt6-base

Please unblock package qt6-base

[ Reason ]
Fixes CVE-2023-32762 and CVE-2023-32763. One prevents a crash with SVG
(not related to the one in qtsvg-opensource-src) and the other one
related to a security heade parsing in the network module.

[ Impact ]
Lack of security fixes.

[ Tests ]
Tested by upstream, do not break API/ABI, seems safe.

[ Risks ]
None that I can think of.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock qt6-base/6.4.2+dfsg-9
diff --git a/debian/changelog b/debian/changelog
index b117abd..85ce31b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+qt6-base (6.4.2+dfsg-9) unstable; urgency=medium
+
+  * Team upload.
+  * Add a patch to fix CVE-2023-32762.
+
+ -- Lisandro Damián Nicanor Pérez Meyer   Mon, 22 May 
2023 11:40:45 -0300
+
+qt6-base (6.4.2+dfsg-8) unstable; urgency=medium
+
+  * Team upload.
+  * Add patch for solving CVE-2023-32763.
+  * Refresh patches.
+
+ -- Lisandro Damián Nicanor Pérez Meyer   Mon, 22 May 
2023 10:42:21 -0300
+
 qt6-base (6.4.2+dfsg-7) unstable; urgency=medium
 
   [ Patrick Franz ]
diff --git a/debian/patches/armel-noyield.patch 
b/debian/patches/armel-noyield.patch
index 37061fb..74b1ae2 100644
--- a/debian/patches/armel-noyield.patch
+++ b/debian/patches/armel-noyield.patch
@@ -1,8 +1,12 @@
 Description: Don't use yield on CPUs that might not support it
 
+---
+ src/corelib/global/qsimd_p.h |2 ++
+ 1 file changed, 2 insertions(+)
+
 --- a/src/corelib/global/qsimd_p.h
 +++ b/src/corelib/global/qsimd_p.h
-@@ -428,7 +428,9 @@ static inline void qYieldCpu()
+@@ -401,7 +401,9 @@ static inline void qYieldCpu()
   https://stackoverflow.com/a/70076751/134841
   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105416
  */
diff --git 
a/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch 
b/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
index 2ab0f5e..bf93bca 100644
--- a/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
+++ b/debian/patches/build_path_embedded_qtbuildinternalsextra_cmake.patch
@@ -9,22 +9,18 @@ and causes reproducibility issues when built in different 
paths.
 
 https://reproducible-builds.org/docs/build-path/
 ---
- cmake/QtBuildInternalsExtra.cmake.in | 3 ---
+ cmake/QtBuildInternalsExtra.cmake.in |3 ---
  1 file changed, 3 deletions(-)
 
-diff --git a/cmake/QtBuildInternalsExtra.cmake.in 
b/cmake/QtBuildInternalsExtra.cmake.in
-index cbd70b1..23b2391 100644
 --- a/cmake/QtBuildInternalsExtra.cmake.in
 +++ b/cmake/QtBuildInternalsExtra.cmake.in
-@@ -53,9 +53,6 @@ endif()
+@@ -75,9 +75,6 @@ endif()
  set(QT_WILL_INSTALL @QT_WILL_INSTALL@ CACHE BOOL
  "Boolean indicating if doing a Qt prefix build (vs non-prefix build)." 
FORCE)
-
+ 
 -set(QT_SOURCE_TREE "@QT_SOURCE_TREE@" CACHE PATH
 -"A path to the source tree of the previously configured QtBase project." 
FORCE)
 -
  # Propagate decision of building tests and examples to other repositories.
  set(QT_BUILD_TESTS @QT_BUILD_TESTS@ CACHE BOOL "Build the testing tree.")
  set(QT_BUILD_EXAMPLES @QT_BUILD_EXAMPLES@ CACHE BOOL "Build Qt examples")
---
-2.35.1
diff --git a/debian/patches/cross.patch b/debian/patches/cross.patch
index 1a7ebd3..239c803 100644
--- a/debian/patches/cross.patch
+++ b/debian/patches/cross.patch
@@ -1,6 +1,11 @@
+---
+ cmake/QtBuildInternals/QtBuildInternalsConfig.cmake |2 --
+ src/tools/configure.cmake   |2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
 --- a/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
 +++ b/cmake/QtBuildInternals/QtBuildInternalsConfig.cmake
-@@ -146,8 +146,6 @@
+@@ -151,8 +151,6 @@ function(qt_build_internals_disable_pkg_
  set(FEATURE_pkg_config "${pkg_config_enabled}" CACHE STRING "Using 
pkg-config")
  if(NOT pkg_config_enabled)
  qt_build_internals_disable_pkg_config()
@@ -11,7 +16,7 @@
  
 --- a/src/tools/configure.cmake
 +++ b/src/tools/configure.cmake
-@@ -2,7 +2,7 @@
+@@ -2,7 +2,7 @@ qt_feature("androiddeployqt" PRIVATE
  SECTION "Deployment"
  LABEL "Android deployment tool"
  PURPOSE "The Android deployment tool automates the process of creating 
Android packages."
diff --git a/debian/patches/cve-2023-32762.diff 
b/debian/patches/cve-2023-32762.diff
new file mode 100644
index 000..92b76fa
--- /dev/null
+++ b/debian/patches/cve-2023-32762.diff
@@ -0,0 +1,15 @@
+---
+ src/network/access/qhsts.cpp |2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/network/access/qhsts.cpp
 b/src/network/access/qhsts.cpp
+@@ -328,7 +328,7 @@ bool QHstsHeaderParser::parse(const QLis
+ {
+ for (const 

Bug#1036563: unblock: qt6-svg/6.4.2-2

[Lisandro Damián Nicanor Pérez Meyer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qt6-...@packages.debian.org, delta...@debian.org, 
lisan...@debian.org
Control: affects -1 + src:qt6-svg

Please unblock package qt6-svg

[ Reason ]
Fixes CVE-2023-32573.

[ Impact ]
This patch avoids a crash when parsing malformed/crafted SVG files.

[ Tests ]
Done by upstream, it basically makes sures a variable has a default
value.

[ Risks ]
None that I can think of.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock qt6-svg/6.4.2-2
diff --git a/debian/changelog b/debian/changelog
index 41242b5..78f7594 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+qt6-svg (6.4.2-2) unstable; urgency=medium
+
+  * Team upload.
+  * Add patch to solve CVE-2023-32573.
+
+ -- Lisandro Damián Nicanor Pérez Meyer   Mon, 22 May 
2023 10:48:50 -0300
+
 qt6-svg (6.4.2-1) unstable; urgency=medium
 
   [ Patrick Franz ]
diff --git a/debian/patches/cve-2023-32573.diff 
b/debian/patches/cve-2023-32573.diff
new file mode 100644
index 000..750f29e
--- /dev/null
+++ b/debian/patches/cve-2023-32573.diff
@@ -0,0 +1,37 @@
+---
+ src/svg/qsvgfont_p.h|5 ++---
+ src/svg/qsvghandler.cpp |2 +-
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+--- a/src/svg/qsvgfont_p.h
 b/src/svg/qsvgfont_p.h
+@@ -38,6 +38,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+ QSvgFont(qreal horizAdvX);
+ 
+ void setFamilyName(const QString );
+@@ -50,9 +51,7 @@ public:
+ void draw(QPainter *p, const QPointF , const QString , qreal 
pixelSize, Qt::Alignment alignment) const;
+ public:
+ QString m_familyName;
+-qreal m_unitsPerEm;
+-qreal m_ascent;
+-qreal m_descent;
++qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+ qreal m_horizAdvX;
+ QHash m_glyphs;
+ };
+--- a/src/svg/qsvghandler.cpp
 b/src/svg/qsvghandler.cpp
+@@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleP
+ 
+ qreal unitsPerEm = toDouble(unitsPerEmStr);
+ if (!unitsPerEm)
+-unitsPerEm = 1000;
++unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+ 
+ if (!name.isEmpty())
+ font->setFamilyName(name);
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..71efccf
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+# Fixed in 6.5.
+cve-2023-32573.diff

Bug#1036562: unblock: qtbase-opensource-src/5.15.8+dfsg-10

[Lisandro Damián Nicanor Pérez Meyer]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qtbase-opensource-...@packages.debian.org, mity...@debian.org, 
lisan...@debian.org
Control: affects -1 + src:qtbase-opensource-src

Please unblock package qtbase-opensource-src

[ Reason ]

This upload:
- Fixes CVE-2023-32762 and CVE-2023-32763. One prevents a crash with SVG
  (not related to the one in qtsvg-opensource-src) and the other one
  related to a security heade parsing in the network module.
- Adds a Break/Replaces in order to allow proper handling of systems
  that still had libqtcore4 around (#1035790).
- Backports a patch in order to solve an issue with KWin:
  - https://bugreports.qt.io/browse/QTBUG-98048
  - https://lists.debian.org/debian-kde/2022/11/msg00019.html

[ Impact ]

- Lack of security fixes.
- Breaks the bullseye → bookworm update on some systems.
- Nasty visual effects while drag and dropping.

[ Tests ]

All the patches have been tested by upstream.

The security patches are quite straightforward.
The B/R issue is also straightforward, with a specific Qt4 version
allowing users to keep libqt4 around if necessary.
Drag and dropping just works as expected.

[ Risks ]

Sincerely I don't think there are risks here.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock qtbase-opensource-src/5.15.8+dfsg-10
diff --git a/debian/changelog b/debian/changelog
index 8c172cff..1f5b73f0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+qtbase-opensource-src (5.15.8+dfsg-10) unstable; urgency=medium
+
+  * Add patches to fix CVE-2023-32762 and CVE-2023-32763.
+
+ -- Lisandro Damián Nicanor Pérez Meyer   Mon, 22 May 
2023 11:31:55 -0300
+
+qtbase-opensource-src (5.15.8+dfsg-9) unstable; urgency=medium
+
+  * Backport upstream patch to fix laggy drag-and-drop with KWin. See:
+- https://bugreports.qt.io/browse/QTBUG-98048
+- https://lists.debian.org/debian-kde/2022/11/msg00019.html
+
+ -- Dmitry Shachnev   Sun, 21 May 2023 12:19:31 +0300
+
 qtbase-opensource-src (5.15.8+dfsg-8) unstable; urgency=medium
 
   * Add back Breaks/Replaces for libqtcore4 (closes: #1035790).
diff --git a/debian/patches/CVE-2023-32762.patch 
b/debian/patches/CVE-2023-32762.patch
new file mode 100644
index ..d0deff76
--- /dev/null
+++ b/debian/patches/CVE-2023-32762.patch
@@ -0,0 +1,17 @@
+---
+ src/network/access/qhsts.cpp |4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/src/network/access/qhsts.cpp
 b/src/network/access/qhsts.cpp
+@@ -364,8 +364,8 @@ quoted-pair= "\" CHAR
+ bool QHstsHeaderParser::parse(const QList> 
)
+ {
+ for (const auto  : headers) {
+-// We use '==' since header name was already 'trimmed' for us:
+-if (h.first == "Strict-Transport-Security") {
++// We compare directly because header name was already 'trimmed' for 
us:
++if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) 
== 0) {
+ header = h.second;
+ // RFC6797, 8.1:
+ //
diff --git a/debian/patches/cve-2023-32763.diff 
b/debian/patches/cve-2023-32763.diff
new file mode 100644
index ..b74413dc
--- /dev/null
+++ b/debian/patches/cve-2023-32763.diff
@@ -0,0 +1,50 @@
+---
+ src/gui/painting/qfixed_p.h  |9 +
+ src/gui/text/qtextlayout.cpp |9 ++---
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+--- a/src/gui/painting/qfixed_p.h
 b/src/gui/painting/qfixed_p.h
+@@ -54,6 +54,7 @@
+ #include 
+ #include "QtCore/qdebug.h"
+ #include "QtCore/qpoint.h"
++#include 
+ #include "QtCore/qsize.h"
+ 
+ QT_BEGIN_NAMESPACE
+@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(i
+ Q_DECL_CONSTEXPR inline bool operator>(const QFixed , int i) { return 
f.value() > i * 64; }
+ Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed ) { return i * 
64 > f.value(); }
+ 
++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++int val;
++bool result = add_overflow(v1.value(), v2.value(), );
++r->setValue(val);
++return result;
++}
++
+ #ifndef QT_NO_DEBUG_STREAM
+ inline QDebug <<(QDebug , const QFixed )
+ { return dbg << f.toReal(); }
+--- a/src/gui/text/qtextlayout.cpp
 b/src/gui/text/qtextlayout.cpp
+@@ -2150,11 +2150,14 @@ found:
+ eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
+ } else {
+ eng->minWidth = qMax(eng->minWidth, lbh.minw);
+-eng->maxWidth += line.textWidth;
++if (qAddOverflow(eng->maxWidth, line.textWidth, >maxWidth))
++eng->maxWidth = QFIXED_MAX;
+ }
+ 
+-if (line.textWidth > 0 && item < eng->layoutData->items.size())
+-eng->maxWidth += lbh.spaceData.textWidth;
++if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
++if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, 
>maxWidth))

Bug#1019717: Display of an SVG file broken due to gsfonts transition

[Albrecht Dreß]

The issue is still present in libgraphicsmagick-q16-3 v. 1.4+really1.3.40-4 and makes 
using the library with the standard config files somehow unusable as soon as any SVG with 
a "text" container is involved.  It would be great if a fix would be available 
before the final Bookworm release.

Thanks, Albrecht.

Bug#930362:

[mazharhamod]

وزوز

Bug#930362:

[mazharhamod]

.

Bug#1036561: emacs-gtk: opening an encrypted GnuPG file in an xterm via SSH can put garbage in the buffer

[Vincent Lefevre]

Package: emacs-gtk
Version: 1:28.2+1-15
Severity: important

I opened an encrypted GnuPG file (.gpg extension) in an xterm via SSH
(no X11 forwarding). After typing my passphrase in the terminal, the
file was opened successfully, but the character "e" was inserted at
the beginning of the buffer, and the PageUp/PageDown keys were not
recognized.

I suspect some bug in the terminal initialization code for xterm.

This occurred in the past with slow connections, but at least with
normal files:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016043

(perhaps this in unrelated to GnuPG and this is exactly the same bug).

-- System Information:
Debian Release: 12.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-security'), (500, 
'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 
'testing'), (500, 'stable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages emacs-gtk depends on:
ii  emacs-bin-common 1:28.2+1-15
ii  emacs-common 1:28.2+1-15
ii  libacl1  2.3.1-3
ii  libasound2   1.2.8-1+b1
ii  libc62.36-9
ii  libcairo21.16.0-7
ii  libdbus-1-3  1.14.6-1
ii  libfontconfig1   2.14.1-4
ii  libfreetype6 2.12.1+dfsg-5
ii  libgccjit0   12.2.0-14
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libgif7  5.2.1-2.5
ii  libglib2.0-0 2.74.6-2
ii  libgmp10 2:6.2.1+dfsg1-1.1
ii  libgnutls30  3.7.9-2
ii  libgpm2  1.20.7-10+b1
ii  libgtk-3-0   3.24.37-2
ii  libharfbuzz0b6.0.0+dfsg-3
ii  libice6  2:1.0.10-1
ii  libjansson4  2.14-2
ii  libjpeg62-turbo  1:2.1.5-2
ii  liblcms2-2   2.14-2
ii  libm17n-01.8.0-6
ii  libotf1  0.9.16-4
ii  libpango-1.0-0   1.50.12+ds-1
ii  libpng16-16  1.6.39-2
ii  librsvg2-2   2.54.5+dfsg-1
ii  libselinux1  3.4-1+b5
ii  libsm6   2:1.2.3-1
ii  libsystemd0  252.6-1
ii  libtiff6 4.5.0-6
ii  libtinfo66.4-4
ii  libx11-6 2:1.8.4-2
ii  libxext6 2:1.3.4-1+b1
ii  libxfixes3   1:6.0.0-2
ii  libxml2  2.9.14+dfsg-1.2
ii  libxrender1  1:0.9.10-1.1
ii  zlib1g   1:1.2.13.dfsg-1

Versions of packages emacs-gtk recommends:
ii  fonts-noto-color-emoji  2.038-1

Versions of packages emacs-gtk suggests:
ii  emacs-common-non-dfsg  1:28.2+1-2

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1036560: unblock: libraw/0.20.2-2.1

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: lib...@packages.debian.org, car...@debian.org
Control: affects -1 + src:libraw

Hi release team,

Please unblock package libraw

[ Reason ]
Fixing two CVEs CVE-2021-32142 (would be no-dsa considered), and
CVE-2023-1729. As we do plan to release a DSA for bullseye-security it
is wise to have the fixes as well in the upper suite.

[ Impact ]
libraw in bookworm affected by CVE-2021-32142 and CVE-2023-1729 until
the bookworm point releases or security update.

[ Tests ]
None specifically, autopkgtest with smoketest passes.

[ Risks ]
Two isolated fixes whith low risk I believe.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
None

unblock libraw/0.20.2-2.1

Regards,
Salvatore
diff -Nru libraw-0.20.2/debian/changelog libraw-0.20.2/debian/changelog
--- libraw-0.20.2/debian/changelog  2021-09-11 16:56:07.0 +0200
+++ libraw-0.20.2/debian/changelog  2023-05-20 21:44:42.0 +0200
@@ -1,3 +1,13 @@
+libraw (0.20.2-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * check for input buffer size on datastream::gets (CVE-2021-32142)
+(Closes: #1031790)
+  * do not set shrink flag for 3/4 component images (CVE-2023-1729)
+(Closes: #1036281)
+
+ -- Salvatore Bonaccorso   Sat, 20 May 2023 21:44:42 +0200
+
 libraw (0.20.2-2) unstable; urgency=medium
 
   * debian/watch: bump version 3 -> 4
diff -Nru 
libraw-0.20.2/debian/patches/check-for-input-buffer-size-on-datastream-gets.patch
 
libraw-0.20.2/debian/patches/check-for-input-buffer-size-on-datastream-gets.patch
--- 
libraw-0.20.2/debian/patches/check-for-input-buffer-size-on-datastream-gets.patch
   1970-01-01 01:00:00.0 +0100
+++ 
libraw-0.20.2/debian/patches/check-for-input-buffer-size-on-datastream-gets.patch
   2023-05-20 21:44:42.0 +0200
@@ -0,0 +1,43 @@
+From: Alex Tutubalin 
+Date: Mon, 12 Apr 2021 13:21:52 +0300
+Subject: check for input buffer size on datastream::gets
+Origin: 
https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
+Bug: https://github.com/LibRaw/LibRaw/issues/400
+Bug-Debian: https://bugs.debian.org/1031790
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32142
+
+---
+ src/libraw_datastream.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
+index a5c1a84a3a8c..a31ae9dd84db 100644
+--- a/src/libraw_datastream.cpp
 b/src/libraw_datastream.cpp
+@@ -287,6 +287,7 @@ INT64 LibRaw_file_datastream::tell()
+ 
+ char *LibRaw_file_datastream::gets(char *str, int sz)
+ {
++  if(sz<1) return NULL;
+   LR_STREAM_CHK();
+   std::istream is(f.get());
+   is.getline(str, sz);
+@@ -421,6 +422,7 @@ INT64 LibRaw_buffer_datastream::tell()
+ 
+ char *LibRaw_buffer_datastream::gets(char *s, int sz)
+ {
++  if(sz<1) return NULL;
+   unsigned char *psrc, *pdest, *str;
+   str = (unsigned char *)s;
+   psrc = buf + streampos;
+@@ -618,6 +620,7 @@ INT64 LibRaw_bigfile_datastream::tell()
+ 
+ char *LibRaw_bigfile_datastream::gets(char *str, int sz)
+ {
++  if(sz<1) return NULL;
+   LR_BF_CHK();
+   return fgets(str, sz, f);
+ }
+-- 
+2.40.1
+
diff -Nru 
libraw-0.20.2/debian/patches/do-not-set-shrink-flag-for-3-4-component-images.patch
 
libraw-0.20.2/debian/patches/do-not-set-shrink-flag-for-3-4-component-images.patch
--- 
libraw-0.20.2/debian/patches/do-not-set-shrink-flag-for-3-4-component-images.patch
  1970-01-01 01:00:00.0 +0100
+++ 
libraw-0.20.2/debian/patches/do-not-set-shrink-flag-for-3-4-component-images.patch
  2023-05-20 21:44:42.0 +0200
@@ -0,0 +1,28 @@
+From: Alex Tutubalin 
+Date: Sat, 14 Jan 2023 18:32:59 +0300
+Subject: do not set shrink flag for 3/4 component images
+Origin: 
https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828
+Bug: https://github.com/LibRaw/LibRaw/issues/557
+Bug-Debian: https://bugs.debian.org/1036281
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-1729
+
+---
+ src/preprocessing/raw2image.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
+index e65e2ad73b4a..702cf290213c 100644
+--- a/src/preprocessing/raw2image.cpp
 b/src/preprocessing/raw2image.cpp
+@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
+ 
+   // adjust for half mode!
+   IO.shrink =
++!imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
++!imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
+   P1.filters &&
+   (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
+ 
+-- 
+2.40.1
+
diff -Nru libraw-0.20.2/debian/patches/series 
libraw-0.20.2/debian/patches/series
--- libraw-0.20.2/debian/patches/series 1970-01-01 

Bug#1036213: apache2: frequent SIGSEGV in mod_http2.so (purge_consumed_buckets)

[Bastien Durel]

Le lundi 22 mai 2023 à 16:36 +0200, Stefan Eissing a écrit :
> 
> 
> > Am 19.05.2023 um 18:50 schrieb Bastien Durel :
> > 
> > Le 19/05/2023 à 18:11, Stefan Eissing a écrit :
> > > Hi Bastien,
> > Hello
> > 
> > > I am looking into the failures of mod_proxy_http2 and seeing an
> > > issue with connection reuse and subsequent handling of requests.
> > > Going back to the original issue, do you still see those with
> > > mod_h2 v2.0.15? That would be interesting to know.
> > No, I had only 2 segfaults since I upgraded to 2.0.15, and none is
> > in purge_consumed_buckets :
> > 
> > - proxy_pass_brigade
> > - ap_save_brigade
> > 
> > > I do not know if just relying on mod_proxy_http in your setup
> > > would be possible. But it could help us isolating issues.
> > 
> > I don't think so ... The knot-resolver I forward DOH requests to
> > seems to only support HTTP/2 ; if I change it to https://,
> > dog fails to resolve on it :
> > 
> > Error [http]: Nameserver returned HTTP 502 (Proxy Error)
> 
> I just released v2.0.16
> . It contains a
> fix in mod_proxy_http2 retry handling. Not sure if this is related to
> your crashes as I was so far unsuccessful to reproduce those locally.
> But maybe you'd like to give this a try.

Hello,

Thanks. I've compiled and installed v2.0.16.

I "only" had 2 crashes([1][2]) since friday, so I guess I'll have to
monitor a few days to report back.

Thanks for your work,


[1]
#0  0x7f9bb04650b3 in ssl_io_filter_output (f=0x7f9ba03c68d8, 
bb=0x7f9ba04a83b8) at ssl_engine_io.c:2008
#1  0x7f9bb0597999 in proxy_pass_brigade (flush=1, bb=, 
origin=, p_conn=0x7f9ba03c80a0, bucket_alloc=) at 
h2_proxy_session.c:218
#2  raw_send (ngh2=, data=, length=70, 
flags=, user_data=0x7f9ba04a8190) at h2_proxy_session.c:244
#3  0x7f9bb14a11f9 in nghttp2_session_send () from 
/usr/lib/x86_64-linux-gnu/libnghttp2.so.14
#4  0x7f9bb059a9b9 in send_loop (session=0x7f9ba04a8190) at 
h2_proxy_session.c:1517
#5  h2_proxy_session_process (session=0x7f9ba04a8190) at h2_proxy_session.c:1553
#6  0x7f9bb059db44 in ctx_run (ctx=0x7f9ba03524d0) at mod_proxy_http2.c:258

[2]
#0  0x7f9bb04650c5 in ssl_io_filter_output (f=0x7f9ba01388d8, 
bb=0x7f9ba05613b8) at ssl_engine_io.c:2008
#1  0x7f9bb0597999 in proxy_pass_brigade (flush=1, bb=, 
origin=, p_conn=0x7f9ba013a0a0, bucket_alloc=) at 
h2_proxy_session.c:218
#2  raw_send (ngh2=, data=, length=74, 
flags=, user_data=0x7f9ba0561190) at h2_proxy_session.c:244
#3  0x7f9bb14a11f9 in nghttp2_session_send () from 
/usr/lib/x86_64-linux-gnu/libnghttp2.so.14
#4  0x7f9bb059a9b9 in send_loop (session=0x7f9ba0561190) at 
h2_proxy_session.c:1517
#5  h2_proxy_session_process (session=0x7f9ba0561190) at h2_proxy_session.c:1553
#6  0x7f9bb059db44 in ctx_run (ctx=0x7f9ba014c4d0) at mod_proxy_http2.c:258

-- 
Bastien

Bug#1036559: androguard: fails to parse some valid APKs: ResParserError: res0 must be always zero!

[Hans-Christoph Steiner]

Package: androguard
Version: 3.4.0~a1-1
Severity: important

Dear Maintainer,

androguard fails to parse some valid APKs, failing with:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/androguard/core/bytecodes/apk.py", line 
1556, in get_android_resources

return self.arsc["resources.arsc"]
   ~^^
KeyError: 'resources.arsc'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/hans/code/fdroid/server/tests/../fdroid", line 22, in 
fdroidserver.__main__.main()
  File "/home/hans/code/fdroid/server/fdroidserver/__main__.py", line 230, in 
main
raise e
  File "/home/hans/code/fdroid/server/fdroidserver/__main__.py", line 211, in 
main
mod.main()
  File "/home/hans/code/fdroid/server/fdroidserver/update.py", line 2267, in 
main
apks, cachechanged = process_apks(apkcache, repodirs[0], knownapks,
 ^^
  File "/home/hans/code/fdroid/server/fdroidserver/update.py", line 1650, in 
process_apks

(skip, apk, cachethis) = process_apk(apkcache, apkfilename, repodir, 
knownapks,
 
^^
  File "/home/hans/code/fdroid/server/fdroidserver/update.py", line 1510, in 
process_apk

apk = scan_apk(apkfile)
  ^
  File "/home/hans/code/fdroid/server/fdroidserver/update.py", line 1249, in 
scan_apk

scan_apk_androguard(apk, apk_file)
  File "/home/hans/code/fdroid/server/fdroidserver/update.py", line 1337, in 
scan_apk_androguard

arsc = apkobject.get_android_resources()
   ^
  File "/usr/lib/python3/dist-packages/androguard/core/bytecodes/apk.py", line 
1562, in get_android_resources

self.arsc["resources.arsc"] = ARSCParser(self.zip.read("resources.arsc"))
  ^^^
  File 
"/usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py", 
line 1344, in __init__

ate = ARSCResTableEntry(self.buff, res_id, pc)
  
  File 
"/usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py", 
line 2589, in __init__

self.item = ARSCComplex(buff, parent)
^
  File 
"/usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py", 
line 2647, in __init__
self.items.append((unpack('ARSCResStringPoolRef(buff, self.parent)))


^^^
  File 
"/usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py", 
line 2667, in __init__

raise ResParserError("res0 must be always zero!")
androguard.core.bytecodes.axml.ResParserError: res0 must be always zero!


I'm seeing this with:

com.whatsapp
Version Code 230905004
Version 2.23.9.5
SHA-256 5f2a974da3d07803daf3cc29a63846d02e40d41c33c42f63f3e55ef14a07f55c


It was also reported for:

com.google.android.talk
SHA-256 6245178b03a5375f49f74f3eb40caab746655d39ee35fbfbf62299fedba037dd

Upstream suggests stop failing on that check:
https://github.com/androguard/androguard/issues/771#issuecomment-572169714

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (1, 'experimental'), 
(1, 'unstable')

Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-0-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages androguard depends on:
ii  python3 3.11.2-1+b1
ii  python3-asn1crypto  1.5.1-2
ii  python3-click   8.1.3-2
ii  python3-colorama0.4.6-2
ii  python3-ipython 8.5.0-4
ii  python3-lxml4.9.2-1+b1
ii  python3-magic   2:0.4.26-3
ii  python3-matplotlib  3.6.3-1+b1
ii  python3-networkx2.8.8-1
ii  python3-oscrypto1.3.0-1
ii  python3-pydot   1.4.2-1
ii  python3-pygments2.14.0+dfsg-1
ii  python3-yaml6.0-3+b2

Versions of packages androguard recommends:
ii  python3-pyperclip  1.8.2-2
ii  python3-pyqt5  5.15.9+dfsg-1

androguard suggests no packages.

-- no debconf information

Bug#1036558: Update kaidan to new upstream release 0.9.1

[Pirate Praveen]

Package: kaidan
Version: 0.8.0-2
Severity: wishlist

Kaidan 0.9.1 is now available with end to end encryption support. 
Please update the version in the archive (it could be uploaded to 
experimental till bookworm is out). Currently I use the flatpak 
version, but would love to use the native package.

Bug#1036557: unblock: debian-med/3.8.1

[Andreas Tille]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-...@packages.debian.org, debian-...@lists.debian.org
Control: affects -1 + src:debian-med

Please unblock package debian-med

[ Reason ]

This is the final update of the Debian Med metapackages after some
changes in the package pool.  Since some packages were removed from
testing this had to be reflected in the dependencies of the metapackages
Updating Blends metapackages in the final phase of a release cyclus
to adapt to those changes is the usual thing we do in the release
process.

[ Impact ]
The metapackages would recommend packages that are not available
in the future stable release.

[ Tests ]
There is no test but the automatic generation of the dependencies
was done as usual and has shown to be reliable in the past.  The
resulting changes make perfectly sense.

[ Risks ]
There is not even code and its a leaf package anyway.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

unblock debian-med/3.8.1


debian-med_3.8.1-3.8.debdiff.gz
Description: application/gzip

Bug#1036213: apache2: frequent SIGSEGV in mod_http2.so (purge_consumed_buckets)

[Stefan Eissing]

> Am 19.05.2023 um 18:50 schrieb Bastien Durel :
> 
> Le 19/05/2023 à 18:11, Stefan Eissing a écrit :
>> Hi Bastien,
> Hello
> 
>> I am looking into the failures of mod_proxy_http2 and seeing an issue with 
>> connection reuse and subsequent handling of requests.
>> Going back to the original issue, do you still see those with mod_h2 
>> v2.0.15? That would be interesting to know.
> No, I had only 2 segfaults since I upgraded to 2.0.15, and none is in 
> purge_consumed_buckets :
> 
> - proxy_pass_brigade
> - ap_save_brigade
> 
>> I do not know if just relying on mod_proxy_http in your setup would be 
>> possible. But it could help us isolating issues.
> 
> I don't think so ... The knot-resolver I forward DOH requests to seems to 
> only support HTTP/2 ; if I change it to https://, dog fails to resolve on it :
> 
> Error [http]: Nameserver returned HTTP 502 (Proxy Error)

I just released v2.0.16 . 
It contains a fix in mod_proxy_http2 retry handling. Not sure if this is 
related to your crashes as I was so far unsuccessful to reproduce those 
locally. But maybe you'd like to give this a try.

Kind Regards,
Stefan

> 
> Regards,
> 
> -- 
> Bastien Durel
> 

Bug#1036555: gnome-shell[…]: Error looking up permission: GDBus.Error:org.freedesktop.portal.Error.NotFound: No entry for geolocation

[Al Ma]

Package: gnome-shell
Version: 42.3.1-2
I discovered (among many others) a “No entry for geolocation” error in the 
journal:
Mai 21 22:36:47 AnonymizedComputerName gnome-shell[1063]: Will monitor session 
c1 Mai 21 22:36:47 AnonymizedComputerName dbus-daemon[801]: [system] Activating 
via systemd: service name='org.freedesktop.locale1' 
unit='dbus-org.freedesktop.locale1.service' requested by ':1.37' (uid=119 
pid=1063 comm="/usr/bin/gnome-shell ") Mai 21 22:36:47 AnonymizedComputerName 
systemd[1]: Starting Locale Service... Mai 21 22:36:47 AnonymizedComputerName 
dbus-daemon[801]: [system] Successfully activated service 
'org.freedesktop.locale1' Mai 21 22:36:47 AnonymizedComputerName systemd[1]: 
Started Locale Service. Mai 21 22:36:47 AnonymizedComputerName 
/usr/libexec/gdm-wayland-session[1009]: dbus-daemon[1009]: [session uid=119 
pid=1009] Activating service name='org.freedesktop.impl.portal.PermissionStore' 
requested by ':1.3' (uid=119 pid=1063 comm="/usr/bin/gnome-shell ") Mai 21 
22:36:47 AnonymizedComputerName /usr/libexec/gdm-wayland-session[1009]: 
dbus-daemon[1009]: [session uid=119 pid=1009] Successfully activated service 
'org.freedesktop.impl.portal.PermissionStore' Mai 21 22:36:47 
AnonymizedComputerName dbus-daemon[801]: [system] Activating via systemd: 
service name='org.freedesktop.GeoClue2' unit='geoclue.service' requested by 
':1.37' (uid=119 pid=1063 comm="/usr/bin/gnome-shell ") Mai 21 22:36:47 
AnonymizedComputerName systemd[1]: Starting Location Lookup Service... Mai 21 
22:36:47 AnonymizedComputerName polkitd(authority=local)[809]: Registered 
Authentication Agent for unix-session:c1 (system bus name :1.37 
[/usr/bin/gnome-shell], object path 
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) Mai 21 
22:36:47 AnonymizedComputerName dbus-daemon[801]: [system] Activating via 
systemd: service name='org.freedesktop.PackageKit' unit='packagekit.service' 
requested by ':1.37' (uid=119 pid=1063 comm="/usr/bin/gnome-shell ") Mai 21 
22:36:47 AnonymizedComputerName systemd[1]: Starting PackageKit Daemon... Mai 
21 22:36:47 AnonymizedComputerName PackageKit[1191]: daemon start Mai 21 
22:36:47 AnonymizedComputerName dbus-daemon[801]: [system] Successfully 
activated service 'org.freedesktop.GeoClue2' Mai 21 22:36:47 
AnonymizedComputerName systemd[1]: Started Location Lookup Service. Mai 21 
22:36:47 AnonymizedComputerName /usr/libexec/gdm-wayland-session[1009]: 
dbus-daemon[1009]: [session uid=119 pid=1009] Activating service 
name='org.gnome.Shell.Notifications' requested by ':1.3' (uid=119 pid=1063 
comm="/usr/bin/gnome-shell ") Mai 21 22:36:47 AnonymizedComputerName 
/usr/libexec/gdm-wayland-session[1171]: dbus-daemon[1171]: Activating service 
name='org.a11y.atspi.Registry' requested by ':1.0' (uid=119 pid=1063 
comm="/usr/bin/gnome-shell ") Mai 21 22:36:47 AnonymizedComputerName 
/usr/libexec/gdm-wayland-session[1171]: dbus-daemon[1171]: Successfully 
activated service 'org.a11y.atspi.Registry' Mai 21 22:36:47 
AnonymizedComputerName /usr/libexec/gdm-wayland-session[1201]: SpiRegistry 
daemon is running with well-known name - org.a11y.atspi.Registry Mai 21 
22:36:47 AnonymizedComputerName org.gnome.Shell.desktop[1063]: Window manager 
warning: Failed to parse saved session file: Datei 
»/var/lib/gdm3/.config/mutter/sessions/1065b6e83232cb60411684701404911355001015.ms«
 konnte nicht geöffnet werden: Datei oder Verzeichnis nicht gefunden Mai 21 
22:36:47 AnonymizedComputerName dbus-daemon[801]: [system] Successfully 
activated service 'org.freedesktop.PackageKit' Mai 21 22:36:47 
AnonymizedComputerName systemd[1]: Started PackageKit Daemon. Mai 21 22:36:47 
AnonymizedComputerName kernel: rfkill: input handler disabled Mai 21 22:36:47 
AnonymizedComputerName /usr/libexec/gdm-wayland-session[1009]: 
dbus-daemon[1009]: [session uid=119 pid=1009] Activating service 
name='org.freedesktop.systemd1' requested by ':1.9' (uid=119 pid=1213 
comm="/usr/libexec/gsd-sharing ") Mai 21 22:36:47 AnonymizedComputerName 
/usr/libexec/gdm-wayland-session[1009]: dbus-daemon[1009]: [session uid=119 
pid=1009] Activated service 'org.freedesktop.systemd1' failed: Process 
org.freedesktop.systemd1 exited with status 1 Mai 21 22:36:47 
AnonymizedComputerName gsd-sharing[1213]: Failed to StopUnit service: 
GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process 
org.freedesktop.systemd1 exited with status 1 Mai 21 22:36:47 
AnonymizedComputerName gsd-sharing[1213]: Failed to StopUnit service: 
GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process 
org.freedesktop.systemd1 exited with status 1 Mai 21 22:36:47 
AnonymizedComputerName /usr/libexec/gdm-wayland-session[1009]: 
dbus-daemon[1009]: [session uid=119 pid=1009] Activating service 
name='org.gtk.vfs.Daemon' requested by ':1.24' (uid=119 pid=1258 
comm="ibus-daemon --panel disable ") Mai 21 22:36:47 AnonymizedComputerName 
/usr/libexec/gdm-wayland-session[1009]: dbus-daemon[1009]: [session uid=119 

Bug#1036443: ntpsec: leftover files on purge

[Christoph Anton Mitterer]

Oh and I've just noticed that I've had accidentally reported the bug
against ntpsec, not ntp.

Not sure where these files should be ideally cleaned up.

I mean in principle of course ntp, but must people that follow sid,
will have already removed the package and thus never see the clean up.

Bug#1036443: ntpsec: leftover files on purge

[Christoph Anton Mitterer]

Hey.

I've just noted there are more leftover files, namely dangling symlinks
at:

l /etc/systemd/system/multi-user.target.wants/ntp.service /etc/rc*.d/*ntp
lrwxrwxrwx 1 root root 13 Jul 10  2017 /etc/rc2.d/S03ntp -> ../init.d/ntp
lrwxrwxrwx 1 root root 13 Jul 10  2017 /etc/rc3.d/S03ntp -> ../init.d/ntp
lrwxrwxrwx 1 root root 13 Jul 10  2017 /etc/rc4.d/S03ntp -> ../init.d/ntp
lrwxrwxrwx 1 root root 13 Jul 10  2017 /etc/rc5.d/S03ntp -> ../init.d/ntp
lrwxrwxrwx 1 root root 31 Jun 30  2021 
/etc/systemd/system/multi-user.target.wants/ntp.service -> 
/lib/systemd/system/ntp.service

Interestingly, these only showed up on a system where I've upgraded
straight from bullseye to bookwork.
They're not there on a sid system, which was regularly upgraded.


Cheers,
Chris.

Bug#1036554: unblock: iproute2/6.1.0-3

[Luca Boccassi]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Team,

A small regression w.r.t. Bookworm has just been reported on iproute2.
It is a trivial fix so I'd like to have it in the release if possible.
debdiff attached.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036534

Thanks!

-- 
Kind regards,
Luca Boccassi
diff -Nru iproute2-6.1.0/debian/changelog iproute2-6.1.0/debian/changelog
--- iproute2-6.1.0/debian/changelog	2023-02-25 19:46:35.0 +
+++ iproute2-6.1.0/debian/changelog	2023-05-22 14:19:52.0 +0100
@@ -1,3 +1,9 @@
+iproute2 (6.1.0-3) unstable; urgency=medium
+
+  * Ensure 'ip mo' resolves to 'ip monitor' (Closes: #1036534)
+
+ -- Luca Boccassi   Mon, 22 May 2023 14:19:52 +0100
+
 iproute2 (6.1.0-2) unstable; urgency=medium
 
   * Add Romanian language translation for debconf (Closes: #1031917)
diff -Nru iproute2-6.1.0/debian/patches/0001-Add-moo-feature.patch iproute2-6.1.0/debian/patches/0001-Add-moo-feature.patch
--- iproute2-6.1.0/debian/patches/0001-Add-moo-feature.patch	2023-02-25 19:04:02.0 +
+++ iproute2-6.1.0/debian/patches/0001-Add-moo-feature.patch	2023-05-22 14:19:19.0 +0100
@@ -3,7 +3,7 @@
 Forwarded: no, critical value-add business feature for Debian
 --- a/ip/ip.c
 +++ b/ip/ip.c
-@@ -86,6 +86,19 @@
+@@ -87,6 +87,19 @@
  	return 0;
  }
  
@@ -23,11 +23,11 @@
  static const struct cmd {
  	const char *cmd;
  	int (*func)(int argc, char **argv);
-@@ -104,6 +117,7 @@
- 	{ "fou",	do_ipfou },
- 	{ "ila",	do_ipila },
- 	{ "macsec",	do_ipmacsec },
+@@ -125,6 +138,7 @@
+ 	{ "ioam",	do_ioam6 },
+ 	{ "help",	do_help },
+ 	{ "stats",	do_ipstats },
 +	{ "moo",	do_moo },
- 	{ "tunnel",	do_iptunnel },
- 	{ "tunl",	do_iptunnel },
- 	{ "tuntap",	do_iptuntap },
+ 	{ 0 }
+ };
+ 


signature.asc
Description: This is a digitally signed message part

Bug#1036534: iproute2: Regression: "ip mo" no longer matches "ip monitor"

[Luca Boccassi]

Control: forcemerge -1 1036533

On Mon, 22 May 2023 00:07:26 -0400 Boyuan Yang 
wrote:
> Package: iproute2
> Severity: important
> Version: 6.1.0-2
> X-Debbugs-CC: bl...@debian.org formo...@debian.org
> 
> Dear Debian iproute2 maintainers,
> 
> When upgraded from Debian 11 to Debian Testing/Sid (Debian 12),
typing "ip mo"
> no longer matches with "ip monitor". Instead, it matches "ip moo":
> 
> ===
> 
> * Debian 11:
> 
> $ ip mo help
> Usage: ip monitor [ all | LISTofOBJECTS ] [ FILE ] [ label ] [ all-
nsid ]    
> [ dev DEVICE ]
> OBJECTS :=  address | link | mroute | neigh | netconf |
> nexthop | nsid | prefix | route | rule | stats
> FILE := file FILENAME
> 
> * Debian 12:
> 
> $ ip mo help
> 
>  _ __ ___   ___   ___
> | '_ ` _ \ / _ \ / _ \
> | | | | | | (_) | (_) |
> |_| |_| |_|\___/ \___/
> 
> 
> P.S. no real cows were harmed for this moo
> 
> ===
> 
> I have received reports in private that this broke some scripts that
uses "ip
> mo" for "ip monitor".

You should really get those scripts fixed, relying on abbreviations
that happen to match is a bad idea. If upstream adds some other command
it will break just the same.

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1036553: unblock: qtsvg-opensource-src/5.15.8-3

[Dmitry Shachnev]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qtsvg-opensource-...@packages.debian.org
Control: affects -1 + src:qtsvg-opensource-src

Please unblock package qtsvg-opensource-src.

[ Reason ]
This fixes a security bug. See:

- https://security-tracker.debian.org/tracker/CVE-2023-32573
- https://www.qt.io/blog/security-advisory-qt-svg

[ Impact ]
Use of uninitialized variable which is undefined behavior, e.g. may lead to
division by zero.

[ Tests ]
The upstream test suite is run during build.

[ Risks ]
The change is quite trivial, it just initializes the variable and uses a 
constant
to keep the value in one place.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock qtsvg-opensource-src/5.15.8-3

--
Dmitry Shachnev
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+qtsvg-opensource-src (5.15.8-3) unstable; urgency=medium
+
+  * Backport upstream commit to initialize QSvgFont::m_unitsPerEm
+(CVE-2023-32573).
+
+ -- Dmitry Shachnev   Sun, 21 May 2023 19:06:01 +0300
+
 qtsvg-opensource-src (5.15.8-2) unstable; urgency=medium
 
   * Upload to unstable.
--- /dev/null
+++ b/debian/patches/CVE-2023-32573.diff
@@ -0,0 +1,34 @@
+Description: QSvgFont: initialize m_unitsPerEm to fix undefined behavior
+Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff
+Last-Update: 2023-05-21
+
+--- a/src/svg/qsvgfont_p.h
 b/src/svg/qsvgfont_p.h
+@@ -74,6 +74,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+ QSvgFont(qreal horizAdvX);
+ 
+ void setFamilyName(const QString );
+@@ -86,7 +87,7 @@ public:
+ void draw(QPainter *p, const QPointF , const QString , qreal pixelSize, Qt::Alignment alignment) const;
+ public:
+ QString m_familyName;
+-qreal m_unitsPerEm;
++qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+ qreal m_ascent;
+ qreal m_descent;
+ qreal m_horizAdvX;
+--- a/src/svg/qsvghandler.cpp
 b/src/svg/qsvghandler.cpp
+@@ -2666,7 +2666,7 @@ static bool parseFontFaceNode(QSvgStyleP
+ 
+ qreal unitsPerEm = toDouble(unitsPerEmStr);
+ if (!unitsPerEm)
+-unitsPerEm = 1000;
++unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+ 
+ if (!name.isEmpty())
+ font->setFamilyName(name);
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 reject_oversize_svgs.diff
+CVE-2023-32573.diff


signature.asc
Description: PGP signature

Bug#1036532: RFS: wifi-qr/0.2-3 18 -- WiFi password share via QR codes

[Ko Ko Ye`]

Thanks for pointing this out
Now upload again as 0.2-3.


On Mon, May 22, 2023 at 4:05 PM Preuße, Hilmar  wrote:

> On 22.05.2023 05:52, Ko Ko Ye` wrote:
>
> Hello,
>
> > I am looking for a sponsor for my package "wifi-qr":
> >
> >   * Package name : wifi-qr
> > Version  : 0.2-3+18
> > AFAICT the version 0.2-3 has never entered Debian, hence the version you
> have to use  is still 0.2-3. Not sure if it will be accepted, I'd delay
> the request to post-bookworm.
>
> H.
> --
> sigfault
>
>

-- 

with regards *Ko Ko Ye` *

Bug#1036021: cadabra2,python3-notebook: undeclared file conflict on /usr/lib/python3/dist-packages/notebook/static/components/codemirror

[Martin Hostettler]

On Mon, May 22, 2023 at 11:59:37AM +0200, Andreas Beckmann wrote:
> On 19/05/2023 12.48, Martin Hostettler wrote:
> > It seems what is needed is this:
> > 
> > mv 
> > debian/cadabra2/usr/lib/python3.*/site-packages/notebook/static/components 
> > debian/cadabra2/usr/share/javascript
> > rmdir debian/cadabra2/usr/lib/python3.*/site-packages/notebook/static
> > rmdir debian/cadabra2/usr/lib/python3.*/site-packages/notebook
> > 
> > (The wildcards are used to avoid hard coding the current debian default
> > python version)
> 
> Does this still work if there is more than one supported python version
> (during python transitions)? It's probably OK to to break support for
> multiple python versions now (as we currently only have one and stable
> releases only have one), but this may need to be revisited for bookworm+1.
> 

As this is in the temporary directory where the build code is installed i
would suspect this will work with more supported python versions as well.
I think this is just a case of the upstream build system including the
python version of the python version used to build the package.
(i think usually debhelper takes care of removing that, but this is before
any of that runs)

At least as long as the code there is compatible with all supported python
versions in debian.

But i don't know anything for certain, as i don't know cadabre but just
want to help solve RC bugs against packages i use (like python3-notebook)

 - Martin

Bug#1036552: unblock: twinkle/1:1.10.2+dfsg-2

[Bastian Germann]

Package: release.debian.org
Control: affects -1 + src:twinkle
X-Debbugs-Cc: twin...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package twinkle.

[ Reason ]
Fix for RC bug #1034661.

[ Impact ]
User's browser might end up opening a spam (and maybe web exploiting) website.

[ Tests ]
Opening the About section's manual will open 
https://mfnboer.home.xs4all.nl/twinkle/ instead of the spam website.

[ Risks ]
None.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock twinkle/1:1.10.2+dfsg-2diff -Nru twinkle-1.10.2+dfsg/debian/changelog 
twinkle-1.10.2+dfsg/debian/changelog
--- twinkle-1.10.2+dfsg/debian/changelog2020-12-03 15:47:34.0 
+0100
+++ twinkle-1.10.2+dfsg/debian/changelog2023-05-20 17:12:46.0 
+0200
@@ -1,3 +1,10 @@
+twinkle (1:1.10.2+dfsg-2) unstable; urgency=medium
+
+  * Team upload.
+  * Change upstream URL taken over by hostile actors (Closes: #1034661)
+
+ -- Bernhard Schmidt   Sat, 20 May 2023 17:12:46 +0200
+
 twinkle (1:1.10.2+dfsg-1) unstable; urgency=medium
 
   * New upstream version 1.10.2+dfsg
diff -Nru twinkle-1.10.2+dfsg/debian/patches/remove-malicious-homepage.patch 
twinkle-1.10.2+dfsg/debian/patches/remove-malicious-homepage.patch
--- twinkle-1.10.2+dfsg/debian/patches/remove-malicious-homepage.patch  
1970-01-01 01:00:00.0 +0100
+++ twinkle-1.10.2+dfsg/debian/patches/remove-malicious-homepage.patch  
2023-05-20 17:12:46.0 +0200
@@ -0,0 +1,63 @@
+From da274607aa835a2735dcf9b9a7ba550910f9d03e Mon Sep 17 00:00:00 2001
+From: matchi 
+Date: Wed, 1 Dec 2021 09:54:39 +0100
+Subject: [PATCH] changed references to http(s)://twinklephone.com to
+ https://mfnboer.home.xs4all.nl/twinkle/
+
+(cherry picked from commit 165c43d8a1574946e7704c639c56cea3d5264606)
+---
+ AUTHORS| 2 +-
+ src/gui/lang/twinkle_de.ts | 2 +-
+ src/gui/mphoneform.cpp | 2 +-
+ twinkle.spec.in| 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/AUTHORS b/AUTHORS
+index 88cbeadb..ec1ad55c 100644
+--- a/AUTHORS
 b/AUTHORS
+@@ -33,4 +33,4 @@ Russian Michail Chodorenko
+ Swedish Daniel Nylander
+ 
+ Michel de Boer
+-www.twinklephone.com
++https://mfnboer.home.xs4all.nl/twinkle/
+diff --git a/src/gui/lang/twinkle_de.ts b/src/gui/lang/twinkle_de.ts
+index 8ab0b014..a5b38916 100644
+--- a/src/gui/lang/twinkle_de.ts
 b/src/gui/lang/twinkle_de.ts
+@@ -5620,7 +5620,7 @@ The values of all SIP headers in the incoming INVITE 
message are passed in envir
+ TWINKLE_TRIGGER=in_call. SIPREQUEST_METHOD=INVITE. The request-URI of the 
INVITE will be passed in bSIPREQUEST_URI/b. The name of the 
user profile will be passed in bTWINKLE_USER_PROFILE/b.
+ p
+ Dieses Script wird gerufen, wenn ein INVITE (Anruf) ankommt. br
+-Bitte lesen Sie im Handbuch unter 
/usr/share/doc/packages/twinkle/... oder 
http://twinklephone.com;  die ausführliche Beschreibung!
++Bitte lesen Sie im Handbuch unter 
/usr/share/doc/packages/twinkle/... oder 
https://mfnboer.home.xs4all.nl/twinkle/; die ausführliche 
Beschreibung!
+ /p
+ h3Rückgabewerte/h3 -   print nach STDOUT (z.B. `echo 
action=dnd`), ein Wert pro Zeile: br
+ ttaction=[ continue | reject | dnd | redirect | autoanswer 
]br/tt
+diff --git a/src/gui/mphoneform.cpp b/src/gui/mphoneform.cpp
+index c4e3c1d9..abca70d0 100644
+--- a/src/gui/mphoneform.cpp
 b/src/gui/mphoneform.cpp
+@@ -2290,7 +2290,7 @@ void MphoneForm::aboutQt()
+ 
+ void MphoneForm::manual()
+ {
+-  ((t_gui *)ui)->open_url_in_browser("http://www.twinklephone.com;);
++  ((t_gui 
*)ui)->open_url_in_browser("https://mfnboer.home.xs4all.nl/twinkle/;);
+ }
+ 
+ void MphoneForm::editUserProfile()
+diff --git a/twinkle.spec.in b/twinkle.spec.in
+index 989c4514..7c014167 100644
+--- a/twinkle.spec.in
 b/twinkle.spec.in
+@@ -10,7 +10,7 @@ BuildArch:   i586
+ #BuildArch:   x86_64
+ BuildRoot:%{_tmppath}/making_of_%{name}_%{version}
+ Packager:
+-URL:  http://www.twinklephone.com
++URL:  https://mfnboer.home.xs4all.nl/twinkle/
+ Requires: alsa
+ Requires: ucommon
+ Requires: ccrtp >= 1.6.0
diff -Nru twinkle-1.10.2+dfsg/debian/patches/series 
twinkle-1.10.2+dfsg/debian/patches/series
--- twinkle-1.10.2+dfsg/debian/patches/series   1970-01-01 01:00:00.0 
+0100
+++ twinkle-1.10.2+dfsg/debian/patches/series   2023-05-20 17:12:46.0 
+0200
@@ -0,0 +1 @@
+remove-malicious-homepage.patch

Bug#1036547: gambas3: Aborts on startup with Wayland

[Russell Coker]

On Monday, 22 May 2023 20:27:36 AEST Bastian Germann wrote:
> Am 22.05.23 um 12:07 schrieb Russell Coker:
> > ** ERROR: #27: Cannot load component 'gb.gtk3.wayland': cannot find
> > component
> You should have gambas3-gb-gtk3-webview installed which depends on
> gambas3-gb-gtk3-x11 | gambas3-gb-gtk3-wayland. I guess on installation it
> resolved to the -x11 variant. Does it work for you on installing
> gambas3-gb-gtk3-wayland?

Thanks installing that made it work.

Could the error message be changed to suggest installing it?

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/

Bug#1036550: f3: dead homepage referenced in man page

[David Bremner]

Package: f3
Version: 8.0-2
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

It seems like

   https://oss.digerati.com.br

no longer exists.

Unfortunately the man pages still point people there.


- -- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 
'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages f3 depends on:
ii  libc6   2.36-9
ii  libparted2  3.5-3
ii  libudev1252.6-1

f3 recommends no packages.

f3 suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmRrTwkACgkQA0U5G1Wq
FSHsww/5AZ6kJ1GFPSf1K9LKK6w8VUdH2370IesFiEbzBvFTjLlmp9aNXC6yetaR
k55FI7hw/fTDC7YvrGz6iT0hdaJSlp6vX8JGwNL3uNXrN9UOKis1oq8bo/UJz7u+
WZn/rLX2Cxg3n5pl8CcfNdbJ8i2+s00LX7STdDxBwxJJ5tJ4eSDOtrwFAQHIUlpd
i3aO52InMoEtWtFis0zNHjyObo0oLKj6bQvDF7cCORU7+AkJGZM1VYr8alXyA4cz
z8eXWRs7EWTVLuxZrvSV0ZNTLsOHbFn1CEfWO1HQsk3zDIV61aiX2zTS4elm5Ol9
B44gOgVvwZAI3jhLsYSZbeoMsMz19+B3px6No2NgGdyTJVJCGyNGJAZ+TV7ZEXTZ
lIWjfvsRPzXXWU9M3bSPOHCriJjgzySyTWNC3eNNgitjI/urVvyK7ier6isRxEV/
qoiNGall9EGzji2fuWV62BgDGE7G+Yb5v/jc+3A7g/SQVURIUmeX1VrLXyEhJlVQ
toLnlR8ahYTKnmzQP9HjnSfV+luz2ErLN9ipriqbFreU3ko6DOrgmCw11kRsNM69
pNeZkrE/r+TJ7IVms9lJkJG9rojNJ4CODs8q3Wqty84fy79gYFwtF7gg2EfopjOl
9fwdSe0aZSj/agXOXRzGgFm0xmHQjqQeCuEX23DDBtGzk04TNB4=
=FXyt
-END PGP SIGNATURE-

Bug#1036551: f3: incorporate more documentation into man pages

[David Bremner]

Package: f3
Version: 8.0-2
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The f3 man pages are pretty sparse, while the package ships other
documentation as rst. Something like sphinx-doc would make it
relatively easy to include some of README into the man pages.

- -- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 
'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages f3 depends on:
ii  libc6   2.36-9
ii  libparted2  3.5-3
ii  libudev1252.6-1

f3 recommends no packages.

f3 suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmRrT4cACgkQA0U5G1Wq
FSEUHBAArnaeuWHoPcIhIj2j8j2mKk9LttTd+BTHWdBWF0uEqA/CUHt18dA6qOf8
rN1djmG5+2130qg466Ly8EnMab6B3Hzf0l45ijkaE0NaeCs2druc+LMGsFXiAtZu
xpmKJfOqX2deSxvctru2QhBMoM1EJUhXUIl1ete7ZjXLuN+xx456UEAwzq8h/vX1
znWefa1Qdpqrw+FYssm+E9EnQpvqT5TQDhBRpf+uKeVVWHqRAMKE04327TTosnz3
Q+cq8ZAxntpjikX0oUzbEgiMRPzNMe1e6Cb7UqdK72luK0SU/DBTngtuX9g2/YUC
I2m0HEbSQgXkobOW3V7jVJ00zzX6lkr9ASvTt5ZrI8+3tTWwA6XMHBSkio2doilY
xG2GxCwj/GaKrk5l3GRViR3XddMNMK9Nvl8X1s8pjj6wMudbvX53qRRh3P8wPfEq
cwcv7llm/8r9fLHGAKgZSquV7lUabM8rfHh15+eduv7oNuDIW8l3HDr7vrb+UDVV
+K1cAy9051PCxtx3cwJHvfhUV2zj7Xk2ys6Va3wheo+T7W5f4D89MALiX7Bq4Dhw
TvGD4I30AdY+U6RgxTmpIvkOMZ7w5HLnIF1uZ6mqkDSjjw0dplMfwFK80d24zkaR
+I03fPo7xDZa4DsOe9sg4C4DuqDtF68Jk7t61HJehIQIQ5qsneQ=
=MP18
-END PGP SIGNATURE-

Bug#1036549: icheck: please consider upgrading to 3.0 source format

[Bastian Germann]

Source: icheck
Version: 0.9.7-6.4
Severity: wishlist

Dear maintainer,

This package is among the few that still use source format 1.0 in
bookworm.  Please upgrade it to source format 3.0, as (1) this format has many
advantages, as documented in https://wiki.debian.org/Projects/DebSrc3.0 ; (2)
this contributes to standardization of packaging practices.

Thanks,
Bastian

Bug#1036548: unblock: cups-filters/1.28.17-3

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock and age package cups-filters

[ Reason ]
CVE-2023-24805 (RCE due to missing input sanitising)

[ Impact ]
The user would be vulnerable to remote code execution.

[ Tests ]
There is no special test for this patch, only a POC that no
longer worked after applying the patch.

[ Risks ]
The patch was provided by upstream and approved by the security team
(upload to Bullseye already done).

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock cups-filters/1.28.17-3diff -Nru cups-filters-1.28.17/debian/changelog 
cups-filters-1.28.17/debian/changelog
--- cups-filters-1.28.17/debian/changelog   2023-03-10 19:25:20.0 
+0100
+++ cups-filters-1.28.17/debian/changelog   2023-05-19 18:25:20.0 
+0200
@@ -1,3 +1,14 @@
+cups-filters (1.28.17-3) unstable; urgency=medium
+
+  * CVE-2023-24805 
+prevent arbitrary command execution by escaping the quoting
+of the arguments in a job with a forged job title
+more information are available in the commit message at:
+https://github.com/OpenPrinting/cups-filters/commit/93e60d3df35
+(Closes: #1036224)
+
+ -- Thorsten Alteholz   Fri, 19 May 2023 18:25:20 +0200
+
 cups-filters (1.28.17-2) unstable; urgency=medium
 
   * qpdf needs at least c++17
diff -Nru cups-filters-1.28.17/debian/patches/0003-fix-CVE-2023-24805.patch 
cups-filters-1.28.17/debian/patches/0003-fix-CVE-2023-24805.patch
--- cups-filters-1.28.17/debian/patches/0003-fix-CVE-2023-24805.patch   
1970-01-01 01:00:00.0 +0100
+++ cups-filters-1.28.17/debian/patches/0003-fix-CVE-2023-24805.patch   
2023-05-19 10:50:03.0 +0200
@@ -0,0 +1,176 @@
+From: Thorsten Alteholz 
+Date: Fri, 19 May 2023 10:49:35 +0200
+Subject: fix CVE-2023-24805
+
+---
+ backend/beh.c | 107 +-
+ 1 file changed, 84 insertions(+), 23 deletions(-)
+
+diff --git a/backend/beh.c b/backend/beh.c
+index 225fd27..8d51235 100644
+--- a/backend/beh.c
 b/backend/beh.c
+@@ -22,12 +22,13 @@
+ #include "backend-private.h"
+ #include 
+ #include 
++#include 
+ 
+ /*
+  * Local globals...
+  */
+ 
+-static intjob_canceled = 0; /* Set to 1 on SIGTERM */
++static volatile int   job_canceled = 0; /* Set to 1 on SIGTERM */
+ 
+ /*
+  * Local functions...
+@@ -213,21 +214,40 @@ call_backend(char *uri, /* I - URI of 
final destination */
+char **argv,   /* I - Command-line arguments */
+char *filename) {  /* I - File name of input data */
+   const char  *cups_serverbin;/* Location of programs */
++  char  *backend_argv[8]; /* Arguments for backend */
+   charscheme[1024],   /* Scheme from URI */
+ *ptr, /* Pointer into scheme */
+-  cmdline[65536]; /* Backend command line */
+-  int   retval;
++  backend_path[2048]; /* Backend path */
++  int   pid = 0,  /* Process ID of backend */
++wait_pid, /* Process ID from wait() */
++wait_status,  /* Status from child */
++retval = 0;
++  int   bytes;
+ 
+  /*
+   * Build the backend command line...
+   */
+ 
+-  strncpy(scheme, uri, sizeof(scheme) - 1);
+-  if (strlen(uri) > 1023)
+-scheme[1023] = '\0';
++  scheme[0] = '\0';
++  strncat(scheme, uri, sizeof(scheme) - 1);
+   if ((ptr = strchr(scheme, ':')) != NULL)
+ *ptr = '\0';
+-
++  else {
++fprintf(stderr,
++  "ERROR: beh: Invalid URI, no colon (':') to mark end of scheme 
part.\n");
++exit (CUPS_BACKEND_FAILED);
++  }
++  if (strchr(scheme, '/')) {
++fprintf(stderr,
++  "ERROR: beh: Invalid URI, scheme contains a slash ('/').\n");
++exit (CUPS_BACKEND_FAILED);
++  }
++  if (!strcmp(scheme, ".") || !strcmp(scheme, "..")) {
++fprintf(stderr,
++  "ERROR: beh: Invalid URI, scheme (\"%s\") is a directory.\n",
++  scheme);
++exit (CUPS_BACKEND_FAILED);
++  }
+   if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
+ cups_serverbin = CUPS_SERVERBIN;
+ 
+@@ -235,16 +255,29 @@ call_backend(char *uri, /* I - URI of 
final destination */
+ fprintf(stderr,
+   "ERROR: beh: Direct output into a file not supported.\n");
+ exit (CUPS_BACKEND_FAILED);
+-  } else
+-snprintf(cmdline, sizeof(cmdline),
+-   "%s/backend/%s '%s' '%s' '%s' '%s' '%s' %s",
+-   cups_serverbin, scheme, argv[1], argv[2], argv[3],
+-   /* Apply number of copies only if beh was called with a
+-  file name and not with the print data in stdin, as
+-  backends should handle copies only if they are called
+-  with a 

Bug#1036547: gambas3: Aborts on startup with Wayland

[Bastian Germann]

Am 22.05.23 um 12:07 schrieb Russell Coker:

** ERROR: #27: Cannot load component 'gb.gtk3.wayland': cannot find component


You should have gambas3-gb-gtk3-webview installed which depends on 
gambas3-gb-gtk3-x11 | gambas3-gb-gtk3-wayland.
I guess on installation it resolved to the -x11 variant. Does it work for you 
on installing gambas3-gb-gtk3-wayland?