date:20230526

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

2023-05-26 Thread Daniel Markstedt

On Fri, May 26, 2023 at 1:15 PM Markus Koschany  wrote:
>
> Could you tell me which exact commands were used, so that I can try to
> reproduce the problem?
>

Do by any chance have access to a Mac of any vintage?
It could be a brand new machine running the latest macOS or a classic
Mac from the 90s running at least System Software 7.1

The problem occurs when the AFP client attempts to create the Mac file
system metadata (aka resource forks on Classic Mac OS, or extended
attributes on OSX.)

Netatalk should be configured something like this:

dmark@buster:~$ cat /etc/netatalk/afp.conf
[Global]
zeroconf name = Buster
uam list = uams_clrtxt.so uams_dhx2.so

[Homes]
basedir regex = /home
appledouble = v2

After authenticating with the netatalk server on the Mac, attempt to
copy any file to the shared volume.
You should get an instant error -50 in Mac OS, and see the
aforementioned errors in the logs.

Bug#1036776: release-notes: Release notes paragraph from Debian Med team

2023-05-26 Thread Andreas Tille

Hi Justin,

Am Sat, May 27, 2023 at 04:42:32AM +0100 schrieb Justin B Rye:
> Andreas Tille wroteL
> > Please add the following patch from the Debian Med team to the release 
> > notes:
> 
> Some English-usage suggestions:

Thanks a lot for looking onto the text in "pedantic mode". ;-)  I'm not
a native speaker and its perfectly welcome if someone with better language
is polishing my scribbling.  So I simply ACK all those enhancements.
 
> > News from Debian Med Blend
> > 
> > 
> > As in every release new packages in the field of life sciences and 
> > medicine
> > were added.
> 
> "Have been" added, and I think it works better as

ACK.
 
>   As in every release new packages have been added in the fields of 
> medicine
>   and life sciences.
> 
> >  The new package shiny-server might be worth extra 
> > mentioning
> 
>  The new package  role="package">shiny-server
>might be worth a particular mention,
> 
> (Or "might be particularly worth mentioning", among other options.)

ACK
 
> > since it simplifies scientific web applications using R.
> 
> (Is it worth reorganising that into something like "since it makes it
> simpler for scientific web applications to use R" or am I only
> noticing it because I'm reading in pedant mode?)
> 
> >   We kept on to 
> > get
> > Continuous Integration support for the packages maintained by the 
> > Debian Med
> > team.
> 
> It's not clear whether this means that you maintained the effort and
> as a result got CI support or whether CI support is something you
> already had that you kept going.  Maybe:
>We also kept 
> up the
>   effort to provide Continuous Integration support for the packages 
> maintained
>   by the Debian Med team.

This is definitely the better wording which describes what I intended to write.
 
> > 
> > The Debian Med team is continuously interested in feedback from users
> > specifically in the form of requesting the packaging of not yet packaged
> > free software or backports from new packages or higher versions in 
> > unstable.
> > 
> 
> This needs at least one extra comma; maybe even:

ACK.
 
>   The Debian Med team is always interested in feedback from users,
>   especially in the form of requests for packaging of not-yet-packaged
>   free software, or for backports from new packages or higher versions
>   in unstable.
> 
> (Are you *allowed* to put things in stable-backports if there's no
> version in stable?)

Yes, stable-backports is required to have this package in testing.  This
might be higher versions than in stable or packages which are not
available in stable.
 
> > To install packages maintained by the Debian Med team, install the
> > metapackages named med-*, which are at version 3.8.x for Debian 
> > bookworm.
> > Feel free to visit the
> > https://blends.debian.org/med/tasks;>Debian Med tasks 
> > pages
> > to see the full range of biological and medical software available in 
> > Debian.
> > 
> 
> This all looks good; I suppose med-* gets a
> * but no  tags.

I admit I'm not very deep in these tags - thus feel free to pick the proper
one.

Thanks a lot for your comments and for your work on the release notes

Andreas. 

-- 
http://fam-tille.de

Bug#1036819: xfce4-panel: Clock plugin is 1 second behind reality

2023-05-26 Thread xoddf2


Package: xfce4-panel
Version: 4.18.2-1
Severity: normal

Dear Maintainer,

xfce4-panel's Clock plugin has a delay of 1 second.  A comparison with
"xclock -digital -update 1" confirms it.

   * What led up to the situation?
I simply set the Clock plugin to display seconds.  Xfce 4.16's DateTime 
plugin, as shipped with Bullseye, did not have this problem.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Changing the plugin's settings did not fix the problem.
   * What was the outcome of this action?
The Clock plugin displays the time with a 1-second delay.
   * What outcome did you expect instead?
I expected the Clock plugin to display the time accurately without a delay.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE 
not set

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xfce4-panel depends on:
ii  exo-utils4.18.0-1
ii  libatk1.0-0  2.46.0-5
ii  libc62.36-9
ii  libcairo21.16.0-7
ii  libdbusmenu-gtk3-4   18.10.20180917~bzr492+repack1-3
ii  libexo-2-0   4.18.0-1
ii  libgarcon-1-04.18.0-1
ii  libgarcon-gtk3-1-0   4.18.0-1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.74.6-2
ii  libgtk-3-0   3.24.37-2
ii  libpango-1.0-0   1.50.12+ds-1
ii  libpangocairo-1.0-0  1.50.12+ds-1
ii  libwnck-3-0  43.0-3
ii  libx11-6 2:1.8.4-2
ii  libxext6 2:1.3.4-1+b1
ii  libxfce4panel-2.0-4  4.18.2-1
ii  libxfce4ui-2-0   4.18.2-2
ii  libxfce4util74.18.1-2
ii  libxfconf-0-34.18.0-2

xfce4-panel recommends no packages.

xfce4-panel suggests no packages.

-- no debconf information

Bug#1036776: release-notes: Release notes paragraph from Debian Med team

2023-05-26 Thread Justin B Rye

Andreas Tille wroteL
> Please add the following patch from the Debian Med team to the release notes:

Some English-usage suggestions:

> 
> News from Debian Med Blend
> 
> 
> As in every release new packages in the field of life sciences and 
> medicine
> were added.

"Have been" added, and I think it works better as

  As in every release new packages have been added in the fields of medicine
  and life sciences.

>  The new package shiny-server might be worth extra mentioning

 The new package shiny-server
   might be worth a particular mention,

(Or "might be particularly worth mentioning", among other options.)

> since it simplifies scientific web applications using R.

(Is it worth reorganising that into something like "since it makes it
simpler for scientific web applications to use R" or am I only
noticing it because I'm reading in pedant mode?)

>   We kept on to 
> get
> Continuous Integration support for the packages maintained by the Debian 
> Med
> team.

It's not clear whether this means that you maintained the effort and
as a result got CI support or whether CI support is something you
already had that you kept going.  Maybe:
   We also kept up 
the
  effort to provide Continuous Integration support for the packages 
maintained
  by the Debian Med team.

> 
> The Debian Med team is continuously interested in feedback from users
> specifically in the form of requesting the packaging of not yet packaged
> free software or backports from new packages or higher versions in 
> unstable.
> 

This needs at least one extra comma; maybe even:

  The Debian Med team is always interested in feedback from users,
  especially in the form of requests for packaging of not-yet-packaged
  free software, or for backports from new packages or higher versions
  in unstable.

(Are you *allowed* to put things in stable-backports if there's no
version in stable?)

> To install packages maintained by the Debian Med team, install the
> metapackages named med-*, which are at version 3.8.x for Debian bookworm.
> Feel free to visit the
> https://blends.debian.org/med/tasks;>Debian Med tasks 
> pages
> to see the full range of biological and medical software available in 
> Debian.
> 

This all looks good; I suppose med-* gets a
* but no  tags.
-- 
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package

Bug#1036818: linux on armel/armhf: Perl library unable to access get CPU info from /proc/cpu or kstat

2023-05-26 Thread Otto Kekäläinen

Package: linux
Version: 6.1.0

Hi!

I noticed that the autopkgtests on Debian on armhf and armel that run
the mariadb-test-run have been failing since the Linux kernel was
updated from 5.10.0 to 6.1.0. The failure is due to a Perl module not
being able to get from /proc/cpu the number of processors:

Last passing one:
2023-04-28 
https://ci.debian.net/data/autopkgtest/unstable/armel/m/mariadb/33218554/log.gz

kernel: Linux 5.10.0-21-arm64 #1 SMP Debian 5.10.162-1 (2023-01-21)
perl 5.36.0-7
libdbi-perl armel 1.643-4
libconfig-inifiles-perl all 3.03-2

First failing one:
2023-05-05 
https://ci.debian.net/data/autopkgtest/unstable/armel/m/mariadb/33379866/log.gz

kernel: Linux 6.1.0-7-arm64 #1 SMP Debian 6.1.20-2 (2023-04-08)
perl 5.36.0-7
libdbi-perl armhf 1.643-4
libconfig-inifiles-perl all 3.03-2

Error:

starting mysql-test-tun.pl...
Logging: ./mysql-test-run.pl  --force --testcase-timeout=120
--suite-timeout=540 --retry=3 --
...
Collecting tests...
Installing system database...
Can't use an undefined value as an ARRAY reference at
lib/My/SysInfo.pm line 166.

This line 166 in src:mariadb/mysql-test/lib/My/SysInfo.pm has:

# Return the number of cpus found
sub num_cpus {
  my ($self)= @_;
  return int(@{$self->{cpus}}) or
confess "INTERNAL ERROR: No cpus in list";
}

The cpus is initialized to be an empty list on the line 119:

118   my $self= bless {
119cpus => (),
120   }, $class;

Then it tries to fill it from /proc/cpuinfo (line 67) and `kstat`
(line 95). If nothing worked it'll create one dummy cpu:

145   push(@{$self->{cpus}},
146  {
147   bogomips => DEFAULT_BOGO_MIPS,
148   model_name => "unknown",
149  });

See more discussion from MariaDB devs:
https://lists.launchpad.net/maria-developers/msg13356.html

Thus the primary suspect here is the kernel upgrade. Perl versions
have not changed. This only happens on armel/armhf, other archs are
fine.

Reproducing the environment on ci.debian.net / ci-worker-arm??-?? to
study how /proc/cpu etc looks like, so filing this against the Linux
package is somewhat of a guess, but at least we get a Bug# to
reference for further research.

Bug#1036817: missing simplified version for 'sao' (187.8)

2023-05-26 Thread Gunnar Hjalmarsson


Hi Toni,

I leave it to others to comment on the traditional/simplified aspect, 
but as regards the rendering I have a theory.


On 2023-05-27 01:54, Toni Mueller wrote:

I am trying to write the character 'sao' (see attached image), but
only get the traditional version of it, which is then mistaken as a
Japanese character.





Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en


Assuming that you use Noto fonts: A unicode character which is present 
both in Traditional Chinese and Japanese is rendered by Noto Sans CJK JP 
by default. To enforce the use of Noto Sans CJK SC you need to change 
LC_CTYPE to "zh_CN.UTF-8".


--
Gunnar Hjalmarsson

Bug#1036453: unblock: libvirt/9.0.0-4

2023-05-26 Thread Andrea Bolognani

Control: tags -1 - moreinfo

On Tue, May 23, 2023 at 06:53:06PM +0200, Paul Gevers wrote:
> Please go ahead. And please remove the moreinfo tag once the upload
> happened.

Done, thanks :)

-- 
Andrea Bolognani 
Resistance is futile, you will be garbage collected.


signature.asc
Description: PGP signature

Bug#1036817: missing simplified version for 'sao' (187.8)

2023-05-26 Thread Toni Mueller

Package: fcitx-table
Version: 1:4.2.9.8-3
Severity: minor
Tags: upstream


Hi,

I am trying to write the character 'sao' (see attached image), but only
get the traditional version of it, which is then mistaken as a Japanese
character.

It would be nice if you could add this character.


Thanks,
Toni


-- System Information:
Debian Release: 11.7
  APT prefers stable-security
  APT policy: (990, 'stable-security'), (990, 'stable'), (500, 
'stable-updates'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-22-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fcitx-table depends on:
ii  fcitx-bin  1:4.2.9.8-3
ii  fcitx-data 1:4.2.9.8-3
ii  fcitx-modules  1:4.2.9.8-3
ii  libc6  2.31-13+deb11u6

Versions of packages fcitx-table recommends:
ii  fcitx 1:4.2.9.8-3
ii  fcitx-pinyin  1:4.2.9.8-3

Versions of packages fcitx-table suggests:
ii  fcitx-table-all  1:4.2.9.8-3

-- no debconf information

Bug#1036816: vpnc-script doesn't run properly due to VPNPID

2023-05-26 Thread Antoni Villalonga

Hi Again,

An alternative workaround is running vpnc with --no-detach.

Best regards,

On Fri, May 26, 2023 at 10:41:42PM +, Antoni Villalonga wrote:
> [...]
> 
> My workaround (I only run one VPN at a time, like most people...):
>  | --- a 2022-05-12 19:15:11.0 +
>  | +++ b 2023-05-26 22:29:22.205185888 +
>  | @@ -99,7 +99,7 @@
>  |  VPNPID=$PPID
>  |  PCMD=`ps -c -o cmd= -p $PPID`
>  |  case "$PCMD" in
>  | -*sh) VPNPID=`ps -o ppid= -p $PPID` ;;
>  | +*sh) VPNPID=FIXME ;;
>  |  esac
>  |  fi
> 
> [...]

-- 
Antoni Villalonga
https://friki.cat/

Bug#1036816: vpnc-script doesn't run properly due to VPNPID

2023-05-26 Thread Antoni Villalonga

Package: vpnc-scripts
Version: 0.1~git20220510-1
Severity: normal

Dear Maintainer,

I'm testing to upgrade from Bullseye to Bookworm.

I think this bug is similar to #460822 bot not the same.

In my case vpnc-script runs fine on "connect" and the "resolv.conf" backup file
is saved.
On "disconnect" I've noticed it didn't restore de "resolv.conf" and thus a
major networking issue occurs.


I've noticed the "backup" file contains spaces and looks like this:
  /var/run/vpnc/resolv.conf-backup. 12345

It smells very bad but may not lead to a problem...

After some debug near line 100 of vpnc-script, where VPNPID variable is set,
I've found that VPNPID value isn't the same on "connect" and "disconnect"
executions. This makes "resolv.conf" restoration process fail on "disconnect"
execution.

I've added the following line at the script:
 | ps -ef > "/tmp/ps-$reason"

And after connect/disconnect I got this:
 | % grep vpnc /tmp/ps-connect /tmp/ps-disconnect
 | /tmp/ps-connect:root   60817   60814  0 22:15 pts/13   00:00:00 vpnc 
my.conf
 | /tmp/ps-connect:root   60941   60817  0 22:16 pts/13   00:00:00 sh -c 
/usr/share/vpnc-scripts/vpnc-script
 | /tmp/ps-connect:root   60942   60941  0 22:16 pts/13   00:00:00 /bin/sh 
/usr/share/vpnc-scripts/vpnc-script
 | /tmp/ps-disconnect:root   61116   1  0 22:16 ?00:00:00 vpnc 
my.conf
 | /tmp/ps-disconnect:root   61153   61116  0 22:17 ?00:00:00 sh -c 
/usr/share/vpnc-scripts/vpnc-script
 | /tmp/ps-disconnect:root   61156   61153  0 22:17 ?00:00:00 
/bin/sh /usr/share/vpnc-scripts/vpnc-script


Let's loock at strace from "connect" process...
 | % grep 61116 /tmp/strace-connect | head -n2
 | 60817 clone(child_stack=NULL, 
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, 
child_tidptr=0x7ff2c14bfc10) = 61116
 | 60817 write(1, "VPNC started in background (pid: 61116)...\n", 43 



So, my conclusion is that vpnc process (60817) forked into a new process
(61116) AFTER running vpnc-script. When "disconnect" process runs won't be able
to locate the "backup" file and the DNS resolution may fail.


My workaround (I only run one VPN at a time, like most people...):
 | --- a 2022-05-12 19:15:11.0 +
 | +++ b 2023-05-26 22:29:22.205185888 +
 | @@ -99,7 +99,7 @@
 |  VPNPID=$PPID
 |  PCMD=`ps -c -o cmd= -p $PPID`
 |  case "$PCMD" in
 | -*sh) VPNPID=`ps -o ppid= -p $PPID` ;;
 | +*sh) VPNPID=FIXME ;;
 |  esac
 |  fi


Hope it can be fixed soon.

Kind regards,

-- 
Antoni Villalonga
https://friki.cat/

Bug#1036795: ITP: sphinx-design -- sphinx extension for creating responsive web components

2023-05-26 Thread Dave Jones

An initial attempt at packaging is now available in the following repo 
on salsa:


https://salsa.debian.org/python-team/packages/sphinx-design

The one stumbling block was that sphinx-design relies on FontAwesome for 
some of its icon styles. That's fine for docs built for the web, but for 
the offline docs package (python-sphinx-design-doc) that brings up an 
obvious privacy-breach-generic tag on lintian.


After reading through bug #902981 I patched around this by adding a dep 
on fonts-fork-awesome and patching the docs/conf.py to use the 
fork-awesome CSS in the local docs build instead. Please note this won't 
affect output built with the main package (python3-sphinx-design); it 
simply ensures that the offline copy of the docs really is offline.

Bug#1036709: unblock: libsepol/3.4-2.1

2023-05-26 Thread Tobias Frost

On Wed, 24 May 2023 16:52:06 +0200 Tobias Frost 
wrote:
> Please unblock package libsepol
> 
> It fixes #1031798, inaccurate copyright file.
> 
> No other changes done.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> The package has been uploaded to DELAYED/2, ETA May 26th 2023, ~16:45

It is now in unstable.

> 
> unblock libsepol/3.4-2.1
>

Bug#1036802: poedit: "Failed to load image from file" error on starting

2023-05-26 Thread Gianfranco Costamagna


control: forcemerge -1 1019704
thanks

On Fri, 26 May 2023 19:04:16 +0200 Daniele Mte90 Scasciafratte 
 wrote:

Package: poedit
Version: 3.3.1-1
Severity: minor
X-Debbugs-Cc: mte90...@gmail.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
On Debian Sid is enough to run PoEdit to get this error in a window and press 
OK to move on:
ven 26 mag 2023, 19:01:35: can't open file 
'/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png' (error 2: File o 
directory non esistente)
ven 26 mag 2023, 19:01:35: Failed to load image from file 
"/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png".
ven 26 mag 2023, 19:01:35: can't open file 
'/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png' (error 2: File o 
directory non esistente)
ven 26 mag 2023, 19:01:35: Failed to load image from file 
"/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png".
ven 26 mag 2023, 19:01:35: can't open file 
'/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png' (error 2: File o 
directory non esistente)
ven 26 mag 2023, 19:01:35: Failed to load image from file 
"/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png".
ven 26 mag 2023, 19:01:35: can't open file 
'/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png' (error 2: File o 
directory non esistente)
ven 26 mag 2023, 19:01:35: Failed to load image from file 
"/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png".


   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?
No error on start
*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.4-1-siduction-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to it_IT.UTF-8), LANGUAGE=it
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages poedit depends on:
ii  gettext   0.21-12
ii  libboost-iostreams1.74.0  1.74.0+ds1-21
ii  libboost-thread1.74.0 1.74.0+ds1-21
ii  libc6 2.36-9
ii  libcld2-0 0.0.0-git20150806-9
ii  libcpprest2.102.10.18-1+b1
ii  libgcc-s1 12.2.0-14
ii  libglib2.0-0  2.74.6-2
ii  libgtk-3-03.24.37-2
ii  libgtkspell3-3-0  3.0.10-1
ii  libicu72  72.1-3
ii  liblucene++0v53.0.8-6
ii  libpugixml1v5 1.13-0.2
ii  libsecret-1-0 0.20.5-3
ii  libssl3   3.0.8-1
ii  libstdc++612.2.0-14


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036711: unblock: camping/2.3-1.1

2023-05-26 Thread Tobias Frost

On Wed, 24 May 2023 17:55:48 +0200 Tobias Frost 
wrote:

> Please unblock package camping
> 
> It fixes a broken symlink to a font. (#861040)
> This had been fixed already earlier, (2.1.580-1.1)
> but that NMU has not been incoroporated in the package and lost.
> The nmu is using the original patch from the BTS.
> 
> [ Checklist ]
>   [X] all changes are documented in the d/changelog
>   [X] I reviewed all changes and I approve them
>   [X] attach debdiff against the package in testing
> 
> [ Other info ]
> The package has been uploaded to DELAYED/2, ETA May 26th, 18:00 CET

It is now in unstable.
 
> 
> unblock camping/2.3-1.1

Bug#1036737: libsoapysdr0.8: please add Breaks: libsoapysdr0.7 for smoother upgrades from bullseye

2023-05-26 Thread tony mancill

On Fri, May 26, 2023 at 10:18:50PM +0200, Christoph Berg wrote:
> Re: tony mancill
> > In any event, I think the change is good and am planning to upload,
> > provided there are no concerns from the Debian Hams.
> 
> Looks good to me.
> 
> Christoph

Thank you Christoph.  I should have run lintian sooner - it comes back:

W: libsoapysdr0.8: breaks-without-version libsoapysdr0.7
N: 
N:   This package declares a Breaks relationship with another package that has 
no version number. Normally, Breaks should be used to indicate an
N:   incompatibility with a specific version of another package, or with all 
versions predating a fix. If the two packages can never be installed at the same
N:   time, Conflicts should normally be used instead.
N:   
N:   Note this tag can also be issued if a package has been split into two 
completely new ones. In this case, this package is missing a Replaces on the old
N:   package.
N: 
N:   Please refer to Packages which break other packages - Breaks (Section 7.3) 
in the Debian Policy Manual, Conflicting binary packages - Conflicts (Section
N:   7.4) in the Debian Policy Manual, and Bug#605744 for details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: fields/package-relations

However, I trust Andreas on this one, and we can adjust as needed later.

Cheers,
tony

signature.asc
Description: PGP signature

Bug#1031046: Asterisk removed from Debian Bookworm

2023-05-26 Thread Devel


Hi,

I'm ready to help to keep asterisk in the Debian project.

At this time I'm compiling from scratch on each new version (18 as well 
as 20), I know nothing about creating packages but able to understand 
the mechanism with a little help.


I'm too on community list.

Regards

--
Daniel

Bug#1036815: pymongo: Homepage seems to be incorrect

2023-05-26 Thread Emmanuel Arias

Source: pymongo
Version: 3.11.0-1
Severity: normal
X-Debbugs-Cc: eam...@yaerobi.com

Dear Maintainer,

The homepage in [0] and Source in [1] seems to be incorrect, they point
to https://api.mongodb.org/python/ that only download an empty file. I
think they should point to https://pymongo.readthedocs.io/en/stable/.

Btw, I note the orphaned situation #1002583.

[0] https://sources.debian.org/src/pymongo/3.11.0-1/debian/control/#L13
[1] https://sources.debian.org/src/pymongo/3.11.0-1/debian/copyright/#L2


Cheers, 
Emmanuel

Bug#1036814: unblock: lazarus/2.2.6+dfsg2-2

2023-05-26 Thread Abou Al Montacir

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: laza...@packages.debian.org
Control: affects -1 + src:lazarus

Please unblock package lazarus

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Reason ]
User raised a bug report about missing help files.
Bug#1036293: lazarus: LHelp needs CHM files to display online help

[ Impact ]
This turned out to be wrong, as the CHM file exists, but it was just that
configuration file was pointing to the wrong location.
During investigation, we also discovered that HTML help files are not located
at the right position.

We fixed the CHM location in configuration file and fixed HTML files location.

[ Tests ]
Lazarus help is now working as expected without any need for user to change the
default configuration.

[ Risks ]
No risk as the the change touch only Lazarus help which does not work without
user manual intervention. At worst it will be still the case. But user already
confirmed he was happy with this fix.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
This should help improving the quality of SW intended to be part of next
release.

unblock lazarus/2.2.6+dfsg2-2
diff -Nru lazarus-2.2.6+dfsg2/debian/changelog 
lazarus-2.2.6+dfsg2/debian/changelog
--- lazarus-2.2.6+dfsg2/debian/changelog2023-04-30 15:46:27.0 
+0200
+++ lazarus-2.2.6+dfsg2/debian/changelog2023-05-20 14:29:04.0 
+0200
@@ -1,3 +1,13 @@
+lazarus (2.2.6+dfsg2-2) unstable; urgency=medium
+
+  * Fixed lcl docs installation path. (Closes: Bug#1036293)
+  * Tried removin Lintian error about unknown file in debian/source folder.
+Thanks to Peter Blackman 
+  * Removed overrides for Lintian warnings that were fixed by upstream.
+  * Updated debian/copyright file with moved and removed files.
+
+ -- Abou Al Montacir   Sat, 20 May 2023 14:29:04 +0200
+
 lazarus (2.2.6+dfsg2-1) unstable; urgency=medium
 
   * Cleaned sources repackaging removing unused Windows help files.
diff -Nru lazarus-2.2.6+dfsg2/debian/copyright 
lazarus-2.2.6+dfsg2/debian/copyright
--- lazarus-2.2.6+dfsg2/debian/copyright2023-04-29 22:34:53.0 
+0200
+++ lazarus-2.2.6+dfsg2/debian/copyright2023-05-20 14:29:04.0 
+0200
@@ -117,6 +117,10 @@
  intellectual property as long as the interface itself is publicly available.
 
 Files:
+ components/buildintf/baseideintf.pas
+ components/buildintf/ideexterntoolintf.pas
+ components/buildintf/macrodefintf.pas
+ components/buildintf/macrointf.pas
  components/chmhelp/lhelp/chmdataprovider.pas
  components/chmhelp/lhelp/chmspecialparser.pas
  components/customdrawn/customdrawnextras.pas
@@ -130,15 +134,11 @@
  components/fpvectorial/htmlvectorialreader.pas
  components/ideintf/actionseditor.pas
  components/ideintf/actionseditorstd.pas
- components/ideintf/baseideintf.pas
  components/ideintf/dbpropedits.pas
  components/ideintf/fieldseditor.pas
  components/ideintf/idedialogs.pas
- components/ideintf/ideexterntoolintf.pas
  components/ideintf/ideutils.pas
  components/ideintf/keyvalpropeditdlg.pas
- components/ideintf/macrodefintf.pas
- components/ideintf/macrointf.pas
  components/ideintf/maskpropedit.pas
  components/ideintf/newfield.pas
  components/ideintf/toolbarintf.pas
@@ -170,7 +170,6 @@
  components/printers/printer4lazstrconst.pas
  components/sparta/dockedformeditor/source/*
  components/sparta/generics/source/*
- components/wiki/myfphttpclient.pp
  examples/lpicustomdata/lpicustomdata.lpr
  ide/findinfilesdlg.pas
  ide/findreplacedialog.pp
@@ -281,13 +280,11 @@
  components/jcf2/CommandLine/CommandLineReturnCode.pas
  components/jcf2/CommandLine/Lazarus/JCF.lpr
  components/jcf2/CommandLine/StatusMessageReceiver.pas
- components/jcf2/IdePlugin/JcfIdeMain.pas
- components/jcf2/IdePlugin/JcfIdeRegister.pas
+ components/jcf2/IdePlugin/lazarus/JcfIdeMain.pas
+ components/jcf2/IdePlugin/lazarus/JcfIdeRegister.pas
  components/jcf2/IdePlugin/lazarus/jcfidemain.pas
  components/jcf2/IdePlugin/lazarus/jcfideregister.pas
- components/jcf2/JcfGui/fMain.pas
  components/jcf2/JcfVersionConsts.pas
- components/jcf2/Notepad/frmJcfNotepad.pas
  components/jcf2/Parse/AsmKeywords.pas
  components/jcf2/Parse/BuildParseTree.pas
  components/jcf2/Parse/BuildTokenList.pas
@@ -438,12 +435,8 @@
  components/jcf2/Ui/Settings/frWarnings.pas
  components/jcf2/Ui/fAbout.pas
  components/jcf2/Ui/fJcfErrorDisplay.pas
- components/jcf2/Ui/fRegistrySettings.pas
  components/jcf2/Utils/Delay.pas
- components/jcf2/Utils/DragDrop/JCFDropTarget.pas
- components/jcf2/Utils/DragDrop/frDrop.pas
  components/jcf2/Utils/IntList.pas
- components/jcf2/Utils/JcfFileUtils.pas
  components/jcf2/Utils/JcfFontSetFunctions.pas

Bug#1036813: unblock: Lazarus/2.2.6+dfsg2-2

2023-05-26 Thread Abou Al Montacir

Package: debian-release.org
Version: debian-release.org
Severity: normal

Dear Maintainer,

User raised a bug report about missing help files.
Bug#1036293: lazarus: LHelp needs CHM files to display online help
This turned out to be wrong, as the CHM file exists, but it was just that
configuration file was pointing to the wrong location.

During investigation, we also discovered that HTML help files are not located
at the right position.

We fixed the CHM location in configuration file and fixed HTML files location.

Lazarus help is now working as expected without any need for user to change the
default configuration.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru lazarus-2.2.6+dfsg2/debian/changelog 
lazarus-2.2.6+dfsg2/debian/changelog
--- lazarus-2.2.6+dfsg2/debian/changelog2023-04-30 15:46:27.0 
+0200
+++ lazarus-2.2.6+dfsg2/debian/changelog2023-05-20 14:29:04.0 
+0200
@@ -1,3 +1,13 @@
+lazarus (2.2.6+dfsg2-2) unstable; urgency=medium
+
+  * Fixed lcl docs installation path. (Closes: Bug#1036293)
+  * Tried removin Lintian error about unknown file in debian/source folder.
+Thanks to Peter Blackman 
+  * Removed overrides for Lintian warnings that were fixed by upstream.
+  * Updated debian/copyright file with moved and removed files.
+
+ -- Abou Al Montacir   Sat, 20 May 2023 14:29:04 +0200
+
 lazarus (2.2.6+dfsg2-1) unstable; urgency=medium
 
   * Cleaned sources repackaging removing unused Windows help files.
diff -Nru lazarus-2.2.6+dfsg2/debian/copyright 
lazarus-2.2.6+dfsg2/debian/copyright
--- lazarus-2.2.6+dfsg2/debian/copyright2023-04-29 22:34:53.0 
+0200
+++ lazarus-2.2.6+dfsg2/debian/copyright2023-05-20 14:29:04.0 
+0200
@@ -117,6 +117,10 @@
  intellectual property as long as the interface itself is publicly available.
 
 Files:
+ components/buildintf/baseideintf.pas
+ components/buildintf/ideexterntoolintf.pas
+ components/buildintf/macrodefintf.pas
+ components/buildintf/macrointf.pas
  components/chmhelp/lhelp/chmdataprovider.pas
  components/chmhelp/lhelp/chmspecialparser.pas
  components/customdrawn/customdrawnextras.pas
@@ -130,15 +134,11 @@
  components/fpvectorial/htmlvectorialreader.pas
  components/ideintf/actionseditor.pas
  components/ideintf/actionseditorstd.pas
- components/ideintf/baseideintf.pas
  components/ideintf/dbpropedits.pas
  components/ideintf/fieldseditor.pas
  components/ideintf/idedialogs.pas
- components/ideintf/ideexterntoolintf.pas
  components/ideintf/ideutils.pas
  components/ideintf/keyvalpropeditdlg.pas
- components/ideintf/macrodefintf.pas
- components/ideintf/macrointf.pas
  components/ideintf/maskpropedit.pas
  components/ideintf/newfield.pas
  components/ideintf/toolbarintf.pas
@@ -170,7 +170,6 @@
  components/printers/printer4lazstrconst.pas
  components/sparta/dockedformeditor/source/*
  components/sparta/generics/source/*
- components/wiki/myfphttpclient.pp
  examples/lpicustomdata/lpicustomdata.lpr
  ide/findinfilesdlg.pas
  ide/findreplacedialog.pp
@@ -281,13 +280,11 @@
  components/jcf2/CommandLine/CommandLineReturnCode.pas
  components/jcf2/CommandLine/Lazarus/JCF.lpr
  components/jcf2/CommandLine/StatusMessageReceiver.pas
- components/jcf2/IdePlugin/JcfIdeMain.pas
- components/jcf2/IdePlugin/JcfIdeRegister.pas
+ components/jcf2/IdePlugin/lazarus/JcfIdeMain.pas
+ components/jcf2/IdePlugin/lazarus/JcfIdeRegister.pas
  components/jcf2/IdePlugin/lazarus/jcfidemain.pas
  components/jcf2/IdePlugin/lazarus/jcfideregister.pas
- components/jcf2/JcfGui/fMain.pas
  components/jcf2/JcfVersionConsts.pas
- components/jcf2/Notepad/frmJcfNotepad.pas
  components/jcf2/Parse/AsmKeywords.pas
  components/jcf2/Parse/BuildParseTree.pas
  components/jcf2/Parse/BuildTokenList.pas
@@ -438,12 +435,8 @@
  components/jcf2/Ui/Settings/frWarnings.pas
  components/jcf2/Ui/fAbout.pas
  components/jcf2/Ui/fJcfErrorDisplay.pas
- components/jcf2/Ui/fRegistrySettings.pas
  components/jcf2/Utils/Delay.pas
- components/jcf2/Utils/DragDrop/JCFDropTarget.pas
- components/jcf2/Utils/DragDrop/frDrop.pas
  components/jcf2/Utils/IntList.pas
- components/jcf2/Utils/JcfFileUtils.pas
  components/jcf2/Utils/JcfFontSetFunctions.pas
  components/jcf2/Utils/JcfHelp.pas
  components/jcf2/Utils/JcfLog.pas
@@ -708,25 +701,25 @@
 License: own_dwywwi_license
 
 Files:
- components/lazutils/lazfreetype.pas
- components/lazutils/ttcache.pas
- components/lazutils/ttcalc.pas
- components/lazutils/ttcalc1.inc
- components/lazutils/ttcalc2.inc
- components/lazutils/ttcalc3.inc
- components/lazutils/ttcalc4.inc
- components/lazutils/ttcmap.pas
-

Bug#1036801: unblock: curl/7.88.1-10

2023-05-26 Thread Salvatore Bonaccorso

Hi Samuel,

[not member of the release team, but was going trough some potential
unblock requests with CVE fixes]

On Fri, May 26, 2023 at 06:03:13PM +0100, Samuel Henrique wrote:
> Package: release.debian.org
> Control: affects -1 + src:curl
> X-Debbugs-Cc: c...@packages.debian.org
> User: release.debian@packages.debian.org
> Usertags: unblock
> Severity: normal
> 
> Please unblock package curl
> 
> [ Reason ]
> 4 CVE fixes:
> 
> * Add new patches to fix CVEs (closes: #1036239):
> - CVE-2023-28319: UAF in SSH sha256 fingerprint check
> - CVE-2023-28320: siglongjmp race condition
> - CVE-2023-28321: IDN wildcard match
> - CVE-2023-28322: more POST-after-PUT confusion
>   * d/libcurl*.symbols: Drop curl_jmpenv, not built anymore due to
> CVE-2023-28320
> 
> [ Impact ]
> The highest CVE severity from upstream is "Moderate".
> 
> [ Tests ]
> Curl has an extensive test suite that's run at build time and on
> autopkgtest, no regressions were detected.
> 
> [ Risks ]
> The patches didn't require any changes which would be worrying.
> Regarding the "curl_jmpenv", there's no package on Debian using that.

After a short discussion with Paul, wouldn't that imply though that
there is an soname bump needed? Do you know has upstream considered
this and if/or why not? Is there enough assurance nobody (even outside
Debian world) is using that symbol?

Curl upstream has the following on it https://curl.se/libcurl/abi.html

These are just a couple of question trying to understand what
potential question from release team members my come for your unblock
request.

Regards,
Salvatore

p.s.: note it looks autopkgtest view for curl was still blocking it
because cwltool has a flaky test (on armel).

Bug#1036737: libsoapysdr0.8: please add Breaks: libsoapysdr0.7 for smoother upgrades from bullseye

2023-05-26 Thread Christoph Berg

Re: tony mancill
> In any event, I think the change is good and am planning to upload,
> provided there are no concerns from the Debian Hams.

Looks good to me.

Christoph

Bug#105564: figlet: use locale to determine input type

2023-05-26 Thread Julien Palard

Glenn Maynard, le Mon 24 Mar 2008 19:55:30 -0400, a écrit :
> See you guys in 2012...

Damned, I missed this train.

In case it helps someone in 2030: `figlet -C utf8` works for me:

$ figlet -C utf8 é
   __ 
  /_/ 
 / _ \
|  __/
 \___|

-- 
[Julien Palard](https://mdk.fr)

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

2023-05-26 Thread Markus Koschany

Am Donnerstag, dem 25.05.2023 um 19:22 -0700 schrieb Daniel Markstedt:
> [...]
> Thank you very much for taking swift action on this!
> Please forgive my ignorance here, but are these patches active already
> if I apt install netatalk (3.1.12~ds-3+deb10u1) on Buster?
> Or do they have to be picked up by some build process that hasn't run yet?

Those patches are already applied. You can download the source package of
netatalk with 

apt source netatalk

They are located in the debian/patches directory and are listed in the
debian/patches/series file.

> 
> I'm asking because I ran a few tests now and while EA metadata works,
> the appledouble v2 metadata functionality is definitely broken, even
> when you create a new shared volume from scratch.
> 
> dmark@buster:~$ apt show netatalk
> Package: netatalk
> Version: 3.1.12~ds-3+deb10u1
> ...
> May 25 18:51:08 buster afpd[7415]: ad->ad_ops->ad_header_read(path,
> ad, pst) failed: Input/output error
> May 25 18:51:08 buster afpd[7415]: getfilparams(Screenshot 2023-05-23
> at 10.36.39 AM.png): bad resource fork
> May 25 18:51:08 buster afpd[7415]: parse_entries: bogus eid: 3, off: 182,
> len: 8
> May 25 18:51:08 buster afpd[7415]:
> ad_header_read(/home/dmark/afp-data): malformed AppleDouble
> 
> So either more patches have to be cherry-picked or I need to be patient. :)

Could you tell me which exact commands were used, so that I can try to
reproduce the problem? 

Regards,

Markus



signature.asc
Description: This is a digitally signed message part

Bug#1034215: drkonqi: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

2023-05-26 Thread Aurélien COUDERC

Hi !

Le mercredi 12 avril 2023, 13:25:06 CEST Andreas Henriksson a écrit :
> Hello again,
> 
> On Wed, Apr 12, 2023 at 01:19:52PM +0200, Andreas Henriksson wrote:
> > On Tue, Apr 11, 2023 at 09:37:27AM +0200, bi...@debian.org wrote:
> >
> > > It seems that your package drkonqi is shipping files (.service, .socket or
> > > .timer) in /usr/lib/systemd/system.
> > [...]
> > 
> > ```
> > $ apt-file show drkonqi | grep systemd/system
> > drkonqi: /usr/lib/systemd/system/drkonqi-coredump-processor@.service
> > ```
> 
> I forgot to mention that since this is a template unit (@.service)
> maybe the severity should not be RC.
> As far as I know debhelper will not enable any instance of a template
> unit by default anyway, so the consequences that bigon warned about
> probably doesn't apply here?

@Laurent would you mind commenting on this ?
As per my understanding what we would miss (the service not being activated on 
installation) doesn’t apply here because the only service file we ship is a 
systemd template.

With a simple tweak to your search command, drkonqi disappears from the list. :)

apt-file search -x 
'^/usr/lib/systemd/system/.*[^@]\.(service|timer|socket)$'|cut -d: -f1|sort -u


So may I simply close this bug ?


Thanks,
--
Aurélien

Bug#1031046: Asterisk removed from Debian Bookworm

2023-05-26 Thread Antony Stone

Thanks for the explanation.

I am indeed interested in finding out what would be involved / required / 
expected in order to help keep Asterisk as a package in a future release of 
Debian Stable - and in the meantime, to ensure that it remains available in 
Backports.

I have asked on the Asterisk community list / forum to find out whether anyone 
else would be willing to join in, but I think the starting point for anyone 
agreeing to this needs to be - what would you want someone to do, if they have 
the time and interest to help in keeping Asterisk in Debian?

Thanks,

Antony.

-- 
"The future is already here.   It's just not evenly distributed yet."

 - William Gibson

Bug#1036592: pre-approval: unblock: c-ares/1.18.1-3

2023-05-26 Thread Salvatore Bonaccorso

Hi Gregor,

On Tue, May 23, 2023 at 02:56:41PM +0200, Salvatore Bonaccorso wrote:
> Hi Gregor,
> 
> On Tue, May 23, 2023 at 08:44:48AM +0200, Gregor Jasny wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> > X-Debbugs-Cc: c-a...@packages.debian.org
> > Control: affects -1 + src:c-ares
> > 
> > Hello,
> > 
> > [ Reason ]
> > 
> > yesterday a version 1.19.1 of c-ares was release which fixes four CVEs.
> > The Debian Security team considers two of them relevant for Debian and
> > I'd like to cherry-pick them into the unstable package so that the fixes
> > can migrate to Bookworm.
> > 
> > Attached you'll find the debdiff. The changes are also visible in Salsa:
> > https://salsa.debian.org/debian/c-ares/-/compare/debian%2F1.18.1-2...master?from_project_id=11264=false
> > 
> > [ Impact ]
> > 
> > CVE-2023-31130 has a CVSS score of 4.1
> > CVE-2023-32067 has a CVSS score of 7.5
> > 
> > [ Tests ]
> > 
> > On the experimental branch I enabled the unit and integration tests:
> > would you consider that commit as acceptable, too?
> > https://salsa.debian.org/debian/c-ares/-/commit/25f515f728eeae82013a9c1cb8aa6ce80e913d09
> > 
> > [ Risks ]
> > 
> > The fix for the 0-byte DoS issue seems to be straight-forward.
> > The fix for inet_net_pton_ipv6 has been synced from OpenBSD and
> > is covered by the unit tests.
> > 
> > Both changes are port of the 1.19.1 release which built and passed
> > tests on experimental (except Hurd):
> > https://buildd.debian.org/status/package.php?p=c-ares=experimental
> > 
> > [ Checklist ]
> >   [x] all changes are documented in the d/changelog
> >   [x] I reviewed all changes and I approve them
> >   [x] attach debdiff against the package in testing
> > 
> > unblock c-ares/1.18.1-3
> 
> Glad to see you worked on it already. I was on it today to propose a
> NMU, due to the deadline for bookworm approaching quickly, until
> Moritz pointed out to me that you did already filled a unblock
> request pre-approval.
> 
> Attached for reference what I did, and so they match. Release team,
> can you accept it as we would like to see as well a bullseye-security
> upload for the same two CVEs and avoid a regression
> bullseye->bookworm?
> 
> Leaving open the question on enabling the testsuite.

Since deadline for unblock requests is approaching quickly I suggest
to focus on the isolated security fixes only. Last possibility to get
packages unblocked is 2023-05-28 12:00 UTC.

Regards,
Salvatore

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Markus Koschany

Am Freitag, dem 26.05.2023 um 21:44 +0200 schrieb Emmanuel Bourg:
> 
> The changes to jetty9 have to be reverted too, the package is broken 
> (#1036798).
> 
> Sadly we can't do without tomcat9. The path forward implies packaging
> Jetty 11 or 12 first and migrating all the reverse dependencies, but
> that's a task for Trixie.

Thanks for investigating Emmanuel. I'll take care of jetty9 too.

Markus


signature.asc
Description: This is a digitally signed message part

Bug#1036778: ckbuilder: must be rebuilt against rhino 1.7.14

2023-05-26 Thread Markus Koschany

Hi,

I have just rebuilt all reverse-dependencies of closure-compiler again,
ckbuilder and ckeditor also build fine now. Thus the upload of ckbuilder
2.4.3+dfsg-2 was successful. 

> Should we clone this bug to ensure we have a proper (tracking) solution 
> after the bookworm release. If binaries need rebuilds for new versions 
> of build dependencies, we need to figure out how we can automatically 
> detect that. One way (very unpretty) is to hardcode the version which 
> it's going to be build against, than dose [1] will at least tell us.

That's a good idea. In general the Javascript maintainers should be more
considerate when it comes to packages like rhino or closure-compiler. The
latter has been neglected for ten years but still many Javascript packages
depend on it. It is only a matter of time when other issues in closure-compiler
will surface.

> 
> > The rebuild should be done after #1036249 in closure-compiler has been
> > resolved.
> 
> Which is not the case yet, is the 2.4.3+dfsg-2 upload futile and should 
> this bug be reopened? (To be safe, I'm reopening now).

@yadd

If you haven't done so already, could you please file an unblock request for
ckbuilder? 

Thanks

Markus



signature.asc
Description: This is a digitally signed message part

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Paul Gevers


Hi,

On 26-05-2023 21:34, Markus Koschany wrote:

Do I understand you correctly, that we only ship libtomcat9-java in Bookworm
now? Shall I upload a new revision of tomcat9 too?


Yes and yes.

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Emmanuel Bourg


Le 2023-05-26 21:14, Paul Gevers a écrit :


I have just added removal hints for tomcatjss and dogtag-pki. As
mentioned in my previous message, I want the changes in logback
reverted. You can do the reduced upload of tomcat9.

Markus, can you please revert you logback change by tomorrow at the 
latest?


The changes to jetty9 have to be reverted too, the package is broken 
(#1036798).


Sadly we can't do without tomcat9. The path forward implies packaging
Jetty 11 or 12 first and migrating all the reverse dependencies, but
that's a task for Trixie.

Thanks again to Oracle for forcing the javax to jakarta transition
on the community, what a waste of energy just to please a couple
of lawyers in an office.

Emmanuel Bourg

Bug#1036812: ITP: rust-rio -- low level library which provides conformant and fast parsers and formatters for RDF

2023-05-26 Thread Jonas Smedegaard

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-de...@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-rio
  Version : 0.8.3
  Upstream Contact: https://github.com/oxigraph/rio/issues
* URL : https://github.com/oxigraph/rio
* License : Apache-2.0
  Programming Lang: Rust
  Description : conformant and fast parsers and formatters for RDF

 Rio is a low level library
 which provides conformant and fast parsers and formatters
 for RDF related file formats.
 .
 It currently provides N-Triples, N-Quads, Turtle, TriG and RDF/XML
 parsers and formatters.

This package will be maintain in the collaborative Debian section of
Salsa, at https://salsa.debian.org/debian/rust-rio

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmRxDQEACgkQLHwxRsGg
ASFZpA//SCPp5i1JVMjrPoEiqzRw6azXd0zecAtZ/qAKnTgnOVZ8URg69cF9DSwW
L6Mz82RVIz1qbruC9T9g/WXOvv+WnEPX//yh9A+lqVKoV6KgVktfFC+IQVcJwCKf
pdvCa0tjbSiVGkzF/xNoH6WTzClcJNKi7ZpFCzyD8PZXxU0yZpzCZ/TANx1i1G8u
FNL0CAI8GCmsXnaMEb/j2RGRkeMrSlYYc6qPLsHfb+RUvIMjVlxLkdwpy9NsXDi4
W8J+H3zjhj6DqnE/5vYiMHKXkw3qQEJmy0ebjIxGWDBfzolnYcDln3337cC+fujQ
HQtoPIu2+R7MmQV9jkHEJQRkS8P/Df3fnHsyEd9nw3Ocu5rwpKHWQ9X9R6LxCRpr
+RR2Es69YOZ/VfDfvjcMbPfiZ1dET9mwKmuk74goAJApst0Rop7J8w1BowZltJ7f
L0v2Z9AieC+rI9Cw9TeAgyZ+hiwE2vUR7YArZXf4dCddevvTai+C4qVxaqrn1fxG
ePNoleygWDuXofwSKJ1baxRBmxE6Z3O6z3dc5Q6uF7qCa1/jgx/QNb7IyEJajVPm
Da+K9oOYvvRg4F1/a+vSNp51+w3ywmOhIcCSkhwQDL4nQx7E3KH7m0TBz5gsFPP9
6576pAvRtAOmLqGfoydQ/Kzgckxv14Glf/iUp9nfg2aOj6ldKY8=
=EHFR
-END PGP SIGNATURE-

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Markus Koschany

Hi,

> Markus, can you please revert you logback change by tomorrow at the latest?

Sure. I will take care if it.

Do I understand you correctly, that we only ship libtomcat9-java in Bookworm
now? Shall I upload a new revision of tomcat9 too?

Regards,

Markus


signature.asc
Description: This is a digitally signed message part

Bug#1036806: matrix-synapse: not suitable for inclusion in bookworm

2023-05-26 Thread Salvatore Bonaccorso

Hi Andrej,

On Fri, May 26, 2023 at 08:51:13PM +0200, Andrej Shadura wrote:
> Hi,
> 
> On Fri, 26 May 2023, at 19:28, Salvatore Bonaccorso wrote:
> > I believe matrix-synapse is still in the same status as for #982991
> > back for the bullseye release, and not suitable to be included in
> > bookworm as stable release.
> 
> In fact, I believe the situation has changed. Synapse it much more
> stable, as is the Matrix protocol itself, and there weren’t that
> many security issues.

For reference for the discussion: So there were at least the following
CVEs I think since the removal (maybe more, this is just rought
checking based on the CVE years):

https://security-tracker.debian.org/tracker/CVE-2023-32323
https://security-tracker.debian.org/tracker/CVE-2022-41952
https://security-tracker.debian.org/tracker/CVE-2022-39374
https://security-tracker.debian.org/tracker/CVE-2022-39335
https://security-tracker.debian.org/tracker/CVE-2022-31152
https://security-tracker.debian.org/tracker/CVE-2022-31052

> > As such let it have removed from bookworm if you agree. If this is not
> > correct, we need to have assurance security fixes arising during the
> > bookworm cycle can be addressed.
> 
> I believe I will be able to backport fixes — or ask for removal
> later if and when the need arises.

For the above CVEs, would have the fixes be isolated and backportable
enough to guarantee that? If so and you are confident you will be able
to backport the fixes, then please go ahead with closing this bug.

Personally I just would like to avoid we release bookworm with it, and
after while we have already to go trought the removal request from
stable.

Regards,
Salvatore

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Paul Gevers


Hi,

On 26-05-2023 10:58, Moritz Muehlenhoff wrote:

Can't we just do the pragmatic fix of updating src:tomcat9 to only ship
libtomcat9-java and libtomcat9-embed-java? The maintenance burden for
security updates lies within the server stack, the percentage of issues
affecting the libtomcat9-java binary packages as used by rdeps will be small
to none?


I have just added removal hints for tomcatjss and dogtag-pki. As 
mentioned in my previous message, I want the changes in logback 
reverted. You can do the reduced upload of tomcat9.


Markus, can you please revert you logback change by tomorrow at the latest?

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036021: cadabra2,python3-notebook: undeclared file conflict on /usr/lib/python3/dist-packages/notebook/static/components/codemirror

2023-05-26 Thread Martin Hostettler

On Thu, May 25, 2023 at 09:52:55PM +0200, Gürkan Myczko wrote:
> On 25.05.2023 19:47, Martin Hostettler wrote:
> > On 19/05/2023 12.48, Martin Hostettler wrote:
> > > It seems what is needed is this:
> > > 
> > > mv 
> > > debian/cadabra2/usr/lib/python3.*/site-packages/notebook/static/components
> > > debian/cadabra2/usr/share/javascript
> > > rmdir
> > > debian/cadabra2/usr/lib/python3.*/site-packages/notebook/static
> > > rmdir debian/cadabra2/usr/lib/python3.*/site-packages/notebook
> > > 
> > > (The wildcards are used to avoid hard coding the current debian
> > > default
> > > python version)
> > 
> > Any chance to get this changes into an upload? The deadline for last
> > unblock requests is quickly coming.
> 
> I'm sorry, I'm busy with other things, if you feel like it please go ahead
> add yourself to
> Uploaders and upload. Or NMU, as you like. I am also fine reviewing changes,
> and uploading
> via mentors.d.n.
> 

I don't have a gpg key, so i think mentors.d.n is not an option but i
uploaded to some temporary web location. So feel free to review from there.
Also feel free to do what makes the most sense to you with the changelog
entry and version.

https://uchuujin.de/tmp/cadabra/cadabra2_2.4.3.2-0.2.dsc

I'm also attaching the intended patch, in case that is easier to review.

 - Martin
diff -ru orig/cadabra2-2.4.3.2/debian/changelog patched/cadabra2-2.4.3.2/debian/changelog
--- orig/cadabra2-2.4.3.2/debian/changelog	2023-02-06 22:21:08.0 +
+++ patched/cadabra2-2.4.3.2/debian/changelog	2023-05-26 18:17:02.306980093 +
@@ -1,3 +1,13 @@
+cadabra2 (2.4.3.2-0.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Move codemirror integration to canonical path to
+avoid symlink/directory conflict on
+/usr/lib/python3/dist-packages/notebook/static/components/codemirror
+(Closes: 1036021)
+
+ -- Martin Hostettler   Fri, 26 May 2023 06:41:29 +
+
 cadabra2 (2.4.3.2-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -ru orig/cadabra2-2.4.3.2/debian/rules patched/cadabra2-2.4.3.2/debian/rules
--- orig/cadabra2-2.4.3.2/debian/rules	2022-10-13 07:06:04.0 +
+++ patched/cadabra2-2.4.3.2/debian/rules	2023-05-26 06:41:08.613257764 +
@@ -27,6 +27,9 @@
 	dh_auto_install
 	sed -i s,python3.10,python3,g debian/cadabra2/usr/bin/cadabra2
 	sed -i s,site-,dist-,g debian/cadabra2/usr/bin/cadabra2
+	mv debian/cadabra2/usr/lib/python3.*/site-packages/notebook/static/components debian/cadabra2/usr/share/javascript
+	rmdir debian/cadabra2/usr/lib/python3.*/site-packages/notebook/static
+	rmdir debian/cadabra2/usr/lib/python3.*/site-packages/notebook
 
 override_dh_shlibdeps:
 	@echo test

Bug#1036811: bullseye-pu: package ncurses/6.2+20201114-2+deb11u2

2023-05-26 Thread Sven Joachim

Package: release.debian.org
Severity: normal
Tags: bullseye d-i
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ncur...@packages.debian.org, debian-b...@lists.debian.org
Control: affects -1 + src:ncurses

I would like to address CVE-2023-29491[1] aka bug #1034372[2] in
Bullseye.  The changes are the same as in version 6.4-3 (see
#1035351[3]), except that there is no need to patch configure.in this
time.

[ Reason ]
Various memory corruption bugs exist when loading specifically crafted
terminfo database files.  This is a security problem in programs running
with elevated privileges, as users are allowed to provide their own
terminfo files under ${HOME}/.terminfo or via the TERMINFO or
TERMINFO_DIRS environment variables.

Backporting the upstream fixes would be too intrusive (and has not been
attempted in Bookworm either), but via a configure option it is possible
to prevent setuid/setgid programs from loading custom terminfo files
supplied by the user, after which the bugs are no longer security
relevant.

[ Impact ]
Local users could try privilege escalations in setuid/setgid programs
linked to the tinfo library.  How easily those can be achieved probably
depends on the program.

[ Tests ]
No automatic tests exist.  I have manually verified that programs can no
longer use custom terminfo files if their effective UID or GID differs
from the real one.  Also I have verified that the terminfo database in
the ncurses-{base,term} packages is unchanged from 6.2+20201114-2+deb11u2.

[ Risks ]
Users who are relying on their own terminfo files under
${HOME}/.terminfo can no longer use them in setuid/setgid programs and
will have to work around that, e.g. by changing their TERM environment
variable, using a different terminal emulator or asking their sysadmin
for help.

On my systems I did not find any setuid binaries linked to the tinfo
library, but some setgid games in the bsdgames package.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

I have slightly edited the debdiff to exclude spurious changes to the
debian/lib{32,64}tinfo6.symbols files, as these are just symlinks to
libtinfo6.symbols.  See devscripts bug #773762[4].

[ Other info ]
Since ncurses produces a udeb I have CC'ed debian-boot and tagged the
bug accordingly.  The screen binary in the screen-udeb package is
actually affected by the change, as it is installed setgid utmp.  This
should not really matter though, since the terminfo files in the
di-utils-terminfo package are installed in the standard place under
/lib/terminfo.

Thanks for consideration.

Cheers,
   Sven


1. https://security-tracker.debian.org/tracker/CVE-2023-29491
2. https://bugs.debian.org/1034372
3. https://bugs.debian.org/1035351
4. https://bugs.debian.org/773762

diff -Nru ncurses-6.2+20201114/debian/changelog ncurses-6.2+20201114/debian/changelog
--- ncurses-6.2+20201114/debian/changelog	2023-02-08 20:16:03.0 +0100
+++ ncurses-6.2+20201114/debian/changelog	2023-05-26 20:31:08.0 +0200
@@ -1,3 +1,17 @@
+ncurses (6.2+20201114-2+deb11u2) bullseye; urgency=medium
+
+  * Configure with "--disable-root-environ" to disallow loading of
+custom terminfo entries in setuid/setgid programs, mitigating the
+impact of CVE-2023-29491 (see #1034372).
+- Update the symbols files for the newly exported symbol
+  _nc_env_access.
+- New patch debian-env-access.diff, changing the behavior of the
+  "--disable-root-environ" configure option to not restrict programs
+  run by the superuser, equivalent to the "--disable-setuid-environ"
+  option introduced in the 20230423 patchlevel.
+
+ -- Sven Joachim   Fri, 26 May 2023 20:31:08 +0200
+
 ncurses (6.2+20201114-2+deb11u1) bullseye; urgency=medium
 
   * New patch CVE-2022-29458.diff: add a limit-check to guard against
diff -Nru ncurses-6.2+20201114/debian/libtinfo5.symbols ncurses-6.2+20201114/debian/libtinfo5.symbols
--- ncurses-6.2+20201114/debian/libtinfo5.symbols	2021-01-01 10:31:15.0 +0100
+++ ncurses-6.2+20201114/debian/libtinfo5.symbols	2023-05-26 19:46:17.0 +0200
@@ -95,6 +95,7 @@
  _nc_curr_col@NCURSES_TINFO_5.0.19991023 6
  _nc_curr_line@NCURSES_TINFO_5.0.19991023 6
  _nc_doalloc@NCURSES_TINFO_5.0.19991023 6
+ _nc_env_access@NCURSES_TINFO_5.2.20001021 6.2+20201114-2+deb11u2~
  _nc_err_abort@NCURSES_TINFO_5.0.19991023 6
  _nc_fallback@NCURSES_TINFO_5.0.19991023 6
  _nc_find_entry@NCURSES_TINFO_5.0.19991023 6
diff -Nru ncurses-6.2+20201114/debian/libtinfo6.symbols ncurses-6.2+20201114/debian/libtinfo6.symbols
--- ncurses-6.2+20201114/debian/libtinfo6.symbols	2021-01-01 10:31:15.0 +0100
+++ ncurses-6.2+20201114/debian/libtinfo6.symbols	2023-05-26 19:46:17.0 +0200
@@ -94,6 +94,7 @@
  _nc_curr_col@NCURSES6_TINFO_5.0.19991023 6
  _nc_curr_line@NCURSES6_TINFO_5.0.19991023

Bug#1036806: matrix-synapse: not suitable for inclusion in bookworm

2023-05-26 Thread Andrej Shadura

Hi,

On Fri, 26 May 2023, at 19:28, Salvatore Bonaccorso wrote:
> I believe matrix-synapse is still in the same status as for #982991
> back for the bullseye release, and not suitable to be included in
> bookworm as stable release.

In fact, I believe the situation has changed. Synapse it much more stable, as 
is the Matrix protocol itself, and there weren’t that many security issues.

> As such let it have removed from bookworm if you agree. If this is not
> correct, we need to have assurance security fixes arising during the
> bookworm cycle can be addressed.

I believe I will be able to backport fixes — or ask for removal later if and 
when the need arises.

-- 
Cheers,
  Andrej

Bug#1032647: Keeping 525.105.17-1 for bookworm?

2023-05-26 Thread julienbenjamin




Since Debian 12 entered in full freeze, I guess this issue will stay 
open for the entirety of Bookwork lifetime?

Bug#1036810: default window size no longer correct when document contains a TOC

2023-05-26 Thread José Luis González

Package: xpdf
Version: 3.04+git20220601-1+b2
Severity: important


Before Debian 12, if the document contained a Table of contents, which
is and should be quite often, the Table of contents was displayed since
opening the document, xpdf's window sized accordingly to let show it.

Not anymore after I upgraded.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xpdf depends on:
ii  libc6  2.36-9
ii  libgcc-s1  12.2.0-14
ii  libpaper1  1.1.29
ii  libpoppler126  22.12.0-2+b1
ii  libstdc++6 12.2.0-14
ii  libx11-6   2:1.8.4-2
ii  libxm4 2.3.8-3
ii  libxt6 1:1.2.1-1.1

Versions of packages xpdf recommends:
ii  cups-bsd2.4.2-3
ii  gsfonts-x11 2:20200910-7
ii  poppler-data0.4.12-1
ii  poppler-utils   22.12.0-2+b1
ii  sensible-utils  0.0.17+nmu1

xpdf suggests no packages.

-- no debconf information

Bug#1036808: no longer remembers window size

2023-05-26 Thread José Luis González

Package: xpdf
Version: 3.04+git20220601-1+b2
Severity: important

Window size needs to get saved. Otherwise you have to resize it every
time you open the program in case the default one doesn't suit your
needs.

This is happening to me now after upgrading to Debian 12. It's actually
taller than my desktop's available vertical space.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xpdf depends on:
ii  libc6  2.36-9
ii  libgcc-s1  12.2.0-14
ii  libpaper1  1.1.29
ii  libpoppler126  22.12.0-2+b1
ii  libstdc++6 12.2.0-14
ii  libx11-6   2:1.8.4-2
ii  libxm4 2.3.8-3
ii  libxt6 1:1.2.1-1.1

Versions of packages xpdf recommends:
ii  cups-bsd2.4.2-3
ii  gsfonts-x11 2:20200910-7
ii  poppler-data0.4.12-1
ii  poppler-utils   22.12.0-2+b1
ii  sensible-utils  0.0.17+nmu1

xpdf suggests no packages.

-- no debconf information

Bug#1036807: Update style to selection doesn't save the style's typefont

2023-05-26 Thread José Luis González

Package: libreoffice-writer
Version: 4:7.4.5-2
Severity: important

If I update say Title 2's style to selection the selection's typefont
doesn't get saved, appearing as Liberation Sans instead when the style
gets applied.


-- Package-specific info:
Configuration filePackage Exists Changed
/etc/libreoffice/registry/writer.xcd  libreoffice-writer  Yes No
All deployed bundled extensions:


All deployed shared extensions:


All deployed user extensions:



Experimental features enabled:

Installed VCLplugs:
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version  Architecture Description
+++----===
ii  libreoffice-gtk3 4:7.4.5-2amd64office productivity suite -- 
GTK+ 3 integration
un  libreoffice-kf5(no description available)
un  libreoffice-qt5(no description available)

Java (javaldx):
/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/client:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/server:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/native_threads:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64

Java:
http://openoffice.org/2004/java/framework/1.0; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;>

file:///usr/lib/jvm/java-11-openjdk-amd64



-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreoffice-writer depends on:
ii  libabw-0.1-1 0.1.3-1
ii  libc62.36-9
ii  libe-book-0.1-1  0.1.3-2+b2
ii  libepubgen-0.1-1 0.1.1-1
ii  libetonyek-0.1-1 0.1.10-3+b1
ii  libgcc-s112.2.0-14
ii  libicu72 72.1-3
ii  libmwaw-0.3-30.3.21-1
ii  libodfgen-0.1-1  0.1.8-2
ii  libreoffice-base-core4:7.4.5-2
ii  libreoffice-common   4:7.4.5-2
ii  libreoffice-core 4:7.4.5-2
ii  librevenge-0.0-0 0.0.5-3
ii  libstaroffice-0.0-0  0.0.7-1
ii  libstdc++6   12.2.0-14
ii  libuno-cppu3 4:7.4.5-2
ii  libuno-cppuhelpergcc3-3  4:7.4.5-2
ii  libuno-sal3  4:7.4.5-2
ii  libuno-salhelpergcc3-3   4:7.4.5-2
ii  libwpd-0.10-10   0.10.3-2+b1
ii  libwpg-0.3-3 0.3.3-1
ii  libwps-0.4-4 0.4.13-1
ii  libxml2  2.9.14+dfsg-1.2
ii  ucf  3.0043+nmu1
ii  uno-libs-private 4:7.4.5-2
ii  zlib1g   1:1.2.13.dfsg-1

Versions of packages libreoffice-writer recommends:
ii  libreoffice-math  4:7.4.5-2

Versions of packages libreoffice-writer suggests:
ii  default-jre [java8-runtime] 2:1.17-74
ii  fonts-crosextra-caladea 20200211-1
ii  fonts-crosextra-carlito 20220224-1
ii  libreoffice-base4:7.4.5-2
ii  libreoffice-java-common 4:7.4.5-2
ii  openjdk-11-jre [java8-runtime]  11.0.18+10-1~deb11u1
ii  openjdk-17-jre [java8-runtime]  17.0.6+10-1

Versions of packages libreoffice-core depends on:
ii  fontconfig  2.14.1-4
ii  fonts-opensymbol4:102.12+LibO7.4.5-2
ii  libabsl20220623 20220623.1-1
ii  libboost-locale1.74.0   1.74.0+ds1-20
ii  libc6   2.36-9
ii  libcairo2   1.16.0-7
ii  libclucene-contribs1v5  2.3.3.4+dfsg-1.1
ii  libclucene-core1v5  2.3.3.4+dfsg-1.1
ii  libcups22.4.2-3
ii  libcurl3-gnutls 7.88.1-9
ii  libdbus-1-3 1.14.6-1
ii  libdconf1   0.40.0-4
ii  libeot0 0.01-5+b1
ii  libepoxy0   1.5.10-1
ii  libexpat1   2.5.0-1
ii  libexttextcat-2.0-0 3.4.5-1
ii  libfontconfig1  2.14.1-4
ii  libfreetype62.12.1+dfsg-5
ii  libgcc-s1   12.2.0-14
ii  libglib2.0-02.74.6-2
ii  libgpgmepp6 1.18.0-3+b1
ii  libgraphite2-3  1.3.14-1
ii  libgstreamer-plugins-base1.0-0  1.22.0-3
ii  libgstreamer1.0-0   1.22.0-2
ii  libharfbuzz-icu06.0.0+dfsg-3
ii  libharfbuzz0b   6.0.0+dfsg-3
ii  libhunspell-1.7-0   1.7.1-1
ii  libhyphen0  2.8.8-7
ii  libice6 2:1.0.10-1
ii  libicu7272.1-3
ii  libjpeg62-turbo 1:2.1.5-2
ii  liblcms2-2  2.14-2
ii  libldap-2.5-0

Bug#1036806: matrix-synapse: not suitable for inclusion in bookworm

2023-05-26 Thread Salvatore Bonaccorso

Source: matrix-synapse
Version: 1.78.0-1
Severity: serious
Tags: upstream security
X-Debbugs-Cc: Andrej Shadura , 
debian-rele...@lists.debian.org, car...@debian.org, Debian Security Team 


Hi Andrej,

I believe matrix-synapse is still in the same status as for #982991
back for the bullseye release, and not suitable to be included in
bookworm as stable release.

As such let it have removed from bookworm if you agree. If this is not
correct, we need to have assurance security fixes arising during the
bookworm cycle can be addressed.

Regards,
Salvatore

Bug#1036805: libreoffice's toolbar buttons became hard to see after upgrading to Debian 12

2023-05-26 Thread José Luis González

Package: libreoffice-writer
Version: 4:7.4.5-2
Severity: important

After upgrading to Debian 12, writer's toolbar buttons became hard
to see, looking liquid.

I have checked with the other components and it's happening with all.
Please, reassign if appropriate.


-- Package-specific info:
Configuration filePackage Exists Changed
/etc/libreoffice/registry/writer.xcd  libreoffice-writer  Yes No
All deployed bundled extensions:


All deployed shared extensions:


All deployed user extensions:



Experimental features enabled:

Installed VCLplugs:
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version  Architecture Description
+++----===
ii  libreoffice-gtk3 4:7.4.5-2amd64office productivity suite -- 
GTK+ 3 integration
un  libreoffice-kf5(no description available)
un  libreoffice-qt5(no description available)

Java (javaldx):
/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/client:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/server:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64/native_threads:/usr/lib/jvm/java-17-openjdk-amd64/lib/amd64

Java:
http://openoffice.org/2004/java/framework/1.0; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;>

file:///usr/lib/jvm/java-11-openjdk-amd64



-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreoffice-writer depends on:
ii  libabw-0.1-1 0.1.3-1
ii  libc62.36-9
ii  libe-book-0.1-1  0.1.3-2+b2
ii  libepubgen-0.1-1 0.1.1-1
ii  libetonyek-0.1-1 0.1.10-3+b1
ii  libgcc-s112.2.0-14
ii  libicu72 72.1-3
ii  libmwaw-0.3-30.3.21-1
ii  libodfgen-0.1-1  0.1.8-2
ii  libreoffice-base-core4:7.4.5-2
ii  libreoffice-common   4:7.4.5-2
ii  libreoffice-core 4:7.4.5-2
ii  librevenge-0.0-0 0.0.5-3
ii  libstaroffice-0.0-0  0.0.7-1
ii  libstdc++6   12.2.0-14
ii  libuno-cppu3 4:7.4.5-2
ii  libuno-cppuhelpergcc3-3  4:7.4.5-2
ii  libuno-sal3  4:7.4.5-2
ii  libuno-salhelpergcc3-3   4:7.4.5-2
ii  libwpd-0.10-10   0.10.3-2+b1
ii  libwpg-0.3-3 0.3.3-1
ii  libwps-0.4-4 0.4.13-1
ii  libxml2  2.9.14+dfsg-1.2
ii  ucf  3.0043+nmu1
ii  uno-libs-private 4:7.4.5-2
ii  zlib1g   1:1.2.13.dfsg-1

Versions of packages libreoffice-writer recommends:
ii  libreoffice-math  4:7.4.5-2

Versions of packages libreoffice-writer suggests:
ii  default-jre [java8-runtime] 2:1.17-74
ii  fonts-crosextra-caladea 20200211-1
ii  fonts-crosextra-carlito 20220224-1
ii  libreoffice-base4:7.4.5-2
ii  libreoffice-java-common 4:7.4.5-2
ii  openjdk-11-jre [java8-runtime]  11.0.18+10-1~deb11u1
ii  openjdk-17-jre [java8-runtime]  17.0.6+10-1

Versions of packages libreoffice-core depends on:
ii  fontconfig  2.14.1-4
ii  fonts-opensymbol4:102.12+LibO7.4.5-2
ii  libabsl20220623 20220623.1-1
ii  libboost-locale1.74.0   1.74.0+ds1-20
ii  libc6   2.36-9
ii  libcairo2   1.16.0-7
ii  libclucene-contribs1v5  2.3.3.4+dfsg-1.1
ii  libclucene-core1v5  2.3.3.4+dfsg-1.1
ii  libcups22.4.2-3
ii  libcurl3-gnutls 7.88.1-9
ii  libdbus-1-3 1.14.6-1
ii  libdconf1   0.40.0-4
ii  libeot0 0.01-5+b1
ii  libepoxy0   1.5.10-1
ii  libexpat1   2.5.0-1
ii  libexttextcat-2.0-0 3.4.5-1
ii  libfontconfig1  2.14.1-4
ii  libfreetype62.12.1+dfsg-5
ii  libgcc-s1   12.2.0-14
ii  libglib2.0-02.74.6-2
ii  libgpgmepp6 1.18.0-3+b1
ii  libgraphite2-3  1.3.14-1
ii  libgstreamer-plugins-base1.0-0  1.22.0-3
ii  libgstreamer1.0-0   1.22.0-2
ii  libharfbuzz-icu06.0.0+dfsg-3
ii  libharfbuzz0b   6.0.0+dfsg-3
ii  libhunspell-1.7-0   1.7.1-1
ii  libhyphen0  2.8.8-7
ii  libice6 2:1.0.10-1
ii  libicu7272.1-3
ii  libjpeg62-turbo 1:2.1.5-2
ii  liblcms2-2

Bug#1035949: mariadb: upgrade issue: mariadb-server-10.5 fails to stop after all other -10.5 packages were removed

2023-05-26 Thread Otto Kekäläinen

I filed now 
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/47
as an exploration to fix this issue.

If we don't fix this in 10.11 the alternative would be to patch 10.5
and 10.3 to simply never fail on missing mariadb-client-10.3/5
package. I already did
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/14
to make the problem have a proper error message users.

Bug#1036802: Adding more information

2023-05-26 Thread Daniele Scasciafratte

Looking on poedit: https://github.com/vslavik/poedit/issues/789
On the ticket they reference another debian ticket
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019704

Bug#1036804: RFP: shadowsocks-rust -- a rust port of shadowsocks

2023-05-26 Thread ilf


Package: wnpp
Severity: wishlist

URL: https://github.com/shadowsocks/shadowsocks-rust
License: MIT
Description: a rust port of shadowsocks https://shadowsocks.org/

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

Bug#1036803: mysql-8.0: upstream autopkgtest fails on s390x as of 8.0.33

2023-05-26 Thread Lena Voytek

Source: mysql-8.0
Version: 8.0.33-1
Severity: minor
Tags: patch
X-Debbugs-Cc: lena.voy...@canonical.com

The upstream tests main.subquery_sj_all_bka_nobnl and
main.subquery_sj_mat_bka_nobnl now fail as of 8.0.33. Submitted bug report
upstream too but they plan on ignoring the issue since the architecture is
unsupported there: https://bugs.mysql.com/bug.php?id=56.

Adding a patch through salsa


-- System Information:
Debian Release: bookworm/sid
  APT prefers jammy-updates
  APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), 
(100, 'jammy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-72-generic (SMP w/32 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1036802: poedit: "Failed to load image from file" error on starting

2023-05-26 Thread Daniele Mte90 Scasciafratte

Package: poedit
Version: 3.3.1-1
Severity: minor
X-Debbugs-Cc: mte90...@gmail.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
On Debian Sid is enough to run PoEdit to get this error in a window and press 
OK to move on:
ven 26 mag 2023, 19:01:35: can't open file 
'/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png' (error 2: File o 
directory non esistente)
ven 26 mag 2023, 19:01:35: Failed to load image from file 
"/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png".
ven 26 mag 2023, 19:01:35: can't open file 
'/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png' (error 2: File o 
directory non esistente)
ven 26 mag 2023, 19:01:35: Failed to load image from file 
"/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png".
ven 26 mag 2023, 19:01:35: can't open file 
'/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png' (error 2: File o 
directory non esistente)
ven 26 mag 2023, 19:01:35: Failed to load image from file 
"/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png".
ven 26 mag 2023, 19:01:35: can't open file 
'/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png' (error 2: File o 
directory non esistente)
ven 26 mag 2023, 19:01:35: Failed to load image from file 
"/org/gtk/libgtk/icons/16x16/actions/text-x-generic.png".


   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?
No error on start
*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.4-1-siduction-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to it_IT.UTF-8), LANGUAGE=it
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages poedit depends on:
ii  gettext   0.21-12
ii  libboost-iostreams1.74.0  1.74.0+ds1-21
ii  libboost-thread1.74.0 1.74.0+ds1-21
ii  libc6 2.36-9
ii  libcld2-0 0.0.0-git20150806-9
ii  libcpprest2.102.10.18-1+b1
ii  libgcc-s1 12.2.0-14
ii  libglib2.0-0  2.74.6-2
ii  libgtk-3-03.24.37-2
ii  libgtkspell3-3-0  3.0.10-1
ii  libicu72  72.1-3
ii  liblucene++0v53.0.8-6
ii  libpugixml1v5 1.13-0.2
ii  libsecret-1-0 0.20.5-3
ii  libssl3   3.0.8-1
ii  libstdc++612.2.0-14
ii  libwxbase3.2-13.2.2+dfsg-2
ii  libwxgtk-webview3.2-1 3.2.2+dfsg-2
ii  libwxgtk3.2-1 3.2.2+dfsg-2
ii  poedit-common 3.3.1-1

poedit recommends no packages.

poedit suggests no packages.

-- debconf-show failed

Bug#1036801: unblock: curl/7.88.1-10

2023-05-26 Thread Samuel Henrique

Package: release.debian.org
Control: affects -1 + src:curl
X-Debbugs-Cc: c...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package curl

[ Reason ]
4 CVE fixes:

* Add new patches to fix CVEs (closes: #1036239):
- CVE-2023-28319: UAF in SSH sha256 fingerprint check
- CVE-2023-28320: siglongjmp race condition
- CVE-2023-28321: IDN wildcard match
- CVE-2023-28322: more POST-after-PUT confusion
  * d/libcurl*.symbols: Drop curl_jmpenv, not built anymore due to
CVE-2023-28320

[ Impact ]
The highest CVE severity from upstream is "Moderate".

[ Tests ]
Curl has an extensive test suite that's run at build time and on
autopkgtest, no regressions were detected.

[ Risks ]
The patches didn't require any changes which would be worrying.
Regarding the "curl_jmpenv", there's no package on Debian using that.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
Please also shorten the bake time in unstable, is possible (and needed).

unblock curl/7.88.1-10

-- 
Samuel Henrique 


curl_7.88.1-10.debdiff
Description: Binary data

Bug#1031046: Asterisk removed from Debian Bookworm

2023-05-26 Thread Jonas Smedegaard

Hi Antony,

Quoting Antony Stone (2023-05-26 16:58:54)
> I've just discovered this "bug report" and I'm very disappointed by it.
> 
> Please can someone tell me:
> 
> 1. How many people are involved as Asterisk Debian Package Maintainers?

Asterisk is maintained in the [VoIP team], and in principle anyone in
that team can contribute directly to the git repo of asterisk packaging
(and also most of the approximately 1000 formal Debian Developers has
write access to the git repo as well, but will only do so for simpler
quickfixes - anyone generally interested in Asterisk maintenance is
expected to join the team).

In reality, however, not everyone in our team are familiar with all of
the packages we maintain together.  In recent times, all [releases] of
Asterisk since 16.16.1~dfsg+~2.10-1 in January 2021 was issued by me,
and before that Bernhard Schmidt (almost) solely maintained Asterisk
packaging since 13.20.0~dfsg-1 in April 2018.

Unfortunately [Bernhard cannot grasp] how I embed PJProject, and I
cannot grasp how he did it previously.  Effectively, Asterisk has had a
single maintainer for the past 5 years.

[VoIP team]: https://salsa.debian.org/groups/pkg-voip-team/-/group_members

[releases]: https://tracker.debian.org/pkg/asterisk/news/

[Bernhard cannot handle]: https://bugs.debian.org/1014133#25


> 2. Has this number decreased noticeably since the previous Debian release 
> Bullseye?

Asterisk packaging in Debia has had a low bus factor for quite some
time.


> 3. Has anyone contacted the Asterisk community (for example via 
> https://community.asterisk.org ) to see whether additional volunteers would 
> be 
> willing to help with the effort involved in keeping Asterisk in the Debian 
> project?

No, I haven't done any recruitment work, and neither has anyone else -
to the best of my knowledge.

If you are volunteering to either help yourself or to try do some
recrutiment, then that's much appreciated.

Unfortunately it is too late now for getting Asterisk part of upcoming
stable Debian - but it is regardless helpful for the maintenance in
*unstable* and *testing* during the lifetime of upcoming stable, which
includes the ability for offering it unofficially for upcoming stable
Debian through https://backports.debian.org/


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Bug#1036800: sylpheed: unable to send or read email after upgrading to Debian 12

2023-05-26 Thread José Luis González

Package: sylpheed
Version: 3.8.0~beta1-1
Severity: grave

After upgrading to Debian 12 and booting again the computer I am
unable to use sylpheed to neither send email with both accounts I have
set up, nor read new messages, just with the IMAP one in this case.

Both accounts are from Gmail.

The error message I get trying to send with the POP3 is

  Error

  Hubo un error enviando el mensaje:
  501 5.5.2 Cannot Decode response
r11-20020a5d494b00b00300aee6c9cesm5425569wrs.20 - gsmtp

while with the IMAP one is

  Hubo un error enviando el mensaje:
501 5.5.2 Cannot Decode response
j13-20020a5d604d00b00306344eaebfsm5456150wrt.28 - gsmtp

Whereas, trying to open the inbox of the IMAP one, or any other
folder, gets this:

  Error

  No se pudo establecer una conexión con el servidor.

making it impossible to read or query new mail.

Bug#1036200: Malicious postscript code?

2023-05-26 Thread Alexander Vivian Hugh McPhail

/Y /setcmykcolor where { %%ifelse Use built-in operator
   /setcmykcolor get
   }{ %%ifelse Emulate setcmykcolor with setrgbcolor
   { %%def
   1 sub 3 { %%repeat
   3 index add neg dup 0 lt { pop 0 } if 3 1 roll
   } repeat setrgbcolor
   } bind

/stringbbox {gsave NP 0 0 m false charpath flattenpath
   pathbbox 4 2 roll pop pop 1.1 mul cvi exch 1.1 mul
   cvi exch grestore} def

---

Predefined untyped Y combinator appears to delete things until there is nothing 
left to delete.  Not sure.

Bug#1036799: sylpheed: unable to send or read email after upgrading to Debian 12

2023-05-26 Thread José Luis González

Package: sylpheed
Version: 3.8.0~beta1-1
Severity: grave

After upgrading to Debian 12 and booting again the computer I am unable to
use sylpheed to neither send email with both accounts I have set up, nor
read new messages, just with the IMAP one in this case.

Both accounts are from Gmail.

The error message I get trying to send with the POP3 is

  Error

  Hubo un error enviando el mensaje:
  501 5.5.2 Cannot Decode response
r11-20020a5d494b00b00300aee6c9cesm5425569wrs.20 - gsmtp

while with the IMAP one is

  Hubo un error enviando el mensaje:
501 5.5.2 Cannot Decode response
j13-20020a5d604d00b00306344eaebfsm5456150wrt.28 - gsmtp

Whereas, trying to open the inbox of the IMAP one, or any other folder,
gets this:

  Error

  No se pudo establecer una conexión con el servidor.

making it impossible to read or query new mail.

Bug#1036798: jetty9: Failed startup of context: JettyJasperInitializer not a subtype of javax.servlet.ServletContainerInitializer

2023-05-26 Thread Emmanuel Bourg

Package: jetty9
Version: 9.4.50-3
Severity: grave
Justification: renders package unusable

The jetty9 package can no longer run web applications after switching
to libtomcat10-java for the JSP compiler. The following error appears
in the log:

  java.util.ServiceConfigurationError: 
javax.servlet.ServletContainerInitializer: 
org.eclipse.jetty.apache.jsp.JettyJasperInitializer not a subtype
at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:593)
at 
java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1244)
at 
java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1273)
at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1309)
at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1393)
at 
org.eclipse.jetty.annotations.AnnotationConfiguration.getNonExcludedInitializers(AnnotationConfiguration.java:829)
at 
org.eclipse.jetty.annotations.AnnotationConfiguration.configure(AnnotationConfiguration.java:343)
at 
org.eclipse.jetty.webapp.WebAppContext.configure(WebAppContext.java:498)
at 
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1409)
at 
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:916)
at 
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:288)
at 
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524)
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at 
org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:46)
at 
org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188)
at 
org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:517)
at 
org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:157)
at 
org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:173)
at 
org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:428)
at 
org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:66)
at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:785)
at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:754)
at org.eclipse.jetty.util.Scanner.scan(Scanner.java:641)
at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:540)
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at 
org.eclipse.jetty.deploy.providers.ScanningAppProvider.doStart(ScanningAppProvider.java:146)
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at 
org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(DeploymentManager.java:605)
at 
org.eclipse.jetty.deploy.DeploymentManager.doStart(DeploymentManager.java:252)
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.server.Server.start(Server.java:423)
at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
at org.eclipse.jetty.server.Server.doStart(Server.java:387)
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at 
org.eclipse.jetty.xml.XmlConfiguration.lambda$main$3(XmlConfiguration.java:1907)
at 
java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
at 
org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1857)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:218)
at org.eclipse.jetty.start.Main.start(Main.java:491)
at org.eclipse.jetty.start.Main.main(Main.java:77)


Reverting back to libtomcat9-java fixes the issue.

Using the Jasper compiler from Tomcat 10 with Jetty 9 is unlikely to work
properly since the source files generated will use the servlet classes
from the jakarta namespace and Jetty 9 doesn't implement them.

Emmmanuel Bourg

Bug#1036543: [PATCH 5.10 076/529] crypto: ccp: Use the stack for small SEV command buffers

2023-05-26 Thread Ben Hutchings

On Wed, 2023-05-17 at 16:06 +0200, Greg Kroah-Hartman wrote:
> On Wed, May 17, 2023 at 04:02:35PM +0200, Greg Kroah-Hartman wrote:
> > On Wed, May 17, 2023 at 02:56:21PM +0200, Ben Hutchings wrote:
> > > On Fri, 2023-03-10 at 14:33 +0100, Greg Kroah-Hartman wrote:
> > > > From: Sean Christopherson 
> > > > 
> > > > [ Upstream commit e4a9af799e5539b0feb99571f0aaed5a3c81dc5a ]
> > > > 
> > > > For commands with small input/output buffers, use the local stack to
> > > > "allocate" the structures used to communicate with the PSP.   Now that
> > > > __sev_do_cmd_locked() gracefully handles vmalloc'd buffers, there's no
> > > > reason to avoid using the stack, e.g. CONFIG_VMAP_STACK=y will just 
> > > > work.
> > > [...]
> > > 
> > > Julien Cristau reported a regression in ccp - the
> > > WARN_ON_ONCE(!virt_addr_valid(data)) is now being triggered.  I believe
> > > this was introduced by the above commit, which depends on:
> > > 
> > > commit 8347b99473a313be6549a5b940bc3c56a71be81c
> > > Author: Sean Christopherson 
> > > Date:   Tue Apr 6 15:49:48 2021 -0700
> > >  
> > > crypto: ccp: Play nice with vmalloc'd memory for SEV command structs
> > > 
> > > Ben.
> > > 
> > 
> > Thanks for letting me know, now queued up.
> 
> Nope, now dropped, it breaks the build :(

I've now looked further and found that we need both:

d5760dee127b crypto: ccp: Reject SEV commands with mismatching command buffer
8347b99473a3 crypto: ccp: Play nice with vmalloc'd memory for SEV command 
structs

(Not yet tested; I'll ask Julien if he can do that.)

Ben.

-- 
Ben Hutchings
I haven't lost my mind; it's backed up on tape somewhere.


signature.asc
Description: This is a digitally signed message part

Bug#1031046: Asterisk removed from Debian Bookworm

2023-05-26 Thread Antony Stone

I've just discovered this "bug report" and I'm very disappointed by it.

Please can someone tell me:

1. How many people are involved as Asterisk Debian Package Maintainers?

2. Has this number decreased noticeably since the previous Debian release 
Bullseye?

3. Has anyone contacted the Asterisk community (for example via 
https://community.asterisk.org ) to see whether additional volunteers would be 
willing to help with the effort involved in keeping Asterisk in the Debian 
project?


Thanks,


Antony.

Bug#1036794: [Pkg-rust-maintainers] Bug#1036794: rust-pangocairo: 0.16.3 autopkgtest due to implicit test dependency on newer gir-format-check

2023-05-26 Thread Peter Green


severity 1036794 serious
tags 1036794 +pending
thanks


In Ubuntu, we've noticed the pangocairo test suite fails because it
depends on the Errors struct of gir-format-check implementing Display.

Updating gir-format-check to 0.1.2 or above should solve the issue.


Thanks, this is happening on debci as well.

https://ci.debian.net/data/autopkgtest/unstable/amd64/r/rust-pangocairo/33875953/log.gz

I've bumped the dev-dependency in debcargo-conf, I see you have already
prepared a new version of the gir-format-check package there.

I've also marked the tests for the "dox" feature as "broken", this
feature appears to be intended for use only in documentation builds.

Bug#1036646: libhyperscan5: prevents rspamd from starting

2023-05-26 Thread Antoine Le Gonidec


On Thu, 25 May 2023 01:32:33 +0200 Sebastien Badia  wrote:

I'm maybe wrong, but Bookworm will be released with libhyperscan5 = 5.4.0-2 
(like bullseye).
So this bug (#1036646) is a RC for Trixie but not for Bookworm ?


I was not sure if the 5.4.2-1 build of libhyperscan5 would migrate 
automatically to Bookworm before the release, so I initially set the severity 
high enough to block the package migration.

Now that the bug report has been reassigned to rspamd (I submitted against 
libhyperscan5 initially), the high severity is no longer justified so I think 
you were right to lower it.

As long as Bookworm is released with libhyperscan5 = 5.4.0-2 and rspamd = 
3.4-1, there should be no problem.


OpenPGP_signature
Description: OpenPGP digital signature

Bug#988527: Reproducing 988527: scilab: unbound variable in /usr/share/bash-completion/completions/scilab

2023-05-26 Thread Christoph Anton Mitterer

On Mon, 2023-05-22 at 21:05 +0200, Pierre Gruet wrote:
> Thanks for your help on this matter,

Thanks for your efforts :-)

Cheers,
Chris.

Bug#1036628: iptables-persistent: leftover files on upgrade

2023-05-26 Thread Christoph Anton Mitterer

Thanks :-)

I guess it's clear anyway... but just to be sure... only try clean up
via rmdir (users might have added their own overrides in
/etc/systemd/system/netfilter-persistent.service.d)

Cheers,
Chris.

Bug#1036443: ntpsec: leftover files on purge

2023-05-26 Thread Christoph Anton Mitterer

On Thu, 2023-05-25 at 21:52 -0500, Richard Laager wrote:
> At first glance, I agree that these should be cleaned up. I just need
> to 
> actually do the work on this, ASAP, of course.

I guess it will anyway not make it into bookworm... so no hurry neeed
:-)


Thanks,
Chris.

Bug#1035096: GRUB not installed or installed to the wrong device

2023-05-26 Thread Peter Ehlert




On 5/26/23 06:42, Pascal Hambourg wrote:

On 26/05/2023 at 15:29, Peter Ehlert wrote:


On 5/17/23 10:14, Pascal Hambourg wrote:


1. Copy the attached patched grub-installer onto a second USB drive 
formatted with FAT, ext* or any filesystem type the installer can read.


2. Start the installer (expert install recommended).

3. Between the steps "Load installer components from installation 
media" and "Install the GRUB boot loader", switch to a shell with 
Ctrl+Alt+F2.


4. Connect and mount the second USB drive seen as /dev/sdXY :
# mount -r /dev/sdXY /mnt


I am unable to get it to mount

using blkid I see the second USB as /dev/sdf1 with the label I gave 
it "grub-installer"


however running # mount -r /dev/sdf1 /mnt
says
mount: mounting /dev/sdf1 on /mnt failed: Invalid argument


What filesystem is it ?

ext4

Bug#1035096: GRUB not installed or installed to the wrong device

2023-05-26 Thread Pascal Hambourg


On 26/05/2023 at 15:29, Peter Ehlert wrote:


On 5/17/23 10:14, Pascal Hambourg wrote:


1. Copy the attached patched grub-installer onto a second USB drive 
formatted with FAT, ext* or any filesystem type the installer can read.


2. Start the installer (expert install recommended).

3. Between the steps "Load installer components from installation 
media" and "Install the GRUB boot loader", switch to a shell with 
Ctrl+Alt+F2.


4. Connect and mount the second USB drive seen as /dev/sdXY :
# mount -r /dev/sdXY /mnt


I am unable to get it to mount

using blkid I see the second USB as /dev/sdf1 with the label I gave it 
"grub-installer"


however running # mount -r /dev/sdf1 /mnt
says
mount: mounting /dev/sdf1 on /mnt failed: Invalid argument


What filesystem is it ?

Bug#1035096: GRUB not installed or installed to the wrong device

2023-05-26 Thread Peter Ehlert




On 5/17/23 10:14, Pascal Hambourg wrote:

On 17/05/2023 at 16:47, Peter Ehlert wrote:
On May 17, 2023 5:48:14 AM Pascal Hambourg  
wrote:


The proposed patch has not been accepted yet so is not applied to RC3.


Thanks, I was not aware of that.


If you are still willing to test it I can send you instructions.


Yes, I would like to try.
Instructions need to be simple. This is obviously new to me.


1. Copy the attached patched grub-installer onto a second USB drive 
formatted with FAT, ext* or any filesystem type the installer can read.


2. Start the installer (expert install recommended).

3. Between the steps "Load installer components from installation 
media" and "Install the GRUB boot loader", switch to a shell with 
Ctrl+Alt+F2.


4. Connect and mount the second USB drive seen as /dev/sdXY :
# mount -r /dev/sdXY /mnt


I am unable to get it to mount

using blkid I see the second USB as /dev/sdf1 with the label I gave it 
"grub-installer"


however running # mount -r /dev/sdf1 /mnt
says
mount: mounting /dev/sdf1 on /mnt failed: Invalid argument



5. Copy the file (check the executable permission is preserved):
# cp /mnt/grub-installer /usr/bin/grub-installer

6. Unmount and disconnect the USB drive:
# umount /mnt

7. Switch back to the installer with Alt+F1 if text or Alt+F5 if 
graphic, and resume the installation.

Bug#1036796: gwenview: Gwenview fails to show any app icons or thumbnails on fresh install

2023-05-26 Thread Luke Reeves

Package: gwenview
Version: 4:22.12.3-1
Severity: important
X-Debbugs-Cc: luke.ree...@gmail.com

On a fresh bookworm install gwenview (with no existing configuration)
fails to render any of the in-app icons or thumbnails for directories or
images. This is reproducable across the i3 and xfce4 windowing
environments as well as the app itself forwarded on an X-over-SSH
connection.

This could be from not having the full KDE environment being installed
but I assumed the app would still install requirements.

gwenview is still usable to an extent but much slower to navigate with
all the missing UI and images.

Note I have the nvidia drivers for CUDA stuff but the primary GPU is an
Intel iGPU (and as mentioned this is reproducable over remote X
connections where the GPU is not involved).

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gwenview depends on:
ii  kinit  5.103.0-1
ii  kio5.103.0-1
ii  libc6  2.36-9
ii  libcfitsio10   4.2.0-3
ii  libexiv2-270.27.6-1
ii  libgcc-s1  12.2.0-14
ii  libjpeg62-turbo1:2.1.5-2
ii  libkf5activities5  5.103.0-1
ii  libkf5baloo5   5.103.0-2
ii  libkf5completion5  5.103.0-1
ii  libkf5configcore5  5.103.0-2
ii  libkf5configgui5   5.103.0-2
ii  libkf5configwidgets5   5.103.0-1
ii  libkf5coreaddons5  5.103.0-1
ii  libkf5filemetadata35.103.0-1
ii  libkf5guiaddons5   5.103.0-1
ii  libkf5i18n55.103.0-1
ii  libkf5iconthemes5  5.103.0-1
ii  libkf5itemmodels5  5.103.0-1
ii  libkf5itemviews5   5.103.0-1
ii  libkf5jobwidgets5  5.103.0-1
ii  libkf5kdcraw5  22.12.3-1
ii  libkf5kiocore5 5.103.0-1
ii  libkf5kiofilewidgets5  5.103.0-1
ii  libkf5kiogui5  5.103.0-1
ii  libkf5kiowidgets5  5.103.0-1
ii  libkf5notifications5   5.103.0-1
ii  libkf5parts5   5.103.0-1
ii  libkf5purpose-bin  5.103.0-1
ii  libkf5purpose5 5.103.0-1
ii  libkf5service-bin  5.103.0-1
ii  libkf5service5 5.103.0-1
ii  libkf5solid5   5.103.0-1
ii  libkf5widgetsaddons5   5.103.0-1
ii  libkf5xmlgui5  5.103.0-1
ii  libkimageannotator00.6.0-1
ii  liblcms2-2 2.14-2
ii  libphonon4qt5-44:4.11.1-4
ii  libpng16-161.6.39-2
ii  libqt5core5a   5.15.8+dfsg-10
ii  libqt5dbus55.15.8+dfsg-10
ii  libqt5gui5 5.15.8+dfsg-10
ii  libqt5printsupport55.15.8+dfsg-10
ii  libqt5svg5 5.15.8-3
ii  libqt5widgets5 5.15.8+dfsg-10
ii  libqt5x11extras5   5.15.8-2
ii  libstdc++6 12.2.0-14
ii  libtiff6   4.5.0-6
ii  libx11-6   2:1.8.4-2
ii  perl   5.36.0-7
ii  phonon4qt5 4:4.11.1-4

Versions of packages gwenview recommends:
ii  kamera 4:22.12.3-1
ii  kio-extras 4:22.12.3-1
ii  qt5-image-formats-plugins  5.15.8-2

gwenview suggests no packages.

-- no debconf information

Bug#1035390: No updates on mirror submission

2023-05-26 Thread Qontinuum

Hey,

I am not getting any ews on this submission for nearly 1 month now.
--
Qontinuum


signature.asc
Description: PGP signature

Bug#1035691: python3-aiosmtpd: unhandled symlink to directory conversion: /usr/share/doc/python3-aiosmtpd/html/_sources -> ../rst

2023-05-26 Thread Pierre-Elliott Bécue

Hi,

Le jeudi 25 mai 2023 à 16:25:30+0200, Andreas Beckmann a écrit :
> Followup-For: Bug #1035691
> Control: tag -1 patch pending
> 
> I've uploaded a verified fix to DELAYED/1 to reach the bookworm deadline.

Could you upload the patch on salsa (branch=master)?

Otherwise may I apply in your name that patch on the repo?

Will you file the unblock bug or should I do it?

Cheers!

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for principles than to live up to them.


signature.asc
Description: PGP signature

Bug#1036612: use XB-Cnf-Ignore-Commands to let command-not-found suggest plocate

2023-05-26 Thread Andreas Metzler

Control: tags -1 pending
On 2023-05-23 Sebastien Bacher  wrote:
> Package: findutils
> Version: 4.9.0-4
> Severity: wishlist
> Tags: patch
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu mantic ubuntu-patch

> The command-not-found extractor allows to ignore a command
> https://git.launchpad.net/~mvo/command-not-found-extractor/tree/README.md#n27

> In Ubuntu
> https://launchpad.net/ubuntu/+source/findutils/4.6.0+git+20190209-2ubuntu1
> this change was added

>   * debian/control: add locate to XB-Cnf-Ignore-Commands so it is ignored by
> command-not-found as mlocate provides the preferred locate command for
> most users.

Hello Sebastien,

in a perfect world command-not-found would have some concept of
"alternatives" and choose the highest proiority one. But I guess the
metadata for that does not exist, it is all hidden in maintainerscripts.

I have applied the change in GIT. Not having differences between Debian
and Ubuntu is worth something on its own.

cu Andreas

signature.asc
Description: PGP signature

Bug#932957: Please migrate Release Notes to reStructuredText

2023-05-26 Thread James Addison

Package: release-notes
Followup-For: Bug #932957
X-Debbugs-Cc: hwans...@mailbox.org

Hi Holger,

I noticed one more problem with the output of the ReST release-notes:

Filtering of architecture-specific sections does not seem to be taking place,
so the 'Supported Architectures'[1] section for AMD64 currently contains the
text:

  The ARCH-TITLE support (known as the Debian architecture amd64) now requires 
the “long NOP” instruction. Please refer to Baseline for 64-bit PC is now i686 
for more information.

(the ARCH-TITLE placeholder is probably a small fixup - the problem I'd like
to draw attention to is the reference to 64-bit PC / amd64 as i686)

In the Docbook source, there is an 'arch="i386"' annotation[2] on the section's
XML element, so perhaps that is used to filter the content.

Cheers,
James

[1] - 
https://people.debian.org/~holgerw/release-notes_sphinx/en/html/whats-new.html#supported-architectures

[2] - 
https://salsa.debian.org/ddp-team/release-notes/-/blob/698b757e098b7d7ccd7b34b5bb9bda333155fd11/en/whats-new.dbk#L71

Bug#1036530: linux-signed-amd64: Hard lock up of system

2023-05-26 Thread Salvatore Bonaccorso

Control: tags -1 + moreinfo

Hi Nick,

On Fri, May 26, 2023 at 09:25:23AM +0900, Nick Hastings wrote:
> Hi Salvatore,
> 
> thanks for your help. However, I'm now not sure if I really have
> identified the commit that causes my problems. I fear I may have made
> one or more mistakes when setting "git bisect good". I had been under
> the impression that the lock up would happen no more than a few tens of
> minutes after booting, however it seems that sometimes it can take a few
> hours to occur.
> 
> So, I'm running the git bisect again and will be more careful before
> marking "git bisect good". It could take a few days.
> 
> Should this particular bug be closed?

Thanks a lot for reporting back, you time put in into bisect is very
appreciated and valued! No, no need to close this one, as the bug
still persist. Just followup please once you have identified the
culprit with the fresh bisect.

Please do remove by then as well the moreinfo tag again (you can write
a control message with tag -1 - moreinfo, so won't appear as bug
needing information from reporter).

Thank you!

Regards,
Salvatore

Bug#1036782: mailman3: exim4 configurations not up-to-date

2023-05-26 Thread Thomas Krichel

  Pierre-Elliott Bécue writes

> mailman3 doesn't ship these files. No package maintained by the mailman
> team actually seem to put /etc/exim4/conf.d/main/25_mm3_macros or
> /etc/exim4/conf.d/transport/55_mm3_transport.

  ok, if it does not ship these files, my report is erroneous and
  the bug can be closed.



-- 
  Written by Thomas Krichel http://openlib.org/home/krichel on his 21175th day.

Bug#1036795: ITP: sphinx-design -- sphinx extension for creating responsive web components

2023-05-26 Thread Dave Jones

Package: wnpp
Severity: wishlist
Owner: Dave Jones 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: sphinx-design
  Version : 0.4.1
  Upstream Author : Executable Books
* URL : https://sphinx-design.readthedocs.io/en/latest/
* License : MIT
  Programming Lang: Python
  Description : sphinx extension for creating responsive web components

This is the intended successor [1] to the sphinx-panels extension, which 
is currently in Debian. The intent is to maintain it from the python 
team.

[1]: 
https://sphinx-design.readthedocs.io/en/latest/get_started.html#migrating-from-sphinx-panels

Bug#1036623: libclang-common-16-dev: missing LLVM_VERSION_FULL in include path

2023-05-26 Thread Norbert Lange

Package: libclang-common-16-dev
Version: 1:16.0.4-1~exp1
Followup-For: Bug #1036623
X-Debbugs-Cc: nolang...@gmail.com

Both symlinks are broken:

/usr/lib/clang/16/include
/usr/lib/clang/16/lib

(I did not see any adverse effects yet)


-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libclang-common-16-dev depends on:
ii  libllvm16  1:16.0.4-1~exp1

Versions of packages libclang-common-16-dev recommends:
ii  libclang-rt-16-dev  1:16.0.4-1~exp1

libclang-common-16-dev suggests no packages.

-- no debconf information

Bug#1036794: rust-pangocairo: 0.16.3 autopkgtest due to implicit test dependency on newer gir-format-check

2023-05-26 Thread Simon Chopin

Source: rust-pangocairo
Version: 0.16.3-1
Severity: normal
X-Debbugs-Cc: scho...@ubuntu.com

In Ubuntu, we've noticed the pangocairo test suite fails because it
depends on the Errors struct of gir-format-check implementing Display.

Updating gir-format-check to 0.1.2 or above should solve the issue.

-- System Information:
Debian Release: bookworm/sid
  APT prefers lunar-updates
  APT policy: (500, 'lunar-updates'), (500, 'lunar-security'), (500, 'lunar'), 
(100, 'lunar-proposed'), (100, 'lunar-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.2.0-20-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1035543: init-system-helpers: new systemd units may not get enabled on upgrades from bullseye if systemd is installed

2023-05-26 Thread James Addison

On Sun, 14 May 2023 15:21:24 -0400, Ted wrote:
> On Sun, May 14, 2023 at 06:03:59PM +0200, Michael Biebl wrote:
> > > Please reassign it there together with instructions how to fix it, i.e.
> > > what should be done in the maintainer scripts.
>
> Can someone send the instructions on how to fix this?

I think we want to remove the old default.target.wants directory link
and replace it with a multi-user.target.wants link at some point
during the upgrade process.

Would calling the 'reenable' action implemented by
deb-systemd-helper[1] (an equivalent to the corresponding action in
systemctl[2]) during the e2fsprogs postinst script solve the problem?

(the contents of the deb-systemd-helper service state file seem very
relevant here.  for this to work correctly, I think it needs to
contain the old link during the 'disable' step, and then should use
the new link during 'enable'.  I could be mistaken, however.  I have
read #717603 while trying to figure out a solution here)

[1] - 
https://manpages.debian.org/bullseye/init-system-helpers/deb-systemd-helper.1p.en.html

[2] - https://manpages.debian.org/bullseye/systemd/systemctl.1.en.html

Bug#1036474: unblock: debian-edu-fai/2023.05.16.1

2023-05-26 Thread Mike Gabriel


Hi Paul,

On  Mi 24 Mai 2023 18:33:44 CEST, Paul Gevers wrote:


control: tags -1 moreinfo

Hi Mike,

On 21-05-2023 21:38, Mike Gabriel wrote:
In addition to the adduser changes, the diff to testing also  
includes a simple

directory-exists test before writing to it.


See below, I see more. Please elaborate.

+  * bin/debian-edu-faiinstall: Make sure FAI_CONFIGDIR_REAL is set  
before it

+is accessed.


What does this mean functionally? The change was made in 2022-09,  
was it not a problem all that time?


https://salsa.debian.org/debian-edu/debian-edu-fai/-/commit/9d8fba39024dcf407506995bba1e3eb6403b841d

There are two test/dev scenarios:

  * a Git working copy of debian-edu-fai symlinked to /srv/fai/config
  * a copy of /usr/share/debian-edu-fai/config

The first scenario is the one I am using to test changes to the FAI  
config space while developing.


The second scenario is less tested and is broken without the above  
patch (as FAI_CONFIGDIR_REAL never gets set if not a symlink).


diff -Nru debian-edu-fai-2022.04.14.1/fai/config/class/FAIBASE.var  
debian-edu-fai-2023.05.16.1/fai/config/class/FAIBASE.var
--- debian-edu-fai-2022.04.14.1/fai/config/class/FAIBASE.var  
2022-09-16 18:38:21.0 +
+++ debian-edu-fai-2023.05.16.1/fai/config/class/FAIBASE.var  
1970-01-01 00:00:00.0 +

@@ -1,27 +0,0 @@
-# default values for installation. You can override them in your *.var files
-
-# allow installation of packages from unsigned repositories
-FAI_ALLOW_UNSIGNED=1
-
-# Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not.
-UTC=yes
-TIMEZONE=Europe/Berlin
-
-# the hash of the root password for the new installed linux system
-# pw is "fai"
-ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
-ROOTPW='$1$2fO2Hkud$nuSo8D5iUzgzUXBs8afZ8.'
-
-# errors in tasks greater than this value will cause the  
installation to stop

-STOP_ON_ERROR=700
-
-# set parameter for install_packages(8)
-MAXPACKAGES=800
-
-# a user account will be created
-username='spguser'
-USERPW='$1$xwwADosf$LiKds1UMtKaYpHC91FAcy.'
-
-# user / server to use for storing FAI installation logs... (e.g.  
fai@faiserver.intern)

-LOGUSER='fai'
-LOGSERVER='faiserver.intern'


The FAIBASE.var file is runtime cruft which sneaked its way into the  
previous package version. For this version, I removed it again. This  
file has never been committed but got included from my local test  
instance's file system.


Sorry, I forgot to add the info to the initial unblock mail.

Greets,
Mike

--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunwea...@debian.org, http://sunweavers.net



pgp8d9GhIWG6o.pgp
Description: Digitale PGP-Signatur

Bug#1036603: libinventor1: broken symlinks: /usr/share/inventor/fonts/Century-Schoolbook-* -> /usr/share/fonts/X11/Type1/c0590*l.pfb

2023-05-26 Thread Andreas Beckmann


On 26/05/2023 05.01, Steven Robbins wrote:

fonts-urw-base35 does not provide the old "numeric" font names
gsfonts-x11 had.


Thanks for this.  Do you happen to know of a package that does ship those
fonts, even if a different name?


That should be fonts-urw-base35, at least that's what the transitional 
gsfonts-x11 package is depending on. If that does not contain all the 
fonts, we have an additional bug ...



Andreas

Bug#1036782: mailman3: exim4 configurations not up-to-date

2023-05-26 Thread Pierre-Elliott Bécue

tags 1036782 +moreinfo
thanks

Hi,

Thomas Krichel  wrote on 26/05/2023 at 03:10:24+0200:

> Package: mailman3
> Version: 3.3.8-1
> Severity: normal
>
> Dear Maintainer,
>
> exim4/conf.d/main/25_mm3_macros
> exim4/conf.d/transport/55_mm3_transport
>
>   distributed with Mailman3 are not the versions posted at
>
> https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.html#exim4-configuration
>
>   This leads to mailman3 being unusable with exim4. Use
>   of the posted configurations in the document above
>   will fix this. 

mailman3 doesn't ship these files. No package maintained by the mailman
team actually seem to put /etc/exim4/conf.d/main/25_mm3_macros or
/etc/exim4/conf.d/transport/55_mm3_transport.

Could you please ellaborate on your issue?

Regards,
-- 
PEB


signature.asc
Description: PGP signature

Bug#1036793: unblock: qtbase-opensource-src/5.15.8+dfsg-11

2023-05-26 Thread Dmitry Shachnev

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qtbase-opensource-...@packages.debian.org
Control: affects -1 + src:qtbase-opensource-src

Please unblock package qtbase-opensource-src.

[ Reason ]
One more CVE was published for qtbase, CVE-2023-33285 [1].

[ Impact ]
QDnsLookup has a buffer over-read via a crafted reply from a DNS server.

[ Tests ]
No automated tests are run for this package. But QDnsLookup is covered by
tests which are run as part of upstream CI:
tests/auto/network/kernel/qdnslookup/tst_qdnslookup.cpp.

[ Risks ]
This change passed the upstream tests, so it should be safe.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
Also I added DEP-3 headers to the patches from previous upload and renamed
them in a consistent way. This will not affect the binary packages in any way.

The reported piuparts regression is in piuparts itself [2].

unblock qtbase-opensource-src/5.15.8+dfsg-11

[1]: https://security-tracker.debian.org/tracker/CVE-2023-33285
[2]: https://salsa.debian.org/debian/piuparts/-/merge_requests/42

--
Dmitry Shachnev
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+qtbase-opensource-src (5.15.8+dfsg-11) unstable; urgency=medium
+
+  * Rename the patches for consistency and add DEP-3 headers.
+  * Add a patch to fix buffer overflow in QDnsLookup (CVE-2023-33285).
+
+ -- Dmitry Shachnev   Thu, 25 May 2023 13:45:05 +0300
+
 qtbase-opensource-src (5.15.8+dfsg-10) unstable; urgency=medium
 
   * Add patches to fix CVE-2023-32762 and CVE-2023-32763.
--- a/debian/patches/CVE-2023-32762.patch
+++ b/debian/patches/CVE-2023-32762.diff
@@ -1,6 +1,7 @@

- src/network/access/qhsts.cpp |4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+Description: hsts: match header names case insensitively
+ Header field names are always considered to be case-insensitive.
+Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32762-qtbase-5.15.diff
+Last-Update: 2023-05-22
 
 --- a/src/network/access/qhsts.cpp
 +++ b/src/network/access/qhsts.cpp
--- a/debian/patches/cve-2023-32763.diff
+++ b/debian/patches/CVE-2023-32763.diff
@@ -1,7 +1,7 @@

- src/gui/painting/qfixed_p.h  |9 +
- src/gui/text/qtextlayout.cpp |9 ++---
- 2 files changed, 15 insertions(+), 3 deletions(-)
+Description: fix buffer overflow in Qt SVG
+ Adds qAddOverflow and qMulOverflow definitions to QFixed.
+Origin: upstream, https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
+Last-Update: 2023-05-22
 
 --- a/src/gui/painting/qfixed_p.h
 +++ b/src/gui/painting/qfixed_p.h
--- /dev/null
+++ b/debian/patches/CVE-2023-33285.diff
@@ -0,0 +1,77 @@
+Description: QDnsLookup/Unix: make sure we don't overflow the buffer
+ The DNS Records are variable length and encode their size in 16 bits
+ before the Record Data (RDATA). Ensure that both the RDATA and the
+ Record header fields before it fall inside the buffer we have.
+ .
+ Additionally reject any replies containing more than one query records.
+Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7dba2c87619d558a
+Last-Update: 2023-05-25
+
+--- a/src/network/kernel/qdnslookup_unix.cpp
 b/src/network/kernel/qdnslookup_unix.cpp
+@@ -227,7 +227,6 @@ void QDnsLookupRunnable::query(const int
+ // responseLength in case of error, we still can extract the
+ // exact error code from the response.
+ HEADER *header = (HEADER*)response;
+-const int answerCount = ntohs(header->ancount);
+ switch (header->rcode) {
+ case NOERROR:
+ break;
+@@ -260,18 +259,31 @@ void QDnsLookupRunnable::query(const int
+ return;
+ }
+ 
+-// Skip the query host, type (2 bytes) and class (2 bytes).
+ char host[PACKETSZ], answer[PACKETSZ];
+ unsigned char *p = response + sizeof(HEADER);
+-int status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
+-if (status < 0) {
++int status;
++
++if (ntohs(header->qdcount) == 1) {
++// Skip the query host, type (2 bytes) and class (2 bytes).
++status = local_dn_expand(response, response + responseLength, p, host, sizeof(host));
++if (status < 0) {
++reply->error = QDnsLookup::InvalidReplyError;
++reply->errorString = tr("Could not expand domain name");
++return;
++}
++if ((p - response) + status + 4 >= responseLength)
++header->qdcount = 0x;   // invalid reply below
++else
++p += status + 4;
++}
++if (ntohs(header->qdcount) > 1) {
+ reply->error = QDnsLookup::InvalidReplyError;
+-reply->errorString = tr("Could not expand domain name");
++reply->errorString = tr("Invalid reply received");
+ return;
+ }
+-p +=

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Salvatore Bonaccorso

hey all,

I was involved with a discussion on site here in Hamburg with Paul
about it.

On Fri, May 26, 2023 at 10:58:48AM +0200, Moritz Muehlenhoff wrote:
> On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> > First of all trapperkeeper-webserver-jetty9-clojure should add a build-
> > dependency on logback to detect such regressions in advance.
> > 
> > #1036250 is mainly a logback problem, not a tomcat problem. I still would 
> > like
> > to hear Emmanuel's opinion. We still could revert to libtomcat9-java, if we
> > don't find a solution though.
> > 
> > The tomcatjss / dogtag-pki situation is simple too. If there is no way to 
> > make
> > the application work with Tomcat 10, then there are three options:
> > 
> > 1. Embed Tomcat 9 in your application by creating a standalone jar
> > 
> > 2. Continue to use the current Tomcat 9 package as is but make sure that 
> > nobody
> > else than dogtag-pki uses it. (Package descriptions should be adjusted, and 
> > the
> > binary tomcat9 package should be probably removed too) Nobody should think 
> > that
> > we support two major Tomcat versions.
> > 
> > In any case the dogtag-pki maintainers must commit to at least three years 
> > of
> > security support, web application + Tomcat 9. Otherwise this is pointless.
> > 
> > 3. Remove dogtag-pki and tomcatjss from testing and prepare backports as 
> > soon
> > as dogtag-pki and Co support Tomcat 10.
> 
> Can't we just do the pragmatic fix of updating src:tomcat9 to only ship
> libtomcat9-java and libtomcat9-embed-java? The maintenance burden for
> security updates lies within the server stack, the percentage of issues
> affecting the libtomcat9-java binary packages as used by rdeps will be small
> to none?

This indeed would have been the most desirable and pragmatic appraoch,
which was looked at, but my (limited!) understanding of the situation
is still that this won't work out as we have dogtak-pki's pki-server
binary package depending on tomcat9-user:

respighi:~$ dak rm --suite=bookworm -n -R -b tomcat9-user
Will remove the following packages from bookworm:

tomcat9-user |   9.0.70-1 | all

Maintainer: Debian Java Maintainers 


--- Reason ---

--

Checking reverse dependencies...
# Broken Depends:
dogtag-pki: pki-server

Dependency problem found.

See the followup on that by Markus in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034824#45 the
answer seems to be from the the answer from Timo Aaltonen, that a
switch to tomcat10-user won't work ...

Thus the proposal to at this stage keep in need the both source
packages. Paul made another way forward in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034824#98 which now
involves one dependency rollback and documenting in release note and
debian-security-support what support level we can we expect during the
bookworm cycle for src:tomcat9.

To otherwise drop tomcat9 and tomcat9-user binary package it would be
needed to drop as well dogtag-pki.

Does this make sense for you Moritz?

Salvatore

Bug#1034855: trapperkeeper-webserver-jetty9-clojure: FTBFS in testing:

2023-05-26 Thread Emmanuel Bourg


Le 22/05/2023 à 18:27, Markus Koschany a écrit :


Can you think of a simpler solution for this problem?


I'll get a look. Intuitively I think that if no Tomcat internals are 
used, the javax.servlet classes should still be used since Tomcat 10 
works with both javax and jakarta namespaces.


If necessary we may also consider using the tomcat-jakartaee-migration 
tool at build time instead of patching the source files.


Emmanuel

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Emmanuel Bourg


Le 26/05/2023 à 10:58, Moritz Muehlenhoff a écrit :


Can't we just do the pragmatic fix of updating src:tomcat9 to only ship
libtomcat9-java and libtomcat9-embed-java? The maintenance burden for
security updates lies within the server stack, the percentage of issues
affecting the libtomcat9-java binary packages as used by rdeps will be small
to none?


dogtag-pki has a popcon of 4, do we really want to keep that package and 
tomcat9 for so few users? It could come back later in Bookworm as a 
backport once it supports Tomcat 10.


If tomcat9 is kept in Bookworm most users won't realize it's no longer 
supported. I think we should add a prominent warning in the NEWS file 
that it's not supported. I'd even suggest disabling the tomcat9 service 
when upgrading to force the users to act (either migrate to tomcat10, or 
re-enabling it willingly).


Emmanuel Bourg

Bug#1036249: closure-compiler: #1036159

2023-05-26 Thread Paul Gevers


Hi Markus,

On 25-05-2023 23:47, Markus Koschany wrote:

Since I could not find a targeted fix I decided to remove the dependency on
rhino 1.7.14 and embedded rhino 1.7.7.2 instead, the last version that worked
well for closure-compiler.



I have rebuilt all reverse-dependencies and this would resolve the problem.


As you tested all reverse-dependencies, let's do this. Again, awfully 
late, but I don't see a better way out.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036584: libopenjpip-viewer: broken symlink: /usr/bin/opj_jpip_viewer -> ../share/opj_jpip_viewer/opj_jpip_viewer.jar

2023-05-26 Thread Mathieu Malaterre

Le jeu. 25 mai 2023, 19:15, Andreas Metzler  a écrit :

> Hello,
>
> if you have not got time for an upload I can look into it.
>

Yes please ! Thanks very much

> cu Andreas
>
>

Bug#1036792: libjs-jquery-flot: pie chart broken because of missing js code

2023-05-26 Thread Eric Le Lay

Package: libjs-jquery-flot
Version: 4.2.1+dfsg-6
Severity: important

Dear Maintainer,
pie chart are broken in flot due to missing jquery.flot.pie.js code.

Steps to reproduce:
 1. apt install libjs-jquery-flot libjs-jquery-flot-docs
 2. firefox /usr/share/doc/libjs-jquery-flot-docs/examples/series-pie/index.html

Expected outcome: the pie chart shows up nicely

Actual outcome: empty X/Y chart

Furthermore, we can see that the plugin is not loaded, by inspecting 
$.plot.plugins:

console.log($.plot.plugins.map(x => x.name).join(", "))
==> errorbars, log, symbols, flatdata, navigate, fillbetween, categories, 
stack, navigateTouch, hover, navigateTouch, time, axisLabels, selection, 
composeImages, legend

Expected: "pie" is in the array
Actual: it's not there

curl \

https://salsa.debian.org/js-team/flot/-/raw/debian/4.2.1+dfsg-5/source/jquery.flot.pie.js
 \
-o /usr/share/javascript/flot/jquery.flot.pie.js

fixes the problem.



-- System Information:
Debian Release: 11.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-22-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE, TAINT_AUX
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libjs-jquery-flot depends on:
ii  libjs-jquery  3.5.1+dfsg+~3.5.5-7

Versions of packages libjs-jquery-flot recommends:
ii  javascript-common  11+nmu1
pn  libjs-excanvas 

Versions of packages libjs-jquery-flot suggests:
ii  libjs-jquery-flot-docs  4.2.1+dfsg-5

-- no debconf information

Bug#1034168: RFS: profile-cleaner/2.44-1 [ITP] -- Reduces browser profile size by cleaning their sqlite databases

2023-05-26 Thread Peter B


On 24/05/2023 22:04, Tobias Frost wrote:



It seems that the source is missing (the input file for txt2man)?
It would be nice to have this and create the manpage at build time.
(Can you ask upstream to include the source file of the manpage?)


Now building the man page from source text.

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Moritz Muehlenhoff

On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> First of all trapperkeeper-webserver-jetty9-clojure should add a build-
> dependency on logback to detect such regressions in advance.
> 
> #1036250 is mainly a logback problem, not a tomcat problem. I still would like
> to hear Emmanuel's opinion. We still could revert to libtomcat9-java, if we
> don't find a solution though.
> 
> The tomcatjss / dogtag-pki situation is simple too. If there is no way to make
> the application work with Tomcat 10, then there are three options:
> 
> 1. Embed Tomcat 9 in your application by creating a standalone jar
> 
> 2. Continue to use the current Tomcat 9 package as is but make sure that 
> nobody
> else than dogtag-pki uses it. (Package descriptions should be adjusted, and 
> the
> binary tomcat9 package should be probably removed too) Nobody should think 
> that
> we support two major Tomcat versions.
> 
> In any case the dogtag-pki maintainers must commit to at least three years of
> security support, web application + Tomcat 9. Otherwise this is pointless.
> 
> 3. Remove dogtag-pki and tomcatjss from testing and prepare backports as soon
> as dogtag-pki and Co support Tomcat 10.

Can't we just do the pragmatic fix of updating src:tomcat9 to only ship
libtomcat9-java and libtomcat9-embed-java? The maintenance burden for
security updates lies within the server stack, the percentage of issues
affecting the libtomcat9-java binary packages as used by rdeps will be small
to none?

Cheers,
Moritz

Bug#1014943: waybar: fork-awesome alternatives

2023-05-26 Thread Philip Hands

Package: waybar
Version: 0.9.17-2
Followup-For: Bug #1014943

Dear Maintainer,

I also hit this bug.

As mentioned Fork Awesome is available in Debian, so instead of these:

  0xf76b     temperature-low
  0xf769     temperature-high

one can use these:

  https://forkaweso.me/Fork-Awesome/icon/thermometer-empty/
0xf2cb      fa-thermometer-empty
  https://forkaweso.me/Fork-Awesome/icon/thermometer-full/
0xf2c7      fa-thermometer-full

For my own setup, I've also changed the brightness config, thus:

  // "format-icons": ["", "", "", "", "", "", "", "", ""]
  "format-icons": ["", ""]

using these:
  https://forkaweso.me/Fork-Awesome/icon/sun/
  https://forkaweso.me/Fork-Awesome/icon/sun-o/

(I've no idea what the original series of icons were supposed to be indicating,
but those two at least give one something that is brightness related, which
seems like a step forward.)

Oh, and I've just noticed that I'm yet to find an alternative for whatever the
symbol is meant to be when one is charging the battery.

Cheers, Phil.
-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (99, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages waybar depends on:
ii  init-system-helpers 1.65.2
ii  libatkmm-1.6-1v52.28.3-1
ii  libc6   2.36-9
ii  libcairomm-1.0-1v5  1.14.4-2
ii  libdate-tz3 3.0.1+ds-5
ii  libdbusmenu-gtk3-4  18.10.20180917~bzr492+repack1-3
ii  libevdev2   1.13.0+dfsg-1
ii  libfmt9 9.1.0+ds1-2
ii  libgcc-s1   12.2.0-14
ii  libglib2.0-02.74.6-2
ii  libglibmm-2.4-1v5   2.66.5-2
ii  libgtk-3-0  3.24.37-2
ii  libgtk-layer-shell0 0.8.0-1
ii  libgtkmm-3.0-1v53.24.7-1
ii  libinput10  1.22.1-1
ii  libjack-jackd2-0 [libjack-0.125]1.9.21~dfsg-3
ii  libjsoncpp251.9.5-4
ii  libmpdclient2   2.20-1+b1
ii  libnl-3-200 3.7.0-0.2+b1
ii  libnl-genl-3-2003.7.0-0.2+b1
ii  libpulse0   16.1+dfsg1-2+b1
ii  libsigc++-2.0-0v5   2.12.0-1
ii  libsndio7.0 1.9.0-0.3+b2
ii  libspdlog1.10 [libspdlog1.10-fmt9]  1:1.10.0+ds-0.4
ii  libstdc++6  12.2.0-14
ii  libudev1252.6-1
ii  libupower-glib3 0.99.20-2
ii  libwayland-client0  1.21.0-1
ii  libwireplumber-0.4-00.4.13-1
ii  libxkbregistry0 1.5.0-1

waybar recommends no packages.

Versions of packages waybar suggests:
ii  fonts-font-awesome  5.0.10+really4.7.0~dfsg-4.1
pn  libappindicator3-1  
ii  sway1.7-6

-- no debconf information

Bug#1034824: tomcat9 should not be released with Bookworm

2023-05-26 Thread Paul Gevers


Control: clone -1 -2 -3
Control: reassign -2 release-notes
Control: reassign -3 debian-security-support
Control: tag -1 bookworm-ignore

Hi,

On 26-05-2023 00:10, Markus Koschany wrote:

#1036250 is mainly a logback problem, not a tomcat problem. I still would like
to hear Emmanuel's opinion. We still could revert to libtomcat9-java, if we
don't find a solution though.


I want the logback changes reverted and go back to tomcat9. We'll ship 
two versions. We failed to remove tomcat9 properly and it's well past 
the line where we can try more variant. Just like the apt/adduser 
situation where we stopped experimenting, let's go back to the situation 
we know and understand.



The tomcatjss / dogtag-pki situation is simple too.


Small note, I don't like you framing the situation simple. The time 
pressure is huge. The tomcat9 situation has drained a lot of energy 
already, so no, it's not simple.



If there is no way to make
the application work with Tomcat 10, then there are three options:



2. Continue to use the current Tomcat 9 package as is but make sure that nobody
else than dogtag-pki uses it. (Package descriptions should be adjusted, and the
binary tomcat9 package should be probably removed too) Nobody should think that
we support two major Tomcat versions.


I think we have no *reasonable* other option than to do that somewhat. 
So let's make this clear in the release notes and in 
debian-security-support. I propose something along these lines for the 
release notes:


Although tomcat9 and tomcat9-user are shipped with bookworm next to 
tomcat10 binaries, they are exclusively supported for use with 
dogtag-pki. Users of dogtag-pki have to ensure they run the application 
in a sufficiently trusted network.


Paul (and Salvatore)


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1036789: libpython3.12-testsuite: fails to install: SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?

2023-05-26 Thread Andreas Beckmann

Package: libpython3.12-testsuite
Version: 3.12.0~b1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Setting up libpython3.12-testsuite (3.12.0~b1-1) ...
File "/usr/lib/python3.12/test/test_lib2to3/data/bom.py", line 2
  print "BOM BOOM!"
  ^
  SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
  dpkg: error processing package libpython3.12-testsuite (--configure):
   installed libpython3.12-testsuite package post-installation script 
subprocess returned error exit status 1
  Processing triggers for libc-bin (2.36-9) ...
  Errors were encountered while processing:
   libpython3.12-testsuite


cheers,

Andreas


libpython3.12-testsuite_3.12.0~b1-1.log.gz
Description: application/gzip

Bug#1036780: hw-detect: detect and add bochs/cirrus to the initramfs

2023-05-26 Thread Cyril Brulebois

Control: clone -1 -2
Control: reassign -2 finish-install
Control: retitle -2 finish-install: detect and add bochs/cirrus to the initramfs

Cyril Brulebois  (2023-05-26):
> Therefore, I'm considering detecting when bochs.ko and/or cirrus.ko are
> loaded, adding them to /etc/initramfs-tools/modules, and requesting an
> update-initramfs call (see #1036019).

This last reference was meant to be #1036779 instead, which I've just
followed up to. Since there is no easy/quick fix for the reasons
mentioned there, I'm going to:
 - keep -1 against hw-detect for the long term (it still feels better
   to have hw-detect be knowledgeable about HW problems…), once we
   implement factorization.
 - implement -2 in finish-install, and make sure to avoid a double u-i
   run if we happen to have both LUKS and bochs/cirrus.

This means a single upload, keeping track of an extra variable within a
single finish-install script, and coming up with a better long term
solution later.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036779: finish-install: factorize update-initramfs calls

2023-05-26 Thread Cyril Brulebois

This isn't going to be fully addressed for Bookworm, or even at all.

Cyril Brulebois  (2023-05-26):
> At the moment, and only looking at our packages, there are several
> finish-install hooks that might trigger an update-initramfs call:
>  - hw-detect might deploy a CPU microcode package;

There's actually an explicit u-i call here, but only to adjust a
modprobe blacklist, in some Oracle-related code path.

The u-i call via microcode installation, directly from their postinst
script, so we couldn't really skip them, unless we were to cheat and
temporarily make /usr/sbin/update-initramfs -x (which seems fragile).

So this part wouldn't benefit directly from this factorization.

> Additionally, due to #1036019, one might get a garbled LUKS prompt, and
> I'm considering adding some kind of detection. This would likely be
> along the way of “if bochs or cirrus are loaded, add them to i-t's
> modules and rebuild the initramfs”, making sure the LUKS prompt would be
> readable, and increasing chances of seeing error messages if the boot
> breaks early. First instinct was hw-detect's finish-install script, but
> thinking a bit more and filing the actual report still remain to be
> done.

This is https://bugs.debian.org/1036780 now. It really feels like
hw-detect is a better place than finish-install itself… but maybe I'll
paper over it via a single finish-install tweak for now, and revisit the
whole thing once we implement factorization.

> (Of course, this doesn't change the fact there might be multiple runs
> earlier; I'm only looking at the “final” run, within finish-install's
> realm.)

And as mentioned above, this is also the case when installing
*-microcode packages… :/


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1036778: ckbuilder: must be rebuilt against rhino 1.7.14

2023-05-26 Thread Paul Gevers


Control: reopen -1
Control: block -1 by 1036249

Hi,

On Thu, 25 May 2023 23:15:30 +0200 Markus Koschany  wrote:

ckbuilder must be rebuilt against rhino 1.7.14. This is a no-change
rebuild. Otherwise ckeditor will continue to FTBFS. This was already
reported in #1026639. This issue has also been reported upstream as

https://github.com/ckeditor/ckbuilder/issues/34

Back then we decided to upgrade rhino but in fact ckbuilder could have
also added the --add-exports java.desktop/sun.java2d=ALL-UNNAMED flag.


Should we clone this bug to ensure we have a proper (tracking) solution 
after the bookworm release. If binaries need rebuilds for new versions 
of build dependencies, we need to figure out how we can automatically 
detect that. One way (very unpretty) is to hardcode the version which 
it's going to be build against, than dose [1] will at least tell us.



The rebuild should be done after #1036249 in closure-compiler has been
resolved.


Which is not the case yet, is the 2.4.3+dfsg-2 upload futile and should 
this bug be reopened? (To be safe, I'm reopening now).


Paul

[1] https://qa.debian.org/dose/debcheck/src_testing_main/index.html


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1032821: smartmontools: Please remove files in /tmp/ after email is sent

2023-05-26 Thread Petter Reinholdtsen



Hi.  Do you need help fixing this issue?

-- 
Happy hacking
Petter Reinholdtsen

Bug#1036787: unblock: jed/0.99.20~pre.178+dfsg-6

2023-05-26 Thread Rafael Laboissière

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: 1035...@bugs.debian.org, j...@packages.debian.org
Control: affects -1 + src:jed

Please unblock package jed.

The version in unstable fixes the RC bug #1036096. This bug was intended 
to be fixed in version jed/0.99.20~pre.178+dfsg-5 of the package, but was 
reopened by Andreas Beckmann, who spotted a problem in the 
{jed,xjed}.maintscript files, namely the lack of epoch in version 
numbers.

I am attaching to this message the debdiff between versions 
0.99.20~pre.178+dfsg-5 and -6.

unblock jed/0.99.20~pre.178+dfsg-6

Best,

Rafael Laboissière
diff -Nru jed-0.99.20~pre.178+dfsg/debian/changelog 
jed-0.99.20~pre.178+dfsg/debian/changelog
--- jed-0.99.20~pre.178+dfsg/debian/changelog   2023-05-16 14:19:52.0 
-0300
+++ jed-0.99.20~pre.178+dfsg/debian/changelog   2023-05-25 04:40:36.0 
-0300
@@ -1,3 +1,15 @@
+jed (1:0.99.20~pre.178+dfsg-6) unstable; urgency=medium
+
+  * d/*.maintscript: Add epoch to the version number in symlink_to_dir setting.
+The version in the {jed,xjed}.maintscript files is bumped to
+1:0.99.20~pre.178+dfsg-6~, such that the cleanup is performed on both
+upgrades from stable to testing (missed cleanup) and from testing to
+unstable (fixed cleanup).
+Thanks to Andreas Beckmann for spotting the problem and suggesting its 
solution.
+(Closes: #1036096)
+
+ -- Rafael Laboissière   Thu, 25 May 2023 04:40:36 -0300
+
 jed (1:0.99.20~pre.178+dfsg-5) unstable; urgency=medium
 
   * Add files d/{jed,xjed}.maintscript.
diff -Nru jed-0.99.20~pre.178+dfsg/debian/jed.maintscript 
jed-0.99.20~pre.178+dfsg/debian/jed.maintscript
--- jed-0.99.20~pre.178+dfsg/debian/jed.maintscript 2023-05-16 
14:19:52.0 -0300
+++ jed-0.99.20~pre.178+dfsg/debian/jed.maintscript 2023-05-25 
04:32:20.0 -0300
@@ -1 +1 @@
-symlink_to_dir /usr/share/doc/jed jed-common 0.99.20~pre.151+dfsg-1~
+symlink_to_dir /usr/share/doc/jed jed-common 1:0.99.20~pre.178+dfsg-6~
diff -Nru jed-0.99.20~pre.178+dfsg/debian/xjed.maintscript 
jed-0.99.20~pre.178+dfsg/debian/xjed.maintscript
--- jed-0.99.20~pre.178+dfsg/debian/xjed.maintscript2023-05-16 
14:19:52.0 -0300
+++ jed-0.99.20~pre.178+dfsg/debian/xjed.maintscript2023-05-25 
04:32:11.0 -0300
@@ -1 +1 @@
-symlink_to_dir /usr/share/doc/xjed jed-common 0.99.20~pre.151+dfsg-1~
+symlink_to_dir /usr/share/doc/xjed jed-common 1:0.99.20~pre.178+dfsg-6~

Bug#1036786: add note about ganeti being broken by kernel bug

2023-05-26 Thread Paul Gevers


Package: release-notes

Hi,

As just agreed with carnil, in section "5.4 Known severe bugs" we want 
the bug against the kernel to mention it affects ganeti


Paul


OpenPGP_signature
Description: OpenPGP digital signature

96 matches

Mail list logo