Bug#1039051: RFA: gforth -- GNU Forth Language Environment

[Peter Pentchev]

Package: wnpp
Severity: normal
X-Debbugs-Cc: gfo...@packages.debian.org, r...@debian.org
Control: affects -1 + src:gforth

I request an adopter for the gforth package. Turns out that in the past
couple of years I have not given it enough care and attention.

There is a Git repository containing all my Debian packaging work at
https://gitlab.com/gforth/pkg-debian-full

The package was in good shape at the time of its last update, but
things have moved on since then. Notably, I tried to bring in some
new upstream beta versions every now and then, but they failed their
build-time tests, and it would appear overly optimistic to keep
pretending that I will track those test failures down.

The package description is:
 This is the GNU'ish implementation of a Forth programming environment.
 .
 Forth, as a language, is best known for being stack-based, and completely
 extensible.  Each Forth environment provides one or more dictionaries of
 pre-defined words, and programming in Forth consists of defining and
 executing new words that are combinations of previously defined words.  It
 has been said that learning Forth changes forever the way you think about
 writing programs.
 .
 For more information about Forth, visit the Forth Interest Group web site
 at http://www.forth.org/fig.html.

Thanks in advance to whomever picks this package up!



signature.asc
Description: PGP signature

Bug#1039050: foliate: Suddenly aborts after about a minute

[Brian Vaughan]

Package: foliate
Version: 2.6.4-1+dfsg3
Severity: important
X-Debbugs-Cc: bgvaug...@gmail.com

After opening a document, foliate suddenly aborts, after perhaps a minute.
There's no action being taken by the user at the moment it exits.

Console showed these two errors after launch:

(com.github.johnfactotum.Foliate:33325): Gjs-WARNING **: 19:42:48.901:
Unhandled promise rejection. To suppress this warning, add an error handler to
your promise chain with .catch() or a try-catch block around your await
expression. Stack trace of the failed promise:
  main@resource:///com/github/johnfactotum/Foliate/js/main.js:478:24
  run@resource:///org/gnome/gjs/modules/script/package.js:206:19
  @/usr/bin/foliate:9:17


(com.github.johnfactotum.Foliate:33325): Gjs-WARNING **: 19:43:09.468:
Unhandled promise rejection. To suppress this warning, add an error handler to
your promise chain with .catch() or a try-catch block around your await
expression. Stack trace of the failed promise:
  main@resource:///com/github/johnfactotum/Foliate/js/main.js:478:24
  run@resource:///org/gnome/gjs/modules/script/package.js:206:19
  @/usr/bin/foliate:9:17


And this error after foliate aborts:

***MEMORY-ERROR***: com.github.johnfactotum.Foliate[33325]: GSlice: assertion
failed: sinfo->n_allocated > 0
Aborted



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages foliate depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  gir1.2-webkit2-4.0   2.40.2-1
ii  gjs  1.74.3-1
ii  python3  3.11.2-1+b1

Versions of packages foliate recommends:
ii  gnome-epub-thumbnailer  1.7-3

foliate suggests no packages.

-- no debconf information

Bug#1039049: coreutils: tail: --pid=0 allowed(?) and appears to disable the pid functionality

[наб]

Package: coreutils
Version: 9.1-1
Severity: normal

Dear Maintainer,

Quoth tail(1):
   --pid=PID
  with -f, terminate after process ID, PID dies

Discounting the weird phrasing, the functionality is clear,
as is the domain: processes have IDs in [1, system_limit)
([1, kernel.pid_max) under linux).

If tail --pid=-1 were accepted, then one would expect tail --pid=0 to
behave the same way.

But tail --pid=-1 is forbidden
(since by definition no process may have a negative PID),
but tail --pid=0 is allowed and just does nothing, even though it's
precisely the same case as -1?

Best,
наб

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages coreutils depends on:
ii  libacl1  2.3.1-3
ii  libattr1 1:2.5.1-4
ii  libc62.36-9
ii  libgmp10 2:6.2.1+dfsg1-1.1
ii  libselinux1  3.4-1+b6

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1039048: php-doctrine-cache: unsatisfiable build dependency

[Peter Michael Green]

Package: php-doctrine-cache
Version: 2.2.0-1
Severity: serious
Tags: trixie, sid

php-doctrine-cache build-depends on php-nrk-predis which
was a transitional dummy package in bookworm and no
longer exists in trixie or sid.

Presumablly the build-dependency should be changed to
php-predis.

Bug#1038746: (python-cryptography) build dependency missing in testing

[Peter Michael Green]

tags 1038746 +patch
thanks


Dose [1] is reporting issues with your packages. Normally your build
dependencies shouldn't be removed from testing without removal all
reverse build dependencies too, nor should a package be allowed to
migrate unless all build dependencies are candidate for migration too.
However, somehow we ended up in the current state

The "somehow" is that testing migration only checks build
dependencies in the forward direction, not in reverse. So a
new version of a package that breaks your build-dependencies
can and often does migrate. Specifically this was caused by
the recent update of rust-pyo3.

Anyway, a debdiff is attatched, I may or may not NMU this
later.
diff -Nru python-cryptography-38.0.4/debian/changelog 
python-cryptography-38.0.4/debian/changelog
--- python-cryptography-38.0.4/debian/changelog 2023-02-28 05:36:13.0 
+
+++ python-cryptography-38.0.4/debian/changelog 2023-06-25 00:58:26.0 
+
@@ -1,3 +1,13 @@
+python-cryptography (38.0.4-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Don't depend on librust-indoc-dev, it's not used directly,
+instead depend on the "default" feature of librust-pyo3-dev.
+  * Apply adjusted upstream patch for py03 0.19 and bump
+dependencies accordingly.
+
+ -- Peter Michael Green   Sun, 25 Jun 2023 00:58:26 +
+
 python-cryptography (38.0.4-3) unstable; urgency=medium
 
   [ Salvatore Bonaccorso ]
diff -Nru python-cryptography-38.0.4/debian/control 
python-cryptography-38.0.4/debian/control
--- python-cryptography-38.0.4/debian/control   2023-02-28 05:36:13.0 
+
+++ python-cryptography-38.0.4/debian/control   2023-06-25 00:58:26.0 
+
@@ -12,12 +12,12 @@
librust-asn1-0.12-dev,
librust-asn1-derive-0.12-dev,
librust-chrono-0.4-dev,
-   librust-indoc-dev,
librust-ouroboros-0.15-dev,
librust-paste-dev,
librust-pem-1.0-dev,
-   librust-pyo3-0.17-dev,
-   librust-pyo3-macros-0.17-dev,
+   librust-pyo3-0.19-dev,
+   librust-pyo3-0.19+default-dev,
+   librust-pyo3-macros-0.19-dev,
libssl-dev,
pybuild-plugin-pyproject,
python3-all-dev,
diff -Nru python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch 
python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch
--- python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch   
1970-01-01 00:00:00.0 +
+++ python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch   
2023-06-25 00:58:26.0 +
@@ -0,0 +1,13 @@
+Index: python-cryptography-38.0.4.new/src/rust/Cargo.toml
+===
+--- python-cryptography-38.0.4.new.orig/src/rust/Cargo.toml
 python-cryptography-38.0.4.new/src/rust/Cargo.toml
+@@ -7,7 +7,7 @@ publish = false
+ 
+ [dependencies]
+ once_cell = "1"
+-pyo3 = { version = "0.17" }
++pyo3 = { version = "0.19" }
+ asn1 = { version = "0.12", default-features = false, features = ["derive"] }
+ pem = ">= 1.0, < 1.2"
+ chrono = { version = "0.4", default-features = false, features = ["alloc", 
"clock"] }
diff -Nru python-cryptography-38.0.4/debian/patches/series 
python-cryptography-38.0.4/debian/patches/series
--- python-cryptography-38.0.4/debian/patches/series2023-02-28 
05:36:13.0 +
+++ python-cryptography-38.0.4/debian/patches/series2023-06-25 
00:58:26.0 +
@@ -6,3 +6,4 @@
 ease-chrono-dependency-from-0.4.22-to-0.4.patch
 drop-cffi-dep.patch
 Don-t-allow-update_into-to-mutate-immutable-objects-.patch
+Upgrade-to-pyo3-0.19.patch
diff -Nru python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch 
python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch
--- python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch
1970-01-01 00:00:00.0 +
+++ python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch
2023-06-25 00:58:26.0 +
@@ -0,0 +1,71 @@
+This patch is based on the upstream commit described below, adapted for use
+in the Debian package by Peter Michael Green.
+
+commit b1cfa3adef986ef3466b080263911e8d79ec6141
+Author: Alex Gaynor 
+Date:   Wed May 31 16:27:10 2023 -0400
+
+pyo3 0.19 (#8999)
+
+* Bump pyo3 from 0.18.3 to 0.19.0 in /src/rust
+
+Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.18.3 to 0.19.0.
+- [Release notes](https://github.com/pyo3/pyo3/releases)
+- [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
+- [Commits](https://github.com/pyo3/pyo3/compare/v0.18.3...v0.19.0)
+
+---
+updated-dependencies:
+- dependency-name: pyo3
+  dependency-type: direct:production
+  update-type: version-update:semver-minor
+...
+
+Signed-off-by: dependabot[bot] 
+
+* pyo3 0.19
+
+-
+
+

Bug#1012218: firefox: fix ftbfs on riscv64

[Bo YU]

Source: firefox
Followup-For: Bug #1012218

Dear Maintainer,

Now the riscv64 has in a good shape on Debian and it will be added
into archive soon. So it will be important for many Debian riscv64
users if we have a modern browser.

Yeah, I have built it with many versions outside Debian archives[0] to keep 
this,
fortunately, the riscv64 firefox on Debian can work unless we tested on
like jit for a long time.

From [1], if without any patch, the build will be hang during ld phrase
according to my experience. In past I have built it on Unmatched
boards, which as Debian riscv64 buildd machines, with the patch.
I know the patch is not perfect but I need your help to tell me which
point need to be modified. Given the riscv64 buildd machies'
performance, I think we can do the triky. Once we have more power buildd
machines we can drop it. So what is your opinion here?

Any help would be greatly appreciated!

[0]: http://vimer.f3322.net:63015/firefox/
[1]: 
https://buildd.debian.org/status/fetch.php?pkg=firefox=riscv64=114.0-1=1686186289=0
-- 
Regards,
--
  Bo YU

diff -Nru firefox-114.0.2/debian/browser.mozconfig.in 
firefox-114.0.2/debian/browser.mozconfig.in
--- firefox-114.0.2/debian/browser.mozconfig.in 2023-06-22 12:53:33.0 
+0800
+++ firefox-114.0.2/debian/browser.mozconfig.in 2023-06-23 23:11:10.0 
+0800
@@ -33,3 +33,12 @@
 %if DIST == bullseye || DIST == buster || DIST == stretch || DEB_HOST_ARCH == 
s390x
 ac_add_options --without-wasm-sandboxed-libraries
 %endif
+# riscv64
+%if DEB_HOST_ARCH == riscv64
+ac_add_options --disable-debug
+ac_add_options --disable-lto
+ac_add_options --disable-debug-symbols
+ac_add_options --disable-geckodriver
+ac_add_options --enable-linker=bfd
+ac_add_options --enable-jit
+%endif
diff -Nru firefox-114.0.2/debian/changelog firefox-114.0.2/debian/changelog
--- firefox-114.0.2/debian/changelog2023-06-22 12:54:23.0 +0800
+++ firefox-114.0.2/debian/changelog2023-06-23 23:11:10.0 +0800
@@ -1,3 +1,10 @@
+firefox (114.0.2-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * support riscv64
+
+ -- Bo YU   Fri, 23 Jun 2023 23:11:10 +0800
+
 firefox (114.0.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru firefox-114.0.2/debian/rules firefox-114.0.2/debian/rules
--- firefox-114.0.2/debian/rules2023-06-22 12:54:16.0 +0800
+++ firefox-114.0.2/debian/rules2023-06-23 23:11:00.0 +0800
@@ -38,7 +38,11 @@
 $(foreach lib,$(sort $(call uc,$(SYSTEM_LIBS))),$(eval $(call 
system_lib,$(lib
 
 OFFICIAL_BRANDING := browser/branding/official
-MOZILLA_OFFICIAL := 1
+
+ifneq (riscv64,$(DEB_HOST_ARCH))
+   MOZILLA_OFFICIAL := 1
+endif
+
 # ESR, Beta and Releases use the official branding
 ifneq (,$(filter release beta esr%,$(SHORT_SOURCE_CHANNEL)))
 BRANDING ?= $(OFFICIAL_BRANDING)
@@ -100,7 +104,9 @@
 # Make the linker generate compressed debug sections. dh_strip would do
 # the same anyways, but it allows elfhack to work in combination with
 # unstripped binaries when they would normally be larger than 2GiB.
-LDFLAGS += -Wl,--compress-debug-sections=zlib
+ifneq (riscv64,$(DEB_HOST_ARCH))
+  LDFLAGS += -Wl,--compress-debug-sections=zlib
+endif
 
 # Disable debug symbols when building on 32-bits machines, because
 # a) the rust compiler can't deal with it in the available address


signature.asc
Description: PGP signature

Bug#1034903: Possible missing firmware /lib/firmware/amdgpu/sienna_cichlid_mes.bin navi10_mes.bin for module amdgpu

[Chen, Guchun]

[Public]

> -Original Message-
> From: amd-gfx  On Behalf Of Alex
> Deucher
> Sent: Saturday, June 24, 2023 12:34 AM
> To: Ben Hutchings 
> Cc: xiao sheng wen(肖盛文） ;
> 1034...@bugs.debian.org; amd-...@lists.freedesktop.org
> Subject: Re: Possible missing firmware
> /lib/firmware/amdgpu/sienna_cichlid_mes.bin navi10_mes.bin for module
> amdgpu
>
> On Wed, Jun 21, 2023 at 11:38 AM Ben Hutchings 
> wrote:
> >
> > On Thu, 27 Apr 2023 15:43:28 +0800 xiao sheng wen(肖盛文）
> >  wrote:
> > > Package: firmware-amd-graphics
> > > Version: 20230310-1~exp1
> > > Severity: normal
> > > X-Debbugs-Cc: atzli...@sina.com
> > >
> > > Hi,
> > >
> > >  When I upgrade to kernel 5.10.0-22-arm64, there are following error
> > >  infos:

Just to clarify that, these is not error info. This is the complain from ramfs 
when detecting firmware mismatch between directory '/lib/firmware' and the 
firmware names referenced by amdgpu.ko driver.

Regards,
Guchun

> > > W: Possible missing firmware
> > > /lib/firmware/amdgpu/sienna_cichlid_mes.bin for module amdgpu
> > > W: Possible missing firmware /lib/firmware/amdgpu/navi10_mes.bin for
> > > module amdgpu
> > [...]
>
> Those could be dropped.  They are not really used by the driver.  They are for
> a feature which was not ultimately productized on those parts.
>
> >
> > I see that the amdgpu driver has had references to these files for
> > several years, but they've never been added to linux-firmware.git.
> > More recently amdgpu added:
> >
> > MODULE_FIRMWARE("amdgpu/gc_11_0_3_mes.bin");
> > MODULE_FIRMWARE("amdgpu/gc_11_0_3_mes_2.bin");
> > MODULE_FIRMWARE("amdgpu/gc_11_0_3_mes1.bin");
> >
> > and these are also missing from linux-firmware.git.
> >
> > Is this firmware intended to be available to the public?
>
> Yes, those will be available soon.
>
> Alex

Bug#1039047: bookworm-pu: package cvs/2:1.12.13+real-28+deb12u1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: c...@packages.debian.org, t...@mirbsd.de
Control: affects -1 + src:cvs

Pre-approval with debdiff.

[ Reason ]
CVS was always compiled with --with-rsh=ssh but the configure
script ignored that and used rsh because it could not find an
ssh binary in the PATH at compile time. This used to be not a
problem because ssh was aliased to rsh but in bookworm it no
longer is.

[ Impact ]
Users are unable to cvs update or cvs commit or anything else
unless they manually export CVS_RSH=ssh or change their access
method from :ext: to :extssh: (which is a relatively new thing
and may not be universally known, e.g. to frontends).

If this is rejected, I’d suggest the $CVS_RSH workaround be
added to the release notes, if they can be changed at this
point in time.

[ Tests ]
The change switches the cpp macro RSH_DFLT, which is used in
only two places to set the default rsh. I have tested this as
part of the larger changes in tonight’s sid upload, and code
inspection shows this has no effect on unrelated code.

[ Risks ]
See above, this is a no-risk change.

[ Checklist ]
  [✓] *all* changes are documented in the d/changelog
  [✓] I reviewed all changes and I approve them
  [✓] attach debdiff against the package in (old)stable
  [✓] the issue is verified as fixed in unstable

[ Changes ]
Pass the full path to ssh(1) to configure so it’s actually used.
diff -u cvs-1.12.13+real/debian/changelog cvs-1.12.13+real/debian/changelog
--- cvs-1.12.13+real/debian/changelog
+++ cvs-1.12.13+real/debian/changelog
@@ -1,3 +1,9 @@
+cvs (2:1.12.13+real-28+deb12u1) bookworm; urgency=high
+
+  * configure-time hardcode full path for ssh(1) (Closes: #1038926)
+
+ -- Thorsten Glaser   Sat, 24 Jun 2023 19:48:48 +0200
+
 cvs (2:1.12.13+real-28) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -u cvs-1.12.13+real/debian/rules cvs-1.12.13+real/debian/rules
--- cvs-1.12.13+real/debian/rules
+++ cvs-1.12.13+real/debian/rules
@@ -66,7 +66,7 @@
--without-krb4 \
--with-gssapi \
--with-external-zlib \
-   --with-rsh=ssh \
+   --with-rsh=/usr/bin/ssh \
--with-editor=/usr/bin/editor \
--with-tmpdir=/var/tmp \
--with-umask=002 \

Bug#1039046: add-shell.8: Some remarks and a patch for the manual

[Bjarni Ingi Gislason]

Package: debianutils
Version: 5.7-0.4
Severity: minor
Tags: patch

Dear Maintainer,

here are a few notes and a patch for the man page.



The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

#

Use the correct macro for the font change of a single argument or
split the argument into two.

24:.IR /etc/shells

#

Output from "test-nroff -man -b -ww -z":


[ "test-groff" is a developmental version of "groff" ]

Input file is ./add-shell.8

  Not in the patch:

an.tmac::1: style: .TH missing fourth argument; suggest 
package/project name and version (e.g., "debianutils ...")

  In the patch: 
an.tmac::24: style: .IR expects at least 2 arguments, got 1

#

--- add-shell.8 2023-06-25 00:01:24.0 +
+++ add-shell.8.new 2023-06-25 00:57:04.0 +
@@ -21,7 +21,7 @@ The shells must be provided by their ful
 .TP
 .I DPKG_ROOT
 specifies the base path under which
-.IR /etc/shells
+.I /etc/shells
 resides.
 .SH SEE ALSO
 .BR shells (5)



-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.7-1 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages debianutils depends on:
ii  libc6  2.36-9

debianutils recommends no packages.

debianutils suggests no packages.

-- no debconf information

Bug#1039045: bats: new upstream version

[Christoph Anton Mitterer]

Source: bats
Version: 1.8.2-1
Severity: wishlist

Hey.

1.9.0 is out :-)

Would be nice to see it packaged.

Thanks,
Chris.

Bug#1039044: python-marshmallow-sqlalchemy: reproducible builds: embeds current year in documentation

[Vagrant Cascadian]

Source: python-marshmallow-sqlalchemy
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build year is embedded in copyright statements in various .html
documentation:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/python-marshmallow-sqlalchemy.html

  /usr/share/doc/python-marshmallow-sqlalchemy-doc/html/_modules/index.html

  ··Steven·Loria·and·contributors·2024.
  vs.
  ··Steven·Loria·and·contributors·2023.

I have attached two different patches with two different approaches to
fix this issue.

The first patch simply removes the year from the copyright assertions
from docs/conf.py. I prefer this approach, as dynamically generating the
copyright dates during the build is not correct behavior; no new
copyrighted material was generated as a result of the building at a
later date.

The second patch instead adds support for using SOURCE_DATE_EPOCH in
docs/conf.py to set the year. While this is sufficient to make it
reproducible, this is still likely to embed a year which might not match
the actual year of the copyrightable material.


According to my local tests, applying either patch should make
python-marshmallow-sqlalchemy build reproducibly on
tests.reproducible-builds.org!


Thanks for maintaining python-marshmallow-sqlalchemy!

live well,
  vagrant
From fc5a046e539832b07de109e06cf72628caa782b2 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sat, 24 Jun 2023 16:07:00 -0700
Subject: [PATCH 1/5] docs/conf.py: Do not embed build year in documentation.

This breaks reproducible builds and is inaccurate to assume the build
year is when the copyrightable material was written.

https://reproducible-builds.org/docs/timestamps/
---
 docs/conf.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/conf.py b/docs/conf.py
index 63fb79f..1213a62 100755
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -29,7 +29,7 @@ issues_github_path = "marshmallow-code/marshmallow-sqlalchemy"
 source_suffix = ".rst"
 master_doc = "index"
 project = "marshmallow-sqlalchemy"
-copyright = f"Steven Loria and contributors {dt.datetime.utcnow():%Y}"
+copyright = f"Steven Loria and contributors"
 
 version = release = marshmallow_sqlalchemy.__version__
 
-- 
2.39.2

From 1bde10344c233490e934c1a7a4014da569537707 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Sat, 24 Jun 2023 16:17:59 -0700
Subject: [PATCH 3/5] doc/conf.py: if set, use SOURCE_DATE_EPOCH to set
 copyright year.

The build date of the software shouldn't really have any bearing on
the copyright dates, but by respecting SOURCE_DATE_EPOCH, it at least
limits this to the last time something in the source was changed.

https://reproducible-builds.org/specs/source-date-epoch/
---
 docs/conf.py | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/conf.py b/docs/conf.py
index 63fb79f..8374b75 100755
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -1,5 +1,6 @@
 from collections import OrderedDict
 import datetime as dt
+import time
 import os
 import sys
 
@@ -29,7 +30,10 @@ issues_github_path = "marshmallow-code/marshmallow-sqlalchemy"
 source_suffix = ".rst"
 master_doc = "index"
 project = "marshmallow-sqlalchemy"
-copyright = f"Steven Loria and contributors {dt.datetime.utcnow():%Y}"
+# Parse year using SOURCE_DATE_EPOCH, falling back to current time.
+# https://reproducible-builds.org/specs/source-date-epoch/
+sourceyear=dt.datetime.utcfromtimestamp(int(os.environ.get('SOURCE_DATE_EPOCH', time.time(.year
+copyright = f"Steven Loria and contributors {sourceyear}"
 
 version = release = marshmallow_sqlalchemy.__version__
 
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1039043: update-info-dir does not honor system locale

[Junichi Uekawa]

Package: install-info
Version: 6.8-6+b1

Because update-info-dir unsets (and unexports) LANGUAGE and LANG settings and 
only sets a shell variable by importing /etc/default/locale, locale is not set. 
There's two major things that seem to be an issue


1. export them.

2. also handle LC_ALL (and other LC_ variables)  which tends to overrride 
LANGUAGE/LANG variables.


Suggested change:

commit dd6e2970da0a3c675889da8c93feaab7aaca741a
Author: Junichi Uekawa 
Date:   Sun Jun 25 08:33:19 2023 +0900

Export locale variables so that they actually take effect.

diff --git a/hoge/update-info/update-info-dir b/hoge/update-info/update-info-dir
index 2856647a..d4bffd36 100755
--- a/hoge/update-info/update-info-dir
+++ b/hoge/update-info/update-info-dir
@@ -15,12 +15,16 @@ set -e
 # the system wide settings. See bug #536476
 unset LANGUAGE
 unset LANG
+unset LC_ALL
 if [ -r /etc/environment ] ; then
   . /etc/environment
 fi
 if [ -r /etc/default/locale ] ; then
   . /etc/default/locale
 fi
+export LANGUAGE
+export LANG
+export LC_ALL
 
 Help ()
 {

Bug#1028137: [Pkg-electronics-devel] Bug#1028137: nextpnr: Support for more FPGA architectures (esp. ECP5)

[Daniel Gröber]

Hi again Jonathan,

On Sat, Jun 24, 2023 at 10:28:07PM +0200, Daniel Gröber wrote:
> > Some notes:
> > 
> > prjtrellis:
> > 
> > - I tried to build it from source (using the tarballs, with
> >   dpkg-buildpackage), but it failed because it can't find
> >   version.cpp. After a dirty hack to ensure that version.cpp is present
> >   and usable, and unpacking the orig-database tarball to the right
> >   location, the package builds for me.
> 
> Did you build with git/gbp or using the dsc? I see that the build system
> tries to extract the version using git commands. However I always test with
> sbuild so my build environment should also have been a plain unpacked dsc
> and not a git repo. Strange.

I see what was going on now. The cmake logic was changing behaviour
depending on if `git` is installed or not. So in my sbuild run it was fine
because it wasn't but if git is available it tries to run it and fails.

I've submitted a fix upstream using the handy git export-subst trick I'm so
fond of and would like to see more projects adopt:
https://github.com/YosysHQ/prjtrellis/pull/227.

> > nextpnr:
> > 
> > - debian/upstream/metadata: Some of the authors have updated names that
> >   should be used instead of the old names. As far as I can gather:
> >- Myrtle Shah[1] (a.k.a. gatecat)
> >- Claire Xenia Wolf[2] (a.k.a. Claire Xen)
> 
> This one is tricky. The license asks that the notices in the source be
> preserved, so it's not clear to me we can honor such name changes without
> explicit permission from the respective copyright holder.

I should learn to read, this is just the upstream metadata. Ofc. we can
change the names there :-)

> > - Building multiple times in the same source directory fails,
> >   override_dh_auto_clean needs a "rm -rf
> >   debian/nextpnr-*-qt-chipdb/usr/share/nextpnr/chipdb-*.bin" or
> >   similar.  Or maybe upstream "make clean" needs to be fixed.

That turned out to be a bug in d/rules, it was supposed to install chipdb
files from the non-qt packages only.

> > - Somehow the chipdb files are installed to
> >   /usr/share/nextpnr/chipdb-*.bin directly, while nextpnr expects them
> >   in per-arch subdirectories. As a quick work-around I'm symlinked the
> >   expected subdirectories to .

Fixed, I just got the path wrong. I have to copy these manually as they are
not installed by upstream as they just embed the data into the executables

Thanks,
--Daniel

Bug#1039042: coreutils: tail: on blockdevs reads the whole thing, doesn't on files of the same size

[наб]

Package: coreutils
Version: 9.1-1
Severity: normal

Dear Maintainer,

$ cp --sparse=always /dev/zvol/filling/store/nabijaczleweli/vm-zoot /tmp/
$ time tail /dev/zvol/filling/store/nabijaczleweli/vm-zoot | b2sum
11d28bd10ad4d4ae652e026f59f1ef5ff5f44111e3e3c80d5ae01f666e00f38d626784539b9f095255a246d9b6b56624fd08c8916a10b16e7b5b6560d7f1
  -

real0m17.235s
user0m1.344s
sys 0m9.693s
$ time tail /tmp/vm-zoot | b2sum
11d28bd10ad4d4ae652e026f59f1ef5ff5f44111e3e3c80d5ae01f666e00f38d626784539b9f095255a246d9b6b56624fd08c8916a10b16e7b5b6560d7f1
  -

real0m0.005s
user0m0.005s
sys 0m0.004s
$ time cat /dev/zvol/filling/store/nabijaczleweli/vm-zoot | tail | b2sum
11d28bd10ad4d4ae652e026f59f1ef5ff5f44111e3e3c80d5ae01f666e00f38d626784539b9f095255a246d9b6b56624fd08c8916a10b16e7b5b6560d7f1
  -

real0m17.271s
user0m1.620s
sys 0m17.504s

Somehow I feel there's no reason that tail couldn't lseek(SEEK_END) on a
blockdev just as well as it can do on a regular file.

Best,
наб

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages coreutils depends on:
ii  libacl1  2.3.1-3
ii  libattr1 1:2.5.1-4
ii  libc62.36-9
ii  libgmp10 2:6.2.1+dfsg1-1.1
ii  libselinux1  3.4-1+b6

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1039041: coreutils: tail: -f --pid says "warning: following standard input indefinitely is ineffective" on a teletype; shouldn't, works?

[наб]

Package: coreutils
Version: 9.1-1
Severity: normal

Dear Maintainer,

$ tail -f
(normal tail -f behaviour follows)
$ tail -f --pid 32812
tail: warning: following standard input indefinitely is ineffective
(normal tail -f behaviour follows until 32812 dies)
$ tail -f $(tty)
(normal tail -f behaviour follows)
$ tail -f --pid 32812 $(tty)
(normal tail -f behaviour follows until 32812 dies)
$ tail -f < README
(normal tail -f behaviour follows)
$ tail -f --pid 32812 < README
(normal tail -f behaviour follows until 32812 dies)

What does any of this mean?
How can following a file be "ineffective"
(except in the case of, like, blockdevs, which are separately warned
 about and refused)?
How does "following indefinitely" differ from... following?
How could --pid /possibly/ mean "indefinitely" when it very much is the
exact opposite?
Why does following "standard input" differ in its "effectivenesss"
depending on file type?
How does following a teletype differ when you opened it yourself from
when someone else did?

наб

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages coreutils depends on:
ii  libacl1  2.3.1-3
ii  libattr1 1:2.5.1-4
ii  libc62.36-9
ii  libgmp10 2:6.2.1+dfsg1-1.1
ii  libselinux1  3.4-1+b6

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1039040: bullseye-pu: cups/2.3.3op2-3+deb11u3

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for cups fixes CVE-2023-32324 and CVE-2023-34241 in 
Bullseye. Both CVE have been marked as no-dsa by the security team.


The same fixes have been already uploaded to Unstable and nobody 
complained yet.


  Thorsten
diff -Nru cups-2.3.3op2/debian/changelog cups-2.3.3op2/debian/changelog
--- cups-2.3.3op2/debian/changelog  2022-05-23 22:03:02.0 +0200
+++ cups-2.3.3op2/debian/changelog  2023-06-24 10:54:05.0 +0200
@@ -1,3 +1,14 @@
+cups (2.3.3op2-3+deb11u3) bullseye; urgency=medium
+
+  * CVE-2023-34241 (Closes: #1038885)
+use-after-free in cupsdAcceptClient()
+
+  * CVE-2023-32324
+A heap buffer overflow vulnerability would allow a remote attacker to 
+lauch a dos attack.
+
+ -- Thorsten Alteholz   Sat, 24 Jun 2023 10:54:05 +0200
+
 cups (2.3.3op2-3+deb11u2) bullseye-security; urgency=high
 
   * CVE-2022-26691
diff -Nru cups-2.3.3op2/debian/patches/0017-CVE-2023-32324.patch 
cups-2.3.3op2/debian/patches/0017-CVE-2023-32324.patch
--- cups-2.3.3op2/debian/patches/0017-CVE-2023-32324.patch  1970-01-01 
01:00:00.0 +0100
+++ cups-2.3.3op2/debian/patches/0017-CVE-2023-32324.patch  2023-06-24 
10:54:05.0 +0200
@@ -0,0 +1,29 @@
+From: Thorsten Alteholz 
+Date: Wed, 31 May 2023 23:20:58 +0200
+Subject: CVE-2023-32324
+
+---
+ cups/string.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/cups/string.c b/cups/string.c
+index 93cdad1..1f81d60 100644
+--- a/cups/string.c
 b/cups/string.c
+@@ -1,6 +1,7 @@
+ /*
+  * String functions for CUPS.
+  *
++ * Copyright © 2023 by OpenPrinting.
+  * Copyright © 2007-2019 by Apple Inc.
+  * Copyright © 1997-2007 by Easy Software Products.
+  *
+@@ -729,6 +730,8 @@ _cups_strlcpy(char   *dst, /* O - 
Destination string */
+ {
+   size_t  srclen; /* Length of source string */
+ 
++  if (size == 0)
++return (0);
+ 
+  /*
+   * Figure out how much room is needed...
diff -Nru cups-2.3.3op2/debian/patches/0018-CVE-2023-34241.patch 
cups-2.3.3op2/debian/patches/0018-CVE-2023-34241.patch
--- cups-2.3.3op2/debian/patches/0018-CVE-2023-34241.patch  1970-01-01 
01:00:00.0 +0100
+++ cups-2.3.3op2/debian/patches/0018-CVE-2023-34241.patch  2023-06-24 
10:54:05.0 +0200
@@ -0,0 +1,57 @@
+From: Thorsten Alteholz 
+Date: Sat, 24 Jun 2023 19:51:21 +0200
+Subject: CVE-2023-34241
+
+---
+ scheduler/client.c | 16 +++-
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/scheduler/client.c b/scheduler/client.c
+index 9730eea..48e19b9 100644
+--- a/scheduler/client.c
 b/scheduler/client.c
+@@ -192,13 +192,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener 
socket */
+/*
+ * Can't have an unresolved IP address with double-lookups enabled...
+ */
+-
+-httpClose(con->http);
+-
+ cupsdLogClient(con, CUPSD_LOG_WARN,
+-"Name lookup failed - connection from %s closed!",
++"Name lookup failed - closing connection from %s!",
+ httpGetHostname(con->http, NULL, 0));
+ 
++httpClose(con->http);
+ free(con);
+ return;
+   }
+@@ -234,11 +232,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener 
socket */
+   * with double-lookups enabled...
+   */
+ 
+-  httpClose(con->http);
+-
+   cupsdLogClient(con, CUPSD_LOG_WARN,
+-  "IP lookup failed - connection from %s closed!",
++  "IP lookup failed - closing connection from %s!",
+   httpGetHostname(con->http, NULL, 0));
++
++  httpClose(con->http);
+   free(con);
+   return;
+ }
+@@ -255,11 +253,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener 
socket */
+ 
+   if (!hosts_access(_req))
+   {
+-httpClose(con->http);
+-
+ cupsdLogClient(con, CUPSD_LOG_WARN,
+ "Connection from %s refused by /etc/hosts.allow and "
+   "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 
0));
++
++httpClose(con->http);
+ free(con);
+ return;
+   }
diff -Nru cups-2.3.3op2/debian/patches/series 
cups-2.3.3op2/debian/patches/series
--- cups-2.3.3op2/debian/patches/series 2022-05-23 22:03:02.0 +0200
+++ cups-2.3.3op2/debian/patches/series 2023-06-24 10:54:05.0 +0200
@@ -14,3 +14,5 @@
 0014-Debian-Reproducibility-Run-testlang-for-each-provide.patch
 0015-Debian-po4a-infrastructure-and-translations-for-manp.patch
 0016-Fix-certificate-comparison-CVE-2022-26691.patch
+0017-CVE-2023-32324.patch
+0018-CVE-2023-34241.patch

Bug#1032395: fixed in arm-trusted-firmware 2.9.0+dfsg-1

[Vagrant Cascadian]

On 2023-06-24, harr...@gmx.ph wrote:
> On 19/06/2023 04:51, Debian Bug Tracking System wrote:
>> #1032395: Please make setting up regulators optional on sun50i_h6 platform
...
> Thanks very much for doing that.
>
> Please note that the comment in the rules file still mentions the old
> name "sun50i_h6_leave_regulators".

Thanks, fixed in git!

Hopefully that is the last of my renaming mistakes! :)

live well,
  vagrant


signature.asc
Description: PGP signature

Bug#1039039: bookworm-pu: package multipath-tools/0.9.4-3+deb12u1

[Chris Hofstaedtler]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: multipath-to...@packages.debian.org, z...@debian.org
Control: affects -1 + src:multipath-tools

[ Reason ]

Packaging bugs #1037292 and #1037539 have been discovered after the release,
this update will fix them in stable.


[ Impact ]

#1037539 causes devices underlying mpath devs to be visible to LVM et al,
confusing LVMs device setup.

#1037292 causes multipathd.service fail to start on fresh installs before a
reboot. Upgrades from older versions are not affected, and after a reboot it
also workes just fine.

[ Tests ]

I've manually verified the fixes in stable (and also for unstable).

[ Risks ]

#1037539 is caused by an upstream filename change that went unnoticed.
#1037292 switches back to the approach used in bullseye, which we know works.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

#1037539: fix filename, and make sure package build failes if any of the udev
rules are not found at build time

#1037292: re-add modprobe before starting multipathd. Upstream switched its
approach to module loading, but I think that was somewhat unfinished in 0.9.4.

[ Other info ]
(none)

Thanks,
Chris
diff -Nru multipath-tools-0.9.4/debian/changelog 
multipath-tools-0.9.4/debian/changelog
--- multipath-tools-0.9.4/debian/changelog  2023-02-07 11:16:57.0 
+0100
+++ multipath-tools-0.9.4/debian/changelog  2023-06-24 23:07:02.0 
+0200
@@ -1,3 +1,14 @@
+multipath-tools (0.9.4-3+deb12u1) bookworm; urgency=medium
+
+  * [cfa5138] Re-add dm-multipath module loading to ExecStartPre
+(Closes: #1037292)
+  * [1289691] Fail package build if udev rules are missing
+  * [2e45796] Install udev mulitpath.rules again.
+Thanks to Joshua Huber  (Closes: #1037539)
+  * [6b05510] debian/gbp.conf: update branch for bookworm
+
+ -- Chris Hofstaedtler   Sat, 24 Jun 2023 23:07:02 +0200
+
 multipath-tools (0.9.4-3) unstable; urgency=medium
 
   [ Chris Lamb ]
diff -Nru multipath-tools-0.9.4/debian/gbp.conf 
multipath-tools-0.9.4/debian/gbp.conf
--- multipath-tools-0.9.4/debian/gbp.conf   2023-02-07 11:16:57.0 
+0100
+++ multipath-tools-0.9.4/debian/gbp.conf   2023-06-24 23:07:02.0 
+0200
@@ -1,7 +1,7 @@
 [DEFAULT]
 pristine-tar = True
 upstream-tag = upstream/%(version)s
-debian-branch = master
+debian-branch = debian/bookworm
 debian-tag = debian/%(version)s
 debian-tag-msg = %(pkg)s Debian release %(version)s
 
diff -Nru 
multipath-tools-0.9.4/debian/patches/0006-multipathd.service-re-add-ExecStartPre.patch
 
multipath-tools-0.9.4/debian/patches/0006-multipathd.service-re-add-ExecStartPre.patch
--- 
multipath-tools-0.9.4/debian/patches/0006-multipathd.service-re-add-ExecStartPre.patch
  1970-01-01 01:00:00.0 +0100
+++ 
multipath-tools-0.9.4/debian/patches/0006-multipathd.service-re-add-ExecStartPre.patch
  2023-06-24 23:07:02.0 +0200
@@ -0,0 +1,28 @@
+From: Chris Hofstaedtler 
+Date: Sat, 10 Jun 2023 12:42:40 +0200
+Subject: multipathd.service: re-add ExecStartPre
+
+Upstream commit a1eabea75e8e0f6072f2b655cae25ec473b006c5 removed this,
+claiming the modules-load.d snippet would be enough. Maybe it is on other
+distributions, but Debian does not reload modules-load.d snippets on
+package install. Without this, first time installs would need a reboot
+or manual package loading.
+
+Forwarded: no
+Origin: vendor
+---
+ multipathd/multipathd.service | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/multipathd/multipathd.service b/multipathd/multipathd.service
+index aec62db..ae98034 100644
+--- a/multipathd/multipathd.service
 b/multipathd/multipathd.service
+@@ -16,6 +16,7 @@ ConditionVirtualization=!container
+ [Service]
+ Type=notify
+ NotifyAccess=main
++ExecStartPre=-/sbin/modprobe dm-multipath
+ ExecStart=/sbin/multipathd -d -s
+ ExecReload=/sbin/multipathd reconfigure
+ TasksMax=infinity
diff -Nru multipath-tools-0.9.4/debian/patches/series 
multipath-tools-0.9.4/debian/patches/series
--- multipath-tools-0.9.4/debian/patches/series 2023-02-07 11:16:57.0 
+0100
+++ multipath-tools-0.9.4/debian/patches/series 2023-06-24 23:07:02.0 
+0200
@@ -6,3 +6,4 @@
 0009-kpartx-rules-use-Debian-specific-partx-path.patch
 0010-multipath.rules-do-not-assume-usrmerged-paths.patch
 0012-Reproducible-build.patch
+0006-multipathd.service-re-add-ExecStartPre.patch
diff -Nru multipath-tools-0.9.4/debian/rules multipath-tools-0.9.4/debian/rules
--- multipath-tools-0.9.4/debian/rules  2023-02-07 11:16:57.0 +0100
+++ multipath-tools-0.9.4/debian/rules  2023-06-24 23:07:02.0 +0200
@@ -39,15 +39,15 @@
 override_dh_auto_test:
 
 override_dh_auto_install:
-   [ ! -f kpartx/del-part-nodes.rules ] || cp 

Bug#1038728: Coordinating libzstd 1.5.5 + python-zstandard 0.21.0 upload

[Boyuan Yang]

Hi,

在 2023-06-23星期五的 00:58 +0300，Peter Pentchev写道：
> On Wed, Jun 21, 2023 at 10:38:44AM +0300, Peter Pentchev wrote:
> > On Tue, Jun 20, 2023 at 11:34:18AM -0400, Boyuan Yang wrote:
> > > Source: libzstd
> > > Severity: normal
> > > Version: 1.5.4+dfsg2-5
> > > Tags: sid
> > > Control: affects -1 src:python-zstandard
> > > X-Debbugs-CC: r...@debian.org
> > > 
> > > Dear Debian libzstd maintainer,
> > > 
> > > As we discussed months ago, we would like to coordinate on the package
> > > upload between src:libzstd and src:python-zstandard to use libzstd with
> > > matched versions.
> > > 
> > > Please let me know when you plan to upgrade libzstd, and I shall 
> > > coordinate
> > > the upgrade of src:python-zstandard to match libzstd release. Currently
> > > python-zstandard/0.21.0 needs libzstd/1.5.5.
> > 
> > Yeah, thanks. I did in fact start working on the libzstd update to
> > version 1.5.5 (and other packaging refreshments) a couple of days ago;
> > I will let you know when I have something ready for testing your
> > updates against (before I upload it).
> > 
> > Thanks for your work!
> 
> Hi,
> 
> I believe the Salsa Git repository for libzstd now contains a pretty
> much ready to upload version of libzstd/1.5.5+dfsg2-1. You can test
> your package update against it; I tested the build of zchunk and
> it worked fine.

I tested with built libzstd/1.5.5+dfsg-1 from Salsa repo and the build looks
fine with tests passed. Just let me know when you are going to upload
libzstd 1.5.5 to unstable, and i can upload python-zstandard 0.21.0 following
that.

Thanks,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#1039037: chromium does not start under xfce4

[Andres Salomon]

Before you do anything else, please reboot and try running Chromium 
again. There's an annoying gnome-keyring bug that causes it to not work 
on first boot (https://bugs.debian.org/1035061), but it works fine on 
subsequent boots.


On Sat, Jun 24 2023 at 11:02:48 PM +02:00:00, Cesar Enrique Garcia Dabo 
 wrote:

Package: chromium
Version: 114.0.5735.133-1~deb12u1
Severity: important
X-Debbugs-Cc: cqu...@arcor.de

I have freshly installed Debian 12 Bookworm and under my newly 
created user
running XFCE4 have tried to start chromium. However chromium does not 
start at
all. I have tried from the terminal but simply nothing happens, 
without the
propmpt being returned. I then have to kill the running  chromium 
processes.
I have tried to run it with the -g option, which runs it under gdb 
and a few
messages appear, although I am not sure whether they are related to 
the issue

or not:


[9701:9701:0624/225506.744180:ERROR:system_network_context_manager.cc(776)]
Cannot use V8 Proxy resolver in single process mode.
[9701:9701:0624/225506.747097:ERROR:chrome_browser_cloud_management_controller.cc(162)]
Cloud management controller initialization aborted as CBCM is not 
enabled.

[9701:9701:0624/225506.757803:ERROR:system_network_context_manager.cc(776)]
Cannot use V8 Proxy resolver in single process mode.

Thanks!


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_ES:es

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chromium depends on:
ii  chromium-common
114.0.5735.133-1~deb12u1

ii  libasound2 1.2.8-1+b1
ii  libatk-bridge2.0-0 2.46.0-5
ii  libatk1.0-02.46.0-5
ii  libatomic1 12.2.0-14
ii  libatspi2.0-0  2.46.0-5
ii  libbrotli1 1.0.9-2+b6
ii  libc6  2.36-9
ii  libcairo2  1.16.0-7
ii  libcups2   2.4.2-3
ii  libdbus-1-31.14.6-1
ii  libdouble-conversion3  3.2.1-1
ii  libdrm22.4.114-1+b1
ii  libevent-2.1-7 2.1.12-stable-8
ii  libexpat1  2.5.0-1
ii  libflac12  1.4.2+ds-2
ii  libfontconfig1 2.14.1-4
ii  libfreetype6   2.12.1+dfsg-5
ii  libgbm1
22.3.6-1+deb12u1

ii  libgcc-s1  12.2.0-14
ii  libglib2.0-0   2.74.6-2
ii  libgtk-3-0 3.24.37-2
ii  libjpeg62-turbo1:2.1.5-2
ii  libjsoncpp25   1.9.5-4
ii  liblcms2-2 2.14-2
ii  libminizip11.1-8+b1
ii  libnspr4   2:4.35-1
ii  libnss32:3.87.1-1
ii  libopenh264-7  2.3.1+dfsg-3
ii  libopenjp2-7   2.5.0-2
ii  libopus0   1.3.1-3
ii  libpango-1.0-0 1.50.12+ds-1
ii  libpng16-161.6.39-2
ii  libpulse0  16.1+dfsg1-2+b1
ii  libre2-9   
20220601+dfsg-1+b1

ii  libsnappy1v5   1.1.9-3
ii  libstdc++6 12.2.0-14
ii  libwebp7   1.2.4-0.2
ii  libwebpdemux2  1.2.4-0.2
ii  libwebpmux31.2.4-0.2
ii  libwoff1   1.0.2-2
ii  libx11-6   
2:1.8.4-2+deb12u1

ii  libxcb11.15-1
ii  libxcomposite1 1:0.4.5-1
ii  libxdamage11:1.1.6-1
ii  libxext6   2:1.3.4-1+b1
ii  libxfixes3 1:6.0.0-2
ii  libxkbcommon0  1.5.0-1
ii  libxml2

Bug#1039037: chromium does not start under xfce4

[Cesar Enrique Garcia Dabo]

Package: chromium
Version: 114.0.5735.133-1~deb12u1
Severity: important
X-Debbugs-Cc: cqu...@arcor.de

I have freshly installed Debian 12 Bookworm and under my newly created user
running XFCE4 have tried to start chromium. However chromium does not start at
all. I have tried from the terminal but simply nothing happens, without the
propmpt being returned. I then have to kill the running  chromium processes.
I have tried to run it with the -g option, which runs it under gdb and a few
messages appear, although I am not sure whether they are related to the issue
or not:


[9701:9701:0624/225506.744180:ERROR:system_network_context_manager.cc(776)]
Cannot use V8 Proxy resolver in single process mode.
[9701:9701:0624/225506.747097:ERROR:chrome_browser_cloud_management_controller.cc(162)]
Cloud management controller initialization aborted as CBCM is not enabled.
[9701:9701:0624/225506.757803:ERROR:system_network_context_manager.cc(776)]
Cannot use V8 Proxy resolver in single process mode.

Thanks!


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), 
LANGUAGE=es_ES:es
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chromium depends on:
ii  chromium-common114.0.5735.133-1~deb12u1
ii  libasound2 1.2.8-1+b1
ii  libatk-bridge2.0-0 2.46.0-5
ii  libatk1.0-02.46.0-5
ii  libatomic1 12.2.0-14
ii  libatspi2.0-0  2.46.0-5
ii  libbrotli1 1.0.9-2+b6
ii  libc6  2.36-9
ii  libcairo2  1.16.0-7
ii  libcups2   2.4.2-3
ii  libdbus-1-31.14.6-1
ii  libdouble-conversion3  3.2.1-1
ii  libdrm22.4.114-1+b1
ii  libevent-2.1-7 2.1.12-stable-8
ii  libexpat1  2.5.0-1
ii  libflac12  1.4.2+ds-2
ii  libfontconfig1 2.14.1-4
ii  libfreetype6   2.12.1+dfsg-5
ii  libgbm122.3.6-1+deb12u1
ii  libgcc-s1  12.2.0-14
ii  libglib2.0-0   2.74.6-2
ii  libgtk-3-0 3.24.37-2
ii  libjpeg62-turbo1:2.1.5-2
ii  libjsoncpp25   1.9.5-4
ii  liblcms2-2 2.14-2
ii  libminizip11.1-8+b1
ii  libnspr4   2:4.35-1
ii  libnss32:3.87.1-1
ii  libopenh264-7  2.3.1+dfsg-3
ii  libopenjp2-7   2.5.0-2
ii  libopus0   1.3.1-3
ii  libpango-1.0-0 1.50.12+ds-1
ii  libpng16-161.6.39-2
ii  libpulse0  16.1+dfsg1-2+b1
ii  libre2-9   20220601+dfsg-1+b1
ii  libsnappy1v5   1.1.9-3
ii  libstdc++6 12.2.0-14
ii  libwebp7   1.2.4-0.2
ii  libwebpdemux2  1.2.4-0.2
ii  libwebpmux31.2.4-0.2
ii  libwoff1   1.0.2-2
ii  libx11-6   2:1.8.4-2+deb12u1
ii  libxcb11.15-1
ii  libxcomposite1 1:0.4.5-1
ii  libxdamage11:1.1.6-1
ii  libxext6   2:1.3.4-1+b1
ii  libxfixes3 1:6.0.0-2
ii  libxkbcommon0  1.5.0-1
ii  libxml22.9.14+dfsg-1.2
ii  libxnvctrl0525.85.05-1
ii  libxrandr2 2:1.5.2-2+b1
ii  libxslt1.1 1.1.35-1
ii  xdg-desktop-portal-gnome [xdg-desktop-portal-back  43.1-2
end]
ii  xdg-desktop-portal-gtk 

Bug#1037306: ITP: apycula -- Tools to generate Gowin FPGA bitstreams

[Daniel Gröber]

Hi Simon,

On Sat, Jun 24, 2023 at 10:00:39PM +0900, Simon Richter wrote:
> I'm looking at trellis first:
> 
>  - the bit_to_svf.py script is not installed

It's not installed by the `make install` target. If upstream wants it
installed, they probably shoud do so :)

I can install it into docs if you like but the generic name prevents
installation into /usr/bin IMO.

>  - Rachel suggests https://prjtrellis.readthedocs.io/en/latest/ as the
> homepage link, any opinion on whether that is a better choice than the
> github page?

I prefer upstream source repos as Homepage TBH. The docs are linked to from
the README so I think they should be easy enough to discover.

Debian policy has this to say on the matter:

| 5.6.23. Homepage
| 
| The URL of the web site for this package, preferably (when applicable)
| __the site from which the original source can be obtained__ and any
| additional upstream documentation or information may be found.

So I think my intuition is correct here.

>  - dh_auto_configure and dh_auto_install are overridden with the default
> behaviour.

Yeah I forgot to do a final cleanup pass after getting nextpnr working :)

Will rectify with the next upload.

I also got a review from Jonathan Neuschäfer saying that trellis chipdbs
are installed into the wrong path and nextpnr barfs so we'll have to upload
a fixed version anyway.

Do you know if we have to wait to clear the NEW queue or can we just upload
another revision right away?

>  - the "Unlicense" is, very strictly speaking, a crayon license, although
> the intention is clear. The FTP team might object here, or just shrug, so
> not a blocker to uploading IMO.

Indeed in some countries giving up copyright as such is simply not
possible. My home country (Austria) doesn't allow this either for
example. Aber "wo kein kläger da kein richter" ;)

> Other than that, the package is very good, and ready for upload.
> 
> Will look at apycula now.

I see you already uploaded it now. Great!

Did you make any changes either of the the packages? If so don't forget to
commit and push to salsa please. You should have push access to
electronics-team, right?

Also I see the debian/* tags are still missing please don't forget to push
them.

If you forgot to run gbp-buildpackage with --git-tag it's best to use `gbp
import-dsc` to import the source package you just uploaded and push
that. IIRC this will create the debian/* tag too.

You can push everything using `gbp push origin` and if that doesn't work
(it fails sometimes for me):

git push --tags && git push origin master upstream

Thanks,
--Daniel

Bug#1039036: ppx-cold FTBFS on bytecode architectures

[Adrian Bunk]

Source: ppx-cold
Version: 0.16.0-1
Severity: important
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=ppx-cold=0.16.0-1

...
   dh_install -a
dh_install: warning: Cannot find (any matches for) 
"/usr/lib/ocaml/ppx_cold/*.a" (tried in ., debian/tmp)

dh_install: warning: libppx-cold-ocaml-dev missing files: 
/usr/lib/ocaml/ppx_cold/*.a
dh_install: error: missing files, aborting
make: *** [debian/rules:6: binary-arch] Error 25

Bug#1038935: schleuder: fails to upgrade buster -> bullseye -> bookworm: NoMethodError: undefined method `preparable='

[Andreas Beckmann]

Control: reassign -1 ruby-activerecord 2:6.1.7.3+dfsg-1
Control: retitle -1 ruby-activerecord: missing Conflicts: ruby-arel
Control: affects -1 + src:schleuder
Control: clone -1 -2 -3
Control: reassign -2 ruby-arel 9.0.0-2
Control: tag -2 sid trixie
Control: retitle -2 ruby-arel: obsolete, integrated into ruby-activerecord, 
incompatible with ruby-activerecord 6.1.x
Control: reassign -3 src:ruby-premailer-rails 1.10.3-3
Control: tag -3 sid trixie bookworm
Control: retitle -3 ruby-premailer-rails: B-D on obsolete ruby-arel, 
incompatible with ruby-activerecord 6.1.x

On 24/06/2023 15.07, Georg Faerber wrote:

So, given the above, I believe this bug should be reassigned to
ruby-activerecord, and schleuder should be marked as affected? Also, I


Doing that, and cloning it for ruby-arel and ruby-premailer-rails.


guess, as this issue is not specific to schleuder, probably more
packages which rely on ruby-activerecord are affected.


But schleuder seems to be the only one using it "sufficiently" to expose
the bug already in the maintainer scripts.


I'll prepare a ruby-activerecord proposed-update targeting bookworm.


This needs to be fixed in sid first.

Adding the Conflicts against ruby-arel in ruby-activerecord requires
changes in src:ruby-premailer-rails, too, since that (directly)
build-depends on ruby-arel and indirectly on ruby-activerecord.
Maybe dropping the B-D: ruby-arel is already sufficient.
These changes need to be backported to bookworm-pu as well.
If that is fixed, ruby-arel can be removed from sid (and it could be
considered to remove it from bookworm as well).


Andreas

Bug#993068:

[Pascal Terjan]

FYI, I had the same problem (not on Debian) and tracked it to
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dad599b8b5d1ffc5ef12a2edb13d15d537202ba

Bug#1031593: deluge-web: gettext error

[MichaIng]

Is it planned or would it be possible to have a patch with the fix for 
Bookworm (Deluge v2.0.3)?


Best regards,

Micha

Bug#1039033: Please use no_pmic variant of TF-A on Orange Pi One Plus

[harry88]

Package: u-boot-sunxi
Version: 2023.07~rc4+dfsg-1
Severity: normal
Tags: patch

Hi Vagrant,

Following on from #1032395, please could you change the build of TF-A
used by the Orange Pi One Plus from sun50i_h6 to sun50i_h6_no_pmic? That
should fix Ethernet on this board. I've attached a suggested patch.

Thanks very much,
Harold.
diff --git a/debian/targets.mk b/debian/targets.mk
index 1c7b5b2f9d..8ef27133d7 100644
--- a/debian/targets.mk
+++ b/debian/targets.mk
@@ -171,7 +171,7 @@ ifeq (${DEB_HOST_ARCH},arm64)
 
   # harr...@gmx.ph
   u-boot-sunxi_platforms += orangepi_one_plus
-  orangepi_one_plus_assigns := BL31=/usr/lib/arm-trusted-firmware/sun50i_h6/bl31.bin
+  orangepi_one_plus_assigns := BL31=/usr/lib/arm-trusted-firmware/sun50i_h6_no_pmic/bl31.bin
   orangepi_one_plus_targets := arch/arm/dts/sun50i-h6-orangepi-one-plus.dtb \
 spl/sunxi-spl.bin u-boot-nodtb.bin u-boot-sunxi-with-spl.fit.itb \
 u-boot.bin uboot.elf

Bug#1039032: ppx-globalize FTBFS on bytecode architectures

[Adrian Bunk]

Source: ppx-globalize
Version: 0.16.0-1
Severity: important
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=ppx-globalize=0.16.0-1

...
   dh_install -a
dh_install: warning: Cannot find (any matches for) 
"/usr/lib/ocaml/ppx_globalize/*.a" (tried in ., debian/tmp)

dh_install: warning: libppx-globalize-ocaml-dev missing files: 
/usr/lib/ocaml/ppx_globalize/*.a
dh_install: error: missing files, aborting
make: *** [debian/rules:6: binary-arch] Error 25

Bug#1028137: nextpnr: Support for more FPGA architectures (esp. ECP5)

[Daniel Gröber]

Hi Jonathan,

Thanks for the detailed review and testing!

On Sat, Jun 24, 2023 at 12:35:12PM +0200, Jonathan Neuschäfer wrote:
> [ Dropping the Debian mailing lists / bugtracker for now ]

No need, I belive reviews should be public :) I've bounced your mail back
to BTS/pkg-electronics.

> Some notes:
> 
> prjtrellis:
> 
> - I tried to build it from source (using the tarballs, with 
> dpkg-buildpackage),
>   but it failed because it can't find version.cpp. After a dirty hack to 
> ensure
>   that version.cpp is present and usable, and unpacking the orig-database
>   tarball to the right location, the package builds for me.

Did you build with git/gbp or using the dsc? I see that the build system
tries to extract the version using git commands. However I always test with
sbuild so my build environment should also have been a plain unpacked dsc
and not a git repo. Strange.

AFAICT I can define CURRENT_GIT_VERSION from d/rules and that should take
care of it.

> apycula:
> 
> - I think the source package name should rather be apicula (with 'i',
>   not 'y'), which matches the upstream repo and readme.md. Apycula is
>   the python binding, AFAIUI.

NACK, what I'm packaging here is the a-py-cula pipy.org package which is
the main output of project a-pi-cula.

> - The debian orig tarball contains a few GW1N*.pickle files (in the
>   apycula subdirectory), that don't appear in the upstream git repo.
>   They seem to be generated, and are later used in the nextpnr build, but
>   it's unclear to me where they come from, where the source is.

Indeed I agree it's a bit dodgy and probably warrants an explaination in
d/README.source. So what project apicula did is write fuzzers to
map/document what bits in the FPGA bitstream perform what function.

They do this by running the proprietary FPGA-vendor toolchain using their
automated fuzzing tools. The pickle files encompass the output of these
tools and essentially provide a map of what logical function is where in
the hardware.

The a-pi-cula source repo contains these fuzzin tools and produces as
output the a-py-cula pipy package which is uploaded by the maintainer.

I haven't consulted the sacred scriptures on the finer points yet but IMO
the pickle files contain facts about the physical world, not computer
code. My understanding is facts are not copyrightable in the first place so
the usual derrivative work considerations don't apply.

You can imagine I'm looking forward to ftp-master review ;)

> nextpnr:
> 
> - debian/upstream/metadata: Some of the authors have updated names that
>   should be used instead of the old names. As far as I can gather:
>- Myrtle Shah[1] (a.k.a. gatecat)
>- Claire Xenia Wolf[2] (a.k.a. Claire Xen)

This one is tricky. The license asks that the notices in the source be
preserved, so it's not clear to me we can honor such name changes without
explicit permission from the respective copyright holder.

> - Because I removed the GWIN*.pickle files of unknown origin, I skipped the
>   gowin targets.

Do note prjtrellis has the same layout information in the -database
component just in a more human readable format (json). Have a look at that
and you'll get an idea of what sort of data we're talking about here.

> - Building multiple times in the same source directory fails, 
> override_dh_auto_clean needs a
>   "rm -rf debian/nextpnr-*-qt-chipdb/usr/share/nextpnr/chipdb-*.bin" or 
> similar.
>   Or maybe upstream "make clean" needs to be fixed.
> - Somehow the chipdb files are installed to /usr/share/nextpnr/chipdb-*.bin
>   directly, while nextpnr expects them in per-arch subdirectories. As a quick
>   work-around I'm symlinked the expected subdirectories to .
> 
> 
> After all this, I've built a simple test design for ECP5 (OrangeCrab),
> and it worked!

Excellent news!

> Thanks for your work! I hope my comments help to improve it further :)

Definitely :)

Thanks,
--Daniel

Bug#1039031: ppx-enumerate FTBFS on bytecode architectures

[Adrian Bunk]

Source: ppx-enumerate
Version: 0.16.0-1
Severity: important
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=ppx-enumerate=0.16.0-1

...
   dh_install -a
dh_install: warning: Cannot find (any matches for) 
"/usr/lib/ocaml/ppx_enumerate/*.a" (tried in ., debian/tmp)

dh_install: warning: libppx-enumerate-ocaml-dev missing files: 
/usr/lib/ocaml/ppx_enumerate/*.a
dh_install: warning: Cannot find (any matches for) 
"/usr/lib/ocaml/ppx_enumerate/runtime-lib/*.a" (tried in ., debian/tmp)

dh_install: warning: libppx-enumerate-ocaml-dev missing files: 
/usr/lib/ocaml/ppx_enumerate/runtime-lib/*.a
dh_install: error: missing files, aborting
make: *** [debian/rules:6: binary-arch] Error 25

Bug#1039030: transition: qtbase-abi-5-15-10

[Dmitry Shachnev]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Control: block -1 by 1038402 1038737
Control: affects -1 + src:qtbase-opensource-src

Dear Release team,

We skipped Qt 5.15.9 release because of the freeze, so now I would like to
upgrade from 5.15.8 to 5.15.10 — a version which was published on June 6th.

Qt 5.15.10 is prepared in experimental. Also, there is a new Qt WebEngine
release — 5.15.14.

I have prepared a merge request with the ben file here:
https://salsa.debian.org/release-team/transition-data/-/merge_requests/40

There are two known blockers, but I can NMU them if the maintainers don't
act until the transition start. Also it makes sense to wait until the re2
transition migrates, because qtwebengine is involved there.

--
Dmitry Shachnev


signature.asc
Description: PGP signature

Bug#1038035: grub2: Depends on SDL 1.2

[Julian Andres Klode]

Control: tag -1 fixed-upstream

On Fri, Jun 16, 2023 at 01:18:13PM +0200, Julian Andres Klode wrote:
> ControL tag -1 patch
> Control: forwarded -1 
> https://lists.gnu.org/archive/html/grub-devel/2023-06/msg00106.html

My revised patch has been merged in

https://git.savannah.gnu.org/cgit/grub.git/commit/?id=17d6ac1a7df4898743b9741d192f4f13947bf331

And this will be part of 2.12~rc1-1 upload accordingly.
-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer  i speak de, en

Bug#1039029: linux-signed-amd64: Core frequencies do not float correctly on AMD Ryzen 7 5700U when running on battery

[Soren Stoutner]

Source: linux-signed-amd64
Version: 6.3.7+1
Severity: normal

On my laptop running an AMD Ryzen 7 5700U CPU, when on battery there are 
problems with the core frequency logic.
When a process consumes 100% CPU usage on a single core, the system forces the 
core frequencey to the lowest value (399 MHz)
instead of letting it float up to the highest frequency (4.3 GHz).  At the same 
time, other cores that have minimal CPU utilization
will increate frequency up to the maximum, meaning that the CPU isn't locked to 
the lower frequency as a whole, but that something about
the frequency control logic isn't making the correct decisions.  This causes 
the system to run very slowly when on battery.

When the laptop is plugged in the behavior disappears, with cores that are 
consuming significant CPU able to increase the frequency to the
maximum value.

It is unclear to me if this problem is with the Linux kernel or some other 
component.  Someone who is more knowledgeable about these things
than I am might be able to point me in the right direction.


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1028137: nextpnr: Support for more FPGA architectures (esp. ECP5)

[Jonathan Neuschäfer]

[ Dropping the Debian mailing lists / bugtracker for now ]

On Tue, Jun 20, 2023 at 02:24:11PM +0200, Daniel Gröber wrote:
> Hi Jonathan,
>
> On Mon, Jun 19, 2023 at 08:12:04PM +0200, Jonathan Neuschäfer wrote:
> > > In the meantime I'm having a look at prjtrellis too, but since I don't 
> > > have
> > > any testing hardware I was wondering if you'd be able to do testing once I
> > > finish packaging?
> >
> > Yes, I have a board, and I can do testing if I don't forget about it.
> > Feel free to ping me when the package is ready.
>
> Great. I've uploaded the packages to my testing archive you should be able
> to install nextpnr=0.6-2~dxld1 on unstable using this sources.list entry:
>
> deb [signed-by=/etc/apt/dxld.asc] https://dxld.at/localdebs sid/
>
> You can get my gpg key from keyring.debian.org using
>
> $ gpg --keyserver keyring.debian.org --recv-keys 
> 57A1BF15B4F6F99B89EDB29FD39481AE1E79ACF7
> $ gpg --export -a 57A1BF15B4F6F99B89EDB29FD39481AE1E79ACF7 | sudo tee 
> /etc/apt/dxld.asc
>
> or from my website at
>
> $ wget https://dxld.at/localdebs/dxld-localdebs.gpg -O- | sudo tee /etc/\
> apt/dxld.asc
>
> DSCs are also there if you prefer building from source. You'd need to build
> the following:
>
> apycula_0.8.1+dfsg-1.dsc
> prjtrellis_1.4-1.dsc
> nextpnr_0.6-2~dxld1.dsc
>
> Thanks,
> --Daniel

Some notes:

prjtrellis:

- I tried to build it from source (using the tarballs, with dpkg-buildpackage),
  but it failed because it can't find version.cpp. After a dirty hack to ensure
  that version.cpp is present and usable, and unpacking the orig-database
  tarball to the right location, the package builds for me.


apycula:

- I think the source package name should rather be apicula (with 'i',
  not 'y'), which matches the upstream repo and readme.md. Apycula is
  the python binding, AFAIUI.
- The debian orig tarball contains a few GW1N*.pickle files (in the
  apycula subdirectory), that don't appear in the upstream git repo.
  They seem to be generated, and are later used in the nextpnr build, but it's
  unclear to me where they come from, where the source is.


nextpnr:

- debian/upstream/metadata: Some of the authors have updated names that
  should be used instead of the old names. As far as I can gather:
   - Myrtle Shah[1] (a.k.a. gatecat)
   - Claire Xenia Wolf[2] (a.k.a. Claire Xen)
- Because I removed the GWIN*.pickle files of unknown origin, I skipped the
  gowin targets.
- Building multiple times in the same source directory fails, 
override_dh_auto_clean needs a
  "rm -rf debian/nextpnr-*-qt-chipdb/usr/share/nextpnr/chipdb-*.bin" or similar.
  Or maybe upstream "make clean" needs to be fixed.
- Somehow the chipdb files are installed to /usr/share/nextpnr/chipdb-*.bin
  directly, while nextpnr expects them in per-arch subdirectories. As a quick
  work-around I'm symlinked the expected subdirectories to .


After all this, I've built a simple test design for ECP5 (OrangeCrab), and it 
worked!

Thanks for your work! I hope my comments help to improve it further :)


Best regards,
jn


[0]: Error message:
> CMake Error at CMakeLists.txt:136 (add_executable):
>   Cannot find source file:
>
> 
> /home/jn/dev/debian/nextpnr/prjtrellis-1.4/debian/build-x86_64-linux-gnu/generated/version.cpp
>
>   Tried extensions .c .C .c++ .cc .cpp .cxx .cu .mpp .m .M .mm .ixx .cppm .h
>   .hh .h++ .hm .hpp .hxx .in .txx .f .F .for .f77 .f90 .f95 .f03 .hip .ispc
[1]: https://github.com/gatecat/
[2]: https://github.com/clairexen

Bug#1038451: systemd 247.3-7+deb11u4 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038451 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: systemd
Version: 247.3-7+deb11u4

Explanation: fix a calendar spec calculation hang on DST change if 
TZ=Europe/Dublin

Bug#1038153: spip 3.2.11-3+deb11u8 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038153 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: spip
Version: 3.2.11-3+deb11u8

Explanation: several security fixes

Bug#1037214: appstream-glib 0.7.18-1+deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1037214 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: appstream-glib
Version: 0.7.18-1+deb11u1

Explanation: handle  and  tags in metadata

Bug#1037196: dbus 1.12.28-0+deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1037196 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: dbus
Version: 1.12.28-0+deb11u1

Explanation: new upstream stable release; fix denial of service issue 
[CVE-2023-34969]

Bug#1037187: libprelude 5.2.0-3+deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1037187 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: libprelude
Version: 5.2.0-3+deb11u1

Explanation: make Python module usable

Bug#949358: ITP ulauncher

[matthias . geiger1024]

Hi Patryk,

are you still working on this ? I am interested in getting ulauncher into 
debain.

regards,

---
Matthias Geiger (werdahias)
-BEGIN PGP PUBLIC KEY BLOCK-

mQINBGJGNsQBEADCVylaCtYtBQW4NmDrZOIizSrVlv5ZJ5WJ128MAblWk3fRFPya
Cs/klkTT58ehBSr61sXVP+NpkF7MWOBu2CNg66U40a/Eb+v4poxNaIjXKvQtf51S
y5yGwmTc7IJg8HuohT7K3/pcsEt0jvYSwvvDFUIz5WdOR5RmB7WkDRGh8Zaior3z
tzx6AKhx/aXmAc/i4BDavDxZeFC0d79H3S1+TvFsvhyIZXIFTB0sTzWreZZxSOjk
Mz6xxgWGdc27lsbZbKU7N+c+GnWrRlTjimU1AfPLJQgehIejR9pSyZ2Y5BAqB7Qr
f8Tvc8jc1kDx473sUUla6ELEuJMIISK1qam/B7buxZ1r/ngWRiQsqAHznm7OYk69
ttXBeHxS1b+HrcJMWfROkzsTuG6G//axMCb6x0MuyOgLXk87aDnDx1fPn62R+tq7
T4JvW51TSnlNNh75zA+8w3UzDHy2By0H6NSfiLerNnF7LGCXk7AiwQsaplrEjo/1
/4NraAqy1eO69SyozSiRuuA5KemlyPwJokpp2HMJX3cry2J7lV0+wnaaorQzz5Fi
7gRRlqXrOGwEcEG6i62VbIv2VW3Zy+qjaD3HRWXfKXXjpXske41Trv2qPI2/kGtJ
TRWSWdTQ42oYOaEg/KUh0GnEoZerj50JC1qGmwElKYgd+2XQ8qR7uIB5qQARAQAB
tDFNYXR0aGlhcyBHZWlnZXIgPG1hdHRoaWFzLmdlaWdlcjEwMjRAdHV0YW5vdGEu
ZGU+iQJUBBMBCgA+FiEEwuGmy/3s5RGopBdtGL0QaztsVHUFAmJGNsQCGwMFCQPC
ZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQGL0QaztsVHVMxQ/+M5JEQ5wk
DDblHGUlK8IBnPM5peuDrMdQAsOQ5nSv90gl4z4HkRgomS70xMpvoS+g/8hPym4G
PXpSFJsZWjFevACWMzZO84pqJhPaFnmjh3utkkiblNf8Wi350K+luAlRvT1FVD6i
HM6kOxU0P9t9+PU38FH299oRw2qEqDw5Wx+Hrnp4gaGv1mssvAMiXeaaPGx4KSz8
sNXADHJDo78U6RGJM/rSng/8M7zd3c6E8MIH958mlWjUb8T10AZ/otH3nFSRIfds
5MdnnrsKAK3DMW4RanRWHPvTsICDDkuRvigd32waQRdZeA3dNbPxM6tKDL9GEH8Q
AnkShJ7VmTXP9CV20vj15mleoeDMgqhX5KEOsc3DMnKcVqdb9CzHj6jNSFUverk1
bBNaJpIiWwtwjueR4Hgdof80AAgRin4YnWaOaPTSusrKyN8dCRVcRIbauVooWLil
q2OrWftDVmmNciwoHr5/WDPNgkv9DAgY+DX8Y8LMWAkXgpB0KniiQaLzrW34zjnP
ALTLTIvNid6YX8KOY6KhAVWfVdMC5j6GEGfbfyMLz63YPxA9Q1Af6oXS8MbdHyBw
JV8ns2xm5fD2vZVw6JI1e8AMMDjH2fAqmH23MG0fN0zd2NUToHmvhX9APSzJIbET
doFPn/mI/az4Oh24WHf3Ozr+XEDyWcyy1y+5Ag0EYkY2xAEQANL26Ixtq1QMUM+5
MHl2FK4foRODoKHe4ZzdOAumUBPJE/pxGVlVxCqzC+LUeFvA8LTYCt1B60yRveYR
4mmPTA7nAerG2m4aQPeIfzz6HXWkiu9mzgxqjhPxitiMR5f1du1rAWGPZxSkhdW6
fDWT4PkHoY78jbQXWYEnV85rwtZIZIduHGKWzyxln3qjrefmB04QkPJ2BDOsRTtD
YeNddHAvcgZtyepqZka9lpowQTY6TXwM8uYArEa7Hll/4r9rcvkVQUxf8jqYpZ3v
PLSzvvaDouH7WAg5nUaTeWAQdSq108rNRSTgScLZWjwmhFBA46RneRpij2OJ0lW4
QqFTlldjWXzgGj6u4nbXrSERGaPwyLGIkHoKbnTAm7791d/Y5UQImuPb1tIg5Pf7
OhtyWw3bstVDa5MvIUuGpi5yKPirhrtAfdZ3H2/HR814JuL2BYdjyCuR/Sj/lZTx
+gJ0bm+Llr0KZDhjKMeWaqVqsD4bybgEe4d3zE4sj9GZ0tNUvXfPaRGY6tgh9sgT
Iy28vnyYpFX+oSIZXRreDpfzyjDhvNbB+AFsPN5OXqaBpmu/378T5nRpUj/qbqEZ
EsloCbAmgHfvIysQWYdJ+63S3ZqpbEQRa4Y7DeybaLi8xTMfdWa19T7vQY3mVWn5
ZooycK4fkbedu19+5l8zfhR7oWyBABEBAAGJAjwEGAEKACYWIQTC4abL/ezlEaik
F20YvRBrO2xUdQUCYkY2xAIbDAUJA8JnAAAKCRAYvRBrO2xUdRuPD/4tdAf8nxsA
upo5O99E4AS59OTXPQuVgt1U2Z7ssDvZ3O6qbZvIBWQ0NqnCsprCt71M6cWC2dkq
WUs3oRRu4IzuB4LErcTr597k+iltJ60rhDL/hxSumToH6FSX1w8EWJVg3xgP4U39
HSx6QOlZ3bTgd9dS5S46jOptIYzX5wYkNzyMj1hbmTg0lVyMtWjqfCLNmF3EzGGC
BLR3tMOxZURrxx8tL48iJlFyxJG3XahoyxDSNepo5HZ+AUnNq2TJPoPJQfb1/GB/
/LycKSXWgblyWuGRlgoCE1JcdwuRM5hI2xugZQrhgZaPUBch1MSoiIqwgR1A8NPL
iypUPnwG4vEaVbMtem7OUghsx+fYwuGq0T7/ezjyVRv86U2gU1bmbxojct1AXSCT
FCCR3Y8QAHV9o8U/eZ1XzcEZsXFd6siO5nEBl9HaTHh5gWDrk/molP85S7Y9JIBP
wZygBjWOPCCkFlIuiPQlXsJezVu93ydz7uCNIJfHv30oVedcYHN1Wr7B/1j8wXMy
wqW4Nw54yZ8zaJIo01Khym6cFFVXoAUZa+5QRvSmjnm1Go+ZwZA9i7zo/6LLSpeR
04+4a1Daysk0fTf+DscrxQbUBZX17e1n/EtLS8/pp+Xb/k1JK1iiNcdpfLJ7RNik
GX00szhWs5riRMzIibFDsE/FyYVNX2VHQg==
=onWA
-END PGP PUBLIC KEY BLOCK-

Bug#1009290: mariadb-server-10.6: Fails to start on live system

[Witold Baryluk]

Package: mariadb-server
Version: 1:10.11.3-1
Followup-For: Bug #1009290
X-Debbugs-Cc: witold.bary...@gmail.com


Still broken in 10.11.3.

This is fresh installation, zero modifications.

Jun 24 19:14:24 debian systemd[1]: Starting mariadb.service - MariaDB 10.11.3 
database server...
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [Note] Starting 
MariaDB 10.11.3-MariaDB-1 source revision  as process 2685
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [Note] InnoDB: 
Compressed tables use zlib 1.2.13
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [Note] InnoDB: 
Number of transaction pools: 1
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [Note] InnoDB: 
Using crc32 + pclmulqdq instructions
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [Note] InnoDB: 
Using liburing
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [Note] InnoDB: 
Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [Note] InnoDB: 
Completed initialization of buffer pool
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [ERROR] InnoDB: 
The Auto-extending data file './ibdata1' is of a different size 0 pages than 
specified by innodb_data_file_path
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [ERROR] InnoDB: 
Operating system error number 22 in a file operation.
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [ERROR] InnoDB: 
Error number 22 means 'Invalid argument'
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [Note] InnoDB: 
Some operating system error numbers are described at 
https://mariadb.com/kb/en/library/operating-system-error-codes/
Jun 24 19:14:25 debian mariadbd[2685]: 2023-06-24 19:14:25 0 [ERROR] InnoDB: 
File (unknown): 'close' returned OS error 222. Cannot continue operation
Jun 24 19:14:25 debian mariadbd[2685]: 230624 19:14:25 [ERROR] mysqld got 
signal 6 ;
Jun 24 19:14:25 debian mariadbd[2685]: This could be because you hit a bug. It 
is also possible that this binary
Jun 24 19:14:25 debian mariadbd[2685]: or one of the libraries it was linked 
against is corrupt, improperly built,
Jun 24 19:14:25 debian mariadbd[2685]: or misconfigured. This error can also be 
caused by malfunctioning hardware.
Jun 24 19:14:25 debian mariadbd[2685]: To report this bug, see 
https://mariadb.com/kb/en/reporting-bugs
Jun 24 19:14:25 debian mariadbd[2685]: We will try our best to scrape up some 
info that will hopefully help
Jun 24 19:14:25 debian mariadbd[2685]: diagnose the problem, but since we have 
already crashed,
Jun 24 19:14:25 debian mariadbd[2685]: something is definitely wrong and this 
may fail.
Jun 24 19:14:25 debian mariadbd[2685]: Server version: 10.11.3-MariaDB-1 source 
revision:
Jun 24 19:14:25 debian mariadbd[2685]: key_buffer_size=134217728
Jun 24 19:14:25 debian mariadbd[2685]: read_buffer_size=131072
Jun 24 19:14:25 debian mariadbd[2685]: max_used_connections=0
Jun 24 19:14:25 debian mariadbd[2685]: max_threads=153
Jun 24 19:14:25 debian mariadbd[2685]: thread_count=0
Jun 24 19:14:25 debian mariadbd[2685]: It is possible that mysqld could use up 
to
Jun 24 19:14:25 debian mariadbd[2685]: key_buffer_size + (read_buffer_size + 
sort_buffer_size)*max_threads = 468022 K  bytes of memory
Jun 24 19:14:25 debian mariadbd[2685]: Hope that's ok; if not, decrease some 
variables in the equation.
Jun 24 19:14:25 debian mariadbd[2685]: Thread pointer: 0x0
Jun 24 19:14:25 debian mariadbd[2685]: Attempting backtrace. You can use the 
following information to find out
Jun 24 19:14:25 debian mariadbd[2685]: where mysqld died. If you see no 
messages after this, something went
Jun 24 19:14:25 debian mariadbd[2685]: terribly wrong...
Jun 24 19:14:25 debian mariadbd[2685]: stack_bottom = 0x0 thread_stack 0x49000
Jun 24 19:14:25 debian mariadbd[2685]: 
/usr/sbin/mariadbd(my_print_stacktrace+0x2e)[0x559932b6ecfe]
Jun 24 19:14:25 debian mariadbd[2685]: 
/usr/sbin/mariadbd(handle_fatal_signal+0x409)[0x5599326dc7c9]
Jun 24 19:14:25 debian mariadbd[2685]: 
libc_sigaction.c:0(__restore_rt)[0x7efc03891f90]
Jun 24 19:14:25 debian mariadbd[2685]: 
nptl/pthread_kill.c:44(__pthread_kill_implementation)[0x7efc038e0ccc]
Jun 24 19:14:25 debian mariadbd[2685]: 
posix/raise.c:27(__GI_raise)[0x7efc03891ef2]
Jun 24 19:14:25 debian mariadbd[2685]: 
stdlib/abort.c:81(__GI_abort)[0x7efc0387c472]
Jun 24 19:14:25 debian mariadbd[2685]: 
/usr/sbin/mariadbd(+0x67483c)[0x55993232883c]
Jun 24 19:14:25 debian mariadbd[2685]: 
/usr/sbin/mariadbd(+0xd2a515)[0x5599329de515]
Jun 24 19:14:25 debian mariadbd[2685]: 
/usr/sbin/mariadbd(+0xe29078)[0x559932add078]
Jun 24 19:14:25 debian mariadbd[2685]: 
/usr/sbin/mariadbd(+0xe2c5cf)[0x559932ae05cf]
Jun 24 19:14:25 debian mariadbd[2685]: 
/usr/sbin/mariadbd(+0xe2c6bd)[0x559932ae06bd]
Jun 24 19:14:25 debian mariadbd[2685]: 
/usr/sbin/mariadbd(+0x685d85)[0x559932339d85]
Jun 24 19:14:25 debian mariadbd[2685]: 

Bug#837108: gcc-mingw-w64-i686's libgcc dll is not found by wine

[Stephen Kitt]

Control: tag -1 + wontfix

Hi Niels,

On Thu, 08 Sep 2016 21:56:38 +0200, ni...@lysator.liu.se (Niels Möller) wrote:
> The default dll search path used by wine32 does not include the location
> of the libgcc_s_sjlj-1.dll library supplied with gcc-mingw-w64-i686.
> 
> I can't say if it's wine, mingw, or both, which are wrong here. Wine's
> dll directory, /usr/lib/i386-linux-gnu/wine/, seems reasonable, so I'm
> filing it on mingw. But maybe it's no good idea to have
> gcc-mingw-w64-i686 install files in the same directory. So we might need
> to extend wine's dll path to add some suitable directory for other
> packages to install dlls in.

gcc-mingw-w64 ships different variants of libgcc, so it can’t just drop one
in a directory on the default Wine DLL path — Windows programs built with
gcc-mingw-w64 have to ensure that the appropriate DLLs are available
alongside them.

> My expectation is that if I compile a program using i686-w64-mingw32-gcc
> or i686-w64-mingw32-g++, I should be able to run that executable using
> wine. I've used to be able to do that, not sure at which package upgrade
> it stopped working. Here's an example where this fails:

I don’t think it was ever possible to do that; even when gcc-mingw-w64 (or
gcc-mingw32) shipped a single version of libgcc, it wasn’t provided in a
directory Wine would use on its own. What *is* possible is that previous
versions of the compiler didn’t produce binaries needing libgcc in as many
cases, so you might end up with a binary which just works whereas now you
don’t.

>   #include 
>   #include 
>   
>   int
>   main(int argc, char **argv)
>   {
> printf("foo\n");
> return 0;
>   }
> 
> To reproduce, save into a file "hello.cxx", compile using 
> 
>i686-w64-mingw32-g++ hello.cxx 
> 
> and run it using
> 
>WINEDEBUG=err+all wine ./a.exe
> 
> Expected result is a line "foo" written to stdout. Instead, I get
> the error
> 
>   err:module:import_dll Library libgcc_s_sjlj-1.dll (which is needed by
> L"Z:\\home\\nisse\\hack\\test\\a.exe") not found
> err:module:LdrInitializeThunk Main exe initialization for
> L"Z:\\home\\nisse\\hack\\test\\a.exe" failed, status c135
> 
> By strace (strace -f -e open wine a.exe), I see that wine attempts to open
> 
>   [pid 31177]
> open("/usr/lib/wine/../i386-linux-gnu/wine/./libgcc_s_sjlj-1.dll.so",
> O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 31177]
> open("/usr/lib/wine/../i386-linux-gnu/wine/./libgcc_s_sjlj-1.dll.so",
> O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) which seems
> ok, /usr/lib/i386-linux-gnu/wine/ exists and there are a lot of dll files
> there. But not libgcc. 
> 
>   $ apt-file search libgcc_s_sjlj
>   gcc-mingw-w64-i686:
> /usr/lib/gcc/i686-w64-mingw32/4.9-posix/libgcc_s_sjlj-1.dll
> gcc-mingw-w64-i686:
> /usr/lib/gcc/i686-w64-mingw32/4.9-win32/libgcc_s_sjlj-1.dll
> 
> I have this package installed, and the files exist on my system, they
> just aren't found by wine. Besides the different location, also note the
> different file name, ".dll" vs ".dll.so".

Yes, .dll.so files are Wine-specific. The goal of the mingw-w64 packages is
to produce binaries which work on Windows (and incidentally, Wine).

> The debian wine* packages I have installed are wine, wine32 and wine64,
> all version 1.8.4-1.
> 
> The debian gcc-mingw* packages installed are gcc-mingw-w64,
> gcc-mingw-w64-base, gcc-mingw-w64-i686, gcc-mingw-w64-x86-64, all
> version 4.9.1-19+14.3.
> 
> I'm running this on an x86_64 machine running mostly debian stable,
> but certain packages, including wine, installed from testing (apt-get
> install -t testing wine).
> 
> Some curiosities: 
> 
>   * Switching the order of the two includes, or deleting the include of
> , makes this example work. It then prints out the message
> "foo", as expected. (The executable then no longer depends on the
> libgcc dll, I guess).
> 
>   * The strace output also shows that wine attempts to open
> "/usr/lib/wine/../i386-linux-gnu/wine/./%1.dll.so"

Regards,

Stephen


pgpwV2cZqpSjk.pgp
Description: OpenPGP digital signature

Bug#1032395: fixed in arm-trusted-firmware 2.9.0+dfsg-1

[harry88]

On 19/06/2023 04:51, Debian Bug Tracking System wrote:

This is an automatic notification regarding your Bug report
which was filed against the arm-trusted-firmware package:

#1032395: Please make setting up regulators optional on sun50i_h6 platform
[...]


Hi Vagrant,

Thanks very much for doing that.

Please note that the comment in the rules file still mentions the old
name "sun50i_h6_leave_regulators".

Best wishes,
Harold.

Bug#1038390: vte2.91 0.70.6-1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038390 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: vte2.91
Version: 0.70.6-1~deb12u1

Explanation: new upstream bugfix release

Bug#1037420: systemd 252.11-1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1037420 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: systemd
Version: 252.11-1~deb12u1

Explanation: new upstream bugfix release

Bug#1038714: mate-session-manager 1.26.0-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038714 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: mate-session-manager
Version: 1.26.0-1+deb12u1

Explanation: fix several memory leaks; allow clutter backends other than x11

Bug#1037305: postfix 3.7.6-0+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1037305 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: postfix
Version: 3.7.6-0+deb12u1

Explanation: new upstream bugfix release

Bug#1036856: mutter 43.6-1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1036856 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: mutter
Version: 43.6-1~deb12u1

Explanation: new upstream bugfix release

Bug#1038605: mate-power-manager 1.26.0-2+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038605 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: mate-power-manager
Version: 1.26.0-2+deb12u1

Explanation: fix serveral memory leaks

Bug#1038433: libmatekbd 1.26.0-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038433 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: libmatekbd
Version: 1.26.0-1+deb12u1

Explanation: fix memory leaks

Bug#1036858: gnome-shell 43.6-1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1036858 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: gnome-shell
Version: 43.6-1~deb12u1

Explanation: new upstream bugfix release

Bug#1039019: fai 6.0.3+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1039019 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: fai
Version: 6.0.3+deb12u1

Explanation: fix IP address lifetime

Bug#1038777: gnome-control-center 43.6-2~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038777 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: gnome-control-center
Version: 43.6-2~deb12u1

Explanation: new upstream bugfix release

Bug#1038780: gnome-maps 43.5-2~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038780 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: gnome-maps
Version: 43.5-2~deb12u1

Explanation: new upstream bugfix release

Bug#1038209: dpdk 22.11.2-2~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1038209 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: dpdk
Version: 22.11.2-2~deb12u1

Explanation: new upstream stable release

Bug#1037194: dbus 1.14.8-1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1037194 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: dbus
Version: 1.14.8-1~deb12u1

Explanation: new upstream stable release; fix denial of service issue 
[CVE-2023-34969]

Bug#1039027: new upstream (2.1.0)

[Daniel Baumann]

Package: python-pgspecial

Hi,

thank you for maintaining pgsepcial in Debian. Now that bookworm has
been released, it would be nice if you could update the package to the
current upstream version (2.1.0).

Regards,
Daniel

Bug#1038809: doodle: Depends on unmaintained gamin

[Christian Grothoff]

On 6/24/23 19:30, Daniel Baumann wrote:

On 6/24/23 19:03, Christian Grothoff wrote:

Do we know if there is anything else that replaces
libgamin in terms of functionality?


it's seems gamin has been abandoned quite some time ago already in
favour of using inotify.

maybe using libinotify from
https://github.com/inotify-tools/inotify-tools/ instead?


Not possible, I've checked the libinotify documentation, and its pretty 
clear that it doesn't do (everything) that libgamin used to do, and 
quite specifically not what doodled needs. But, doodle can totally be 
used without doodled, so if Debian obsoletes libgamin without a good 
replacement, you can still ship doodle built without doodled support.

Bug#1039026: bookworm-pu: cups/2.4.2-3+deb12u1

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for cups fixes CVE-2023-32324 and CVE-2023-34241 in 
Bookworm. Both CVE have been marked as no-dsa by the security team.


The same fixes have been already uploaded to Unstable and nobody 
complained yet.


  Thorsten
diff -Nru cups-2.4.2/debian/changelog cups-2.4.2/debian/changelog
--- cups-2.4.2/debian/changelog 2023-03-26 10:54:05.0 +0200
+++ cups-2.4.2/debian/changelog 2023-06-24 10:54:05.0 +0200
@@ -1,3 +1,14 @@
+cups (2.4.2-3+deb12u1) bookworm; urgency=medium
+
+  * CVE-2023-34241 (Closes: #1038885)
+use-after-free in cupsdAcceptClient()
+
+  * CVE-2023-32324
+A heap buffer overflow vulnerability would allow a remote attacker to 
+lauch a dos attack.
+
+ -- Thorsten Alteholz   Sat, 24 Jun 2023 10:54:05 +0200
+
 cups (2.4.2-3) unstable; urgency=medium
 
   [ Helge Kreutzmann ]
diff -Nru cups-2.4.2/debian/patches/0013-CVE-2023-32324.patch 
cups-2.4.2/debian/patches/0013-CVE-2023-32324.patch
--- cups-2.4.2/debian/patches/0013-CVE-2023-32324.patch 1970-01-01 
01:00:00.0 +0100
+++ cups-2.4.2/debian/patches/0013-CVE-2023-32324.patch 2023-06-24 
10:54:05.0 +0200
@@ -0,0 +1,29 @@
+From: Thorsten Alteholz 
+Date: Sat, 24 Jun 2023 11:06:49 +0200
+Subject: CVE-2023-32324
+
+---
+ cups/string.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/cups/string.c b/cups/string.c
+index 93cdad1..1f81d60 100644
+--- a/cups/string.c
 b/cups/string.c
+@@ -1,6 +1,7 @@
+ /*
+  * String functions for CUPS.
+  *
++ * Copyright © 2023 by OpenPrinting.
+  * Copyright © 2007-2019 by Apple Inc.
+  * Copyright © 1997-2007 by Easy Software Products.
+  *
+@@ -729,6 +730,8 @@ _cups_strlcpy(char   *dst, /* O - 
Destination string */
+ {
+   size_t  srclen; /* Length of source string */
+ 
++  if (size == 0)
++return (0);
+ 
+  /*
+   * Figure out how much room is needed...
diff -Nru cups-2.4.2/debian/patches/0014-CVE-2023-34241.patch 
cups-2.4.2/debian/patches/0014-CVE-2023-34241.patch
--- cups-2.4.2/debian/patches/0014-CVE-2023-34241.patch 1970-01-01 
01:00:00.0 +0100
+++ cups-2.4.2/debian/patches/0014-CVE-2023-34241.patch 2023-06-24 
10:54:05.0 +0200
@@ -0,0 +1,57 @@
+From: Thorsten Alteholz 
+Date: Sat, 24 Jun 2023 11:07:10 +0200
+Subject: CVE-2023-34241
+
+---
+ scheduler/client.c | 16 +++-
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/scheduler/client.c b/scheduler/client.c
+index e7e419f..441c1d7 100644
+--- a/scheduler/client.c
 b/scheduler/client.c
+@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener 
socket */
+/*
+ * Can't have an unresolved IP address with double-lookups enabled...
+ */
+-
+-httpClose(con->http);
+-
+ cupsdLogClient(con, CUPSD_LOG_WARN,
+-"Name lookup failed - connection from %s closed!",
++"Name lookup failed - closing connection from %s!",
+ httpGetHostname(con->http, NULL, 0));
+ 
++httpClose(con->http);
+ free(con);
+ return;
+   }
+@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener 
socket */
+   * with double-lookups enabled...
+   */
+ 
+-  httpClose(con->http);
+-
+   cupsdLogClient(con, CUPSD_LOG_WARN,
+-  "IP lookup failed - connection from %s closed!",
++  "IP lookup failed - closing connection from %s!",
+   httpGetHostname(con->http, NULL, 0));
++
++  httpClose(con->http);
+   free(con);
+   return;
+ }
+@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener 
socket */
+ 
+   if (!hosts_access(_req))
+   {
+-httpClose(con->http);
+-
+ cupsdLogClient(con, CUPSD_LOG_WARN,
+ "Connection from %s refused by /etc/hosts.allow and "
+   "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 
0));
++
++httpClose(con->http);
+ free(con);
+ return;
+   }
diff -Nru cups-2.4.2/debian/patches/series cups-2.4.2/debian/patches/series
--- cups-2.4.2/debian/patches/series2023-03-26 10:54:05.0 +0200
+++ cups-2.4.2/debian/patches/series2023-06-24 10:54:05.0 +0200
@@ -10,3 +10,5 @@
 0015-Debian-Reproducibility-Do-not-run-stp-tests-as-root.patch
 0016-Debian-po4a-infrastructure-and-translations-for-manp.patch
 0012-add-pt.patch
+0013-CVE-2023-32324.patch
+0014-CVE-2023-34241.patch

Bug#893069: new upstream (4.4.3)

[Daniel Baumann]

retitle 893069 new upstream (4.4.10)
thanks

Hi Javier,

another two years have passed, bookworm has been released.. I must
assume that you're MIA and would like to take over the package. Are you
fine with this?

Regards,
Daniel

Bug#1039025: RFS: vim-rails/5.4-1 [ITA] -- vim development tools for Rails development

[Thiago Marques]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "vim-rails":

 * Package name : vim-rails
   Version  : 5.4-1
   Upstream contact : [fill in name and email of upstream]
 * URL  : https://www.vim.org/scripts/script.php?script_id=1567
 * License  : GPL-2+
 * Vcs  : https://salsa.debian.org/debian/vim-rails
   Section  : editors

The source builds the following binary packages:

  vim-rails - vim development tools for Rails development

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/vim-rails/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/v/vim-rails/vim-rails_5.4-1.dsc

Changes since the last upload:

 vim-rails (5.4-1) unstable; urgency=medium
 .
   * New maintainer (Closes: #873017).
   * New upstream release.
   * debian/control:
  - Bumped Standards-Version to 4.6.2.
  - Updated 'obsolete-vim-addon-manager' to 'dh-vim-addon'.
  - Added upstream home page.

Regards,
-- 
  Thiago Marques Siqueira

Bug#1038926: cvs fails with "rsh: No host specified!"

[Thorsten Glaser]

Patrice Duroux dixit:

>I think that everything is here:
>
>https://salsa.debian.org/ssh-team/openssh/-/blob/master/debian/changelog#L193

And:

>Using :extssh: is working but no more is :ext:.

Hmm.

Thanks, this does prove enough information for debugging.

This is… strange. cvs is compiled with --with-rsh=ssh, but it does not
use it. I have a hunch that GNU autotools are fucking with this, and
maybe --with-rsh=/usr/bin/ssh could work and will test that. Or making
openssh-client a build dependency, even (ugly hack, but that’d explain
why this worked in MirBSD).

In the meanwhile, please export CVS_RSH=ssh or use cvs-switchroot(1) to
change your CVS/Root files in the checkout to use :extssh: præfix.

Even if changing the configure argument fixes this, it’ll be hard to
get this updated in stable post-release. I can try but ⓐ don’t hold
your breath for it and ⓑ it might just end up being documented in the
release notes.

bye,
//mirabilos
-- 
13:28⎜«neurodamage:#cvs» you're a handy guy to have around for systems stuff ☺
17:14⎜ Thanks big help you are :-)mira|nwt: ty again
18:35⎜«alturiak:#cvs» mirabilos: aw, nice. thanks :o
21:57⎜ yeah, I really appreciate help

Bug#1039024: ITP: fonts-atarist -- Atari ST monochrome system font

[Gürkan Myczko]

Package: wnpp
Severity: wishlist
Owner: Gürkan Myczko 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: fonts-atarist
  Version : 0+git20230624+ds
  Upstream Authors: ntwk
  URL : https://github.com/ntwk/atarist-font
* License : BSD-3-clause
  Description : Atari ST monochrome system font
 This is a rebranding of the high-resolution system font originally 
featured on
 the Atari ST home computer. It is a monospaced bitmap font available in 
a

 single size of 8x16 pixels.

Bug#1039023: After Coming Out of monero-wallet-cli Inactivity Lock Screen, 'set' Commands Throw Error Exposing Password

[flavonol]

Package: monero
Version: 0.18.2.2+~0+20200826-1

While using monero-wallet-cli, after the wallet is locked due to inactivity and 
unlocked again, using a 'set' command throws errors as transcribed below:

[wallet ]: set unit monero
Wallet password:
Error: invalid password
[wallet ]: Error: Unknown command , try 
'help'[wallet ]: [wallet ]:

The expected result of the example 'set' command above would be to set the 
default unit to monero. The same behavior occurs when using different options 
with the 'set' command (for example, 'set inactvity-lock-timeout 0'). The above 
errors are not thrown if the wallet was only locked via the 'lock' command 
instead of the inactivity timer or if the wallet has not yet been locked during 
a given session.

This issue closely resembles monero GitHub issue #6653 
(https://github.com/monero-project/monero/issues/6653). Github user downystreet 
stated that recompiling with readline fixed the issue for them.

I am using Debian GNU/Linux trixie/sid, kernel 6.1.0-9-amd64 and libc6 2.36-9.

Bug#1039006: libparking-lot-core-dev: fails to build with feature deadlock_detection

[Jonas Smedegaard]

Quoting Jonas Smedegaard (2023-06-24 15:00:41)
> Attempting to build projects depenging on parking-lot-core with feature
> deadlock_detection enabled, fails like this:
> 
> error[E0432]: unresolved import `backtrace`
> --> 
> /path/to/project/debian/cargo_registry/parking_lot_core-0.9.3/src/parking_lot.rs:1145:9
>  |
> 1145 | use backtrace::Backtrace;
>  | ^ help: a similar path exists: `std::backtrace`
> 
> For more information about this error, try `rustc --explain E0432`.
> error: could not compile `parking_lot_core` due to previous error
> 
> Seems the cause is that feature backtrace was gutted.

And (just guessing, because the patch lacks DEP-3 headers) it seems the
feature backtrace was gutted because at the time the crate backtrace was
too old in Debian - which is no longer the case.

So looks like the best fix is to simply drop the patch (and stop "set
test_is_broken", whatever that means).

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1038879: bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u1

[Jonathan Wiltshire]

Control: tag -1 moreinfo

On Thu, Jun 22, 2023 at 02:29:54PM +0200, Francesco P. Lovergine wrote:
> diff -Nru proftpd-dfsg-1.3.8+dfsg/debian/changelog 
> proftpd-dfsg-1.3.8+dfsg/debian/changelog
> --- proftpd-dfsg-1.3.8+dfsg/debian/changelog  2023-03-14 10:16:31.0 
> +0100
> +++ proftpd-dfsg-1.3.8+dfsg/debian/changelog  2023-06-22 11:15:57.0 
> +0200
> @@ -1,3 +1,15 @@
> +proftpd-dfsg (1.3.8+dfsg-4+deb12u1) bookworm-proposed-updates; urgency=medium

You should target `bookworm`, not the admin suites.

> diff -Nru proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.prerm 
> proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.prerm
> --- proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.prerm 1970-01-01 
> 01:00:00.0 +0100
> +++ proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.prerm 2023-06-22 
> 11:13:30.0 +0200
> @@ -0,0 +1,11 @@
> +#!/bin/sh
> +
> +set -e
> +
> +if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = remove ] && [ -d /run/systemd/system 
> ] ;
> +then
> +deb-systemd-invoke stop 'proftpd.service' >/dev/null || true
> +deb-systemd-invoke stop 'proftpd.socket' >/dev/null || true
> +fi

This gives rise to a race condition where the socket starts the service
again before the socket is stopped.

> diff -Nru proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.proftpd-run.service 
> proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.proftpd-run.service
> --- proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.proftpd-run.service   
> 1970-01-01 01:00:00.0 +0100
> +++ proftpd-dfsg-1.3.8+dfsg/debian/proftpd-core.proftpd-run.service   
> 2023-06-22 11:12:42.0 +0200
> @@ -0,0 +1,14 @@
> +[Unit]
> +Description=ProFTPD FTP Server in standalone/socket mode
> +Documentation=man:proftpd(8)
> +OnFailure=proftpd.socket
> +OnSuccess=proftpd.service
> +
> +[Service]
> +Type=oneshot
> +Environment=CONFIG_FILE=/etc/proftpd/proftpd.conf
> +EnvironmentFile=-/etc/default/proftpd
> +ExecStart=/usr/bin/grep -iqE 
> '^[[:space:]]*ServerType[[:space:]]+standalone$' $CONFIG_FILE

Maybe I missed something important, but this seems a very odd way of doing
things. Do you really set up a dummy service unit which is expected to fail
in standalone mode, and therefore starts the socket instead?

Why not use an ExecStartPre= or ExecCondition= in your normal units to
prevent starting when in inetd mode?


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1038809: doodle: Depends on unmaintained gamin

[Daniel Baumann]

On 6/24/23 19:03, Christian Grothoff wrote:
> Do we know if there is anything else that replaces
> libgamin in terms of functionality?

it's seems gamin has been abandoned quite some time ago already in
favour of using inotify.

maybe using libinotify from
https://github.com/inotify-tools/inotify-tools/ instead?

Regards,
Daniel

Bug#1039022: obsoleted fork, can be replaced by golang-github-creack-pty-dev

[Shengjing Zhu]

Source: golang-github-elisescu-pty
Version: 1.1.9-1
Severity: serious
X-Debbugs-Cc: z...@debian.org

This fork only contains one change:

https://github.com/elisescu/pty/commit/b36ef7cd (Add a Setsize function to set
the size of the terminal)

This is already merged in https://github.com/creack/pty/commit/f4f01f59

Reverse dependencies should migrate to golang-github-creack-pty-dev.


-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1038041: bookworm-pu: package unixodbc/2.3.11-2+deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Thu, Jun 15, 2023 at 09:59:25PM +1000, Hugh McMaster wrote:
> (1) Users who upgrade their system from old versions of Debian (e.g. Lenny,
> Squeeze, Wheezy etc.) with odbcinst1debian1 installed are unable to upgrade to
> bookworm due to a missing Breaks+Replaces against two binary packages.
> 
> Although odbcinst1debian1 hasn't existed for years, dpkg complains because
> /etc/odbc.ini is also in unixodbc-common, and /usr/bin/odbcinst is also in
> odbcinst.
> 
> (2) Due to an oversight on my part, the stable version of unixodbc-common has
> an obsolete conffile.

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1039008: Perhaps resolved

[ael]

The connection to outlook.office365.com:993 worked again just now, so
this might have been a transient change in MSland.

I will leave this bug open for a day or so to see whether the problem
resurfaces, but will otherwise close the bug.

Sorry for what may be just noise...

Bug#1038809: doodle: Depends on unmaintained gamin

[Christian Grothoff]

Ah, it's the replacement for libfam, which is why the code only has 
libfam. Makes sense. Do we know if there is anything else that replaces 
libgamin in terms of functionality? If not, you could of course simply 
ship doodle without doodled, but I would try to keep it working if 
someone can point me to a library that replaces libgamin/libfam.


On 6/24/23 18:41, Daniel Baumann wrote:

On 6/24/23 18:37, Daniel Baumann wrote:

removed now, so nevermind, thanks, and sorry for the noise.


sorry, I wrote that while the package was still building.
without libgamin-dev (containing libfam.so), there's no doodled then. so
now we now :)

Regards,
Daniel

Bug#1038727: bookworm-pu: package nftables/1.0.6-2+deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Tue, Jun 20, 2023 at 05:27:03PM +0200, Arturo Borrero Gonzalez wrote:
> There has been a behavior regression reported in nftables when
> upgrading from Debian 11 Bullseye to Debian 12 Bookworm.
> 
> The change is in how nftables prints the set definitions, with
> or without set elements by default.
> 
> Some user tools relying on 'nft -j list sets' fail after upgrading
> to Debian Bookworm from Debian Bullseye because the behavior change.
> 
> The small upstream fix makes the behavior coherent and predictable for the
> set listing action.

It would be good to mention *what* the patch does and why in the changelog,
but in general please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1039021: RFP: unrealircd -- Open Source IRC Server

[Victor Coss]

Package: wnpp
Severity: wishlist

* Package name: unrealircd
  Version : 6.1.1.1
  Upstream Contact: Bram Matthys 
* URL : https://www.unrealircd.org/
* License : GPLv2 or later
  Programming Lang: C
  Description : Open Source IRC Server

UnrealIRCd is an open source IRC (Internet Relay Chat) server serving thousands 
of networks since 1999. It is the most widely deployed IRCd with a market share 
of 38%.
Unlike other IRCds, it has a lot of advanced features and is highly 
customizable. It has an extensive documentation and a very active developing 
community.

Any previous licensing issues should no longer be an issue. The code of 
UnrealIRCd consists mostly of a mix of "GPLv1 or later" and "GPLv2 or later". 
The remaining parts either come from public domain or BSD license WITHOUT 
advertising clause, so are GPL compatible. UnrealIRCd used to have a non 
DFSG-free version
of the MD5 algorithm used for hostname cloaking; this has since been removed in 
2015 and now utilizes OpenSSL. 
https://github.com/unrealircd/unrealircd/commit/229bcca9967d26b40e8b77880ad9fc368e4d1527
All source code headers have a "or any later version" of GPL clause, meaning 
you can package it with GPLv3 license if you wish.

I believe UnrealIRCd is a very useful and popular program and should no longer 
have any compatibility issues with DFSG.

Bug#1038809: doodle: Depends on unmaintained gamin

[Daniel Baumann]

On 6/24/23 18:37, Daniel Baumann wrote:
> removed now, so nevermind, thanks, and sorry for the noise.

sorry, I wrote that while the package was still building.
without libgamin-dev (containing libfam.so), there's no doodled then. so
now we now :)

Regards,
Daniel

Bug#1038809: doodle: Depends on unmaintained gamin

[Daniel Baumann]

On 6/24/23 16:10, Christian Grothoff wrote:
> I'm a bit confused where the build-depends comes from

confusing indeed - it seems it has creeped in in 2007 (probably from the
'fam' removal at that time) and has never been questioned ever since.

removed now, so nevermind, thanks, and sorry for the noise.

Regards,
Daniel

Bug#1029672: RFP: django-model2puml -- Generator of project models structure in PlantUML class notation

[Petter Reinholdtsen]

[Petter Reinholdtsen 2023-01-29]
> I have asked upstream if they are interested in this,
> https://github.com/sen-den/django-model2puml/issues/7 >

Upstream is interested but do not use Debian and do not really know what
to do.

In any case, I created draft packaging now available in
https://salsa.debian.org/pere/django-model2puml >.
-- 
Happy hacking
Petter Reinholdtsen

Bug#1036950: schleuder: fails to upgrade from 'buster': insufficient dependency on ruby-activerecord (>= 2:6)

[Georg Faerber]

Hi,

On 23-06-23 20:14:59, Georg Faerber wrote:
> Unfortunately, up until now, there wasn't a proposed update targeting
> bullseye.
> 
> Andreas, how do you want to proceed? Do you have any spare cycles to
> handle this? This would be great -- but please don't hesitate to tell me
> if that's not the case, if so, I'll take over.

The pu targeting bullseye is now tracked via #1039020.

Cheers,
Georg

Bug#1039020: bullseye-pu: package schleuder/3.6.0-3+deb11u2

[Georg Faerber]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: gitcom...@henk.geekmail.org
Control: affects -1 + src:schleuder

Dear release team,

[ Reason ]
Missing versioning of the ruby-activerecord dependency might lead to
failing upgrades from buster to bullseye if done in two stages, in
contrast to only one stage. This issue was reported by Hendrik Jäger and
Andreas Beckmann, both privately and in Debian via #1036950.

It was fixed in unstable via 4.0.3-8.

[ Impact ]
Severe, as upgrades might fail, depending on how these are done.

[ Tests ]
Tests were done both manually and via Salsa CI. Additionally, to ease
future maintenance and ensure upgrades work as expected, a new "piuparts
multi distro upgrade" CI test job was introduced. [2]

[ Risks ]
There should be none, I believe.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Add missing versioning on ruby-activerecord dependency, to ensure
correct ordering during upgrades.

For details, see the attached debdiff of 3.6.0-3+deb11u1, as currently
present in bullseye, and 3.6.0-3+deb11u2.

Thanks for your work!

Cheers,
Georg


[1] 
https://salsa.debian.org/ruby-team/schleuder/-/commit/08fd9a91a938346f5cad3cf216f8225b6f6cdd0e
diff -Nru schleuder-3.6.0/debian/changelog schleuder-3.6.0/debian/changelog
--- schleuder-3.6.0/debian/changelog	2021-12-26 16:28:29.0 +
+++ schleuder-3.6.0/debian/changelog	2023-06-24 15:02:25.0 +
@@ -1,3 +1,14 @@
+schleuder (3.6.0-3+deb11u2) bullseye; urgency=medium
+
+  * debian/control:
+- Add missing versioning on ruby-activerecord dependency. Before, upgrades
+  from buster to bullseye might have failed if done in two stages, in
+  contrast to only one stage, which worked as expected. Thanks to
+  Hendrik Jäger and Andreas Beckmann for reporting this issue.
+  (Closes: #1036950)
+
+ -- Georg Faerber   Sat, 24 Jun 2023 15:02:25 +
+
 schleuder (3.6.0-3+deb11u1) bullseye; urgency=medium
 
   * debian/patches:
diff -Nru schleuder-3.6.0/debian/control schleuder-3.6.0/debian/control
--- schleuder-3.6.0/debian/control	2021-12-26 16:28:29.0 +
+++ schleuder-3.6.0/debian/control	2023-06-24 15:02:25.0 +
@@ -39,7 +39,7 @@
  lsb-base,
  rake,
  ruby | ruby-interpreter,
- ruby-activerecord,
+ ruby-activerecord (>= 2:6~),
  ruby-charlock-holmes,
  ruby-gpgme,
  ruby-mail,

Bug#1038906: bookworm-pu: package mailman3/3.3.8-1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Fri, Jun 23, 2023 at 01:12:57AM +0200, Pierre-Elliott Bécue wrote:
> Multiple small bugs could have been fixed before the bookworm release,
> but having been elsewhere in my mind, I let those slip.
> 
> I'd therefore like to submit this debdiff for a stable-pu.

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1038387: bookworm-pu: package groonga/13.0.0+dfsg-2~deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Sat, Jun 17, 2023 at 10:01:19PM +0900, Kentaro Hayashi wrote:
> The installed document will not be rendered correctly.
> 
> It is against upstream developer's intention.
> This bug only affect the Groonga's documentaion and sample application.
> groonga-doc will be installed by default when groonga
> package is installed, so it affects for all Groonga users.

As this is a direct backport from trixie, you should include the changelog
entry for 13.0.0+dfsg-3 and add one on top, version 13.0.0+dfsg-3~deb12u1
and a description "Backport to bookworm" or similar. With that change,
please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1038899: bookworm-pu: package nfdump/1.7.1-2+deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Thu, Jun 22, 2023 at 10:29:34PM +0200, Bernhard Schmidt wrote:
> [ Reason ]
> This update fixes two errors reported in #1038644
> - a segfault when using a particular option
> - a wrong 'failed' indication in the sysvinit initscript
> 
> The segfault fix is straight forward and just an error in the option
> parsing.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1038824: bookworm-pu: package openvpn/2.6.3-1+deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Wed, Jun 21, 2023 at 10:04:49PM +0200, Bernhard Schmidt wrote:
> This -pu cherry-picks two fixes from upstream. One fixing a memory
> leak that is noticable on long running servers, and one dangling pointer that
> might lead to crashes. Both have been in 2.6.3-2 for about a month now,
> migrated to testing flawlessly and are part of the recent upstream stable
> release. 
> 
> There is nothing else in 2.6.3-2 that is not suitable for bookworm, I have 
> just
> changed the version and set the correct branch in gbp.conf

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1039019: bookworm-pu: package fai/6.0.3+deb12u1

[Thomas Lange]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: f...@packages.debian.org
Control: affects -1 + src:fai


This upload fixes #1037329


[ Reason ]
A change from FAI 5.10.3 (in bullseye) to 6.0 (currently 6.0.3 in bookworm)
removed some code which sets the lifetime for IP addresses to forever. This 
change must be reversed.

[ Impact ]
A network installation hangs completly after the lease time of the IP address 
expires.
FAI does not run a dhclient, because it uses a nfsroot.

[ Tests ]
Since we used this code years before, and I only reverted the commit which 
removes the code, no tests are needed.

[ Risks ]
No risks,.

[ Checklist ]
  [X ] *all* changes are documented in the d/changelog
  [X ] I reviewed all changes and I approve them
  [X ] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
For each network interface, set IP address filetime to forever.


 bin/fai  |6 ++
 debian/changelog |6 ++
 2 files changed, 12 insertions(+)

diff -Nru fai-6.0.3/bin/fai fai-6.0.3+deb12u1/bin/fai
--- fai-6.0.3/bin/fai   2023-01-12 10:22:03.0 +0100
+++ fai-6.0.3+deb12u1/bin/fai   2023-06-24 12:57:09.0 +0200
@@ -126,6 +126,12 @@
 
 cat /proc/kmsg >/dev/tty4 &
 
+# fix IP address lifetime
+   ip -4 -br a | awk '/UP / {if ($3) print $3 " " $1}' | \
+while read addr iface; do
+ip -4 addr change "$addr" dev "$iface" valid_lft forever 
preferred_lft forever
+done
+
 # enable EFI variables
 if [ -d /sys/firmware/efi ]; then
mount -t efivarfs none /sys/firmware/efi/efivars
diff -Nru fai-6.0.3/debian/changelog fai-6.0.3+deb12u1/debian/changelog
--- fai-6.0.3/debian/changelog  2023-05-24 11:57:11.0 +0200
+++ fai-6.0.3+deb12u1/debian/changelog  2023-06-24 13:02:26.0 +0200
@@ -1,3 +1,9 @@
+fai (6.0.3+deb12u1) bookworm; urgency=low
+
+  * fai: set IP address lifetime to forever, Closes: #1037329
+
+ -- Thomas Lange   Sat, 24 Jun 2023 13:02:26 +0200
+
 fai (6.0.3) unstable; urgency=high
 
   *  get-boot-info: write $SERVER only if string is non-epmty

Bug#1039018: pipewire: The package description is incomplete - audio functions are not mentionend!

[Wolfgang Strowik]

Package: pipewire
Version: 0.3.65-3
Severity: normal
Tags: patch
X-Debbugs-Cc: debianwo...@web.de



-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pipewire depends on:
ii  adduser  3.134
ii  init-system-helpers  1.65.2
ii  libpipewire-0.3-modules  0.3.65-3
ii  pipewire-bin 0.3.65-3

pipewire recommends no packages.

pipewire suggests no packages.

-- no debconf information



The description should be completed by simply replacing the term "video 
sources" by "audio and video sources". Apart from that, I think that it is 
correct and well understandable. Thank you!

Bug#1039017: qflipper: crash when uploading files

[Edward Shornock]

Package: qflipper
Version: 1.3.2-1
Severity: normal

Dear Maintainer,

Uploading files to the Flipper Zero results in a crash right after the
KDE file picker is loaded. I cannot reproduce this crash with the
upstream provided qFlipper-x86_64-1.3.2.AppImage.

Please let me know if I can provide any other information to help fix this.

#0  0x7f8c73374427 __strcmp_avx2 (libc.so.6 + 0x155427)
#1  0x5557cdc77056 
_ZN6Logger13messageOutputE9QtMsgTypeRK18QMessageLogContextRK7QString 
(qFlipper + 0x6f056)

#2  0x7f8c738c3b50 n/a (libQt5Core.so.5 + 0xc3b50)
#3  0x7f8c738c50fd 
_Z17qt_message_output9QtMsgTypeRK18QMessageLogContextRK7QString 
(libQt5Core.so.5 + 0xc50fd)

#4  0x7f8c73890dfd _Z13qErrnoWarningPKcz (libQt5Core.so.5 + 0x90dfd)
#5  0x7f8c7389e350 n/a (libQt5Core.so.5 + 0x9e350)
#6  0x7f8c73a173f9 _ZN18QFileSystemWatcher8addPathsERK11QStringList 
(libQt5Core.so.5 + 0x2173f9)
#7  0x7f8c73a17a63 _ZN18QFileSystemWatcher7addPathERK7QString 
(libQt5Core.so.5 + 0x217a63)
#8  0x7f8c6e3e20fe _ZN16KDirWatchPrivate11useQFSWatchEPNS_5EntryE 
(libKF5CoreAddons.so.5 + 0x550fe)
#9  0x7f8c6e3e23ab _ZN16KDirWatchPrivate8addWatchEPNS_5EntryE 
(libKF5CoreAddons.so.5 + 0x553ab)
#10 0x7f8c6e3dfcf7 
_ZN16KDirWatchPrivate8addEntryEP9KDirWatchRK7QStringPNS_5EntryEb6QFlagsINS0_9WatchModeEE 
(libKF5CoreAddons.so.5 + 0x52cf7)

#11 0x7f8c6e915bdd _ZN11KSambaShareC2Ev (libKF5KIOCore.so.5 + 0x6bbdd)
#12 0x7f8c6e915cc6 _ZN20KSambaShareSingletonC4Ev (libKF5KIOCore.so.5 
+ 0x6bcc6)
#13 0x7f8c6e91ff2d _ZNK9KFileItem8overlaysEv (libKF5KIOCore.so.5 + 
0x75f2d)
#14 0x7f8c6eb68f44 _ZNK9KDirModel4dataERK11QModelIndexi 
(libKF5KIOWidgets.so.5 + 0x113f44)
#15 0x7f8c73a7b8e1 _ZNK21QSortFilterProxyModel4dataERK11QModelIndexi 
(libQt5Core.so.5 + 0x27b8e1)
#16 0x7f8c6eb560f3 _ZNK11QModelIndex4dataEi (libKF5KIOWidgets.so.5 + 
0x1010f3)
#17 0x7f8c6eb566be 
_ZNK17KFileItemDelegate7Private15initStyleOptionEP20QStyleOptionViewItemRK11QModelIndex 
(libKF5KIOWidgets.so.5 + 0x1016be)
#18 0x7f8c6eb56b9a 
_ZNK17KFileItemDelegate8sizeHintERK20QStyleOptionViewItemRK11QModelIndex 
(libKF5KIOWidgets.so.5 + 0x101b9a)

#19 0x7f8c75218f6a n/a (libQt5Widgets.so.5 + 0x418f6a)
#20 0x7f8c7520d672 n/a (libQt5Widgets.so.5 + 0x40d672)
#21 0x7f8c7521a279 _ZN9QListView13doItemsLayoutEv 
(libQt5Widgets.so.5 + 0x41a279)
#22 0x7f8c75213b15 _ZNK9QListView12rectForIndexERK11QModelIndex 
(libQt5Widgets.so.5 + 0x413b15)
#23 0x7f8c75213bce _ZNK9QListView10visualRectERK11QModelIndex 
(libQt5Widgets.so.5 + 0x413bce)

#24 0x7f8c6ec535ed n/a (libKF5KIOFileWidgets.so.5 + 0x9c5ed)
#25 0x7f8c6ec55e98 n/a (libKF5KIOFileWidgets.so.5 + 0x9ee98)
#26 0x7f8c73ae8f4f n/a (libQt5Core.so.5 + 0x2e8f4f)
#27 0x7f8c6e9b9485 _ZN14KCoreDirLister8newItemsERK13KFileItemList 
(libKF5KIOCore.so.5 + 0x10f485)
#28 0x7f8c6e9bd768 _ZN21KCoreDirListerPrivate9emitItemsEv 
(libKF5KIOCore.so.5 + 0x113768)
#29 0x7f8c6e9d2c60 
_ZN19KCoreDirListerCache11slotEntriesEPN3KIO3JobERK5QListINS0_8UDSEntryEE 
(libKF5KIOCore.so.5 + 0x128c60)

#30 0x7f8c73ae8f4f n/a (libQt5Core.so.5 + 0x2e8f4f)
#31 0x7f8c6e976934 
_ZN3KIO7ListJob7entriesEPNS_3JobERK5QListINS_8UDSEntryEE 
(libKF5KIOCore.so.5 + 0xcc934)

#32 0x7f8c73ae8f4f n/a (libQt5Core.so.5 + 0x2e8f4f)
#33 0x7f8c6e95e635 
_ZN3KIO14SlaveInterface11listEntriesERK5QListINS_8UDSEntryEE 
(libKF5KIOCore.so.5 + 0xb4635)
#34 0x7f8c6e96071a _ZN3KIO14SlaveInterface8dispatchEiRK10QByteArray 
(libKF5KIOCore.so.5 + 0xb671a)
#35 0x7f8c6e95ed66 _ZN3KIO14SlaveInterface8dispatchEv 
(libKF5KIOCore.so.5 + 0xb4d66)
#36 0x7f8c6e963b69 _ZN3KIO5Slave8gotInputEv (libKF5KIOCore.so.5 + 
0xb9b69)

#37 0x7f8c73ae8f4f n/a (libQt5Core.so.5 + 0x2e8f4f)
#38 0x7f8c73add6f0 _ZN7QObject5eventEP6QEvent (libQt5Core.so.5 + 
0x2dd6f0)
#39 0x7f8c74f62fae 
_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent 
(libQt5Widgets.so.5 + 0x162fae)
#40 0x7f8c73ab16f8 
_ZN16QCoreApplication15notifyInternal2EP7QObjectP6QEvent 
(libQt5Core.so.5 + 0x2b16f8)
#41 0x7f8c73ab4681 
_ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData 
(libQt5Core.so.5 + 0x2b4681)

#42 0x7f8c73b0a153 n/a (libQt5Core.so.5 + 0x30a153)
#43 0x7f8c730377a9 g_main_dispatch (libglib-2.0.so.0 + 0x547a9)
#44 0x7f8c73037a38 g_main_context_iterate (libglib-2.0.so.0 + 0x54a38)
#45 0x7f8c73037acc g_main_context_iteration (libglib-2.0.so.0 + 
0x54acc)
#46 0x7f8c73b09836 
_ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE 
(libQt5Core.so.5 + 0x309836)
#47 0x7f8c73ab017b 
_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE (libQt5Core.so.5 + 
0x2b017b)

#48 0x7f8c7516bbb7 _ZN7QDialog4execEv (libQt5Widgets.so.5 + 0x36bbb7)
#49 0x7f8c7516ba9a _ZN7QDialog4execEv (libQt5Widgets.so.5 + 0x36ba9a)
#50 0x5557cdc412d4 
_ZN16SystemFileDialog14beginOpenFilesENS_16StandardLocationERK11QStringList 
(qFlipper + 0x392d4)

Bug#1038154: spip 4.1.9+dfsg-1+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1038154 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: spip
Version: 4.1.9+dfsg-1+deb12u1

Explanation: various security issues

Bug#1037542: xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1037542 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: xerial-sqlite-jdbc
Version: 3.40.1.0+dfsg-1+deb12u1

Explanation: use a UUID for connection ID

Bug#1037945: aide 0.18.3-1+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1037945 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: aide
Version: 0.18.3-1+deb12u1

Explanation: properly handle creating the system user

Bug#1038315: lxd: AppArmor profile violations cause PrivateNetwork=yes services in the container fail to start

[Mathias Gibbens]

Control: tags -1 + confirmed
Control: forwarded 
https://discuss.linuxcontainers.org/t/systemd-hostnamed-unable-to-start-on-lxd-5-0-containers/17454

Hi Bagas, Michael,

  At first glance, this looks like an apparmor problem. Unfortunately
all the issues that have been mentioned previously are about five years
old. Ubuntu has carried custom patches for the kernel and apparmor in
the past, but at least the relevant kernel changes seem to have been
merged quite a while back[1].

  I will see what I can figure out on my end and update this when I
know more.

> systemd-hostnamed.service is probably also affected, but in my case I
> paved over the issue by setting PrivateNetwork=no in an override.

  For the moment setting PrivateNetwork=no for affected services is
probably a better approach than totally removing the container's
apparmor profile.

Mathias

[1] -- 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80a17a5f501ea048d86f81d629c94062b76610d4


signature.asc
Description: This is a digitally signed message part

Bug#1038140: bookworm-pu: package onionshare/2.6-5

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Thu, Jun 15, 2023 at 10:52:28PM +0200, Hefee wrote:
> Do I need to do update the version with a stable extension ~deb12u1 as there 
> won't be any diff?

Yes, you should add a changelog entry with target bookworm and version
2.6-5~deb12u1. Other than that addition, please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1039016: ITP: libtest-future-io-impl-perl -- acceptance tests for Future::IO implementations

[gregor herrmann]

Package: wnpp
Owner: gregor herrmann 
Severity: wishlist
X-Debbugs-CC: debian-de...@lists.debian.org, debian-p...@lists.debian.org

* Package name: libtest-future-io-impl-perl
  Version : 0.14
  Upstream Author : Paul Evans 
* URL : https://metacpan.org/release/Test-Future-IO-Impl
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : acceptance tests for Future::IO implementations

Test::Future::IO::Impl contains a collection of acceptance tests for
implementations of Future::IO.

The package will be maintained under the umbrella of the Debian Perl Group.

--
Generated with the help of dpt-gen-itp(1) from pkg-perl-tools.


signature.asc
Description: Digital Signature

Bug#1039015: About bug #1038014 and this one

[Antonio Miguel Ferreira Marques Trindade]

The patch included in bug #1038014 does not full resolve this issue.

I still got the following build error:

/var/lib/dkms/nvidia-legacy-390xx/390.157/build/nvidia-drm/nvidia-drm-fb.c: 
In function ‘nv_drm_internal_framebuffer_create’:
/var/lib/dkms/nvidia-legacy-390xx/390.157/build/nvidia-drm/nvidia-drm-fb.c:180:5: 
error: implicit declaration of function ‘drm_helper_mode_fill_fb_struct’ 
[-Werror=implicit-function-declaration]

  180 | drm_helper_mode_fill_fb_struct(
  | ^~
cc1: some warnings being treated as errors
make[3]: *** 
[/usr/src/linux-headers-6.3.0-1-common/scripts/Makefile.build:257: 
/var/lib/dkms/nvidia-legacy-390xx/390.157/build/nvidia-drm/nvidia-drm-fb.o] 
Error 1

make[3]: *** Waiting for unfinished jobs
[...]
make[2]: *** [/usr/src/linux-headers-6.3.0-1-common/Makefile:2050: 
/var/lib/dkms/nvidia-legacy-390xx/390.157/build] Error 2

make[2]: Leaving directory '/usr/src/linux-headers-6.3.0-1-amd64'
make[1]: *** [Makefile:238: __sub-make] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-6.3.0-1-common'
make: *** [Makefile:82: modules] Error 2

The included patch solves both #1038014 
 and the 
error above.

Bug#1037078: closed by Paul Gevers (closing still open unblock requests)

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Tue, Jun 06, 2023 at 03:01:35PM +, stefa...@debian.org wrote:
> OK, let's re-target to PU. Updated debdiff atteched.
> 
> If you're interested in having this change to ease upgrades, we can get
> in in the first point release.
> 
> It probably doesn't make sense to carry the patch into trixie.

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1036978: bookworm-pu: package node-undici/5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Wed, May 31, 2023 at 04:00:47PM +0400, Yadd wrote:
> [ Reason ]
> node-undici is vulnerable to:
>  * CVE-2023-23936: "Host" HTTP header isn't protected against CLRF injection
>  * CVE-2023-24807: Regex Denial of Service on headers set/append

Please update the changelog to mention the CVE identifiers; other than
that, go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1025218: please package urllib3 2.0.0.3

[Daniele Tricoli]

Hi Alexandre!


On 24/06/2023 16:10, Alexandre Detiste wrote:

Just a kind reminder


Thanks I was reasoning about this during this weekend, but thanks for 
the ping.




This is the main dependency over python3-six.

It will then be much easier to see which packages still need porting.
Some don't, they just cary over an old Dependency.

(and I'm also of course a heavy user of Urllib3 & Requests
and would like to see these packages thrive)


This morning I was thinking about upload urllib3 2 to experimental, to 
keep testing not broken. I have to fix a security issue on requests 
before for stable, but my ETA for the following is the next week:

1. fix requests on stable
2. update both requests and urllib3 on sid but keeping urllib3 on 1.x
3. update urllib3 to experimental to see if something break.

Keep in mind that according to upstream¹:
> urllib3 v2.1.0 will be released in the summer of 2023 with all
> breaking changes being warned about in v2.0.0

So I would to first upload to experimental also 2.1.

Please tell me if this plan look feasible to you or also if you have 
some suggestions!


Cheers,

¹ https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html

--
Daniele Tricoli
https://mornie.org

Bug#1038011: game-data-packager: depends on SDL 1.2

[Simon McVittie]

On Thu, 15 Jun 2023 at 12:20:49 +0100, Simon McVittie wrote:
> The work that remains to be done here, other than marking this as wontfix,
> is to test quake4, etqw and unreal to make sure they run correctly with
> libsdl1.2-compat-shim installed.

quake4 works fine with libsdl1.2-compat-shim installed. Audio is broken if
you have pipewire-alsa:amd64 but not pipewire-alsa:i386 (#1039012) but
that's not a SDL problem.

etqw is very similar to quake4, and also works fine.

These are binary-only games, so libsdl1.2-compat-dev is irrelevant for this
particular package.

smcv

Bug#1039014: easy-rsa: Parsing error / asking for pem passphrase

[Mathias Beilstein]

Package: easy-rsa
Version: 3.1.0-1
Tags: patch

ii  easy-rsa   3.1.0-1  all  
ii  openssl3.0.9-1  amd64 

Fix in:
https://github.com/openwrt/packages/commit/7b71d000da1ee927452c1d1044e6ea43d86ea3c7
fixes:
https://github.com/openwrt/packages/issues/21142


Dear maintainer,

while trying to create a new CA using Debian 12 I run into an extra
question asking for a pem phrase.

See here:
---cut---
* Notice:
Using SSL: openssl OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30
May 2023)


Enter New CA Key Passphrase: 
Re-Enter New CA Key Passphrase: 
Using configuration from /home/~cut~/PKI/81094992/temp.6fcbfadb
+...+..
+*.
+*...++.+..+.+.+..+..+..+..
..+.+...+.++.+..+++..+.+...
+...+..++.+..+...+...+.+.+...+.
..+..++.+...+...+.+...+.+...+...+.+
++..++...+..+.++..+...+.+..
..+...+.+.++.+++..+
.+...+...+.+.+.++...+..+..+
+.+.++.+.+...+...+.+..+..+.+...
.+..+..+..++...+...+...+...
..+...+...+

..+..++
+++*.+.+..+.+..+.+.++++
++*+.+..+...+...+..
...+.+..+.+..+...+..+...+.++...
+..+.+..+.++.+.
+.+...+..+.+..+.+.+...+..+...+.
+..
+
Enter PEM pass phrase:
-cut

As you can see under fixes above there is a patch that fixes the
problem that is caused by the interaction of easy-rsa below 3.1.3 and
opennssl 3. The actual release from github is 3.1.5 at:
https://github.com/OpenVPN/easy-rsa

Bug#1038023: angband: Depends on SDL 1.2

[Stephen Kitt]

Hi Alexandre,

I see you’re already taken care of importing the last upload and preparing a
new release. If you’re interested in the history of the Alioth VCS
repository, it was archived at
https://alioth-archive.debian.org/git/collab-maint/ (there are three
tarballs, angband-audio.git.tar.xz, angband-debian.git.tar.xz, and
angband.git.tar.xz; I haven’t checked their contents).

Regards,

Stephen


On Fri, 23 Jun 2023 22:32:32 +0200, Alexandre Detiste
 wrote:

> tag 1038023 +fixed-upstream
> thanks
> 
> The new upstream releases 4.x provide SDL2 and a lot of other niceties
> 
> The VCS Url still point to Alioth.
> 
> Can the last upload be imported on Salsa ?
> 
> Greetings
> 
> https://angband.readthedocs.io/en/latest/customize.html#interface-details
> >Interface details
> >
> >Below are brief descriptions for what you can configure with the standard
> >Windows, X11, SDL, SDL2 and Mac front ends.  
> 
> 


pgpCHTgS0Ksxf.pgp
Description: OpenPGP digital signature

Bug#1039013: etqw-server: not actually practically usable

[Simon McVittie]

Package: etqw-server
Version: 63
Severity: important
Tags: pending

I only recently obtained a copy of ETQW, so I was unable to test it
until now.

etqw-server contains /usr/lib/etqw/etqw-dedicated, a Python script that
launches the actual dedicated server binary with appropriate parameters.
/usr/games/etqw-dedicated is a symlink to it. It needs to be in
/usr/lib/etqw (or some other suitable directory) so it can load
gdp_launcher_version.py from the same directory.

etqw-server also depends on etqw-bin (or game-data-packager, but the
server will not actually run unless you prepare and install etqw-bin).

Unfortunately, etqw-bin *also* contains /usr/lib/etqw/etqw-dedicated.
(This one is a small proprietary shell script provided by id Software.)
We can't have both packages try to own that path!

The solution is to rename our Python script to something like
/usr/lib/etqw/etqw-dedicated.py, and make /usr/games/etqw-dedicated
a symlink to that instead.

smcv

Bug#1020246: Not an active maintainer, but

[Iustin Pop]

On 2023-06-24 16:58:15, Ilias Tsitsimpis wrote:
> Control: forwarded -1 https://github.com/ndmitchell/hoogle/issues/359
> 
> Hi Iustin,
> 
> On Sun, Apr 23, 2023 at 11:25PM, Iustin Pop wrote:
> > AFAIK, both armel and armfh are low-powered/"slow" arches, but i386 is
> > surprising. Maybe due to memory limits?
> > 
> > I wonder if tests shouldn't simply be restricted to amd64, arm64, ppc64el 
> > and
> > s390x? This should give it enough of architecture heterogeneity to catch
> > any problems that simply do not appear on amd64 (mainstream arch) (yes,
> > I've been bitten by this in one package of mine).
> > 
> > This would be a cheap fix (one entry in the control file). Thoughts?
> > (Anyone?) It seems this bug is the only one that prevents it from
> > entering testing (and it's a leaf package).
> 
> Unfortunately it's not just the tests that fail, hoogle is currently
> completely broken on all 32-bit architectures. We need to either fix it,
> or remove hoogle from these architectures.

Ooh, interesting.

I agree with Neil's last comment in the upstream bug - Hoogle was even
years ago when I last built it a memory/CPU hog, so I think restricting
to 64 bit is better than not having it. My 2c.

iustin